0003294
Privacy Management Framework, Updated March 1, 2020
Association of International Certified Professional Accountants
Best Practice Guideline
With Membership
AICPA/CICA Privacy Management Framework
Privacy Management Framework
2020-03-01
The document as a whole was last reviewed and released on 2021-03-16T00:00:00-0700.
0003294
With Membership
Association of International Certified Professional Accountants
Best Practice Guideline
AICPA/CICA Privacy Management Framework
Privacy Management Framework
2020-03-01
The document as a whole was last reviewed and released on 2021-03-16T00:00:00-0700.
This Authority Document In Depth Report is copyrighted - © 2024 - Network Frontiers LLC. All rights reserved. Copyright in the Authority Document analyzed herein is held by its authors. Network Frontiers makes no claims of copyright in this Authority Document.
This Authority Document In Depth Report is provided for informational purposes only and does not constitute, and should not be construed as, legal advice. The reader is encouraged to consult with an attorney experienced in these areas for further explanation and advice.
This Authority Document In Depth Report provides analysis and guidance for use and implementation of the Authority Document but it is not a substitute for the original authority document itself. Readers should refer to the original authority document as the definitive resource on obligations and compliance requirements.
This document has been mapped into the Unified Compliance Framework using a patented methodology and patented tools (you can research our patents HERE). The mapping team has taken every effort to ensure the quality of mapping is of the highest degree. To learn more about the process we use to map Authority Documents, or to become involved in that process, click HERE.
When the UCF Mapping Teams tag Citations and their associated mandates within an Authority Document, those Citations and Mandates are tied to Common Controls. In addition, and by virtue of those Citations and mandates being tied to Common Controls, there are three sets of meta data that are associated with each Citation; Controls by Impact Zone, Controls by Type, and Controls by Classification.
The online version of the mapping analysis you see here is just a fraction of the work the UCF Mapping Team has done. The downloadable version of this document, available within the Common Controls Hub (available HERE) contains the following:
Document implementation analysis – statistics about the document’s alignment with Common Controls as compared to other Authority Documents and statistics on usage of key terms and non-standard terms.
Citation and Mandate Tagging and Mapping – A complete listing of each and every Citation we found within Privacy Management Framework, Updated March 1, 2020 that have been tagged with their primary and secondary nouns and primary and secondary verbs in three column format. The first column shows the Citation (the marker within the Authority Document that points to where we found the guidance). The second column shows the Citation guidance per se, along with the tagging for the mandate we found within the Citation. The third column shows the Common Control ID that the mandate is linked to, and the final column gives us the Common Control itself.
Dictionary Terms – The dictionary terms listed for Privacy Management Framework, Updated March 1, 2020 are based upon terms either found within the Authority Document’s defined terms section(which most legal documents have), its glossary, and for the most part, as tagged within each mandate. The terms with links are terms that are the standardized version of the term.
Common Controls andAn Impact Zone is a hierarchical way of organizing our suite of Common Controls — it is a taxonomy. The top levels of the UCF hierarchy are called Impact Zones. Common Controls are mapped within the UCF’s Impact Zones and are maintained in a legal hierarchy within that Impact Zone. Each Impact Zone deals with a separate area of policies, standards, and procedures: technology acquisition, physical security, continuity, records management, etc.
The UCF created its taxonomy by looking at the corpus of standards and regulations through the lens of unification and a view toward how the controls impact the organization. Thus, we created a hierarchical structure for each impact zone that takes into account regulatory and standards bodies, doctrines, and language.
Audits and risk management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Audits and risk management CC ID 00677 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain an audit program. CC ID 00684 | Establish/Maintain Documentation | Preventive | |
| Accept the attestation engagement when all preconditions are met. CC ID 13933 | Business Processes | Preventive | |
| Audit in scope audit items and compliance documents. CC ID 06730 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Audits and Risk Management | Preventive | |
| Collect all work papers for the audit and audit report into an engagement file. CC ID 07001 | Actionable Reports or Measurements | Preventive | |
| Document any after the fact changes to the engagement file. CC ID 07002 | Establish/Maintain Documentation | Preventive | |
| Protect access to the engagement file and all associated audit documentation in compliance with Authority Documents the organization must follow. CC ID 07179 | Establish/Maintain Documentation | Preventive | |
| Disclose work papers in the engagement file in compliance with legal requirements. CC ID 07180 | Establish/Maintain Documentation | Preventive | |
| Archive the engagement file and all work papers for the period prescribed by law or contract. CC ID 10038 | Records Management | Preventive | |
| Conduct onsite inspections, as necessary. CC ID 16199 | Testing | Preventive | |
| Identify hypothetical assumptions in forecasts and projections during an audit. CC ID 13946 | Audits and Risk Management | Detective | |
| Refrain from examining forecasts and projections which refrain from disclosing assumptions during an audit. CC ID 13932 | Audits and Risk Management | Detective | |
| Audit policies, standards, and procedures. CC ID 12927 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Audits and Risk Management | Preventive | |
| Audit cybersecurity risk management within the policies, standards, and procedures of the organization. CC ID 13011 | Investigate | Detective | |
| Audit information systems, as necessary. CC ID 13010 | Investigate | Detective | |
| Audit the potential costs of compromise to information systems. CC ID 13012 | Investigate | Detective | |
| Determine the accurateness of the audit assertion's in scope system description. CC ID 06979 | Testing | Detective | |
| Determine if the in scope system has been implemented as described in the audit assertion. CC ID 06983 | Testing | Detective | |
| Investigate the nature and causes of misstatements in the audit assertion's in scope system description. CC ID 16557 | Audits and Risk Management | Detective | |
| Determine the effect of fraud and non-compliance on the description of the system in the audit assertion, as necessary. CC ID 13977 | Process or Activity | Detective | |
| Edit the audit assertion for accuracy. CC ID 07030 | Establish/Maintain Documentation | Preventive | |
| Determine if the audit assertion's in scope procedures are accurately documented. CC ID 06982 | Establish/Maintain Documentation | Preventive | |
| Determine if the audit assertion's in scope controls are reasonable. CC ID 06980 | Testing | Detective | |
| Determine the effect of fraud and non-compliance on the achievement of in scope controls in the audit assertion, as necessary. CC ID 13978 | Process or Activity | Detective | |
| Document test plans for auditing in scope controls. CC ID 06985 | Testing | Detective | |
| Determine the implementation status of the audit assertion's in scope controls. CC ID 06981 | Testing | Detective | |
| Determine the effectiveness of in scope controls. CC ID 06984 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations] | Testing | Detective | |
| Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157 | Audits and Risk Management | Detective | |
| Review audit reports to determine the effectiveness of in scope controls. CC ID 12156 | Audits and Risk Management | Detective | |
| Observe processes to determine the effectiveness of in scope controls. CC ID 12155 | Audits and Risk Management | Detective | |
| Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154 | Audits and Risk Management | Detective | |
| Review documentation to determine the effectiveness of in scope controls. CC ID 16522 | Process or Activity | Preventive | |
| Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144 | Audits and Risk Management | Detective | |
| Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556 | Audits and Risk Management | Detective | |
| Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555 | Audits and Risk Management | Detective | |
| Determine any errors or material omissions in the audit assertion that affect in scope control implementations. CC ID 06990 | Testing | Detective | |
| Include the process of using evidential matter to test in scope controls in the test plan. CC ID 06996 | Establish/Maintain Documentation | Preventive | |
| Audit the in scope system according to the test plan using relevant evidence. CC ID 07112 | Testing | Preventive | |
| Implement procedures that collect sufficient audit evidence. CC ID 07153 | Audits and Risk Management | Preventive | |
| Collect evidence about the in scope audit items of the audit assertion. CC ID 07154 | Audits and Risk Management | Preventive | |
| Collect audit evidence sufficient to avoid misstatements. CC ID 07155 | Audits and Risk Management | Preventive | |
| Collect audit evidence at the level of the organization's competence in the subject matter. CC ID 07156 | Audits and Risk Management | Preventive | |
| Collect audit evidence sufficient to overcome inadequacies in the organization's attestation. CC ID 07157 | Audits and Risk Management | Preventive | |
| Report that audit evidence collected was not sufficient to the proper authorities. CC ID 16847 | Communicate | Preventive | |
| Provide transactional walkthrough procedures for external auditors. CC ID 00672 | Testing | Preventive | |
| Establish, implement, and maintain interview procedures. CC ID 16282 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the interview procedures. CC ID 16297 | Human Resources Management | Preventive | |
| Coordinate the scheduling of interviews. CC ID 16293 | Process or Activity | Preventive | |
| Create a schedule for the interviews. CC ID 16292 | Process or Activity | Preventive | |
| Identify interviewees. CC ID 16290 | Process or Activity | Preventive | |
| Conduct interviews, as necessary. CC ID 07188 | Testing | Detective | |
| Verify statements made by interviewees are correct. CC ID 16299 | Behavior | Detective | |
| Discuss unsolved questions with the interviewee. CC ID 16298 | Process or Activity | Detective | |
| Allow interviewee to respond to explanations. CC ID 16296 | Process or Activity | Detective | |
| Explain the requirements being discussed to the interviewee. CC ID 16294 | Process or Activity | Detective | |
| Explain the goals of the interview to the interviewee. CC ID 07189 | Behavior | Detective | |
| Explain the testing results to the interviewee. CC ID 16291 | Process or Activity | Preventive | |
| Withdraw from the audit, when defined conditions exist. CC ID 13885 | Process or Activity | Corrective | |
| Establish and maintain work papers, as necessary. CC ID 13891 | Establish/Maintain Documentation | Preventive | |
| Include the auditor's conclusions on work performed by individuals assigned to the audit in the work papers. CC ID 16775 | Establish/Maintain Documentation | Preventive | |
| Include audit irregularities in the work papers. CC ID 16774 | Establish/Maintain Documentation | Preventive | |
| Include corrective actions in the work papers. CC ID 16771 | Establish/Maintain Documentation | Preventive | |
| Include information about the organization being audited and the auditor performing the audit in the work papers. CC ID 16770 | Establish/Maintain Documentation | Preventive | |
| Include discussions with interested personnel and affected parties in the work papers. CC ID 16768 | Establish/Maintain Documentation | Preventive | |
| Include justification for departing from mandatory requirements in the work papers. CC ID 13935 | Establish/Maintain Documentation | Preventive | |
| Include audit evidence obtained from previous engagements in the work papers. CC ID 16518 | Audits and Risk Management | Preventive | |
| Include the reviewer, and dates, for using evidential matter to test in scope controls in the work papers. CC ID 06998 | Establish/Maintain Documentation | Preventive | |
| Include the tests, examinations, interviews and observations performed during the audit in the work papers. CC ID 07190 | Establish/Maintain Documentation | Preventive | |
| Include if any subject matter experts or additional research had to be undertaken to test in scope controls in the work papers. CC ID 07026 | Establish/Maintain Documentation | Preventive | |
| Include the tester, and dates, for using evidential matter to test in scope controls in the work papers. CC ID 06997 | Establish/Maintain Documentation | Preventive | |
| Include if the audit evidence has identified in scope control deficiencies in the work papers. CC ID 07152 | Audits and Risk Management | Detective | |
| Include any subsequent events related to the audit assertion or audit subject matter in the work papers. CC ID 07177 | Audits and Risk Management | Preventive | |
| Include if in scope control deviations allow in scope controls to be performed acceptably in the work papers. CC ID 06987 | Testing | Detective | |
| Include the causes of identified in scope control deficiencies in the work papers. CC ID 07000 | Establish/Maintain Documentation | Preventive | |
| Include discussions regarding the causes of identified in scope control deficiencies in the work papers. CC ID 06999 | Establish/Maintain Documentation | Preventive | |
| Investigate the nature and causes of identified in scope control deviations. CC ID 06986 | Testing | Detective | |
| Supervise interested personnel and affected parties participating in the audit. CC ID 07150 | Monitor and Evaluate Occurrences | Preventive | |
| Notify interested personnel and affected parties participating in the audit of their roles and responsibilities during the audit. CC ID 07151 | Establish Roles | Preventive | |
| Respond to questions or clarification requests regarding the audit. CC ID 08902 | Business Processes | Preventive | |
| Track and measure the implementation of the organizational compliance framework. CC ID 06445 [The entity has a process for governing and overseeing the application of policies and procedures. M1.2 Oversight and monitoring] | Monitor and Evaluate Occurrences | Preventive | |
| Review the need for organizational efficiency as balanced against the needs of compliance and security. CC ID 07111 | Business Processes | Preventive | |
| Establish and maintain organizational audit reports. CC ID 06731 | Establish/Maintain Documentation | Preventive | |
| Include the organization's privacy practices in the audit report. CC ID 07029 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the audit report to all interested personnel and affected parties identified in the distribution list. CC ID 07117 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the reviews of audit reports to organizational management. CC ID 00653 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Log Management | Detective | |
| Implement a corrective action plan in response to the audit report. CC ID 06777 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Establish/Maintain Documentation | Corrective | |
| Assign responsibility for remediation actions. CC ID 13622 | Human Resources Management | Preventive | |
| Monitor and report on the status of mitigation actions in the corrective action plan. CC ID 15250 | Actionable Reports or Measurements | Corrective | |
| Review management's response to issues raised in past audit reports. CC ID 01149 | Audits and Risk Management | Detective | |
| Define penalties for uncorrected audit findings or remaining non-compliant with the audit report. CC ID 08963 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a risk management program. CC ID 12051 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a risk assessment program. CC ID 00687 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain risk assessment procedures. CC ID 06446 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a threat and risk classification scheme. CC ID 07183 | Establish/Maintain Documentation | Preventive | |
| Include security threats and vulnerabilities in the threat and risk classification scheme. CC ID 00699 [As part of the risk assessment process, management identifies environmental threats that could impair the confidentiality, integrity and availability of systems, including threats resulting from adverse weather or the failure of physical access control and environmental control systems, or from electrical discharge, fire and water damage. S7.2 Identifies environmental threats] | Technical Security | Preventive | |
Human Resources management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Human Resources management CC ID 00763 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain high level operational roles and responsibilities. CC ID 00806 | Establish Roles | Preventive | |
| Define and assign the Board of Directors roles and responsibilities and senior management roles and responsibilities, including signing off on key policies and procedures. CC ID 00807 [The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Establish Roles | Preventive | |
| Establish and maintain board committees, as necessary. CC ID 14789 | Human Resources Management | Preventive | |
| Define and assign the roles and responsibilities of the chairman of the board. CC ID 14786 | Establish/Maintain Documentation | Preventive | |
| Assign oversight of C-level executives to the Board of Directors. CC ID 14784 | Human Resources Management | Preventive | |
| Establish, implement, and maintain candidate selection procedures to the board of directors. CC ID 14782 | Establish/Maintain Documentation | Preventive | |
| Include the criteria of mixed experiences and skills in the candidate selection procedures. CC ID 14791 | Establish/Maintain Documentation | Preventive | |
| Assign oversight of the financial management program to the board of directors. CC ID 14781 | Human Resources Management | Preventive | |
| Assign senior management to the role of supporting Quality Management. CC ID 13692 | Human Resources Management | Preventive | |
| Assign senior management to the role of authorizing official. CC ID 14238 | Establish Roles | Preventive | |
| Assign members who are independent from management to the Board of Directors. CC ID 12395 | Human Resources Management | Preventive | |
| Assign ownership of risks to the Board of Directors or senior management. CC ID 13662 | Human Resources Management | Preventive | |
| Assign the organization's board and senior management to oversee the continuity planning process. CC ID 12991 | Human Resources Management | Preventive | |
| Rotate members of the board of directors, as necessary. CC ID 14803 | Human Resources Management | Corrective | |
| Define and assign the Privacy Officer's roles and responsibilities. CC ID 00714 [The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Establish Roles | Preventive | |
| Establish, implement, and maintain a personnel management program. CC ID 14018 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a personnel security program. CC ID 10628 | Establish/Maintain Documentation | Preventive | |
| Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782 [The entity establishes qualifications for personnel responsible for protecting the privacy and security of PI and assigns such responsibilities only to those personnel who meet these qualifications and who have received training. M1.2 Qualifications of internal personnel] | Testing | Detective | |
| Perform security skills assessments for all critical employees. CC ID 12102 | Human Resources Management | Detective | |
| Assign security clearance procedures to qualified personnel. CC ID 06812 | Establish Roles | Preventive | |
| Assign personnel screening procedures to qualified personnel. CC ID 11699 | Establish Roles | Preventive | |
| Establish, implement, and maintain personnel screening procedures. CC ID 11700 | Establish/Maintain Documentation | Preventive | |
| Perform a background check during personnel screening. CC ID 11758 | Human Resources Management | Detective | |
| Perform a personal identification check during personnel screening. CC ID 06721 | Human Resources Management | Preventive | |
| Perform a criminal records check during personnel screening. CC ID 06643 | Establish/Maintain Documentation | Preventive | |
| Include all residences in the criminal records check. CC ID 13306 | Process or Activity | Preventive | |
| Document any reasons a full criminal records check could not be performed. CC ID 13305 | Establish/Maintain Documentation | Preventive | |
| Perform a personal references check during personnel screening. CC ID 06645 | Human Resources Management | Preventive | |
| Perform a credit check during personnel screening. CC ID 06646 | Human Resources Management | Preventive | |
| Perform an academic records check during personnel screening. CC ID 06647 | Establish/Maintain Documentation | Preventive | |
| Perform a drug test during personnel screening. CC ID 06648 | Testing | Preventive | |
| Perform a resume check during personnel screening. CC ID 06659 | Human Resources Management | Preventive | |
| Perform a curriculum vitae check during personnel screening. CC ID 06660 | Human Resources Management | Preventive | |
| Allow personnel being screened to appeal findings and appeal decisions. CC ID 06720 | Human Resources Management | Preventive | |
| Disseminate and communicate screening results to interested personnel and affected parties. CC ID 16445 | Communicate | Preventive | |
| Perform personnel screening procedures, as necessary. CC ID 11763 | Human Resources Management | Preventive | |
| Document the personnel risk assessment results. CC ID 11764 | Establish/Maintain Documentation | Detective | |
| Establish, implement, and maintain security clearance procedures. CC ID 00783 | Establish/Maintain Documentation | Preventive | |
| Perform periodic background checks on designated roles, as necessary. CC ID 11759 | Human Resources Management | Detective | |
| Perform security clearance procedures, as necessary. CC ID 06644 | Human Resources Management | Preventive | |
| Establish and maintain security clearances. CC ID 01634 | Human Resources Management | Preventive | |
| Document the security clearance procedure results. CC ID 01635 | Establish/Maintain Documentation | Detective | |
| Establish and maintain the staff structure in line with the strategic plan. CC ID 00764 | Establish Roles | Preventive | |
| Implement segregation of duties in roles and responsibilities. CC ID 00774 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Testing | Detective | |
| Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960 | Technical Security | Preventive | |
| Establish job categorization criteria, job recruitment criteria, and promotion criteria. CC ID 00781 [The entity establishes qualifications for personnel responsible for protecting the privacy and security of PI and assigns such responsibilities only to those personnel who meet these qualifications and who have received training. M1.2 Qualifications of internal personnel] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a compensation, reward, and recognition program. CC ID 12806 | Human Resources Management | Preventive | |
| Establish and maintain an annual report on compensation. CC ID 14801 | Establish/Maintain Documentation | Preventive | |
| Include the design characteristics of the remuneration system in the annual report on compensation. CC ID 14804 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the compensation, reward, and recognition program to interested personnel and affected parties. CC ID 14800 | Communicate | Preventive | |
| Establish, implement, and maintain roles and responsibilities in the compensation, reward, and recognition program. CC ID 14798 | Establish/Maintain Documentation | Preventive | |
| Align the compensation, reward, and recognition program with the risk management program. CC ID 14797 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain remuneration standards, as necessary. CC ID 14794 | Establish/Maintain Documentation | Preventive | |
| Refrain from using employees' privacy choices to restrict employment. CC ID 12425 | Human Resources Management | Preventive | |
| Refrain from using employees' privacy choices to take punitive actions. CC ID 16815 | Human Resources Management | Preventive | |
| Use rewards and career development to motivate personnel. CC ID 06906 | Behavior | Preventive | |
| Disseminate and communicate the organization’s ethical culture in job recruitment criteria and promotion criteria. CC ID 12825 | Human Resources Management | Preventive | |
| Recognize personnel who reinforce desirable conduct with incentives. CC ID 12815 | Human Resources Management | Preventive | |
| Establish, implement, and maintain job applications. CC ID 16180 | Establish/Maintain Documentation | Preventive | |
| Include a space for the applicant's name on the job application. CC ID 16190 | Human Resources Management | Preventive | |
| Include a space for the applicant's current address on the job application. CC ID 16189 | Human Resources Management | Preventive | |
| Include a space for the applicant's social security number on the job application. CC ID 16188 | Human Resources Management | Preventive | |
| Include a space for the applicant's date of birth on the job application. CC ID 16186 | Human Resources Management | Preventive | |
| Include a space for previous employers and business relationships on the job application. CC ID 16185 | Human Resources Management | Preventive | |
| Include a space to explain formal disciplinary actions and sanctions on the job application. CC ID 16184 | Human Resources Management | Preventive | |
| Include a space for the start date on the job application. CC ID 16187 | Human Resources Management | Preventive | |
| Include a space to explain legal penalties on the job application. CC ID 16183 | Human Resources Management | Preventive | |
| Approve the wording of job applications. CC ID 16182 | Human Resources Management | Preventive | |
| Include a space for past aliases and other used names on job applications. CC ID 12301 | Human Resources Management | Preventive | |
| Include a space for previous addresses and previous residences on the job application. CC ID 12302 | Human Resources Management | Preventive | |
| Include a space to explain employment gaps on the job application. CC ID 12303 | Human Resources Management | Preventive | |
| Train all personnel and third parties, as necessary. CC ID 00785 | Behavior | Preventive | |
| Establish, implement, and maintain an education methodology. CC ID 06671 | Business Processes | Preventive | |
| Tailor training to be taught at each person's level of responsibility. CC ID 06674 [The entity provides a privacy awareness program about its privacy policies and related matters, and provides specific training for selected personnel depending on their roles and responsibilities. M1.2 Privacy awareness and training] | Behavior | Preventive | |
Leadership and high level objectives | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Leadership and high level objectives CC ID 00597 | IT Impact Zone | IT Impact Zone | |
| Analyze organizational objectives, functions, and activities. CC ID 00598 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain an information classification standard. CC ID 00601 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Establish/Maintain Documentation | Preventive | |
| Take into account the accessibility to and location of the data or information when establishing information impact levels. CC ID 04787 | Data and Information Management | Preventive | |
| Take into account the organization's obligation to protect data or information when establishing information impact levels. CC ID 04786 | Data and Information Management | Preventive | |
| Take into account the context of use for data or information when establishing information impact levels. CC ID 04785 | Data and Information Management | Preventive | |
| Take into account the potential aggregation of restricted data fields when establishing information impact levels. CC ID 04784 | Data and Information Management | Preventive | |
| Classify the sensitivity to unauthorized disclosure or modification of information in the information classification standard. CC ID 11997 [The entity has a process for classifying PI according to applicable regulation and risks associated with unauthorized disclosure or misuse. M1.3 Data and information classification] | Data and Information Management | Preventive | |
| Take into account the distinguishability factor when establishing information impact levels. CC ID 04783 | Data and Information Management | Preventive | |
| Classify the criticality to unauthorized disclosure or modification of information in the information classification standard. CC ID 11996 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Data and Information Management | Preventive | |
| Classify the value of information in the information classification standard. CC ID 11995 | Data and Information Management | Preventive | |
| Classify the legal requirements of information in the information classification standard. CC ID 11994 [The entity has a process for classifying PI according to applicable regulation and risks associated with unauthorized disclosure or misuse. M1.3 Data and information classification] | Data and Information Management | Preventive | |
| Establish, implement, and maintain a data classification scheme. CC ID 11628 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Establish/Maintain Documentation | Preventive | |
| Take into account the characteristics of the geographical, behavioral and functional setting for all datasets. CC ID 15046 | Data and Information Management | Preventive | |
| Approve the data classification scheme. CC ID 13858 | Establish/Maintain Documentation | Detective | |
| Disseminate and communicate the data classification scheme to interested personnel and affected parties. CC ID 16804 | Communicate | Preventive | |
| Establish, implement, and maintain a Quality Management framework. CC ID 07196 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a Quality Management program. CC ID 07201 | Establish/Maintain Documentation | Preventive | |
| Correct errors and deficiencies in a timely manner. CC ID 13501 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations {dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Business Processes | Corrective | |
| Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241 | Establish/Maintain Documentation | Preventive | |
| Identify roles, tasks, information, systems, and assets that fall under the organization's mandated Authority Documents. CC ID 00688 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Business Processes | Preventive | |
| Establish and maintain an Information Systems Assurance Categories Definitions document. CC ID 01608 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a policy and procedure management program. CC ID 06285 [The entity has a process for evaluating and addressing the potential impacts of required changes to information privacy policy and procedures as changes occur in entity operations and operating locations, and as applicable jurisdictional laws and regulations are enacted to become new regulatory compliance requirements. M1.2 Policy changes] | Establish/Maintain Documentation | Preventive | |
| Include the effective date on all organizational policies. CC ID 06820 | Establish/Maintain Documentation | Preventive | |
| Include requirements in the organization’s policies, standards, and procedures. CC ID 12956 | Establish/Maintain Documentation | Preventive | |
| Analyze organizational policies, as necessary. CC ID 14037 | Establish/Maintain Documentation | Detective | |
| Include threats in the organization’s policies, standards, and procedures. CC ID 12953 | Establish/Maintain Documentation | Preventive | |
| Assess the impact of changes to organizational policies, standards, and procedures, as necessary. CC ID 14824 [The entity has a process for evaluating and addressing the potential impacts of required changes to information privacy policy and procedures as changes occur in entity operations and operating locations, and as applicable jurisdictional laws and regulations are enacted to become new regulatory compliance requirements. M1.2 Policy changes] | Business Processes | Preventive | |
| Include opportunities in the organization’s policies, standards, and procedures. CC ID 12945 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain an Authority Document list. CC ID 07113 | Establish/Maintain Documentation | Preventive | |
| Map in scope assets and in scope records to external requirements. CC ID 12189 | Establish/Maintain Documentation | Detective | |
| Document organizational procedures that harmonize external requirements, including all legal requirements. CC ID 00623 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain full documentation of all policies, standards, and procedures that support the organization's compliance framework. CC ID 01636 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the organization’s policies, standards, and procedures to all interested personnel and affected parties. CC ID 12901 | Communicate | Preventive | |
| Disseminate and communicate the list of Authority Documents that support the organization's compliance framework to interested personnel and affected parties. CC ID 01312 | Establish/Maintain Documentation | Preventive | |
| Classify controls according to their preventive, detective, or corrective status. CC ID 06436 | Establish/Maintain Documentation | Preventive | |
| Publish, disseminate, and communicate a Statement on Internal Control, as necessary. CC ID 06727 | Establish/Maintain Documentation | Preventive | |
| Include signatures of c-level executives in the Statement on Internal Control. CC ID 14778 | Establish/Maintain Documentation | Preventive | |
| Include management's assertions on the effectiveness of internal control in the Statement on Internal Control. CC ID 14771 | Establish/Maintain Documentation | Corrective | |
| Include confirmation of any significant weaknesses in the Statement on Internal Control. CC ID 06861 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the Statement on Internal Control. CC ID 14774 | Establish/Maintain Documentation | Preventive | |
| Include an assurance statement regarding the counterterror protective security plan in the Statement on Internal Control. CC ID 06866 | Establish/Maintain Documentation | Preventive | |
| Include limitations of internal control systems in the Statement on Internal Control. CC ID 14773 | Establish/Maintain Documentation | Preventive | |
| Include a description of the methodology used to evaluate internal controls in the Statement on Internal Control. CC ID 14772 | Establish/Maintain Documentation | Preventive | |
| Include the counterterror protective security plan test results in the Statement on Internal Control. CC ID 06867 | Establish/Maintain Documentation | Detective | |
| Assign legislative body jurisdiction to the organization's assets, as necessary. CC ID 06956 | Establish Roles | Preventive | |
| Approve all compliance documents. CC ID 06286 | Establish/Maintain Documentation | Preventive | |
| Align the Authority Document list with external requirements. CC ID 06288 | Establish/Maintain Documentation | Preventive | |
| Assign the appropriate roles to all applicable compliance documents. CC ID 06284 | Establish Roles | Preventive | |
| Identify and document the Designated Approval Authority for compliance documents. CC ID 07114 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a compliance exception standard. CC ID 01628 | Establish/Maintain Documentation | Preventive | |
| Include the authority for granting exemptions in the compliance exception standard. CC ID 14329 | Establish/Maintain Documentation | Preventive | |
| Include all compliance exceptions in the compliance exception standard. CC ID 01630 | Establish/Maintain Documentation | Detective | |
| Include explanations, compensating controls, or risk acceptance in the compliance exceptions Exceptions document. CC ID 01631 | Establish/Maintain Documentation | Preventive | |
| Review the compliance exceptions in the exceptions document, as necessary. CC ID 01632 | Business Processes | Preventive | |
| Include when exemptions expire in the compliance exception standard. CC ID 14330 | Establish/Maintain Documentation | Preventive | |
| Assign the approval of compliance exceptions to the appropriate roles inside the organization. CC ID 06443 | Establish Roles | Preventive | |
| Include management of the exemption register in the compliance exception standard. CC ID 14328 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate compliance documents to all interested personnel and affected parties. CC ID 06282 | Behavior | Preventive | |
| Disseminate and communicate any compliance document changes when the documents are updated to interested personnel and affected parties. CC ID 06283 | Behavior | Preventive | |
| Define the Information Assurance strategic roles and responsibilities. CC ID 00608 | Establish Roles | Preventive | |
| Establish and maintain a compliance oversight committee. CC ID 00765 [The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Establish Roles | Detective | |
| Review and document the meetings and actions of the Board of Directors or audit committee in the Board Report. CC ID 01151 | Establish/Maintain Documentation | Detective | |
| Include recommendations for changes or updates to the information security program in the Board Report. CC ID 13180 | Establish/Maintain Documentation | Preventive | |
| Provide critical project reports to the compliance oversight committee in a timely manner. CC ID 01183 | Establish/Maintain Documentation | Detective | |
| Assign the review of project plans for critical projects to the compliance oversight committee. CC ID 01182 | Establish Roles | Preventive | |
| Assign the corporate governance of Information Technology to the compliance oversight committee. CC ID 01178 | Establish Roles | Preventive | |
| Assign the review of Information Technology policies and procedures to the compliance oversight committee. CC ID 01179 | Establish Roles | Preventive | |
| Involve the Board of Directors or senior management in Information Governance. CC ID 00609 | Establish Roles | Preventive | |
| Assign responsibility for enforcing the requirements of the Information Governance Plan to senior management. CC ID 12058 | Human Resources Management | Preventive | |
| Address Information Security during the business planning processes. CC ID 06495 | Data and Information Management | Preventive | |
| Document the requirements of stakeholders during the business planning process regarding Information Security. CC ID 06498 | Establish/Maintain Documentation | Preventive | |
| Assign reviewing and approving Quality Management standards to the appropriate oversight committee. CC ID 07192 | Establish Roles | Preventive | |
| Establish, implement, and maintain a strategic plan. CC ID 12784 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a Strategic Information Technology Plan. CC ID 00628 | Establish/Maintain Documentation | Preventive | |
| Include the Information Governance Plan in the Strategic Information Technology Plan. CC ID 10053 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Establish/Maintain Documentation | Preventive | |
| Engage information governance subject matter experts in the development of the Information Governance Plan. CC ID 10055 | Human Resources Management | Preventive | |
| Include the transparency goals in the Information Governance Plan. CC ID 10056 | Establish/Maintain Documentation | Preventive | |
| Include the information integrity goals in the Information Governance Plan. CC ID 10057 | Establish/Maintain Documentation | Preventive | |
Monitoring and measurement | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Monitoring and measurement CC ID 00636 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain Security Control System monitoring and reporting procedures. CC ID 12506 [Ongoing procedures are performed for monitoring the effectiveness of controls over PI and for taking timely corrective actions when necessary. M9.1 Performs ongoing monitoring] | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of a change detection mechanism in the Security Control System monitoring and reporting procedures. CC ID 12525 | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of audit logging in the Security Control System monitoring and reporting procedures. CC ID 12513 | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of an anti-malware solution in the Security Control System monitoring and reporting procedures. CC ID 12512 | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of a segmentation control in the Security Control System monitoring and reporting procedures. CC ID 12511 | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of a physical access control in the Security Control System monitoring and reporting procedures. CC ID 12510 | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of a logical access control in the Security Control System monitoring and reporting procedures. CC ID 12509 | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of an Intrusion Detection and Prevention System in the Security Control System monitoring and reporting procedures. CC ID 12508 | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of a security testing tool in the Security Control System monitoring and reporting procedures. CC ID 15488 | Establish/Maintain Documentation | Preventive | |
| Include detecting and reporting the failure of a firewall in the Security Control System monitoring and reporting procedures. CC ID 12507 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain logging and monitoring operations. CC ID 00637 | Log Management | Detective | |
| Establish, implement, and maintain intrusion management operations. CC ID 00580 | Monitor and Evaluate Occurrences | Preventive | |
| Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Monitor and Evaluate Occurrences | Detective | |
| Monitor systems for blended attacks and multiple component incidents. CC ID 01225 | Monitor and Evaluate Occurrences | Detective | |
| Monitor systems for Denial of Service attacks. CC ID 01222 | Monitor and Evaluate Occurrences | Detective | |
| Monitor systems for unauthorized data transfers. CC ID 12971 | Monitor and Evaluate Occurrences | Preventive | |
| Address operational anomalies within the incident management system. CC ID 11633 | Audits and Risk Management | Preventive | |
| Monitor systems for access to restricted data or restricted information. CC ID 04721 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Monitor and Evaluate Occurrences | Detective | |
| Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950 | Human Resources Management | Detective | |
| Detect unauthorized access to systems. CC ID 06798 | Monitor and Evaluate Occurrences | Detective | |
| Incorporate potential red flags into the organization's incident management system. CC ID 04652 | Monitor and Evaluate Occurrences | Detective | |
| Incorporate an Identity Theft Prevention Program into the organization's incident management system. CC ID 11634 | Audits and Risk Management | Preventive | |
| Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430 | Monitor and Evaluate Occurrences | Detective | |
| Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808 | Monitor and Evaluate Occurrences | Detective | |
| Monitor systems for unauthorized mobile code. CC ID 10034 | Monitor and Evaluate Occurrences | Preventive | |
| Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638 | Log Management | Detective | |
| Enable logging for all systems that meet a traceability criteria. CC ID 00640 | Log Management | Detective | |
| Enable and configure logging on all network access controls. CC ID 01963 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Configuration | Preventive | |
| Analyze firewall logs for the correct capturing of data. CC ID 00549 | Log Management | Detective | |
| Monitor and evaluate system performance. CC ID 00651 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Monitor and Evaluate Occurrences | Detective | |
| Disseminate and communicate monitoring capabilities with interested personnel and affected parties. CC ID 13156 | Communicate | Preventive | |
| Disseminate and communicate statistics on resource usage with interested personnel and affected parties. CC ID 13155 | Communicate | Preventive | |
| Establish, implement, and maintain a continuous monitoring program for configuration management. CC ID 06757 | Establish/Maintain Documentation | Detective | |
| Monitor and evaluate user account activity. CC ID 07066 [User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Monitor and Evaluate Occurrences | Detective | |
| Develop and maintain a usage profile for each user account. CC ID 07067 | Technical Security | Preventive | |
| Log account usage to determine dormant accounts. CC ID 12118 | Log Management | Detective | |
| Log account usage times. CC ID 07099 | Log Management | Detective | |
| Generate daily reports of user logons during hours outside of their usage profile. CC ID 07068 | Monitor and Evaluate Occurrences | Detective | |
| Generate daily reports of users who have grossly exceeded their usage profile logon duration. CC ID 07069 | Monitor and Evaluate Occurrences | Detective | |
| Log account usage durations. CC ID 12117 | Monitor and Evaluate Occurrences | Detective | |
| Notify the appropriate personnel after identifying dormant accounts. CC ID 12125 | Communicate | Detective | |
| Log Internet Protocol addresses used during logon. CC ID 07100 | Log Management | Detective | |
| Report red flags when logon credentials are used on a computer different from the one in the usage profile. CC ID 07070 | Monitor and Evaluate Occurrences | Detective | |
| Report inappropriate usage of user accounts to the appropriate personnel. CC ID 14243 | Communicate | Detective | |
| Establish, implement, and maintain a risk monitoring program. CC ID 00658 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Establish/Maintain Documentation | Preventive | |
| Monitor the organization's exposure to threats, as necessary. CC ID 06494 | Monitor and Evaluate Occurrences | Preventive | |
| Monitor and evaluate environmental threats. CC ID 13481 | Monitor and Evaluate Occurrences | Detective | |
| Implement a fraud detection system. CC ID 13081 | Business Processes | Preventive | |
| Update or adjust fraud detection systems, as necessary. CC ID 13684 | Process or Activity | Corrective | |
| Monitor for new vulnerabilities. CC ID 06843 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain a compliance testing strategy. CC ID 00659 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a self-assessment approach as part of the compliance testing strategy. CC ID 12833 | Testing | Preventive | |
| Test compliance controls for proper functionality. CC ID 00660 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations] | Testing | Detective | |
| Establish, implement, and maintain a system security plan. CC ID 01922 | Testing | Preventive | |
| Include a system description in the system security plan. CC ID 16467 | Establish/Maintain Documentation | Preventive | |
| Include a description of the operational context in the system security plan. CC ID 14301 | Establish/Maintain Documentation | Preventive | |
| Include the results of the security categorization in the system security plan. CC ID 14281 | Establish/Maintain Documentation | Preventive | |
| Include the information types in the system security plan. CC ID 14696 | Establish/Maintain Documentation | Preventive | |
| Include the security requirements in the system security plan. CC ID 14274 | Establish/Maintain Documentation | Preventive | |
| Include threats in the system security plan. CC ID 14693 | Establish/Maintain Documentation | Preventive | |
| Include network diagrams in the system security plan. CC ID 14273 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the system security plan. CC ID 14682 | Establish/Maintain Documentation | Preventive | |
| Include the results of the privacy risk assessment in the system security plan. CC ID 14676 | Establish/Maintain Documentation | Preventive | |
| Include remote access methods in the system security plan. CC ID 16441 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the system security plan to interested personnel and affected parties. CC ID 14275 | Communicate | Preventive | |
| Include a description of the operational environment in the system security plan. CC ID 14272 | Establish/Maintain Documentation | Preventive | |
| Include the security categorizations and rationale in the system security plan. CC ID 14270 | Establish/Maintain Documentation | Preventive | |
| Include the authorization boundary in the system security plan. CC ID 14257 | Establish/Maintain Documentation | Preventive | |
| Align the enterprise architecture with the system security plan. CC ID 14255 | Process or Activity | Preventive | |
| Include security controls in the system security plan. CC ID 14239 | Establish/Maintain Documentation | Preventive | |
| Create specific test plans to test each system component. CC ID 00661 | Establish/Maintain Documentation | Preventive | |
| Include the roles and responsibilities in the test plan. CC ID 14299 | Establish/Maintain Documentation | Preventive | |
| Include the assessment team in the test plan. CC ID 14297 | Establish/Maintain Documentation | Preventive | |
| Include the scope in the test plans. CC ID 14293 | Establish/Maintain Documentation | Preventive | |
| Include the assessment environment in the test plan. CC ID 14271 | Establish/Maintain Documentation | Preventive | |
| Approve the system security plan. CC ID 14241 | Business Processes | Preventive | |
| Adhere to the system security plan. CC ID 11640 | Testing | Detective | |
| Review the test plans for each system component. CC ID 00662 | Establish/Maintain Documentation | Preventive | |
| Validate all testing assumptions in the test plans. CC ID 00663 | Testing | Detective | |
| Document validated testing processes in the testing procedures. CC ID 06200 | Establish/Maintain Documentation | Preventive | |
| Require testing procedures to be complete. CC ID 00664 | Testing | Detective | |
| Include error details, identifying the root causes, and mitigation actions in the testing procedures. CC ID 11827 | Establish/Maintain Documentation | Preventive | |
| Determine the appropriate assessment method for each testing process in the test plan. CC ID 00665 | Testing | Preventive | |
| Implement automated audit tools. CC ID 04882 | Acquisition/Sale of Assets or Services | Preventive | |
| Assign senior management to approve test plans. CC ID 13071 | Human Resources Management | Preventive | |
| Analyze system audit reports and determine the need to perform more tests. CC ID 00666 | Testing | Detective | |
| Monitor devices continuously for conformance with production specifications. CC ID 06201 | Monitor and Evaluate Occurrences | Detective | |
| Establish, implement, and maintain a testing program. CC ID 00654 | Behavior | Preventive | |
| Test security systems and associated security procedures, as necessary. CC ID 11901 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Technical Security | Detective | |
| Establish, implement, and maintain a penetration test program. CC ID 01105 | Behavior | Preventive | |
| Perform penetration tests, as necessary. CC ID 00655 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Testing | Detective | |
| Perform internal penetration tests, as necessary. CC ID 12471 | Technical Security | Detective | |
| Perform external penetration tests, as necessary. CC ID 12470 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Technical Security | Detective | |
| Include coverage of all in scope systems during penetration testing. CC ID 11957 | Testing | Detective | |
| Test the system for broken access controls. CC ID 01319 | Testing | Detective | |
| Test the system for broken authentication and session management. CC ID 01320 | Testing | Detective | |
| Test the system for insecure communications. CC ID 00535 | Testing | Detective | |
| Test the system for cross-site scripting attacks. CC ID 01321 | Testing | Detective | |
| Test the system for buffer overflows. CC ID 01322 | Testing | Detective | |
| Test the system for injection flaws. CC ID 01323 | Testing | Detective | |
| Ensure protocols are free from injection flaws. CC ID 16401 | Process or Activity | Preventive | |
| Test the system for Denial of Service. CC ID 01326 | Testing | Detective | |
| Test the system for insecure configuration management. CC ID 01327 | Testing | Detective | |
| Perform network-layer penetration testing on all systems, as necessary. CC ID 01277 | Testing | Detective | |
| Test the system for cross-site request forgery. CC ID 06296 | Testing | Detective | |
| Perform application-layer penetration testing on all systems, as necessary. CC ID 11630 | Technical Security | Detective | |
| Perform penetration testing on segmentation controls, as necessary. CC ID 12498 | Technical Security | Detective | |
| Verify segmentation controls are operational and effective. CC ID 12545 | Audits and Risk Management | Detective | |
| Repeat penetration testing, as necessary. CC ID 06860 | Testing | Detective | |
| Test the system for covert channels. CC ID 10652 | Testing | Detective | |
| Estimate the maximum bandwidth of any covert channels. CC ID 10653 | Technical Security | Detective | |
| Reduce the maximum bandwidth of covert channels. CC ID 10655 | Technical Security | Corrective | |
| Test systems to determine which covert channels might be exploited. CC ID 10654 | Testing | Detective | |
| Establish, implement, and maintain a vulnerability management program. CC ID 15721 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a vulnerability assessment program. CC ID 11636 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Establish/Maintain Documentation | Preventive | |
| Perform vulnerability scans, as necessary. CC ID 11637 | Technical Security | Detective | |
| Repeat vulnerability scanning, as necessary. CC ID 11646 | Testing | Detective | |
| Identify and document security vulnerabilities. CC ID 11857 | Technical Security | Detective | |
| Rank discovered vulnerabilities. CC ID 11940 | Investigate | Detective | |
| Use dedicated user accounts when conducting vulnerability scans. CC ID 12098 | Technical Security | Preventive | |
| Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638 | Technical Security | Detective | |
| Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418 | Communicate | Preventive | |
| Maintain vulnerability scan reports as organizational records. CC ID 12092 | Records Management | Preventive | |
| Correlate vulnerability scan reports from the various systems. CC ID 10636 | Technical Security | Detective | |
| Perform internal vulnerability scans, as necessary. CC ID 00656 | Testing | Detective | |
| Perform vulnerability scans prior to installing payment applications. CC ID 12192 | Technical Security | Detective | |
| Implement scanning tools, as necessary. CC ID 14282 | Technical Security | Detective | |
| Update the vulnerability scanners' vulnerability list. CC ID 10634 | Configuration | Corrective | |
| Repeat vulnerability scanning after an approved change occurs. CC ID 12468 | Technical Security | Detective | |
| Perform external vulnerability scans, as necessary. CC ID 11624 | Technical Security | Detective | |
| Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467 | Business Processes | Preventive | |
| Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039 | Testing | Preventive | |
| Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635 | Technical Security | Detective | |
| Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748 | Behavior | Corrective | |
| Perform vulnerability assessments, as necessary. CC ID 11828 | Technical Security | Corrective | |
| Review applications for security vulnerabilities after the application is updated. CC ID 11938 | Technical Security | Detective | |
| Test the system for unvalidated input. CC ID 01318 | Testing | Detective | |
| Test the system for proper error handling. CC ID 01324 | Testing | Detective | |
| Test the system for insecure data storage. CC ID 01325 | Testing | Detective | |
| Test the system for access control enforcement in all Uniform Resource Locators. CC ID 06297 | Testing | Detective | |
| Correct or mitigate vulnerabilities. CC ID 12497 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Technical Security | Corrective | |
| Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated. CC ID 13859 | Technical Security | Corrective | |
| Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a metrics policy. CC ID 01654 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an approach for compliance monitoring. CC ID 01653 [The entity has processes for assuring adherence to information privacy policies and procedures through ongoing and separate evaluations. Refer to Component M9.0. M1.0 Monitoring and enforcement The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain risk management metrics. CC ID 01656 | Establish/Maintain Documentation | Preventive | |
| Report on the percentage of critical assets for which an assurance strategy is implemented. CC ID 01657 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of key organizational functions for which an assurance strategy is implemented. CC ID 01658 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of key compliance requirements for which an assurance strategy has been implemented. CC ID 01659 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of the Information System budget allocated to Information Security. CC ID 04571 | Actionable Reports or Measurements | Detective | |
| Identify information being used to support the performance of the governance, risk, and compliance capability. CC ID 12866 | Business Processes | Preventive | |
| Identify information being used to support performance reviews for risk optimization. CC ID 12865 | Audits and Risk Management | Preventive | |
| Monitor personnel and third parties for compliance to the organizational compliance framework. CC ID 04726 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Monitor and Evaluate Occurrences | Detective | |
| Identify and document instances of non-compliance with the compliance framework. CC ID 06499 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Establish/Maintain Documentation | Preventive | |
| Align enforcement reviews for non-compliance with organizational risk tolerance. CC ID 13063 | Business Processes | Detective | |
| Determine the causes of compliance violations. CC ID 12401 | Investigate | Corrective | |
| Identify and document events surrounding non-compliance with the organizational compliance framework. CC ID 12935 | Establish/Maintain Documentation | Preventive | |
| Determine if multiple compliance violations of the same type could occur. CC ID 12402 | Investigate | Detective | |
| Correct compliance violations. CC ID 13515 [The entity takes remedial action in response to misuse of PI by a third party to whom the entity has transferred such information. D6.5 Remediates misuse of PI by third parties The entity takes remedial action in response to misuse of PI by a third party to whom the entity has transferred such information. D6.6 Remediates misuse of PI by third parties The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Process or Activity | Corrective | |
| Review the effectiveness of disciplinary actions carried out for compliance violations. CC ID 12403 | Investigate | Detective | |
| Carry out disciplinary actions when a compliance violation is detected. CC ID 06675 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Behavior | Corrective | |
| Align disciplinary actions with the level of compliance violation. CC ID 12404 | Human Resources Management | Preventive | |
| Establish, implement, and maintain disciplinary action notices. CC ID 16577 | Establish/Maintain Documentation | Preventive | |
| Include a copy of the order in the disciplinary action notice. CC ID 16606 | Establish/Maintain Documentation | Preventive | |
| Include the sanctions imposed in the disciplinary action notice. CC ID 16599 | Establish/Maintain Documentation | Preventive | |
| Include the effective date of the sanctions in the disciplinary action notice. CC ID 16589 | Establish/Maintain Documentation | Preventive | |
| Include the requirements that were violated in the disciplinary action notice. CC ID 16588 | Establish/Maintain Documentation | Preventive | |
| Include responses to charges from interested personnel and affected parties in the disciplinary action notice. CC ID 16587 | Establish/Maintain Documentation | Preventive | |
| Include the reasons for imposing sanctions in the disciplinary action notice. CC ID 16586 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the disciplinary action notice to interested personnel and affected parties. CC ID 16585 | Communicate | Preventive | |
| Include required information in the disciplinary action notice. CC ID 16584 | Establish/Maintain Documentation | Preventive | |
| Include a justification for actions taken in the disciplinary action notice. CC ID 16583 | Establish/Maintain Documentation | Preventive | |
| Include a statement on the conclusions of the investigation in the disciplinary action notice. CC ID 16582 | Establish/Maintain Documentation | Preventive | |
| Include the investigation results in the disciplinary action notice. CC ID 16581 | Establish/Maintain Documentation | Preventive | |
| Include a description of the causes of the actions taken in the disciplinary action notice. CC ID 16580 | Establish/Maintain Documentation | Preventive | |
| Include the name of the person responsible for the charges in the disciplinary action notice. CC ID 16579 | Establish/Maintain Documentation | Preventive | |
| Include contact information in the disciplinary action notice. CC ID 16578 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain compliance program metrics. CC ID 11625 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain a security program metrics program. CC ID 01660 | Establish/Maintain Documentation | Preventive | |
| Report on the policies and controls that have been implemented by management. CC ID 01670 | Actionable Reports or Measurements | Detective | |
| Establish, implement, and maintain a key management roles metrics standard. CC ID 11631 | Establish/Maintain Documentation | Preventive | |
| Report on the percentage of security management roles that have been assigned. CC ID 01671 | Actionable Reports or Measurements | Detective | |
| Establish, implement, and maintain a key stakeholder metrics program. CC ID 01661 | Establish/Maintain Documentation | Preventive | |
| Report on the percentage of board meetings or committee meetings at which Information Assurance was on the agenda. CC ID 01672 | Actionable Reports or Measurements | Detective | |
| Establish, implement, and maintain a supply chain member metrics program. CC ID 01662 | Establish/Maintain Documentation | Preventive | |
| Report on the percentage of supply chain members for which all Information Assurance requirements have been implemented. CC ID 01675 | Actionable Reports or Measurements | Detective | |
| Report on the Service Level Agreement performance of supply chain members. CC ID 06838 | Actionable Reports or Measurements | Preventive | |
| Establish, implement, and maintain a Business Continuity metrics program. CC ID 01663 | Establish/Maintain Documentation | Preventive | |
| Report on the percentage of organizational units that have an established Business Continuity Plan. CC ID 01676 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of organizational units with a documented Business Continuity Plan for which specific responsibilities have been assigned. CC ID 02057 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of Business Continuity Plans that have been reviewed, tested, and updated. CC ID 02058 | Actionable Reports or Measurements | Detective | |
| Establish, implement, and maintain an audit metrics program. CC ID 01664 | Establish/Maintain Documentation | Preventive | |
| Report on the percentage of needed internal audits that have been completed and reviewed. CC ID 01677 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of Information Security requirements from applicable laws and regulations that are included in the audit program. CC ID 02069 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of needed external audits that have been completed and reviewed. CC ID 11632 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of Information Security audits conducted in compliance with the approved audit program. CC ID 02070 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of audit findings that have been resolved since the last audit. CC ID 01678 | Actionable Reports or Measurements | Detective | |
| Report on the percentage of management actions in response to audit findings and audit recommendations that were implemented in a timely way. CC ID 02071 | Actionable Reports or Measurements | Detective | |
| Establish, implement, and maintain an Information Security metrics program. CC ID 01665 | Establish/Maintain Documentation | Preventive | |
| Report compliance monitoring statistics to the Board of Directors and other critical stakeholders, as necessary. CC ID 00676 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Actionable Reports or Measurements | Corrective | |
Operational and Systems Continuity | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Operational and Systems Continuity CC ID 00731 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a business continuity program. CC ID 13210 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a continuity plan. CC ID 00752 | Establish/Maintain Documentation | Preventive | |
| Document and use the lessons learned to update the continuity plan. CC ID 10037 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Establish/Maintain Documentation | Preventive | |
| Include incident management procedures in the continuity plan. CC ID 13244 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain the continuity procedures. CC ID 14236 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Establish/Maintain Documentation | Corrective | |
| Disseminate and communicate the continuity procedures to interested personnel and affected parties. CC ID 14055 | Communicate | Preventive | |
| Establish, implement, and maintain a recovery plan. CC ID 13288 | Establish/Maintain Documentation | Preventive | |
| Test the recovery plan, as necessary. CC ID 13290 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Testing | Detective | |
| Test the backup information, as necessary. CC ID 13303 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Testing | Detective | |
| Document lessons learned from testing the recovery plan or an actual event. CC ID 13301 | Establish/Maintain Documentation | Detective | |
| Establish, implement, and maintain system continuity plan strategies. CC ID 00735 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Establish/Maintain Documentation | Preventive | |
| Include emergency operating procedures in the continuity plan. CC ID 11694 | Establish/Maintain Documentation | Preventive | |
| Include a system acquisition process for critical systems in the emergency mode operation plan. CC ID 01369 | Establish/Maintain Documentation | Preventive | |
| Define and prioritize critical business functions. CC ID 00736 | Establish/Maintain Documentation | Detective | |
| Review and prioritize the importance of each business unit. CC ID 01165 | Systems Continuity | Preventive | |
| Review and prioritize the importance of each business process. CC ID 11689 | Establish/Maintain Documentation | Preventive | |
| Document the mean time to failure for system components. CC ID 10684 | Systems Continuity | Preventive | |
| Conduct a risk assessment on reciprocal agreements that provide for recovery capabilities. CC ID 12759 | Audits and Risk Management | Preventive | |
| Establish, implement, and maintain Recovery Time Objectives for all in scope services. CC ID 12241 | Systems Continuity | Preventive | |
| Establish, implement, and maintain Recovery Point Objectives for all in scope systems. CC ID 15719 | Systems Continuity | Preventive | |
| Reconfigure restored systems to meet the Recovery Point Objectives. CC ID 01256 | Configuration | Corrective | |
| Establish, implement, and maintain Recovery Time Objectives for all in scope systems. CC ID 11688 | Establish/Maintain Documentation | Preventive | |
| Reconfigure restored systems to meet the Recovery Time Objectives. CC ID 11693 | Process or Activity | Corrective | |
| Define and prioritize critical business records. CC ID 11687 | Establish/Maintain Documentation | Preventive | |
| Identify all critical business records. CC ID 00737 | Records Management | Detective | |
| Include the protection of personnel in the continuity plan. CC ID 06378 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a critical personnel list. CC ID 00739 | Establish/Maintain Documentation | Detective | |
| Identify alternate personnel for each person on the critical personnel list. CC ID 12771 | Human Resources Management | Preventive | |
| Define the triggering events for when to activate the pandemic plan. CC ID 06801 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a critical third party list. CC ID 06815 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate critical third party dependencies to interested personnel and affected parties. CC ID 06816 | Behavior | Preventive | |
| Establish, implement, and maintain a critical resource list. CC ID 00740 | Establish/Maintain Documentation | Detective | |
| Define and maintain continuity Service Level Agreements for all critical resources. CC ID 00741 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain a core supply inventory required to support critical business functions. CC ID 04890 | Establish/Maintain Documentation | Preventive | |
| Include workstation continuity procedures in the continuity plan. CC ID 01378 | Establish/Maintain Documentation | Preventive | |
| Include server continuity procedures in the continuity plan. CC ID 01379 | Establish/Maintain Documentation | Preventive | |
| Include website continuity procedures in the continuity plan. CC ID 01380 | Establish/Maintain Documentation | Preventive | |
| Post all required information on organizational websites and ensure all hyperlinks are working. CC ID 04579 | Data and Information Management | Preventive | |
| Include near-line capabilities in the continuity plan. CC ID 01383 | Establish/Maintain Documentation | Preventive | |
| Include online capabilities in the continuity plan. CC ID 11690 | Establish/Maintain Documentation | Preventive | |
| Include mainframe continuity procedures in the continuity plan. CC ID 01382 | Establish/Maintain Documentation | Preventive | |
| Include telecommunications continuity procedures in the continuity plan. CC ID 11691 | Establish/Maintain Documentation | Preventive | |
| Include system continuity procedures in the continuity plan. CC ID 01268 | Establish/Maintain Documentation | Preventive | |
| Include Internet Service Provider continuity procedures in the continuity plan. CC ID 00743 | Establish/Maintain Documentation | Detective | |
| Include Local Area Network continuity procedures in the continuity plan. CC ID 01381 | Establish/Maintain Documentation | Preventive | |
| Include Wide Area Network continuity procedures in the continuity plan. CC ID 01294 | Establish/Maintain Documentation | Preventive | |
| Include priority-of-service provisions in the telecommunications Service Level Agreements. CC ID 01396 | Establish/Maintain Documentation | Preventive | |
| Refrain from sharing a single point of failure between the alternate telecommunications service providers and the primary telecommunications service providers. CC ID 01397 | Testing | Detective | |
| Separate the alternate telecommunications service providers from the primary telecommunications service providers through geographic separation, so as to not be susceptible to the same hazards. CC ID 01399 | Testing | Detective | |
| Require telecommunications service providers to have adequate continuity plans. CC ID 01400 | Testing | Detective | |
| Include emergency power continuity procedures in the continuity plan. CC ID 01254 | Establish/Maintain Documentation | Preventive | |
| Include evacuation procedures in the continuity plan. CC ID 12773 | Systems Continuity | Preventive | |
| Include damaged site continuity procedures that cover continuing operations in a partially functional primary facility in the continuity plan. CC ID 01374 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain at-risk structure removal or relocation procedures. CC ID 01247 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain physical hazard segregation or removal procedures. CC ID 01248 | Physical and Environmental Protection | Corrective | |
| Designate an alternate facility in the continuity plan. CC ID 00742 | Establish/Maintain Documentation | Detective | |
| Separate the alternate facility from the primary facility through geographic separation. CC ID 01394 | Physical and Environmental Protection | Preventive | |
| Outline explicit mitigation actions for facility accessibility issues that might take place when an area-wide disruption occurs or an area-wide disaster occurs. CC ID 01391 | Establish/Maintain Documentation | Preventive | |
| Include technical preparation considerations for backup operations in the continuity plan. CC ID 01250 | Establish/Maintain Documentation | Preventive | |
| Include a backup rotation scheme in the backup policy. CC ID 16219 | Establish/Maintain Documentation | Preventive | |
| Include naming conventions in the backup policy. CC ID 16218 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain backup procedures for in scope systems. CC ID 01258 | Systems Continuity | Preventive | |
| Determine which data elements to back up. CC ID 13483 | Data and Information Management | Detective | |
| Document the backup method and backup frequency on a case-by-case basis in the backup procedures. CC ID 01384 | Systems Continuity | Preventive | |
| Establish and maintain off-site electronic media storage facilities. CC ID 00957 | Physical and Environmental Protection | Preventive | |
| Separate the off-site electronic media storage facilities from the primary facility through geographic separation. CC ID 01390 | Testing | Detective | |
| Configure the off-site electronic media storage facilities to utilize timely and effective recovery operations. CC ID 01392 | Configuration | Preventive | |
| Outline explicit mitigation actions for potential off-site electronic media storage facilities accessibility issues for when area-wide disruptions occur or area-wide disasters occur. CC ID 01393 | Establish/Maintain Documentation | Preventive | |
| Review the security of the off-site electronic media storage facilities, as necessary. CC ID 00573 | Systems Continuity | Detective | |
| Store backup media at an off-site electronic media storage facility. CC ID 01332 | Data and Information Management | Preventive | |
| Transport backup media in lockable electronic media storage containers. CC ID 01264 | Data and Information Management | Preventive | |
| Store backup media in a fire-rated container which is not collocated with the operational system. CC ID 14289 | Systems Continuity | Preventive | |
| Identify the access methods for backup media at both the primary facility and the off-site electronic media storage facility. CC ID 01257 | Data and Information Management | Preventive | |
| Store backup vital records in a manner that is accessible for emergency retrieval. CC ID 12765 | Systems Continuity | Preventive | |
| Establish, implement, and maintain security controls to protect offsite data. CC ID 16259 | Data and Information Management | Preventive | |
| Perform backup procedures for in scope systems. CC ID 11692 | Process or Activity | Preventive | |
| Perform full backups in accordance with organizational standards. CC ID 16376 | Data and Information Management | Preventive | |
| Perform incremental backups in accordance with organizational standards. CC ID 16375 | Data and Information Management | Preventive | |
| Back up all records. CC ID 11974 | Systems Continuity | Preventive | |
| Use virtual machine snapshots for full backups and changed block tracking (CBT) for incremental backups. CC ID 16374 | Data and Information Management | Preventive | |
| Document the Recovery Point Objective for triggering backup operations and restoration operations. CC ID 01259 | Establish/Maintain Documentation | Preventive | |
| Encrypt backup data. CC ID 00958 | Configuration | Preventive | |
| Log the execution of each backup. CC ID 00956 | Establish/Maintain Documentation | Preventive | |
| Test backup media for media integrity and information integrity, as necessary. CC ID 01401 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Testing | Detective | |
| Test backup media at the alternate facility in addition to testing at the primary facility. CC ID 06375 | Testing | Detective | |
| Test each restored system for media integrity and information integrity. CC ID 01920 | Testing | Detective | |
| Include stakeholders when testing restored systems, as necessary. CC ID 13066 | Testing | Corrective | |
| Digitally sign disk images, as necessary. CC ID 06814 | Establish/Maintain Documentation | Preventive | |
| Include emergency communications procedures in the continuity plan. CC ID 00750 | Establish/Maintain Documentation | Preventive | |
| Include managing multiple responding organizations in the emergency communications procedure. CC ID 01249 | Establish/Maintain Documentation | Preventive | |
| Expedite emergency communications' fiscal decisions in accordance with accounting principles. CC ID 01266 | Systems Continuity | Preventive | |
| Maintain contact information for key third parties in a readily accessible manner. CC ID 12764 | Establish/Maintain Documentation | Preventive | |
| Log important conversations conducted during emergencies with third parties. CC ID 12763 | Log Management | Preventive | |
| Identify the appropriate staff to route external communications to in the emergency communications procedures. CC ID 12762 | Communicate | Preventive | |
| Identify who can speak to the media in the emergency communications procedures. CC ID 12761 | Communicate | Corrective | |
| Use available financial resources for the efficaciousness of the service continuity strategy. CC ID 01370 | Testing | Detective | |
| Include the ability to obtain additional liquidity in the continuity plan. CC ID 12770 | Acquisition/Sale of Assets or Services | Preventive | |
| Minimize system continuity requirements. CC ID 00753 | Establish/Maintain Documentation | Preventive | |
| Include purchasing insurance in the continuity plan. CC ID 00762 | Establish/Maintain Documentation | Preventive | |
| Obtain an insurance policy that covers business interruptions applicable to organizational needs and geography. CC ID 06682 | Acquisition/Sale of Assets or Services | Preventive | |
| Obtain an insurance policy to cover business products and services delivered to clients. CC ID 06683 | Acquisition/Sale of Assets or Services | Preventive | |
| Review the insurance coverage of the insurance policy, as necessary. CC ID 12688 | Business Processes | Detective | |
| Review the beneficiaries of the insurance policy. CC ID 16563 | Business Processes | Detective | |
| Determine the adequacy of errors and omissions insurance in the organization's insurance policy. CC ID 13281 | Establish/Maintain Documentation | Detective | |
| Determine the adequacy of insurance coverage for items in transit in the organization's insurance policy. CC ID 13283 | Establish/Maintain Documentation | Detective | |
| Determine the adequacy of insurance coverage for employee fidelity in the organization's insurance policy. CC ID 13282 | Establish/Maintain Documentation | Detective | |
| Determine the adequacy of insurance coverage for assets in the organization's insurance policy. CC ID 14827 | Establish/Maintain Documentation | Preventive | |
| Determine the adequacy of insurance coverage for Information Technology assets in the organization's insurance policy. CC ID 13279 | Establish/Maintain Documentation | Preventive | |
| Determine the adequacy of insurance coverage for facilities in the organization's insurance policy. CC ID 13280 | Establish/Maintain Documentation | Preventive | |
| Determine the adequacy of insurance coverage for printed records in the organization's insurance policy. CC ID 13278 | Establish/Maintain Documentation | Preventive | |
| Determine the adequacy of media reconstruction in the organization's insurance policy. CC ID 13277 | Establish/Maintain Documentation | Detective | |
| Validate information security continuity controls regularly. CC ID 12008 | Systems Continuity | Preventive | |
| Establish, implement, and maintain a business continuity plan testing program. CC ID 14829 | Testing | Preventive | |
| Establish, implement, and maintain a continuity test plan. CC ID 04896 | Establish/Maintain Documentation | Preventive | |
| Include testing all system components in the continuity test plan. CC ID 13508 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Establish/Maintain Documentation | Preventive | |
| Include test scenarios in the continuity test plan. CC ID 13506 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Establish/Maintain Documentation | Preventive | |
| Test the continuity plan, as necessary. CC ID 00755 [{business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Testing | Detective | |
| Include coverage of all major components in the scope of testing the continuity plan. CC ID 12767 [{business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Testing | Preventive | |
| Include third party recovery services in the scope of testing the continuity plan. CC ID 12766 | Testing | Preventive | |
| Validate the emergency communications procedures during continuity plan tests. CC ID 12777 | Testing | Preventive | |
| Include the coordination and interfaces among third parties in the coverage of the scope of testing the continuity plan. CC ID 12769 | Testing | Preventive | |
| Involve senior management, as necessary, when testing the continuity plan. CC ID 13793 | Testing | Detective | |
| Test the continuity plan under conditions that simulate a disaster or disruption. CC ID 00757 | Testing | Detective | |
| Analyze system interdependence during continuity plan tests. CC ID 13082 | Testing | Detective | |
| Validate the evacuation plans during continuity plan tests. CC ID 12760 | Testing | Preventive | |
| Test the continuity plan at the alternate facility. CC ID 01174 | Testing | Detective | |
| Include predefined goals and realistic conditions during off-site testing. CC ID 01175 | Establish/Maintain Documentation | Preventive | |
| Coordinate testing the continuity plan with all applicable business units and critical business functions. CC ID 01388 | Testing | Preventive | |
| Review all third party's continuity plan test results. CC ID 01365 | Testing | Detective | |
| Automate the off-site testing to more thoroughly test the continuity plan. CC ID 01389 | Testing | Detective | |
| Document the continuity plan test results and provide them to interested personnel and affected parties. CC ID 06548 | Actionable Reports or Measurements | Preventive | |
| Approve the continuity plan test results. CC ID 15718 | Systems Continuity | Preventive | |
| Retest the continuity plan after correcting reported deficiencies documented in the continuity plan test results. CC ID 06553 | Testing | Detective | |
| Conduct full recovery and restoration of service testing for high impact systems at the alternate facility. CC ID 01404 | Testing | Detective | |
Operational management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Operational management CC ID 00805 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an information security program. CC ID 00812 | Establish/Maintain Documentation | Preventive | |
| Include environmental security in the information security program. CC ID 12383 [The entity protects PI, in all forms, against accidental disclosure due to natural disasters and environmental hazards. S7.4] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 | Establish/Maintain Documentation | Preventive | |
| Include Bring Your Own Device security guidelines in the Acceptable Use Policy. CC ID 01352 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Establish/Maintain Documentation | Preventive | |
| Include asset use policies in the Acceptable Use Policy. CC ID 01355 | Establish/Maintain Documentation | Preventive | |
| Include a removable storage media use policy in the Acceptable Use Policy. CC ID 06772 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Data and Information Management | Preventive | |
| Establish, implement, and maintain a use of information agreement. CC ID 06215 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1] | Establish/Maintain Documentation | Preventive | |
| Include use limitations in the use of information agreement. CC ID 06244 | Establish/Maintain Documentation | Preventive | |
| Include disclosure requirements in the use of information agreement. CC ID 11735 | Establish/Maintain Documentation | Preventive | |
| Include information recipients in the use of information agreement. CC ID 06245 | Establish/Maintain Documentation | Preventive | |
| Include reporting out of scope use of information in the use of information agreement. CC ID 06246 | Establish/Maintain Documentation | Preventive | |
| Include disclosure of information in the use of information agreement. CC ID 11830 | Establish/Maintain Documentation | Preventive | |
| Include information security procedures assigned to the information recipient in the use of information agreement. CC ID 07130 | Establish/Maintain Documentation | Preventive | |
| Include information security procedures assigned to the originator in the use of information agreement. CC ID 14418 | Establish/Maintain Documentation | Preventive | |
| Include a do not contact rule for the individuals identified in a data set in the use of information agreement. CC ID 07131 | Establish/Maintain Documentation | Preventive | |
| Include the information recipient's third parties accepting the agreement in the use of information agreement. CC ID 07132 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an Asset Management program. CC ID 06630 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Business Processes | Preventive | |
| Establish, implement, and maintain an asset management policy. CC ID 15219 | Establish/Maintain Documentation | Preventive | |
| Include coordination amongst entities in the asset management policy. CC ID 16424 | Business Processes | Preventive | |
| Establish, implement, and maintain asset management procedures. CC ID 16748 | Establish/Maintain Documentation | Preventive | |
| Assign an information owner to organizational assets, as necessary. CC ID 12729 | Human Resources Management | Preventive | |
| Define and prioritize the importance of each asset in the asset management program. CC ID 16837 | Business Processes | Preventive | |
| Include life cycle requirements in the security management program. CC ID 16392 | Establish/Maintain Documentation | Preventive | |
| Include program objectives in the asset management program. CC ID 14413 | Establish/Maintain Documentation | Preventive | |
| Include a commitment to continual improvement in the asset management program. CC ID 14412 | Establish/Maintain Documentation | Preventive | |
| Include compliance with applicable requirements in the asset management program. CC ID 14411 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain administrative controls over all assets. CC ID 16400 | Business Processes | Preventive | |
| Establish, implement, and maintain classification schemes for all systems and assets. CC ID 01902 | Establish/Maintain Documentation | Preventive | |
| Apply security controls to each level of the information classification standard. CC ID 01903 | Systems Design, Build, and Implementation | Preventive | |
| Establish, implement, and maintain the systems' confidentiality level. CC ID 01904 | Establish/Maintain Documentation | Preventive | |
| Define confidentiality controls. CC ID 01908 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain the systems' availability level. CC ID 01905 | Establish/Maintain Documentation | Preventive | |
| Restrict unscheduled downtime in order to maintain high availability for critical systems. CC ID 12742 | Process or Activity | Preventive | |
| Define integrity controls. CC ID 01909 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain the systems' integrity level. CC ID 01906 | Establish/Maintain Documentation | Preventive | |
| Define availability controls. CC ID 01911 | Establish/Maintain Documentation | Preventive | |
| Establish safety classifications for systems according to their potential harmful effects to operators or end users. CC ID 06603 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an asset safety classification scheme. CC ID 06604 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain the Asset Classification Policy. CC ID 06642 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the Asset Classification Policy to interested personnel and affected parties. CC ID 14851 | Communicate | Preventive | |
| Classify assets according to the Asset Classification Policy. CC ID 07186 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Establish Roles | Preventive | |
| Classify virtual systems by type and purpose. CC ID 16332 | Business Processes | Preventive | |
| Document the decision for assigning an asset to a specific asset classification in the Asset Classification Policy. CC ID 07185 | Establish/Maintain Documentation | Preventive | |
| Apply asset protection mechanisms for all assets according to their assigned Asset Classification Policy. CC ID 07184 | Establish Roles | Preventive | |
| Disallow systems from processing information, disseminating and communicating information, or storing information that is above the system's assigned asset classification. CC ID 06606 | Configuration | Preventive | |
| Assign decomposed system components the same asset classification as the originating system. CC ID 06605 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an asset inventory. CC ID 06631 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Business Processes | Preventive | |
| Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689 | Establish/Maintain Documentation | Preventive | |
| Include all account types in the Information Technology inventory. CC ID 13311 | Establish/Maintain Documentation | Preventive | |
| Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695 | Systems Design, Build, and Implementation | Preventive | |
| Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289 [The types of PI and sensitive PI and the related processes, systems and third parties involved in the handling of such information are identified. D6.7 Identifies types of PI and handling processes] | Data and Information Management | Preventive | |
| Include each Information System's major applications in the Information Technology inventory. CC ID 01407 | Establish/Maintain Documentation | Preventive | |
| Categorize all major applications according to the business information they process. CC ID 07182 | Establish/Maintain Documentation | Preventive | |
| Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164 | Establish/Maintain Documentation | Preventive | |
| Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408 | Establish/Maintain Documentation | Preventive | |
| Include each Information System's minor applications in the Information Technology inventory. CC ID 01409 | Establish/Maintain Documentation | Preventive | |
| Conduct environmental surveys. CC ID 00690 | Physical and Environmental Protection | Preventive | |
| Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a hardware asset inventory. CC ID 00691 | Establish/Maintain Documentation | Preventive | |
| Include network equipment in the Information Technology inventory. CC ID 00693 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Establish/Maintain Documentation | Preventive | |
| Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719 | Establish/Maintain Documentation | Preventive | |
| Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885 | Process or Activity | Preventive | |
| Include software in the Information Technology inventory. CC ID 00692 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain a list of authorized software and versions required for each system. CC ID 12093 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a storage media inventory. CC ID 00694 | Establish/Maintain Documentation | Preventive | |
| Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962 | Establish/Maintain Documentation | Detective | |
| Establish, implement, and maintain a records inventory and database inventory. CC ID 01260 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Establish/Maintain Documentation | Preventive | |
| Add inventoried assets to the asset register database, as necessary. CC ID 07051 | Establish/Maintain Documentation | Preventive | |
| Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052 | Monitor and Evaluate Occurrences | Corrective | |
| Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053 | Monitor and Evaluate Occurrences | Corrective | |
| Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181 | Establish/Maintain Documentation | Preventive | |
| Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054 | Technical Security | Preventive | |
| Link the authentication system to the asset inventory. CC ID 13718 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Technical Security | Preventive | |
| Record a unique name for each asset in the asset inventory. CC ID 16305 | Data and Information Management | Preventive | |
| Record the decommission date for applicable assets in the asset inventory. CC ID 14920 | Establish/Maintain Documentation | Preventive | |
| Record the status of information systems in the asset inventory. CC ID 16304 | Data and Information Management | Preventive | |
| Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301 | Data and Information Management | Preventive | |
| Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918 | Establish/Maintain Documentation | Preventive | |
| Include source code in the asset inventory. CC ID 14858 | Records Management | Preventive | |
| Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344 | Human Resources Management | Preventive | |
| Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110 | Technical Security | Detective | |
| Record the review date for applicable assets in the asset inventory. CC ID 14919 | Establish/Maintain Documentation | Preventive | |
| Record software license information for each asset in the asset inventory. CC ID 11736 | Data and Information Management | Preventive | |
| Record services for applicable assets in the asset inventory. CC ID 13733 | Establish/Maintain Documentation | Preventive | |
| Record protocols for applicable assets in the asset inventory. CC ID 13734 | Establish/Maintain Documentation | Preventive | |
| Record the software version in the asset inventory. CC ID 12196 | Establish/Maintain Documentation | Preventive | |
| Record the publisher for applicable assets in the asset inventory. CC ID 13725 | Establish/Maintain Documentation | Preventive | |
| Record the authentication system in the asset inventory. CC ID 13724 | Establish/Maintain Documentation | Preventive | |
| Tag unsupported assets in the asset inventory. CC ID 13723 | Establish/Maintain Documentation | Preventive | |
| Record the install date for applicable assets in the asset inventory. CC ID 13720 | Establish/Maintain Documentation | Preventive | |
| Record the make, model of device for applicable assets in the asset inventory. CC ID 12465 | Establish/Maintain Documentation | Preventive | |
| Record the asset tag for physical assets in the asset inventory. CC ID 06632 | Establish/Maintain Documentation | Preventive | |
| Record the host name of applicable assets in the asset inventory. CC ID 13722 | Establish/Maintain Documentation | Preventive | |
| Record network ports for applicable assets in the asset inventory. CC ID 13730 | Establish/Maintain Documentation | Preventive | |
| Record the MAC address for applicable assets in the asset inventory. CC ID 13721 | Establish/Maintain Documentation | Preventive | |
| Record the operating system version for applicable assets in the asset inventory. CC ID 11748 | Data and Information Management | Preventive | |
| Record the operating system type for applicable assets in the asset inventory. CC ID 06633 | Establish/Maintain Documentation | Preventive | |
| Record rooms at external locations in the asset inventory. CC ID 16302 | Data and Information Management | Preventive | |
| Record the department associated with the asset in the asset inventory. CC ID 12084 | Establish/Maintain Documentation | Preventive | |
| Record the physical location for applicable assets in the asset inventory. CC ID 06634 | Establish/Maintain Documentation | Preventive | |
| Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635 | Establish/Maintain Documentation | Preventive | |
| Record the firmware version for applicable assets in the asset inventory. CC ID 12195 | Establish/Maintain Documentation | Preventive | |
| Record the related business function for applicable assets in the asset inventory. CC ID 06636 | Establish/Maintain Documentation | Preventive | |
| Record the deployment environment for applicable assets in the asset inventory. CC ID 06637 | Establish/Maintain Documentation | Preventive | |
| Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638 | Establish/Maintain Documentation | Preventive | |
| Record trusted keys and certificates in the asset inventory. CC ID 15486 | Data and Information Management | Preventive | |
| Record cipher suites and protocols in the asset inventory. CC ID 15489 | Data and Information Management | Preventive | |
| Link the software asset inventory to the hardware asset inventory. CC ID 12085 | Establish/Maintain Documentation | Preventive | |
| Record the owner for applicable assets in the asset inventory. CC ID 06640 | Establish/Maintain Documentation | Preventive | |
| Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696 | Establish/Maintain Documentation | Preventive | |
| Record all changes to assets in the asset inventory. CC ID 12190 | Establish/Maintain Documentation | Preventive | |
| Record cloud service derived data in the asset inventory. CC ID 13007 | Establish/Maintain Documentation | Preventive | |
| Include cloud service customer data in the asset inventory. CC ID 13006 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a software accountability policy. CC ID 00868 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain software asset management procedures. CC ID 00895 | Establish/Maintain Documentation | Preventive | |
| Prevent users from disabling required software. CC ID 16417 | Technical Security | Preventive | |
| Establish, implement, and maintain software archives procedures. CC ID 00866 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain software distribution procedures. CC ID 00894 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain software documentation management procedures. CC ID 06395 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain software license management procedures. CC ID 06639 | Establish/Maintain Documentation | Preventive | |
| Automate software license monitoring, as necessary. CC ID 07057 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain digital legacy procedures. CC ID 16524 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a system redeployment program. CC ID 06276 | Establish/Maintain Documentation | Preventive | |
| Test systems for malicious code prior to when the system will be redeployed. CC ID 06339 | Testing | Detective | |
| Notify interested personnel and affected parties prior to when the system is redeployed or the system is disposed. CC ID 06400 | Behavior | Preventive | |
| Wipe all data on systems prior to when the system is redeployed or the system is disposed. CC ID 06401 | Data and Information Management | Preventive | |
| Transfer legal ownership of assets when the system is redeployed to a third party. CC ID 06698 | Acquisition/Sale of Assets or Services | Preventive | |
| Document the staff's operating knowledge of the system prior to a personnel status change. CC ID 06937 | Establish/Maintain Documentation | Preventive | |
| Redeploy systems to other organizational units, as necessary. CC ID 11452 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a system disposal program. CC ID 14431 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain disposal procedures. CC ID 16513 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain asset sanitization procedures. CC ID 16511 | Establish/Maintain Documentation | Preventive | |
| Destroy systems in accordance with the system disposal program. CC ID 16457 | Business Processes | Preventive | |
| Approve the release of systems and waste material into the public domain. CC ID 16461 | Business Processes | Preventive | |
| Establish, implement, and maintain system destruction procedures. CC ID 16474 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain printer and multifunction device disposition procedures. CC ID 15216 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a system preventive maintenance program. CC ID 00885 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain maintenance reports. CC ID 11749 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain system inspection reports. CC ID 06346 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a system maintenance policy. CC ID 14032 | Establish/Maintain Documentation | Preventive | |
| Include compliance requirements in the system maintenance policy. CC ID 14217 | Establish/Maintain Documentation | Preventive | |
| Include management commitment in the system maintenance policy. CC ID 14216 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the system maintenance policy. CC ID 14215 | Establish/Maintain Documentation | Preventive | |
| Include the scope in the system maintenance policy. CC ID 14214 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the system maintenance policy to interested personnel and affected parties. CC ID 14213 | Communicate | Preventive | |
| Include the purpose in the system maintenance policy. CC ID 14187 | Establish/Maintain Documentation | Preventive | |
| Include coordination amongst entities in the system maintenance policy. CC ID 14181 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain system maintenance procedures. CC ID 14059 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the system maintenance procedures to interested personnel and affected parties. CC ID 14194 | Communicate | Preventive | |
| Establish, implement, and maintain a technology refresh plan. CC ID 13061 | Establish/Maintain Documentation | Preventive | |
| Plan and conduct maintenance so that it does not interfere with scheduled operations. CC ID 06389 | Physical and Environmental Protection | Preventive | |
| Maintain contact with the device manufacturer or component manufacturer for maintenance requests. CC ID 06388 | Behavior | Preventive | |
| Use system components only when third party support is available. CC ID 10644 | Maintenance | Preventive | |
| Obtain justification for the continued use of system components when third party support is no longer available. CC ID 10645 | Maintenance | Preventive | |
| Control and monitor all maintenance tools. CC ID 01432 | Physical and Environmental Protection | Detective | |
| Obtain approval before removing maintenance tools from the facility. CC ID 14298 | Business Processes | Preventive | |
| Control remote maintenance according to the system's asset classification. CC ID 01433 | Technical Security | Preventive | |
| Separate remote maintenance sessions from other network sessions with a logically separate communications path based upon encryption. CC ID 10614 | Configuration | Preventive | |
| Approve all remote maintenance sessions. CC ID 10615 | Technical Security | Preventive | |
| Log the performance of all remote maintenance. CC ID 13202 | Log Management | Preventive | |
| Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 | Technical Security | Preventive | |
| Conduct offsite maintenance in authorized facilities. CC ID 16473 | Maintenance | Preventive | |
| Conduct maintenance with authorized personnel. CC ID 01434 | Testing | Detective | |
| Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295 | Maintenance | Preventive | |
| Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291 | Maintenance | Preventive | |
| Respond to maintenance requests inside the organizationally established time frame. CC ID 04878 | Behavior | Preventive | |
| Establish and maintain an archive of maintenance reports in a maintenance log. CC ID 06202 | Establish/Maintain Documentation | Preventive | |
| Acquire spare parts prior to when maintenance requests are scheduled. CC ID 11833 | Acquisition/Sale of Assets or Services | Preventive | |
| Perform periodic maintenance according to organizational standards. CC ID 01435 | Behavior | Preventive | |
| Restart systems on a periodic basis. CC ID 16498 | Maintenance | Preventive | |
| Remove components being serviced from the information system prior to performing maintenance. CC ID 14251 | Maintenance | Preventive | |
| Employ dedicated systems during system maintenance. CC ID 12108 | Technical Security | Preventive | |
| Isolate dedicated systems used for system maintenance from Internet access. CC ID 12114 | Technical Security | Preventive | |
| Control granting access to appropriate parties performing maintenance on organizational assets. CC ID 11873 | Human Resources Management | Preventive | |
| Identify and authenticate appropriate parties prior to granting access to maintain assets. CC ID 11874 | Physical and Environmental Protection | Preventive | |
| Calibrate assets according to the calibration procedures for the asset. CC ID 06203 | Testing | Detective | |
| Post calibration limits or calibration tolerances on or near assets requiring calibration. CC ID 06204 | Establish/Maintain Documentation | Preventive | |
| Implement automated mechanisms to transfer predictive maintenance data to a maintenance management system. CC ID 10616 | Process or Activity | Preventive | |
| Refrain from protecting physical assets when no longer required. CC ID 13484 | Physical and Environmental Protection | Corrective | |
| Disassemble and shut down unnecessary systems or unused systems. CC ID 06280 | Business Processes | Preventive | |
| Establish, implement, and maintain an end-of-life management process. CC ID 16540 | Establish/Maintain Documentation | Preventive | |
| Dispose of hardware and software at their life cycle end. CC ID 06278 | Business Processes | Preventive | |
| Refrain from placing assets being disposed into organizational dumpsters. CC ID 12200 | Business Processes | Preventive | |
| Establish, implement, and maintain disposal contracts. CC ID 12199 | Establish/Maintain Documentation | Preventive | |
| Include disposal procedures in disposal contracts. CC ID 13905 | Establish/Maintain Documentation | Preventive | |
| Remove asset tags prior to disposal of an asset. CC ID 12198 | Business Processes | Preventive | |
| Document the storage information for all systems that are stored instead of being disposed or redeployed. CC ID 06936 | Establish/Maintain Documentation | Preventive | |
| Test for detrimental environmental factors after a system is disposed. CC ID 06938 | Testing | Detective | |
| Review each system's operational readiness. CC ID 06275 | Systems Design, Build, and Implementation | Preventive | |
| Establish, implement, and maintain a data stewardship policy. CC ID 06657 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain an unauthorized software list. CC ID 10601 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a customer service program. CC ID 00846 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an Incident Management program. CC ID 00853 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Business Processes | Preventive | |
| Establish, implement, and maintain an incident management policy. CC ID 16414 | Establish/Maintain Documentation | Preventive | |
| Define and assign the roles and responsibilities for Incident Management program. CC ID 13055 | Human Resources Management | Preventive | |
| Define the uses and capabilities of the Incident Management program. CC ID 00854 | Establish/Maintain Documentation | Preventive | |
| Include incident escalation procedures in the Incident Management program. CC ID 00856 | Establish/Maintain Documentation | Preventive | |
| Define the characteristics of the Incident Management program. CC ID 00855 | Establish/Maintain Documentation | Preventive | |
| Include the criteria for a data loss event in the Incident Management program. CC ID 12179 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Establish/Maintain Documentation | Preventive | |
| Include the criteria for an incident in the Incident Management program. CC ID 12173 | Establish/Maintain Documentation | Preventive | |
| Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an anti-money laundering program. CC ID 13675 | Business Processes | Detective | |
| Include detection procedures in the Incident Management program. CC ID 00588 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Establish/Maintain Documentation | Preventive | |
| Categorize the incident following an incident response. CC ID 13208 | Technical Security | Preventive | |
| Define and document impact thresholds to be used in categorizing incidents. CC ID 10033 | Establish/Maintain Documentation | Preventive | |
| Determine the incident severity level when assessing the security incidents. CC ID 01650 | Monitor and Evaluate Occurrences | Corrective | |
| Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453 | Monitor and Evaluate Occurrences | Detective | |
| Require personnel to monitor for and report suspicious account activity. CC ID 16462 | Monitor and Evaluate Occurrences | Detective | |
| Identify root causes of incidents that force system changes. CC ID 13482 | Investigate | Detective | |
| Respond to and triage when an incident is detected. CC ID 06942 | Monitor and Evaluate Occurrences | Detective | |
| Document the incident and any relevant evidence in the incident report. CC ID 08659 | Establish/Maintain Documentation | Detective | |
| Escalate incidents, as necessary. CC ID 14861 | Monitor and Evaluate Occurrences | Corrective | |
| Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197 | Process or Activity | Corrective | |
| Respond to all alerts from security systems in a timely manner. CC ID 06434 | Behavior | Corrective | |
| Coordinate incident response activities with interested personnel and affected parties. CC ID 13196 | Process or Activity | Corrective | |
| Contain the incident to prevent further loss. CC ID 01751 | Process or Activity | Corrective | |
| Wipe data and memory after an incident has been detected. CC ID 16850 | Technical Security | Corrective | |
| Refrain from accessing compromised systems. CC ID 01752 | Technical Security | Corrective | |
| Isolate compromised systems from the network. CC ID 01753 | Technical Security | Corrective | |
| Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754 | Log Management | Corrective | |
| Change authenticators after a security incident has been detected. CC ID 06789 | Technical Security | Corrective | |
| Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677 | Investigate | Detective | |
| Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095 | Establish/Maintain Documentation | Preventive | |
| Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674 | Establish/Maintain Documentation | Detective | |
| Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678 | Establish/Maintain Documentation | Detective | |
| Assess all incidents to determine what information was accessed. CC ID 01226 | Testing | Corrective | |
| Check the precursors and indicators when assessing the security incidents. CC ID 01761 | Monitor and Evaluate Occurrences | Corrective | |
| Analyze the incident response process following an incident response. CC ID 13179 | Investigate | Detective | |
| Share incident information with interested personnel and affected parties. CC ID 01212 | Data and Information Management | Corrective | |
| Share data loss event information with the media. CC ID 01759 | Behavior | Corrective | |
| Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036 | Data and Information Management | Preventive | |
| Share data loss event information with interconnected system owners. CC ID 01209 | Establish/Maintain Documentation | Corrective | |
| Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539 | Communicate | Preventive | |
| Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538 | Communicate | Preventive | |
| Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547 | Establish/Maintain Documentation | Preventive | |
| Report data loss event information to breach notification organizations. CC ID 01210 | Data and Information Management | Corrective | |
| Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326 | Log Management | Detective | |
| Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797 | Communicate | Preventive | |
| Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782 | Communicate | Preventive | |
| Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731 | Behavior | Corrective | |
| Remediate security violations according to organizational standards. CC ID 12338 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5] | Business Processes | Preventive | |
| Include data loss event notifications in the Incident Response program. CC ID 00364 | Establish/Maintain Documentation | Preventive | |
| Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954 | Establish/Maintain Documentation | Preventive | |
| Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5 The entity provides notification of breaches and incidents to affected data subjects, regulators and others to meet the entity's objectives related to privacy. D6.6 The entity has a process for providing notice of breaches and incidents to affected data subjects, regulators and others to meet the entity's objectives related to privacy. D6.6 Provides notice of beaches and incidents {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Behavior | Corrective | |
| Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801 | Behavior | Detective | |
| Delay sending incident response notifications under predetermined conditions. CC ID 00804 | Behavior | Corrective | |
| Include required information in the written request to delay the notification to affected parties. CC ID 16785 | Establish/Maintain Documentation | Preventive | |
| Submit written requests to delay the notification of affected parties. CC ID 16783 | Communicate | Preventive | |
| Revoke the written request to delay the notification. CC ID 16843 | Process or Activity | Preventive | |
| Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985 | Establish/Maintain Documentation | Preventive | |
| Avoid false positive incident response notifications. CC ID 04732 | Behavior | Detective | |
| Establish, implement, and maintain incident response notifications. CC ID 12975 | Establish/Maintain Documentation | Corrective | |
| Refrain from charging for providing incident response notifications. CC ID 13876 | Business Processes | Preventive | |
| Include information required by law in incident response notifications. CC ID 00802 | Establish/Maintain Documentation | Detective | |
| Title breach notifications "Notice of Data Breach". CC ID 12977 | Establish/Maintain Documentation | Preventive | |
| Display titles of incident response notifications clearly and conspicuously. CC ID 12986 | Establish/Maintain Documentation | Preventive | |
| Display headings in incident response notifications clearly and conspicuously. CC ID 12987 | Establish/Maintain Documentation | Preventive | |
| Design the incident response notification to call attention to its nature and significance. CC ID 12984 | Establish/Maintain Documentation | Preventive | |
| Use plain language to write incident response notifications. CC ID 12976 | Establish/Maintain Documentation | Preventive | |
| Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983 | Establish/Maintain Documentation | Preventive | |
| Refrain from including restricted information in the incident response notification. CC ID 16806 | Actionable Reports or Measurements | Preventive | |
| Include the affected parties rights in the incident response notification. CC ID 16811 | Establish/Maintain Documentation | Preventive | |
| Include details of the investigation in incident response notifications. CC ID 12296 | Establish/Maintain Documentation | Preventive | |
| Include the issuer's name in incident response notifications. CC ID 12062 | Establish/Maintain Documentation | Preventive | |
| Include a "What Happened" heading in breach notifications. CC ID 12978 | Establish/Maintain Documentation | Preventive | |
| Include a general description of the data loss event in incident response notifications. CC ID 04734 | Establish/Maintain Documentation | Preventive | |
| Include time information in incident response notifications. CC ID 04745 | Establish/Maintain Documentation | Preventive | |
| Include the identification of the data source in incident response notifications. CC ID 12305 | Establish/Maintain Documentation | Preventive | |
| Include a "What Information Was Involved" heading in the breach notification. CC ID 12979 | Establish/Maintain Documentation | Preventive | |
| Include the type of information that was lost in incident response notifications. CC ID 04735 | Establish/Maintain Documentation | Preventive | |
| Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776 | Establish/Maintain Documentation | Preventive | |
| Include a "What We Are Doing" heading in the breach notification. CC ID 12982 | Establish/Maintain Documentation | Preventive | |
| Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736 | Establish/Maintain Documentation | Preventive | |
| Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737 | Establish/Maintain Documentation | Preventive | |
| Include a "For More Information" heading in breach notifications. CC ID 12981 | Establish/Maintain Documentation | Preventive | |
| Include details of the companies and persons involved in incident response notifications. CC ID 12295 | Establish/Maintain Documentation | Preventive | |
| Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744 | Establish/Maintain Documentation | Preventive | |
| Include the reporting individual's contact information in incident response notifications. CC ID 12297 | Establish/Maintain Documentation | Preventive | |
| Include any consequences in the incident response notifications. CC ID 12604 | Establish/Maintain Documentation | Preventive | |
| Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746 | Establish/Maintain Documentation | Preventive | |
| Include a "What You Can Do" heading in the breach notification. CC ID 12980 | Establish/Maintain Documentation | Preventive | |
| Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738 | Establish/Maintain Documentation | Detective | |
| Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767 | Communicate | Corrective | |
| Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766 | Business Processes | Corrective | |
| Include contact information in incident response notifications. CC ID 04739 | Establish/Maintain Documentation | Preventive | |
| Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085 | Communicate | Preventive | |
| Send paper incident response notifications to affected parties, as necessary. CC ID 00366 | Behavior | Corrective | |
| Post the incident response notification on the organization's website. CC ID 16809 | Process or Activity | Preventive | |
| Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803 | Behavior | Corrective | |
| Document the determination for providing a substitute incident response notification. CC ID 16841 | Process or Activity | Preventive | |
| Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368 | Behavior | Corrective | |
| Telephone incident response notifications to affected parties, as necessary. CC ID 04650 | Behavior | Corrective | |
| Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747 | Behavior | Preventive | |
| Include contact information in the substitute incident response notification. CC ID 16776 | Establish/Maintain Documentation | Preventive | |
| Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748 | Establish/Maintain Documentation | Preventive | |
| Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750 | Behavior | Preventive | |
| Publish the incident response notification in a general circulation periodical. CC ID 04651 | Behavior | Corrective | |
| Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769 | Behavior | Preventive | |
| Send electronic incident response notifications to affected parties, as necessary. CC ID 00367 | Behavior | Corrective | |
| Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347 | Communicate | Corrective | |
| Establish, implement, and maintain a containment strategy. CC ID 13480 | Establish/Maintain Documentation | Preventive | |
| Include the containment approach in the containment strategy. CC ID 13486 | Establish/Maintain Documentation | Preventive | |
| Include response times in the containment strategy. CC ID 13485 | Establish/Maintain Documentation | Preventive | |
| Include incident recovery procedures in the Incident Management program. CC ID 01758 | Establish/Maintain Documentation | Corrective | |
| Change wireless access variables after a data loss event has been detected. CC ID 01756 | Technical Security | Corrective | |
| Eradicate the cause of the incident after the incident has been contained. CC ID 01757 | Business Processes | Corrective | |
| Establish, implement, and maintain a restoration log. CC ID 12745 | Establish/Maintain Documentation | Preventive | |
| Include a description of the restored data that was restored manually in the restoration log. CC ID 15463 | Data and Information Management | Preventive | |
| Include a description of the restored data in the restoration log. CC ID 15462 | Data and Information Management | Preventive | |
| Implement security controls for personnel that have accessed information absent authorization. CC ID 10611 | Human Resources Management | Corrective | |
| Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592 | Establish/Maintain Documentation | Preventive | |
| Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265 | Monitor and Evaluate Occurrences | Detective | |
| Re-image compromised systems with secure builds. CC ID 12086 | Technical Security | Corrective | |
| Analyze security violations in Suspicious Activity Reports. CC ID 00591 | Establish/Maintain Documentation | Preventive | |
| Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234 | Monitor and Evaluate Occurrences | Preventive | |
| Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298 | Investigate | Preventive | |
| Update the incident response procedures using the lessons learned. CC ID 01233 | Establish/Maintain Documentation | Preventive | |
| Include incident monitoring procedures in the Incident Management program. CC ID 01207 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Establish/Maintain Documentation | Preventive | |
| Test incident monitoring procedures. CC ID 13194 | Testing | Detective | |
| Include incident response procedures in the Incident Management program. CC ID 01218 | Establish/Maintain Documentation | Preventive | |
| Integrate configuration management procedures into the incident management program. CC ID 13647 | Technical Security | Preventive | |
| Include incident management procedures in the Incident Management program. CC ID 12689 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858 | Establish/Maintain Documentation | Corrective | |
| Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334 | Establish/Maintain Documentation | Preventive | |
| Include after-action analysis procedures in the Incident Management program. CC ID 01219 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain security and breach investigation procedures. CC ID 16844 | Establish/Maintain Documentation | Preventive | |
| Conduct incident investigations, as necessary. CC ID 13826 | Process or Activity | Detective | |
| Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042 | Investigate | Detective | |
| Identify the affected parties during incident investigations. CC ID 16781 | Investigate | Detective | |
| Interview suspects during incident investigations, as necessary. CC ID 14041 | Investigate | Detective | |
| Interview victims and witnesses during incident investigations, as necessary. CC ID 14038 | Investigate | Detective | |
| Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain incident management audit logs. CC ID 13514 [The entity creates and maintains a record of detected or reported unauthorized disclosures of PI that is complete, accurate and timely. D6.3 Creates and retains record of detected or reported unauthorized disclosures The entity creates and retains a complete, accurate and timely record of detected or reported unauthorized disclosures (including breaches) of PI to meet the entity's objectives related to privacy. D6.3] | Records Management | Preventive | |
| Log incidents in the Incident Management audit log. CC ID 00857 | Establish/Maintain Documentation | Preventive | |
| Include who the incident was reported to in the incident management audit log. CC ID 16487 | Log Management | Preventive | |
| Include corrective actions in the incident management audit log. CC ID 16466 | Establish/Maintain Documentation | Preventive | |
| Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238 | Log Management | Corrective | |
| Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234 | Log Management | Preventive | |
| Include emergency processing priorities in the Incident Management program. CC ID 00859 | Establish/Maintain Documentation | Preventive | |
| Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387 | Establish/Maintain Documentation | Preventive | |
| Include incident record closure procedures in the Incident Management program. CC ID 01620 | Establish/Maintain Documentation | Preventive | |
| Include incident reporting procedures in the Incident Management program. CC ID 11772 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain incident reporting time frame standards. CC ID 12142 | Communicate | Preventive | |
| Establish, implement, and maintain an Incident Response program. CC ID 00579 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an incident response plan. CC ID 12056 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Establish/Maintain Documentation | Preventive | |
| Include addressing external communications in the incident response plan. CC ID 13351 | Establish/Maintain Documentation | Preventive | |
| Include addressing internal communications in the incident response plan. CC ID 13350 | Establish/Maintain Documentation | Preventive | |
| Include change control procedures in the incident response plan. CC ID 15479 | Establish/Maintain Documentation | Preventive | |
| Include addressing information sharing in the incident response plan. CC ID 13349 | Establish/Maintain Documentation | Preventive | |
| Include dynamic reconfiguration in the incident response plan. CC ID 14306 | Establish/Maintain Documentation | Preventive | |
| Include a definition of reportable incidents in the incident response plan. CC ID 14303 | Establish/Maintain Documentation | Preventive | |
| Include the management support needed for incident response in the incident response plan. CC ID 14300 | Establish/Maintain Documentation | Preventive | |
| Include root cause analysis in the incident response plan. CC ID 16423 | Establish/Maintain Documentation | Preventive | |
| Include how incident response fits into the organization in the incident response plan. CC ID 14294 | Establish/Maintain Documentation | Preventive | |
| Include the resources needed for incident response in the incident response plan. CC ID 14292 | Establish/Maintain Documentation | Preventive | |
| Include incident response team services in the Incident Response program. CC ID 11766 | Establish/Maintain Documentation | Preventive | |
| Include the incident response training program in the Incident Response program. CC ID 06750 | Establish/Maintain Documentation | Preventive | |
| Incorporate realistic exercises that are tested into the incident response training program. CC ID 06753 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Behavior | Preventive | |
| Establish, implement, and maintain incident response procedures. CC ID 01206 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Establish/Maintain Documentation | Detective | |
| Include references to industry best practices in the incident response procedures. CC ID 11956 | Establish/Maintain Documentation | Preventive | |
| Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949 | Establish/Maintain Documentation | Preventive | |
| Respond when an integrity violation is detected, as necessary. CC ID 10678 | Technical Security | Corrective | |
| Shut down systems when an integrity violation is detected, as necessary. CC ID 10679 | Technical Security | Corrective | |
| Restart systems when an integrity violation is detected, as necessary. CC ID 10680 | Technical Security | Corrective | |
| Disseminate and communicate the incident response procedures to all interested personnel and affected parties. CC ID 01215 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Establish/Maintain Documentation | Preventive | |
| Test the incident response procedures. CC ID 01216 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Testing | Detective | |
| Document the results of incident response tests and provide them to senior management. CC ID 14857 | Actionable Reports or Measurements | Preventive | |
| Establish, implement, and maintain a change control program. CC ID 00886 | Establish/Maintain Documentation | Preventive | |
| Manage change requests. CC ID 00887 | Business Processes | Preventive | |
| Approve tested change requests. CC ID 11783 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Data and Information Management | Preventive | |
| Validate the system before implementing approved changes. CC ID 01510 | Systems Design, Build, and Implementation | Preventive | |
| Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807 | Behavior | Preventive | |
| Implement changes according to the change control program. CC ID 11776 | Business Processes | Preventive | |
| Provide audit trails for all approved changes. CC ID 13120 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Establish/Maintain Documentation | Preventive | |
Physical and environmental protection | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Physical and environmental protection CC ID 00709 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a physical and environmental protection policy. CC ID 14030 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain physical and environmental protection procedures. CC ID 14061 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the physical and environmental protection procedures to interested personnel and affected parties. CC ID 14175 | Communicate | Preventive | |
| Establish, implement, and maintain a physical security program. CC ID 11757 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a facility physical security program. CC ID 00711 [The entity restricts physical access to facilities and protected information assets (e.g., data center facilities, back-up media storage and other sensitive locations) to authorized personnel to meet the entity's objectives. S7.2] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain opening procedures for businesses. CC ID 16671 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain closing procedures for businesses. CC ID 16670 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain a contract for accessing facilities that transmit, process, or store restricted data. CC ID 12050 | Establish/Maintain Documentation | Preventive | |
| Refrain from providing access to facilities that transmit, process, or store restricted data until the contract for accessing the facility is signed. CC ID 12311 | Behavior | Preventive | |
| Protect the facility from crime. CC ID 06347 | Physical and Environmental Protection | Preventive | |
| Define communication methods for reporting crimes. CC ID 06349 | Establish/Maintain Documentation | Preventive | |
| Include identification cards or badges in the physical security program. CC ID 14818 | Establish/Maintain Documentation | Preventive | |
| Protect facilities from eavesdropping. CC ID 02222 | Physical and Environmental Protection | Preventive | |
| Inspect telephones for eavesdropping devices. CC ID 02223 | Physical and Environmental Protection | Detective | |
| Implement audio protection controls on telephone systems in controlled areas. CC ID 16455 | Technical Security | Preventive | |
| Establish, implement, and maintain security procedures for virtual meetings. CC ID 15581 | Establish/Maintain Documentation | Preventive | |
| Hold conferences requiring sensitive information discussions in spaces that have commensurate security. CC ID 11440 | Physical and Environmental Protection | Preventive | |
| Provide one-time meeting support for discussions involving Top Secret information. CC ID 11441 | Physical and Environmental Protection | Preventive | |
| Create security zones in facilities, as necessary. CC ID 16295 | Physical and Environmental Protection | Preventive | |
| Establish clear zones around any sensitive facilities. CC ID 02214 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain floor plans. CC ID 16419 | Establish/Maintain Documentation | Preventive | |
| Include network infrastructure and cabling infrastructure on the floor plan. CC ID 16420 | Establish/Maintain Documentation | Preventive | |
| Post floor plans of critical facilities in secure locations. CC ID 16138 | Communicate | Preventive | |
| Post and maintain security signage for all facilities. CC ID 02201 | Establish/Maintain Documentation | Preventive | |
| Inspect items brought into the facility. CC ID 06341 | Physical and Environmental Protection | Preventive | |
| Maintain all physical security systems. CC ID 02206 | Physical and Environmental Protection | Preventive | |
| Detect anomalies in physical barriers. CC ID 13533 | Investigate | Detective | |
| Maintain all security alarm systems. CC ID 11669 | Physical and Environmental Protection | Preventive | |
| Identify and document physical access controls for all physical entry points. CC ID 01637 | Establish/Maintain Documentation | Preventive | |
| Control physical access to (and within) the facility. CC ID 01329 [The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain physical access procedures. CC ID 13629 | Establish/Maintain Documentation | Preventive | |
| Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419 | Physical and Environmental Protection | Preventive | |
| Secure physical entry points with physical access controls or security guards. CC ID 01640 [The entity requires individuals to be issued a proximity badge and has implemented proximity control mechanisms that require an individual to authenticate their identity via proximity card reading devices prior to gaining access to internal locations within the entity's data centers, office spaces, document storage locations, work areas and environmental control system locations. S7.2 Internal physical access control] | Physical and Environmental Protection | Detective | |
| Configure the access control system to grant access only during authorized working hours. CC ID 12325 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain a visitor access permission policy. CC ID 06699 | Establish/Maintain Documentation | Preventive | |
| Escort visitors within the facility, as necessary. CC ID 06417 | Establish/Maintain Documentation | Preventive | |
| Check the visitor's stated identity against a provided government issued identification. CC ID 06701 | Physical and Environmental Protection | Preventive | |
| Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330 | Testing | Preventive | |
| Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702 | Behavior | Preventive | |
| Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048 | Establish/Maintain Documentation | Preventive | |
| Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 [Processes are in place to periodically evaluate and re-validate (with the appropriate authorities) everyone's need for physical access and to make sure such access is consistent with the entity's business needs and the individual's specific job responsibilities. S7.2 Ongoing physical access monitoring] | Establish/Maintain Documentation | Preventive | |
| Authorize physical access to sensitive areas based on job functions. CC ID 12462 [Processes are in place to periodically evaluate and re-validate (with the appropriate authorities) everyone's need for physical access and to make sure such access is consistent with the entity's business needs and the individual's specific job responsibilities. S7.2 Ongoing physical access monitoring] | Establish/Maintain Documentation | Preventive | |
| Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463 | Physical and Environmental Protection | Corrective | |
| Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain physical identification procedures. CC ID 00713 | Establish/Maintain Documentation | Preventive | |
| Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030 | Human Resources Management | Preventive | |
| Implement physical identification processes. CC ID 13715 | Process or Activity | Preventive | |
| Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717 | Process or Activity | Preventive | |
| Issue photo identification badges to all employees. CC ID 12326 | Physical and Environmental Protection | Preventive | |
| Implement operational requirements for card readers. CC ID 02225 | Testing | Preventive | |
| Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819 | Establish/Maintain Documentation | Preventive | |
| Document all lost badges in a lost badge list. CC ID 12448 | Establish/Maintain Documentation | Corrective | |
| Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334 | Physical and Environmental Protection | Preventive | |
| Manage constituent identification inside the facility. CC ID 02215 | Behavior | Preventive | |
| Direct each employee to be responsible for their identification card or badge. CC ID 12332 | Human Resources Management | Preventive | |
| Manage visitor identification inside the facility. CC ID 11670 | Physical and Environmental Protection | Preventive | |
| Issue visitor identification badges to all non-employees. CC ID 00543 | Behavior | Preventive | |
| Secure unissued visitor identification badges. CC ID 06712 | Physical and Environmental Protection | Preventive | |
| Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331 | Behavior | Preventive | |
| Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 [The entity requires individuals to be issued a proximity badge and has implemented proximity control mechanisms that require an individual to authenticate their identity via proximity card reading devices prior to gaining access to internal locations within the entity's data centers, office spaces, document storage locations, work areas and environmental control system locations. S7.2 Internal physical access control] | Establish/Maintain Documentation | Preventive | |
| Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714 | Process or Activity | Preventive | |
| Include error handling controls in identification issuance procedures. CC ID 13709 | Establish/Maintain Documentation | Preventive | |
| Include an appeal process in the identification issuance procedures. CC ID 15428 | Business Processes | Preventive | |
| Include information security in the identification issuance procedures. CC ID 15425 | Establish/Maintain Documentation | Preventive | |
| Include identity proofing processes in the identification issuance procedures. CC ID 06597 | Process or Activity | Preventive | |
| Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426 | Establish/Maintain Documentation | Preventive | |
| Include an identity registration process in the identification issuance procedures. CC ID 11671 | Establish/Maintain Documentation | Preventive | |
| Restrict access to the badge system to authorized personnel. CC ID 12043 | Physical and Environmental Protection | Preventive | |
| Enforce dual control for badge assignments. CC ID 12328 | Physical and Environmental Protection | Preventive | |
| Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327 | Physical and Environmental Protection | Preventive | |
| Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599 | Establish/Maintain Documentation | Preventive | |
| Assign employees the responsibility for controlling their identification badges. CC ID 12333 | Human Resources Management | Preventive | |
| Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306 | Establish/Maintain Documentation | Preventive | |
| Prevent tailgating through physical entry points. CC ID 06685 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain a door security standard. CC ID 06686 | Establish/Maintain Documentation | Preventive | |
| Install doors so that exposed hinges are on the secured side. CC ID 06687 | Configuration | Preventive | |
| Install emergency doors to permit egress only. CC ID 06688 | Configuration | Preventive | |
| Install contact alarms on doors, as necessary. CC ID 06710 | Configuration | Preventive | |
| Use locks to protect against unauthorized physical access. CC ID 06342 | Physical and Environmental Protection | Preventive | |
| Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650 | Configuration | Preventive | |
| Test locks for physical security vulnerabilities. CC ID 04880 | Testing | Detective | |
| Secure unissued access mechanisms. CC ID 06713 | Technical Security | Preventive | |
| Establish, implement, and maintain a lock and access mechanism inventory (keys, lock combinations, or key cards) for all physical access control systems. CC ID 00748 | Establish/Maintain Documentation | Preventive | |
| Change cipher lock codes, as necessary. CC ID 06651 | Technical Security | Preventive | |
| Record the assigned access mechanism serial number or cipher lock code when issuing controlled items. CC ID 06715 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a window security standard. CC ID 06689 | Establish/Maintain Documentation | Preventive | |
| Install contact alarms on openable windows, as necessary. CC ID 06690 | Configuration | Preventive | |
| Install glass break alarms on windows, as necessary. CC ID 06691 | Configuration | Preventive | |
| Post signs at all physical entry points stating the organization's right to inspect upon entry. CC ID 02204 | Establish/Maintain Documentation | Preventive | |
| Install and maintain security lighting at all physical entry points. CC ID 02205 | Physical and Environmental Protection | Preventive | |
| Use vandal resistant light fixtures for all security lighting. CC ID 16130 | Physical and Environmental Protection | Preventive | |
| Manage access to loading docks, unloading docks, and mail rooms. CC ID 02210 | Physical and Environmental Protection | Preventive | |
| Secure the loading dock with physical access controls or security guards. CC ID 06703 | Physical and Environmental Protection | Preventive | |
| Isolate loading areas from information processing facilities, if possible. CC ID 12028 | Physical and Environmental Protection | Preventive | |
| Screen incoming mail and deliveries. CC ID 06719 | Physical and Environmental Protection | Preventive | |
| Protect access to the facility's mechanical systems area. CC ID 02212 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain elevator security guidelines. CC ID 02232 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain stairwell security guidelines. CC ID 02233 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain glass opening security guidelines. CC ID 02234 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain after hours facility access procedures. CC ID 06340 | Establish/Maintain Documentation | Preventive | |
| Establish a security room, if necessary. CC ID 00738 | Physical and Environmental Protection | Preventive | |
| Implement physical security standards for mainframe rooms or data centers. CC ID 00749 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Physical and Environmental Protection | Preventive | |
| Establish and maintain equipment security cages in a shared space environment. CC ID 06711 | Physical and Environmental Protection | Preventive | |
| Secure systems in lockable equipment cabinets, as necessary. CC ID 06716 | Physical and Environmental Protection | Preventive | |
| Lock all lockable equipment cabinets. CC ID 11673 | Physical and Environmental Protection | Detective | |
| Establish, implement, and maintain vault physical security standards. CC ID 02203 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain a guideline for working in a secure area. CC ID 04538 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain emergency re-entry procedures. CC ID 11672 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain emergency exit procedures. CC ID 01252 | Establish/Maintain Documentation | Preventive | |
| Establish, Implement, and maintain a camera operating policy. CC ID 15456 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the camera installation policy to interested personnel and affected parties. CC ID 15461 | Communicate | Preventive | |
| Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 | Monitor and Evaluate Occurrences | Detective | |
| Establish and maintain a visitor log. CC ID 00715 | Log Management | Preventive | |
| Report anomalies in the visitor log to appropriate personnel. CC ID 14755 | Investigate | Detective | |
| Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700 | Establish/Maintain Documentation | Preventive | |
| Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649 | Behavior | Preventive | |
| Record the visitor's name in the visitor log. CC ID 00557 | Log Management | Preventive | |
| Record the visitor's organization in the visitor log. CC ID 12121 | Log Management | Preventive | |
| Record the visitor's acceptable access areas in the visitor log. CC ID 12237 | Log Management | Preventive | |
| Record the date and time of entry in the visitor log. CC ID 13255 | Establish/Maintain Documentation | Preventive | |
| Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466 | Establish/Maintain Documentation | Preventive | |
| Retain all records in the visitor log as prescribed by law. CC ID 00572 | Log Management | Preventive | |
| Establish, implement, and maintain a physical access log. CC ID 12080 | Establish/Maintain Documentation | Preventive | |
| Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641 | Log Management | Preventive | |
| Log when the vault is accessed. CC ID 06725 | Log Management | Detective | |
| Log when the cabinet is accessed. CC ID 11674 | Log Management | Detective | |
| Store facility access logs in off-site storage. CC ID 06958 | Log Management | Preventive | |
| Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675 | Monitor and Evaluate Occurrences | Preventive | |
| Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328 | Monitor and Evaluate Occurrences | Detective | |
| Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609 | Monitor and Evaluate Occurrences | Detective | |
| Configure video cameras to cover all physical entry points. CC ID 06302 | Configuration | Preventive | |
| Configure video cameras to prevent physical tampering or disablement. CC ID 06303 | Configuration | Preventive | |
| Retain video events according to Records Management procedures. CC ID 06304 | Records Management | Preventive | |
| Monitor physical entry point alarms. CC ID 01639 | Physical and Environmental Protection | Detective | |
| Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677 | Monitor and Evaluate Occurrences | Detective | |
| Monitor for alarmed security doors being propped open. CC ID 06684 | Monitor and Evaluate Occurrences | Detective | |
| Establish, implement, and maintain physical security threat reports. CC ID 02207 | Establish/Maintain Documentation | Preventive | |
| Build and maintain fencing, as necessary. CC ID 02235 | Physical and Environmental Protection | Preventive | |
| Implement security measures for all interior spaces that allow for any payment transactions. CC ID 06352 | Physical and Environmental Protection | Preventive | |
| Physically segregate business areas in accordance with organizational standards. CC ID 16718 | Physical and Environmental Protection | Preventive | |
| Employ security guards to provide physical security, as necessary. CC ID 06653 | Establish Roles | Preventive | |
| Establish, implement, and maintain a facility wall standard. CC ID 06692 | Establish/Maintain Documentation | Preventive | |
| Design interior walls with sound absorbing materials as well as thermal resistant materials. CC ID 06372 | Physical and Environmental Protection | Preventive | |
| Design interior walls that provide security to extend from true floor to true ceiling. CC ID 06693 | Configuration | Preventive | |
| Refrain from search and seizure inside organizational facilities absent a warrant. CC ID 09980 | Behavior | Preventive | |
| Disallow either search or seizure of any person inside organizational facilities absent a warrant. CC ID 09981 | Behavior | Preventive | |
| Disallow copying or excerpting from documents, books, or records that are on or in the premises of an organizational facility absent a warrant. CC ID 09982 | Business Processes | Preventive | |
| Disallow inspecting computers or searching computer records inside organizational facilities absent a warrant. CC ID 09983 | Behavior | Preventive | |
| Do nothing to help during a search and seizure inside organizational facilities absent a warrant and being legally compelled to assist. CC ID 09984 | Behavior | Preventive | |
| Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Physical and Environmental Protection | Preventive | |
| Control the transiting and internal distribution or external distribution of assets. CC ID 00963 | Records Management | Preventive | |
| Log the transiting, internal distribution, and external distribution of restricted storage media. CC ID 12321 | Log Management | Preventive | |
| Encrypt digital media containing sensitive information during transport outside controlled areas. CC ID 14258 | Technical Security | Preventive | |
| Obtain management authorization for restricted storage media transit or distribution from a controlled access area. CC ID 00964 | Records Management | Preventive | |
| Use locked containers to transport non-digital media outside of controlled areas. CC ID 14286 | Physical and Environmental Protection | Preventive | |
| Transport restricted media using a delivery method that can be tracked. CC ID 11777 | Business Processes | Preventive | |
| Track restricted storage media while it is in transit. CC ID 00967 | Data and Information Management | Detective | |
| Restrict physical access to distributed assets. CC ID 11865 [The entity restricts physical access to facilities and protected information assets (e.g., data center facilities, back-up media storage and other sensitive locations) to authorized personnel to meet the entity's objectives. S7.2 {logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Physical and Environmental Protection | Preventive | |
| House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873 | Physical and Environmental Protection | Preventive | |
| Protect electronic storage media with physical access controls. CC ID 00720 | Physical and Environmental Protection | Preventive | |
| Protect physical assets with earthquake-resistant mechanisms. CC ID 06360 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain a media protection policy. CC ID 14029 | Establish/Maintain Documentation | Preventive | |
| Include compliance requirements in the media protection policy. CC ID 14185 | Establish/Maintain Documentation | Preventive | |
| Include coordination amongst entities in the media protection policy. CC ID 14184 | Establish/Maintain Documentation | Preventive | |
| Include management commitment in the media protection policy. CC ID 14182 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the media protection policy. CC ID 14180 | Establish/Maintain Documentation | Preventive | |
| Include the scope in the media protection policy. CC ID 14167 | Establish/Maintain Documentation | Preventive | |
| Include the purpose in the media protection policy. CC ID 14166 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the media protection policy to interested personnel and affected parties. CC ID 14165 | Communicate | Preventive | |
| Establish, implement, and maintain media protection procedures. CC ID 14062 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the media protection procedures to interested personnel and affected parties. CC ID 14186 | Communicate | Preventive | |
| Establish, implement, and maintain removable storage media controls. CC ID 06680 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Data and Information Management | Preventive | |
| Control access to restricted storage media. CC ID 04889 | Data and Information Management | Preventive | |
| Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Physical and Environmental Protection | Preventive | |
| Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961 | Records Management | Preventive | |
| Treat archive media as evidence. CC ID 00960 | Records Management | Preventive | |
| Log the transfer of removable storage media. CC ID 12322 | Log Management | Preventive | |
| Establish, implement, and maintain storage media access control procedures. CC ID 00959 | Establish/Maintain Documentation | Preventive | |
| Require removable storage media be in the custody of an authorized individual. CC ID 12319 | Behavior | Preventive | |
| Control the storage of restricted storage media. CC ID 00965 | Records Management | Preventive | |
| Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Physical and Environmental Protection | Preventive | |
| Protect the combinations for all combination locks. CC ID 02199 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain eavesdropping protection for vaults. CC ID 02231 | Physical and Environmental Protection | Preventive | |
| Serialize all removable storage media. CC ID 00949 | Configuration | Preventive | |
| Protect distributed assets against theft. CC ID 06799 | Physical and Environmental Protection | Preventive | |
| Include Information Technology assets in the asset removal policy. CC ID 13162 | Establish/Maintain Documentation | Preventive | |
| Specify the assets to be returned or removed in the asset removal policy. CC ID 13163 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the asset removal policy to interested personnel and affected parties. CC ID 13160 | Communicate | Preventive | |
| Establish, implement, and maintain asset removal procedures or asset decommissioning procedures. CC ID 04540 | Establish/Maintain Documentation | Preventive | |
| Prohibit assets from being taken off-site absent prior authorization. CC ID 12027 | Process or Activity | Preventive | |
| Control the delivery of assets through physical entry points and physical exit points. CC ID 01441 | Physical and Environmental Protection | Preventive | |
| Control the removal of assets through physical entry points and physical exit points. CC ID 11681 | Physical and Environmental Protection | Preventive | |
| Maintain records of all system components entering and exiting the facility. CC ID 14304 | Log Management | Preventive | |
| Establish, implement, and maintain on-site logical controls for all distributed assets. CC ID 11682 | Technical Security | Preventive | |
| Establish, implement, and maintain off-site logical controls for all distributed assets. CC ID 11683 | Technical Security | Preventive | |
| Establish, implement, and maintain on-site physical controls for all distributed assets. CC ID 04820 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain off-site physical controls for all distributed assets. CC ID 04539 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain missing asset reporting procedures. CC ID 06336 | Establish/Maintain Documentation | Preventive | |
| Attach asset location technologies to distributed assets. CC ID 10626 | Physical and Environmental Protection | Detective | |
| Employ asset location technologies in accordance with applicable laws and regulations. CC ID 10627 | Physical and Environmental Protection | Preventive | |
| Monitor the location of distributed assets. CC ID 11684 | Monitor and Evaluate Occurrences | Detective | |
| Remote lock any distributed assets reported lost or stolen. CC ID 14008 | Technical Security | Corrective | |
| Remote wipe any distributed asset reported lost or stolen. CC ID 12197 | Process or Activity | Corrective | |
| Unpair missing Bluetooth devices. CC ID 12428 | Physical and Environmental Protection | Corrective | |
| Establish, implement, and maintain end user computing device security guidelines. CC ID 00719 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a locking screen saver policy. CC ID 06717 | Establish/Maintain Documentation | Preventive | |
| Encrypt information stored on devices in publicly accessible areas. CC ID 16410 | Data and Information Management | Preventive | |
| Secure workstations to desks with security cables. CC ID 04724 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain a mobile device management program. CC ID 15212 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a mobile device management policy. CC ID 15214 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain mobile device emergency sanitization procedures. CC ID 16454 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Establish/Maintain Documentation | Preventive | |
| Require users to refrain from leaving mobile devices unattended. CC ID 16446 | Business Processes | Preventive | |
| Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292 | Establish/Maintain Documentation | Preventive | |
| Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242 | Data and Information Management | Preventive | |
| Include legal requirements in the mobile device security guidelines. CC ID 12291 | Establish/Maintain Documentation | Preventive | |
| Include the use of privacy filters in the mobile device security guidelines. CC ID 16452 | Physical and Environmental Protection | Preventive | |
| Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290 | Establish/Maintain Documentation | Preventive | |
| Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289 | Establish/Maintain Documentation | Preventive | |
| Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288 | Establish/Maintain Documentation | Preventive | |
| Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430 | Physical and Environmental Protection | Preventive | |
| Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429 | Physical and Environmental Protection | Preventive | |
| Encrypt information stored on mobile devices. CC ID 01422 | Data and Information Management | Preventive | |
| Remove dormant systems from the network, as necessary. CC ID 13727 | Process or Activity | Corrective | |
| Separate systems that transmit, process, or store restricted data from those that do not by deploying physical access controls. CC ID 00722 | Physical and Environmental Protection | Preventive | |
| Secure system components from unauthorized viewing. CC ID 01437 | Physical and Environmental Protection | Preventive | |
| Establish, implement, and maintain asset return procedures. CC ID 04537 | Establish/Maintain Documentation | Preventive | |
| Request the return of all appropriate assets upon notification of a personnel status change. CC ID 06678 | Behavior | Preventive | |
| Require the return of all assets upon notification an individual is terminated. CC ID 06679 | Behavior | Preventive | |
| Prohibit the use of recording devices near restricted data or restricted information, absent authorization. CC ID 04598 | Behavior | Preventive | |
| Prohibit usage of cell phones near restricted data or restricted information, absent authorization. CC ID 06354 | Behavior | Preventive | |
| Prohibit mobile device usage near restricted data or restricted information, absent authorization. CC ID 04597 | Behavior | Preventive | |
| Prohibit wireless technology usage near restricted data or restricted information, absent authorization. CC ID 08706 | Configuration | Preventive | |
| Inspect mobile devices for the storage of restricted data or restricted information. CC ID 08707 | Investigate | Detective | |
| Log an incident if unauthorized restricted data or unauthorized restricted information is discovered on a mobile device. CC ID 08708 | Monitor and Evaluate Occurrences | Corrective | |
| Establish, implement, and maintain open storage container procedures. CC ID 02198 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a clean desk policy. CC ID 06534 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a clear screen policy. CC ID 12436 | Technical Security | Preventive | |
| Establish, implement, and maintain contact card reader security guidelines. CC ID 06588 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain contactless card reader security guidelines. CC ID 06589 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain Personal Identification Number input device security guidelines. CC ID 06590 | Establish/Maintain Documentation | Preventive | |
| Identify customer property within the organizational facility. CC ID 06612 | Physical and Environmental Protection | Preventive | |
| Protect customer property under the care of the organization. CC ID 11685 | Physical and Environmental Protection | Preventive | |
| Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 | Technical Security | Preventive | |
| Provide a physical disconnect of collaborative computing devices in a way that supports ease of use. CC ID 06769 | Configuration | Preventive | |
| Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 | Technical Security | Preventive | |
| Provide storage media shelving capable of bearing all potential loads. CC ID 11400 | Physical and Environmental Protection | Preventive | |
Privacy protection for information and data | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Privacy protection for information and data CC ID 00008 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a privacy framework that protects restricted data. CC ID 11850 [The entity has defined and formally documented data and information privacy policies and procedures for PI collection, usage and processing that are consistent with the entity's objectives related to privacy. M1.0 The entity has implemented a policy governance and accountability process that defines and formally documents policies and procedures for information privacy that are consistent with the entity's objectives related to privacy. M1.2 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Establish/Maintain Documentation | Preventive | |
| Include the roles and responsibilities of the organization's legal counsel in the privacy framework. CC ID 14862 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a personal data transparency program. CC ID 00375 | Data and Information Management | Preventive | |
| Establish and maintain privacy notices, as necessary. CC ID 13443 | Establish/Maintain Documentation | Preventive | |
| Include the purpose of the privacy notice in the privacy notice. CC ID 13526 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the ary-noun">new purposespan> is | Establish/Maintain Documentation | Preventive | |
| Include the processing purpose in the privacy notice. CC ID 16543 | Establish/Maintain Documentation | Preventive | |
| Include contact information in the privacy notice. CC ID 14432 | Establish/Maintain Documentation | Preventive | |
| Include the data subject's choices for data collection, data processing, data disclosure, and data retention in the privacy notice. CC ID 13503 [{implicit consent} Data subjects are informed about the choices available to them with respect to the collection, use and disclosure of PI. Data subjects are informed that implicit or explicit consent is required to collect, use and disclose PI, unless a law or regulation specifically requires or allows otherwise. C3.1 Communicates to data subjects The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Establish/Maintain Documentation | Preventive | |
| Include the right to opt out of personal data disclosure in the privacy notice. CC ID 13460 | Establish/Maintain Documentation | Preventive | |
| Include instructions on how to opt out of personal data disclosure in the privacy notice. CC ID 13461 | Establish/Maintain Documentation | Preventive | |
| Include the types of third parties to which personal data is disclosed in the privacy notice. CC ID 13459 [The entity has an objective description of the entities and activities covered by the privacy policies and procedures that is included in the entity's privacy notice. N2.1 Entities and activities covered] | Establish/Maintain Documentation | Preventive | |
| Include the organization's policies, standards, and procedures in the privacy notice. CC ID 13455 | Establish/Maintain Documentation | Preventive | |
| Include the organization's privacy framework in the privacy notice, as necessary. CC ID 13456 | Establish/Maintain Documentation | Preventive | |
| Include the personal data collection categories in the privacy notice. CC ID 13457 | Establish/Maintain Documentation | Preventive | |
| Include disclosure exceptions in the privacy notice. CC ID 13447 | Establish/Maintain Documentation | Preventive | |
| Include the types of personal data disclosed in the privacy notice. CC ID 13446 | Establish/Maintain Documentation | Preventive | |
| Include descriptions of each type of personal data disclosed in the privacy notice. CC ID 13458 [The entity has an objective description of the entities and activities covered by the privacy policies and procedures that is included in the entity's privacy notice. N2.1 Entities and activities covered] | Establish/Maintain Documentation | Preventive | |
| Specify the time frame that notice will be given. CC ID 00385 | Establish/Maintain Documentation | Preventive | |
| Include the information about the appeal process in the privacy notice. CC ID 15312 | Establish/Maintain Documentation | Preventive | |
| Combine privacy notices into a joint notification with suppliers, as necessary. CC ID 13468 | Establish/Maintain Documentation | Preventive | |
| Refrain from delivering privacy notices to data subjects, as necessary. CC ID 13445 | Communicate | Preventive | |
| Deliver privacy notices to data subjects, as necessary. CC ID 13444 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1] | Communicate | Preventive | |
| Deliver a short-form initial notification along with an opt-out notice as an alternate to delivering a privacy notice, as necessary. CC ID 13464 | Establish/Maintain Documentation | Preventive | |
| Update privacy notices, as necessary. CC ID 13474 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Communicate | Preventive | |
| Redeliver privacy notices, as necessary. CC ID 14850 [Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2 Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Communicate | Preventive | |
| Deliver privacy notices to third parties, as necessary. CC ID 13473 | Communicate | Preventive | |
| Obtain acknowledgment of receipt of the privacy notice. CC ID 14435 | Communicate | Preventive | |
| Document any reasons acknowledgment of the privacy notice was not received. CC ID 14434 | Establish/Maintain Documentation | Corrective | |
| Establish and maintain short-form initial notifications of privacy notices that are clear and conspicuous. CC ID 13466 | Establish/Maintain Documentation | Preventive | |
| Include the organization's privacy framework in the short-form initial notification, as necessary. CC ID 13472 | Establish/Maintain Documentation | Preventive | |
| Include the methodology for accessing the privacy notice in the short-form initial notification. CC ID 13471 | Establish/Maintain Documentation | Preventive | |
| Include that the privacy notice is available upon request in the short-form initial notification. CC ID 13470 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain opt-out notices. CC ID 13448 | Establish/Maintain Documentation | Preventive | |
| Include how opt out directions for joint consumers are treated in the opt-out notice. CC ID 13465 | Establish/Maintain Documentation | Preventive | |
| Include the opt out method for data subjects in the opt-out notice. CC ID 13467 | Establish/Maintain Documentation | Preventive | |
| Include the data subject's right to opt out of personal data disclosure in the opt-out notice. CC ID 13463 | Establish/Maintain Documentation | Preventive | |
| Explain the right to opt out in the opt-out notice. CC ID 13462 | Establish/Maintain Documentation | Preventive | |
| Include the organization's right to share personal data in the opt-out notice. CC ID 13450 | Establish/Maintain Documentation | Preventive | |
| Deliver opt-out notices, as necessary. CC ID 13449 | Communicate | Preventive | |
| Include an initial privacy notification when delivering the opt-out notice. CC ID 13453 | Communicate | Preventive | |
| Provide a copy of the organization's privacy program to statutory authorities, as necessary. CC ID 12376 | Communicate | Preventive | |
| Affirm adequate protection of personal data to applicable statutory authorities if the organization is not a member of a privacy program. CC ID 12372 | Communicate | Preventive | |
| Notify statutory authorities of the organization's withdrawal from the privacy program. CC ID 12391 | Communicate | Preventive | |
| Notify statutory authorities about how restricted data will be handled following withdrawal from the privacy program. CC ID 16819 | Data and Information Management | Preventive | |
| Notify statutory authorities concerned with the privacy program if the surviving organization will continue in the privacy program. CC ID 12393 | Communicate | Preventive | |
| Notify data subjects about the organization's external requirements relevant to the privacy program. CC ID 12354 [{implicit consent} Data subjects are informed about the choices available to them with respect to the collection, use and disclosure of PI. Data subjects are informed that implicit or explicit consent is required to collect, use and disclose PI, unless a law or regulation specifically requires or allows otherwise. C3.1 Communicates to data subjects] | Communicate | Preventive | |
| Provide the data subject with a notice of participation procedures. CC ID 06241 | Establish/Maintain Documentation | Preventive | |
| Deliver notices to the intended parties. CC ID 06240 | Data and Information Management | Preventive | |
| Notify data subjects about their privacy rights. CC ID 12989 | Communicate | Preventive | |
| Disseminate and communicate the critical third party list with relevance to the privacy program to all interested personnel and affected parties. CC ID 12352 | Communicate | Preventive | |
| Require a data protection impact assessment when profiling the data subject. CC ID 12680 | Process or Activity | Detective | |
| Establish, implement, and maintain adequate openness procedures. CC ID 00377 | Data and Information Management | Preventive | |
| Provide public proof the organization participates in a privacy program. CC ID 12349 | Communicate | Preventive | |
| Publish a description of processing activities in an official register. CC ID 00379 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain a records request manual. CC ID 00381 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain a description of voluntary disclosure and automatic availability of certain records. CC ID 00382 | Establish/Maintain Documentation | Preventive | |
| Register with public bodies and notify the Data Commissioner before processing personal data. CC ID 00383 | Behavior | Preventive | |
| Define what is included in registration notices. CC ID 00386 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the registration notice. CC ID 16803 | Establish Roles | Preventive | |
| Include the verification method in the registration notice. CC ID 16798 | Establish/Maintain Documentation | Preventive | |
| Include the statutory authority in the registration notice. CC ID 16799 | Establish/Maintain Documentation | Preventive | |
| Include the address where the file or hardware supporting the data processing is located in the registration notice. CC ID 00387 | Establish/Maintain Documentation | Preventive | |
| Include a purpose specification description in the registration notice. CC ID 00388 | Establish/Maintain Documentation | Preventive | |
| Include information about the dispute resolution body in the registration notice. CC ID 16800 | Establish/Maintain Documentation | Preventive | |
| Include the data subject category being processed in the registration notice. CC ID 00389 | Establish/Maintain Documentation | Preventive | |
| Include the time period for data processing in the registration notice. CC ID 00390 | Establish/Maintain Documentation | Preventive | |
| Include procedures for when the registration notice for processing personal data is insufficient in the registration notice. CC ID 00392 | Establish/Maintain Documentation | Preventive | |
| Provide legal authorities access to personal data, upon request. CC ID 06818 | Data and Information Management | Preventive | |
| Provide the data subject with information about automated decision-making during personal data processing. CC ID 12609 | Process or Activity | Preventive | |
| Provide the data subject with information about obtaining automated decision-making used during personal data processing. CC ID 12618 | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with the name, title, and address of the individual accountable for the organizational policies. CC ID 00394 | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with a copy of any brochures or other information that explain policies, standards, or codes. CC ID 00398 [{be accurate}{be complete} Individuals are informed that they are responsible for providing the entity with accurate and complete PI and for contacting the entity if correction of such information is required. Q8.1 Communicates to data subjects] | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with contractual requirements requiring the provision of personal data. CC ID 12588 | Process or Activity | Preventive | |
| Document the countries where restricted data may be stored. CC ID 12750 | Data and Information Management | Preventive | |
| Protect the rights of students and their parents or legal representatives. CC ID 00222 | Data and Information Management | Preventive | |
| Refrain from allowing access rights to education records maintained by another educational institution. CC ID 13014 | Technical Security | Preventive | |
| Refrain from allowing students the right to inspect the financial records of their parent or legal representative. CC ID 13025 | Records Management | Preventive | |
| Refrain from allowing students the right to inspect confidential letters and confidential letters of recommendation. CC ID 13019 | Records Management | Preventive | |
| Amend education records within a reasonable period after receiving a record amendment request. CC ID 12998 | Records Management | Corrective | |
| Decide whether to amend education records based on evidence presented during a hearing. CC ID 13020 | Records Management | Corrective | |
| Define the criteria for waivers of data subjects' rights. CC ID 16858 | Behavior | Preventive | |
| Revoke waivers of data subject's rights, as necessary. CC ID 16859 | Behavior | Preventive | |
| Disseminate and communicate the notification of rights to students and their parent or legal representative. CC ID 12996 | Establish/Maintain Documentation | Preventive | |
| Include the criteria for determining what constitutes a legitimate educational interest in the notification of rights. CC ID 13004 | Establish/Maintain Documentation | Preventive | |
| Include the criteria for determining what constitutes a school official in the notification of rights. CC ID 13003 | Establish/Maintain Documentation | Preventive | |
| Disclose educational data, as necessary. CC ID 00223 | Data and Information Management | Preventive | |
| Grant access to education records in support of educational program audits. CC ID 13032 | Records Management | Preventive | |
| Grant access to education records in support of external requirements. CC ID 13033 | Records Management | Preventive | |
| Disclose statements added to education records, as necessary. CC ID 12990 | Communicate | Preventive | |
| Obtain explicit consent from students or their parent or legal representative prior to using or disclosing educational data. CC ID 00220 | Data and Information Management | Preventive | |
| Disclose education records when written consent is received. CC ID 00224 | Data and Information Management | Preventive | |
| Specify the parties to whom education records may be disclosed in the written consent. CC ID 13002 | Establish/Maintain Documentation | Preventive | |
| Specify the purpose of the disclosure in the written consent. CC ID 13001 | Establish/Maintain Documentation | Preventive | |
| Specify which education records may be disclosed in the written consent. CC ID 13000 | Establish/Maintain Documentation | Preventive | |
| Document the conditions when consent is not required to disclose educational data. CC ID 00225 | Establish/Maintain Documentation | Preventive | |
| Disclose educational data absent consent when disclosure is in connection with a disciplinary proceeding. CC ID 13005 | Communicate | Preventive | |
| Refrain from disclosing disciplinary proceeding results unless the student has violated the institution's rules or policies. CC ID 13023 | Communicate | Preventive | |
| Disclose educational data absent consent when it concerns sex offenders. CC ID 13013 | Communicate | Preventive | |
| Disclose educational data absent consent to other school officials. CC ID 00226 | Data and Information Management | Preventive | |
| Disclose educational data absent consent to another institution's school officials. CC ID 00227 | Data and Information Management | Preventive | |
| Disclose educational data absent consent in connection with financial aid. CC ID 00229 | Data and Information Management | Preventive | |
| Disclose educational data absent consent to organizations conducting studies on tests. CC ID 00230 | Data and Information Management | Preventive | |
| Disclose educational data absent consent to organizations conducting studies if educational data is destroyed when no longer required. CC ID 12995 | Communicate | Preventive | |
| Disclose educational data absent consent to accrediting organizations. CC ID 00231 | Data and Information Management | Preventive | |
| Disclose educational data absent consent to a dependent student's parent or legal representative. CC ID 00232 | Data and Information Management | Preventive | |
| Disclose educational data absent consent in order to comply with a judicial order. CC ID 00233 | Data and Information Management | Preventive | |
| Disclose educational data absent consent for a health and safety emergency. CC ID 00234 | Data and Information Management | Preventive | |
| Disclose educational data absent consent when it is merely directory information. CC ID 00235 | Data and Information Management | Preventive | |
| Disclose educational data absent consent to a crime victim. CC ID 00236 | Data and Information Management | Preventive | |
| Record the health and safety threats of students when disclosing personal data. CC ID 12997 | Establish/Maintain Documentation | Preventive | |
| Refrain from providing information to the data subject, as necessary. CC ID 12625 | Communicate | Preventive | |
| Refrain from providing information to the data subject when it is forbidden by law. CC ID 12651 | Communicate | Preventive | |
| Refrain from providing information to the data subject when it proves impossible due to statistical purposes. CC ID 12645 | Communicate | Preventive | |
| Provide the data subject with information about lifting any restriction of processing, as necessary. CC ID 12634 | Communicate | Preventive | |
| Refrain from providing information to the data subject when it proves impossible due to historical research purposes. CC ID 12633 | Communicate | Preventive | |
| Refrain from providing information to the data subject when it proves impossible due to scientific research purposes. CC ID 12632 | Communicate | Preventive | |
| Refrain from providing information to the data subject when it proves impossible due to archival purposes. CC ID 12631 | Communicate | Preventive | |
| Refrain from providing information to the data subject when providing information involves disproportionate effort. CC ID 12629 | Communicate | Preventive | |
| Refrain from providing information to the data subject when the data subject has the information. CC ID 12628 | Communicate | Preventive | |
| Provide adequate structures, policies, procedures, and mechanisms to support direct access by the data subject to personal data that is provided upon request. CC ID 00393 [The entity has policies and procedures for viewing, inspecting, accessing and modifying PI. Refer to Component A5.0. M1.0 Access {dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with the data retention period for personal data. CC ID 12587 | Process or Activity | Preventive | |
| Provide the data subject with the criteria used to determine the data retention period for personal data. CC ID 12589 | Process or Activity | Preventive | |
| Provide the data subject with the adequacy decision. CC ID 12586 | Process or Activity | Preventive | |
| Provide the data subject with references to the appropriate safeguards used to protect the privacy of personal data. CC ID 12585 | Process or Activity | Preventive | |
| Provide the data subject with copies of the appropriate safeguards used to protect the privacy of personal data. CC ID 12608 | Process or Activity | Preventive | |
| Provide the data subject with the means of gaining access to personal data held by the organization. CC ID 00396 [Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Data and Information Management | Preventive | |
| Refrain from requiring the data subject to create an account in order to submit a consumer request. CC ID 13780 | Business Processes | Preventive | |
| Provide the data subject with the data protection officer's contact information. CC ID 12573 | Business Processes | Preventive | |
| Notify the data subject of the right to data portability. CC ID 12603 | Process or Activity | Preventive | |
| Provide the data subject with information about the right to erasure. CC ID 12602 | Process or Activity | Preventive | |
| Provide the data subject with a description of the type of information held by the organization and a general account of its use. CC ID 00397 [Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with what personal data is made available to related organizations or subsidiaries. CC ID 00399 [{disclosure accounting record} Requests for an accounting of PI held and disclosures of the data subjects' PI are captured, and information related to the requests is identified and communicated to data subjects to meet the entity's objectives related to privacy. D6.7 Captures, Identifies and Communicates Requests for Information] | Data and Information Management | Preventive | |
| Include individual's names to whom restricted data may be disclosed in the disclosure accounting record. CC ID 13027 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain a disclosure accounting record. CC ID 13022 [The entity creates and retains a complete, accurate and timely record of authorized disclosures of PI to meet the entity's objectives related to privacy. D6.2 The entity creates and maintains a record of authorized disclosures of PI that is complete, accurate and timely. D6.2 Creates and retains record of authorized disclosures {disclosure accounting record} The entity provides data subjects with an accounting of the PI held and disclosure of the data subjects' PI, upon the data subjects' request, to meet the entity's objectives related to privacy. D6.7] | Establish/Maintain Documentation | Preventive | |
| Include the official authorities that are allowed to disclose restricted data absent consent in the disclosure accounting record. CC ID 13029 | Establish/Maintain Documentation | Preventive | |
| Include the legitimate interests for accessing restricted data in the disclosure accounting record. CC ID 13028 | Establish/Maintain Documentation | Preventive | |
| Include what information was disclosed and to whom in the disclosure accounting record. CC ID 04680 [{disclosure accounting record} Requests for an accounting of PI held and disclosures of the data subjects' PI are captured, and information related to the requests is identified and communicated to data subjects to meet the entity's objectives related to privacy. D6.7 Captures, Identifies and Communicates Requests for Information] | Establish/Maintain Documentation | Preventive | |
| Include the personal data the organization refrained from disclosing in the disclosure accounting record. CC ID 13769 | Establish/Maintain Documentation | Preventive | |
| Include the sale of personal data in the disclosure accounting record, as necessary. CC ID 13768 | Establish/Maintain Documentation | Preventive | |
| Include the disclosure date in the disclosure accounting record. CC ID 07133 | Establish/Maintain Documentation | Preventive | |
| Include the disclosure recipient in the disclosure accounting record. CC ID 07134 | Establish/Maintain Documentation | Preventive | |
| Include the disclosure purpose in the disclosure accounting record. CC ID 07135 | Establish/Maintain Documentation | Preventive | |
| Include the frequency, periodicity, or number of disclosures made during the accounting period in the disclosure accounting record. CC ID 07136 | Establish/Maintain Documentation | Preventive | |
| Include the final date of multiple disclosures in the disclosure accounting record. CC ID 07137 | Establish/Maintain Documentation | Preventive | |
| Include how personal data was used for research purposes in the disclosure accounting record. CC ID 07138 | Establish/Maintain Documentation | Preventive | |
| Include the research activity or research protocol in the disclosure accounting record. CC ID 07139 | Establish/Maintain Documentation | Preventive | |
| Include the record selection criteria for research activities in the disclosure accounting record. CC ID 07140 | Establish/Maintain Documentation | Preventive | |
| Include the contact information of the organization that sponsored the research activity in the disclosure accounting record. CC ID 07141 | Establish/Maintain Documentation | Preventive | |
| Include the types of third parties to whom restricted data may be disclosed in the disclosure accounting record. CC ID 16860 | Data and Information Management | Preventive | |
| Disseminate and communicate the disclosure accounting record to interested personnel and affected parties. CC ID 14433 | Communicate | Preventive | |
| Provide shareholders with electronic messages regarding the shareholder meetings. CC ID 04586 | Establish/Maintain Documentation | Preventive | |
| Provide shareholders access to electronic messages via electronic means. CC ID 11855 | Process or Activity | Preventive | |
| Make telephone directory information available to the public. CC ID 08698 | Establish/Maintain Documentation | Preventive | |
| Display warning screens and confirmation screens for all payment transactions. CC ID 06409 | Technical Security | Preventive | |
| Define the acceptable data modifications before presenting the data to a data subject. CC ID 00400 | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with information about the legitimate interests associated with personal data processing. CC ID 12614 [The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Process or Activity | Preventive | |
| Establish, implement, and maintain a privacy policy. CC ID 06281 | Establish/Maintain Documentation | Preventive | |
| Include the data subject's rights in the privacy policy. CC ID 16355 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a privacy policy model document. CC ID 14720 | Establish/Maintain Documentation | Preventive | |
| Document privacy policies in clearly written and easily understood language. CC ID 00376 [The entity's privacy notice is conspicuous and uses clear language. N2.1 Clear and conspicuous] | Establish/Maintain Documentation | Detective | |
| Notify interested personnel and affected parties when changes are made to the privacy policy. CC ID 06943 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the new purpose is documented, the olor:#F0BBBC;" class="term_primary-nostyle="background-color:#CBD0E5;" class="term_secondary-verb">un">data subject is style="background-color:#B7D8ED;" class="term_primary-verb">notified, and implicit or explicit consent is obtained prior to such new use or purpose. C3.2 Documents and obtained consent for new purposes and uses {privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Behavior | Preventive | |
| Document the notification of interested personnel and affected parties regarding privacy policy changes. CC ID 06944 | Establish/Maintain Documentation | Preventive | |
| Write privacy notices in the official languages required by law. CC ID 16529 | Establish/Maintain Documentation | Preventive | |
| Define what is included in the privacy policy. CC ID 00404 | Establish/Maintain Documentation | Preventive | |
| Define the information being collected in the privacy policy. CC ID 13115 | Establish/Maintain Documentation | Preventive | |
| Define which collection of information is voluntary and which is required in the privacy policy. CC ID 13110 | Establish/Maintain Documentation | Preventive | |
| Include the means by which information is collected in the privacy policy. CC ID 13114 | Establish/Maintain Documentation | Preventive | |
| Remove certification marks of privacy programs the organization is no longer a member of from the privacy policy. CC ID 12368 | Establish/Maintain Documentation | Corrective | |
| Include roles and responsibilities in the privacy policy. CC ID 14669 | Establish/Maintain Documentation | Preventive | |
| Include management commitment in the privacy policy. CC ID 14668 | Establish/Maintain Documentation | Preventive | |
| Include coordination amongst entities in the privacy policy. CC ID 14667 | Establish/Maintain Documentation | Preventive | |
| Include the policy for disclosing personal data of persons who have ceased to be customers in the privacy policy. CC ID 14854 | Establish/Maintain Documentation | Preventive | |
| Include compliance requirements in the privacy policy. CC ID 14666 | Establish/Maintain Documentation | Preventive | |
| Include the consequences of refusing to provide required information in the privacy policy. CC ID 13111 | Establish/Maintain Documentation | Preventive | |
| Remove any privacy programs the organization is not a member of from the privacy policy. CC ID 12367 | Establish/Maintain Documentation | Corrective | |
| Include independent recourse mechanisms in the privacy policy, as necessary. CC ID 12366 | Establish/Maintain Documentation | Preventive | |
| Include the privacy programs the organization is a member of in the privacy policy. CC ID 12365 | Establish/Maintain Documentation | Preventive | |
| Include a complaint form in the privacy policy. CC ID 12364 | Establish/Maintain Documentation | Preventive | |
| Include the address where the files and hardware that support the data processing is located in the privacy policy. CC ID 00405 | Establish/Maintain Documentation | Preventive | |
| Include the processing purpose in the privacy policy. CC ID 00406 | Establish/Maintain Documentation | Preventive | |
| Include an overview of applicable information security controls in the privacy policy, as necessary. CC ID 13117 | Establish/Maintain Documentation | Preventive | |
| Include the data subject categories being processed in the privacy policy. CC ID 00407 | Establish/Maintain Documentation | Preventive | |
| Define the retention period for collected information in the privacy policy. CC ID 13116 | Establish/Maintain Documentation | Preventive | |
| Include the time period for when the data processing will be carried out in the privacy policy. CC ID 00408 | Establish/Maintain Documentation | Preventive | |
| Include other organizations that personal data is being disclosed to in the privacy policy. CC ID 00409 | Establish/Maintain Documentation | Preventive | |
| Include how to gain access to personal data held by the organization in the privacy policy. CC ID 00410 | Establish/Maintain Documentation | Preventive | |
| Include instructions on how to opt-out in the privacy policy. CC ID 00411 | Establish/Maintain Documentation | Preventive | |
| Include the privacy policy's Uniform Resource Locator in the privacy policy. CC ID 12363 | Establish/Maintain Documentation | Preventive | |
| Include instructions on how to disable devices that collect restricted data in the privacy policy. CC ID 15454 | Establish/Maintain Documentation | Preventive | |
| Include a description of devices that collect restricted data in the privacy policy. CC ID 15452 | Establish/Maintain Documentation | Preventive | |
| Define the audit method used to assess the privacy program in the privacy policy. CC ID 12390 [The entity has procedures for identifying and addressing instances when non-compliance with information privacy policies and procedures are identified. M1.2 Policy compliance] | Establish/Maintain Documentation | Preventive | |
| Post the privacy policy in an easily seen location. CC ID 00401 [The entity's privacy notice is conspicuous and uses clear language. N2.1 Clear and conspicuous] | Establish/Maintain Documentation | Preventive | |
| Define who will receive the privacy policy. CC ID 00402 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the privacy policy to interested personnel and affected parties. CC ID 13346 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1 The entity communicates its information privacy policies to internal personnel and other external third parties engaged in providing business process, IT services and information privacy support. M1.2 Policy communications Privacy policies and specific instructions or requirements for handling PI are communicated to third parties to whom PI is disclosed. D6.1 Communicates privacy policies to third parties] | Communicate | Preventive | |
| Establish, implement, and maintain privacy procedures. CC ID 14665 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the privacy procedures to all interested personnel and affected parties. CC ID 14664 [Privacy policies and specific instructions or requirements for handling PI are communicated to third parties to whom PI is disclosed. D6.1 Communicates privacy policies to third parties] | Communicate | Preventive | |
| Establish, implement, and maintain a privacy plan. CC ID 14672 | Establish/Maintain Documentation | Preventive | |
| Align the enterprise architecture with the privacy plan. CC ID 14705 | Process or Activity | Preventive | |
| Approve the privacy plan. CC ID 14700 | Business Processes | Preventive | |
| Include privacy requirements in the privacy plan. CC ID 14699 | Establish/Maintain Documentation | Preventive | |
| Include the information types in the privacy plan. CC ID 14695 | Establish/Maintain Documentation | Preventive | |
| Include threats in the privacy plan. CC ID 14694 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the privacy plan. CC ID 14702 | Establish/Maintain Documentation | Preventive | |
| Include a description of the operational context in the privacy plan. CC ID 14692 | Establish/Maintain Documentation | Preventive | |
| Include risk assessment results in the privacy plan. CC ID 14701 | Establish/Maintain Documentation | Preventive | |
| Include the security categorizations and rationale in the privacy plan. CC ID 14690 | Establish/Maintain Documentation | Preventive | |
| Include security controls in the privacy plan. CC ID 14681 [The entity has a process to identify the specific or key data privacy security controls that it has designed and placed into operation that help reduce the risks of a data breach or a theft, erasure or alteration of PI. M1.4 Data privacy security controls] | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the privacy plan to interested personnel and affected parties. CC ID 14680 | Communicate | Preventive | |
| Include a description of the operational environment in the privacy plan. CC ID 14679 | Establish/Maintain Documentation | Preventive | |
| Include network diagrams in the privacy plan. CC ID 14678 | Establish/Maintain Documentation | Preventive | |
| Include the results of the privacy risk assessment in the privacy plan. CC ID 14677 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a privacy report. CC ID 14754 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the privacy report to interested personnel and affected parties. CC ID 14761 | Communicate | Preventive | |
| Protect private communications in keeping with compliance requirements. CC ID 14334 | Business Processes | Preventive | |
| Disseminate private communications when required by law. CC ID 14335 | Communicate | Corrective | |
| Establish, implement, and maintain personal data choice and consent program. CC ID 12569 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain data request procedures. CC ID 16546 | Establish/Maintain Documentation | Preventive | |
| Refrain from discriminating against data subjects who have exercised privacy rights. CC ID 13435 | Human Resources Management | Preventive | |
| Refrain from charging a fee to implement an opt-out request. CC ID 13877 | Business Processes | Preventive | |
| Establish and maintain disclosure authorization forms for authorization of consent to use personal data. CC ID 13433 [The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications] | Establish/Maintain Documentation | Preventive | |
| Include procedures for revoking authorization of consent to use personal data in the disclosure authorization form. CC ID 13438 | Establish/Maintain Documentation | Preventive | |
| Include the identity of the person seeking consent in the disclosure authorization. CC ID 13999 | Establish/Maintain Documentation | Preventive | |
| Include the recipients of the disclosed personal data in the disclosure authorization form. CC ID 13440 | Establish/Maintain Documentation | Preventive | |
| Include the signature of the data subject and the signing date in the disclosure authorization form. CC ID 13439 | Establish/Maintain Documentation | Preventive | |
| Include the identity of the data subject in the disclosure authorization form. CC ID 13436 | Establish/Maintain Documentation | Preventive | |
| Include the types of personal data to be disclosed in the disclosure authorization form. CC ID 13442 | Establish/Maintain Documentation | Preventive | |
| Include how personal data will be used in the disclosure authorization form. CC ID 13441 [The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications] | Establish/Maintain Documentation | Preventive | |
| Include agreement termination information in the disclosure authorization form. CC ID 13437 | Establish/Maintain Documentation | Preventive | |
| Offer incentives for consumers to opt-in to provide their personal data to the organization. CC ID 13781 | Business Processes | Preventive | |
| Refrain from using coercive financial incentive programs to entice opt-in consent. CC ID 13795 | Business Processes | Preventive | |
| Allow data subjects to opt out and refrain from granting an authorization of consent to use personal data. CC ID 00391 [The entity has a process to allow data subjects with the option of not providing their PI, according to the data privacy agreement, including notifying the data subjects of the consequences of not agreeing to its provision and use by the entity. C3.1 Ability to opt-out The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Data and Information Management | Preventive | |
| Treat an opt-out direction by an individual joint consumer as applying to all associated joint consumers. CC ID 13452 | Business Processes | Preventive | |
| Treat opt-out directions separately for each customer relationship the data subject establishes with the organization. CC ID 13454 | Business Processes | Preventive | |
| Establish, implement, and maintain an opt-out method in accordance with organizational standards. CC ID 16526 | Data and Information Management | Preventive | |
| Comply with opt-out directions by the data subject, unless otherwise directed by compliance requirements. CC ID 13451 | Business Processes | Preventive | |
| Confirm the individual's identity before granting an opt-out request. CC ID 16813 | Process or Activity | Preventive | |
| Highlight the section regarding data subject's consent from other sections in contracts and agreements. CC ID 13988 | Establish/Maintain Documentation | Preventive | |
| Allow consent requests to be provided in any official languages. CC ID 16530 | Business Processes | Preventive | |
| Notify interested personnel and affected parties of the reasons the opt-out request was refused. CC ID 16537 | Communicate | Preventive | |
| Collect and retain disclosure authorizations for each data subject. CC ID 13434 [Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information] | Records Management | Preventive | |
| Refrain from requiring consent to collect, use, or disclose personal data beyond specified, legitimate reasons in order to receive products and services. CC ID 13605 | Data and Information Management | Preventive | |
| Refrain from obtaining consent through deception. CC ID 13556 | Data and Information Management | Preventive | |
| Give individuals the ability to change the uses of their personal data. CC ID 00469 | Data and Information Management | Preventive | |
| Notify data subjects of the implications of withdrawing consent. CC ID 13551 [The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Data and Information Management | Preventive | |
| Establish, implement, and maintain a personal data accountability program. CC ID 13432 [The entity provides a privacy awareness program about its privacy policies and related matters, and provides specific training for selected personnel depending on their roles and responsibilities. M1.2 Privacy awareness and training] | Establish/Maintain Documentation | Preventive | |
| Assign ownership of the privacy program to the appropriate organizational role. CC ID 11848 | Human Resources Management | Preventive | |
| Require data controllers to be accountable for their actions. CC ID 00470 | Establish Roles | Preventive | |
| Bind data controllers to secrecy concerning the performance of their duties. CC ID 12610 | Human Resources Management | Preventive | |
| Notify the supervisory authority. CC ID 00472 | Behavior | Preventive | |
| Establish, implement, and maintain approval applications. CC ID 16778 | Establish/Maintain Documentation | Preventive | |
| Define the requirements for approving or denying approval applications. CC ID 16780 | Business Processes | Preventive | |
| Submit approval applications to the supervisory authority. CC ID 16627 | Communicate | Preventive | |
| Include required information in the approval application. CC ID 16628 | Establish/Maintain Documentation | Preventive | |
| Extend the time limit for approving or denying approval applications. CC ID 16779 | Business Processes | Preventive | |
| Approve the approval application unless applicant has been convicted. CC ID 16603 | Process or Activity | Preventive | |
| Provide the supervisory authority with any information requested by the supervisory authority. CC ID 12606 | Process or Activity | Preventive | |
| Notify the supervisory authority of the safeguards employed to protect the data subject's rights. CC ID 12605 | Communicate | Preventive | |
| Include any reasons for delay if notifying the supervisory authority after the time limit. CC ID 12675 | Communicate | Corrective | |
| Cooperate with Data Protection Authorities. CC ID 06870 | Data and Information Management | Preventive | |
| Submit a safe harbor self-certification letter. CC ID 06871 | Establish/Maintain Documentation | Preventive | |
| Refrain from engaging other data processors absent written authorization from the data controller. CC ID 12647 | Human Resources Management | Preventive | |
| Establish, implement, and maintain Binding Corporate Rules for the international transfers of restricted data. CC ID 12584 | Establish/Maintain Documentation | Preventive | |
| Include cooperation mechanisms with the supervisory authority in the Binding Corporate Rules. CC ID 12682 | Establish/Maintain Documentation | Preventive | |
| Include the tasks assigned to the role of data controller in the Binding Corporate Rules. CC ID 12612 | Establish/Maintain Documentation | Preventive | |
| Include data subject's rights in the Binding Corporate Rules. CC ID 12596 | Establish/Maintain Documentation | Preventive | |
| Include the means to exercise the data subject's rights in the Binding Corporate Rules. CC ID 12597 | Establish/Maintain Documentation | Preventive | |
| Include the organizational structure and contact information in the Binding Corporate Rules. CC ID 12595 | Establish/Maintain Documentation | Preventive | |
| Include the acceptance of liability for breaches of the binding corporate rules in the Binding Corporate Rules. CC ID 12594 | Establish/Maintain Documentation | Preventive | |
| Include the mechanisms for reporting legal requirements causing adverse effects on protecting restricted data in the Binding Corporate Rules. CC ID 12620 | Establish/Maintain Documentation | Preventive | |
| Include provisions for providing information on the binding corporate rules to the data subject in the Binding Corporate Rules. CC ID 12593 | Establish/Maintain Documentation | Preventive | |
| Include reporting changes to the binding corporate rules in the Binding Corporate Rules. CC ID 12591 | Establish/Maintain Documentation | Preventive | |
| Include reporting changes of the binding corporate rules to the supervisory authority in the Binding Corporate Rules. CC ID 12592 | Establish/Maintain Documentation | Preventive | |
| Include complaint procedures in the Binding Corporate Rules. CC ID 12613 | Establish/Maintain Documentation | Preventive | |
| Include the data transfers in the Binding Corporate Rules. CC ID 12590 | Establish/Maintain Documentation | Preventive | |
| Include specifying the mechanisms for verifying compliance of the binding corporate rules in the Binding Corporate Rules. CC ID 12662 | Establish/Maintain Documentation | Preventive | |
| Include the identification of the countries in question for the data transfers in the Binding Corporate Rules. CC ID 12601 | Establish/Maintain Documentation | Preventive | |
| Include the type of data subjects affected by the data transfers in the Binding Corporate Rules. CC ID 12600 | Establish/Maintain Documentation | Preventive | |
| Include all pertinent data processing information for data transfers in the Binding Corporate Rules. CC ID 12599 | Establish/Maintain Documentation | Preventive | |
| Include the categories of personal data for data transfers in the Binding Corporate Rules. CC ID 12598 | Establish/Maintain Documentation | Preventive | |
| Include specifying the legally binding nature of the binding corporate rules in the Binding Corporate Rules. CC ID 12627 | Establish/Maintain Documentation | Preventive | |
| Include privacy awareness and training in the Binding Corporate Rules. CC ID 12626 | Establish/Maintain Documentation | Preventive | |
| Notify the data controller of any changes in data processors. CC ID 12648 | Communicate | Preventive | |
| Establish, implement, and maintain Data Processing Contracts. CC ID 12650 | Establish/Maintain Documentation | Preventive | |
| Include the corrective actions to be taken when conditions cannot be met in the Data Processing Contract. CC ID 16812 | Establish/Maintain Documentation | Preventive | |
| Include data processor confidentiality requirements in the Data Processing Contract. CC ID 12685 | Establish/Maintain Documentation | Preventive | |
| Include the stipulation of notifying the data controller of legal requirements prior to processing restricted data unless the law prohibits such information on important grounds of public interest in the Data Processing Contract. CC ID 12687 | Establish/Maintain Documentation | Preventive | |
| Include instructions for processing restricted data in the Data Processing Contract. CC ID 14938 | Establish/Maintain Documentation | Preventive | |
| Include the purpose for processing restricted data in the Data Processing Contract. CC ID 14937 | Establish/Maintain Documentation | Preventive | |
| Include the types of restricted data subject to processing in the Data Processing Contract. CC ID 14936 | Establish/Maintain Documentation | Preventive | |
| Include the duration of processing in the Data Processing Contract. CC ID 14935 | Establish/Maintain Documentation | Preventive | |
| Include personal data transfer procedures in the Data Processing Contract. CC ID 12683 [PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.4 Discloses PI only to appropriate third parties PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.1 Discloses PI only to appropriate third parties] | Establish/Maintain Documentation | Preventive | |
| Include the stipulation of allowing auditing for compliance in the Data Processing Contract. CC ID 12679 | Establish/Maintain Documentation | Preventive | |
| Include the stipulation that the Statement of Compliance will be made available in the Data Processing Contract. CC ID 12678 | Establish/Maintain Documentation | Preventive | |
| Include the stipulation of complying with external requirements in the Data Processing Contract. CC ID 12676 | Establish/Maintain Documentation | Preventive | |
| Include the stipulation that the data processor will respect the conditions for engaging another data processor in the Data Processing Contract. CC ID 12686 | Human Resources Management | Preventive | |
| Include the stipulation that copies of restricted data will be disposed, unless retention is required by law, in the Data Processing Contract. CC ID 12670 | Establish/Maintain Documentation | Preventive | |
| Include the stipulation that personal data will be disposed or returned to the data subject in the Data Processing Contract. CC ID 12669 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a personal data use limitation program. CC ID 13428 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a personal data use purpose specification. CC ID 00093 | Establish/Maintain Documentation | Preventive | |
| Display or print the least amount of personal data necessary. CC ID 04643 | Data and Information Management | Preventive | |
| Redact confidential information from public information, as necessary. CC ID 06872 | Data and Information Management | Preventive | |
| Notify the data subject of the collection purpose. CC ID 00095 | Behavior | Preventive | |
| Refrain from using restricted data collected for research and statistics for other purposes. CC ID 00096 | Data and Information Management | Preventive | |
| Document the law that requires restricted data to be collected. CC ID 00103 | Establish/Maintain Documentation | Preventive | |
| Notify the data subject of the consequences for not providing personal data. CC ID 00104 [When PI is collected, data subjects are informed of the consequences of refusing to provide PI for purposes identified in the notice. C3.1 Communicates consequences of denying or withdrawing consent The entity has a process to allow data subjects with the option of not providing their PI, according to the data privacy agreement, including notifying the data subjects of the consequences of not agreeing to its provision and use by the entity. C3.1 Ability to opt-out] | Behavior | Preventive | |
| Notify the data subject of changes to personal data use. CC ID 00105 [Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Behavior | Preventive | |
| Establish, implement, and maintain data use change of purpose procedures. CC ID 00106 | Establish/Maintain Documentation | Preventive | |
| Document the use of publicly accessible personal data as an acceptable secondary purpose. CC ID 00108 | Establish/Maintain Documentation | Preventive | |
| Document the use of privacy-related data as acceptable if the information being used is publicly available information, the secondary use is marketing, and it is not practical to seek consent from the individual before use. CC ID 00110 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the data subject is not charged to request to opt out of direct marketing communications. CC ID 00111 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the data subject has not requested to opt out of direct marketing communications. CC ID 00112 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the organization highlights the opt out option during each direct marketing communication. CC ID 00113 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the organization displays contact information in each written direct marketing communication. CC ID 00114 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the data subject gives consent. CC ID 00115 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is Individually Identifiable Health Information used for research. CC ID 00116 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is used for statistical research, scholarly research, or scientific research and the data subject is anonymous. CC ID 00117 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the data controller believes the use is necessary to prevent a life-threatening emergency. CC ID 00118 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when required by law. CC ID 00119 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is necessary for public emergencies, public health and safety, or individual emergencies. CC ID 00121 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the primary purpose is directly related to the secondary purpose. CC ID 00123 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary for the enforcement of care and custody. CC ID 15453 | Establish/Maintain Documentation | Preventive | |
| Document the use of data as an acceptable secondary purpose when it is necessary for use in a legal proceeding. CC ID 15451 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary for a law enforcement investigation. CC ID 15449 | Establish/Maintain Documentation | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary to perform a treaty with a foreign government. CC ID 15447 | Establish/Maintain Documentation | Preventive | |
| Obtain the data subject's consent when the personal data use changes. CC ID 11832 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the new purpose is documented, the data subject is notified, and implicit or {privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Behavior | Preventive | |
| Document restricted data that is disclosed for an acceptable secondary purpose. CC ID 00124 | Establish/Maintain Documentation | Preventive | |
| Dispose of media and restricted data in a timely manner. CC ID 00125 [{be secure} The entity securely disposes of PI consistent with its objectives related to privacy. U4.3 PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI Policies and procedures are implemented to erase or otherwise destroy PI that has been identified for destruction. U4.3 Destroys PI] | Data and Information Management | Preventive | |
| Refrain from destroying records being inspected or reviewed. CC ID 13015 | Records Management | Preventive | |
| Notify the data subject after their personal data is disposed, as necessary. CC ID 13502 [When required, the entity has a process that provides data subjects a mechanism with which to request the entity to remove, dispose and erase a data subject's PI. Once a data subject's PI is no longer being stored in the entity's systems (this includes other affiliates and third parties that may also hold or store privacy information on behalf of the entity), the entity notifies the affected data subjects that such information has been removed. N2.1 Data subject revocations] | Communicate | Preventive | |
| Establish, implement, and maintain data access procedures. CC ID 00414 | Establish/Maintain Documentation | Preventive | |
| Allow data subjects to submit data requests. CC ID 16545 | Process or Activity | Preventive | |
| Provide individuals with information about where their personal data was processed. CC ID 00415 | Data and Information Management | Preventive | |
| Provide individuals with information about the processing purpose of their personal data. CC ID 00416 | Data and Information Management | Preventive | |
| Provide individuals with information about disclosure of their personal data. CC ID 00417 | Data and Information Management | Preventive | |
| Allow guardians and legal representatives access to personal data about the individual for whom they are guardians or legal representatives. CC ID 00418 | Data and Information Management | Preventive | |
| Provide assistance to requesters in preparing data access requests. CC ID 13588 | Data and Information Management | Preventive | |
| Require data access requests to be in writing, unless the requester is unable. CC ID 00420 | Establish/Maintain Documentation | Preventive | |
| Define what is to be included in a data access request. CC ID 08699 | Establish/Maintain Documentation | Preventive | |
| Refrain from requiring data subjects having to justify personal data access requests. CC ID 12394 | Business Processes | Preventive | |
| Respond to data access requests in a timely manner. CC ID 00421 | Behavior | Preventive | |
| Delay responding to data access requests, as necessary. CC ID 15504 | Data and Information Management | Preventive | |
| Expedite the processing of data access requests, as necessary. CC ID 15496 | Data and Information Management | Preventive | |
| Notify the individual of the reasons for delays in responding to data access requests. CC ID 00422 | Behavior | Detective | |
| Notify the individual when a cost is imposed which must be paid in advance to gain access. CC ID 00423 | Behavior | Detective | |
| Grant a waiver or reduction of fees for data access under defined conditions. CC ID 15502 | Business Processes | Preventive | |
| Define what is included in a request for a waiver or reduction of fees. CC ID 15522 | Process or Activity | Preventive | |
| Deliver the records described in the personal data access request, as necessary. CC ID 08701 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1] | Establish/Maintain Documentation | Preventive | |
| Provide individuals with an estimate of how much data was withheld from the data access request. CC ID 15503 | Data and Information Management | Preventive | |
| Document the outcome of the personal data access request review procedure. CC ID 00455 | Data and Information Management | Preventive | |
| Establish, implement, and maintain procedures for individuals to be able to modify their personal data, as necessary. CC ID 11811 [The entity has policies and procedures for viewing, inspecting, accessing and modifying PI. Refer to Component A5.0. M1.0 Access Data subjects are able to update or correct PI held by the entity. The entity provides such updated or corrected information to third parties that were previously provided with the data subject's PI consistent with the entity's objective related to privacy. A5.2 Permits data subjects to update or correct PI When required, the entity has a process that provides data subjects a mechanism with which to request the entity to remove, dispose and erase a data subject's PI. Once a data subject's PI is no longer being stored in the entity's systems (this includes other affiliates and third parties that may also hold or store privacy information on behalf of the entity), the entity notifies the affected data subjects that such information has been removed. N2.1 Data subject revocations] | Establish/Maintain Documentation | Preventive | |
| Submit personal data removal requests in writing. CC ID 11973 | Records Management | Preventive | |
| Include a liability waiver for any harm caused by the exclusion of personal data in the personal data removal request. CC ID 11975 | Establish/Maintain Documentation | Preventive | |
| Allow authorized individuals to authenticate record entries containing personal data. CC ID 11812 | Records Management | Corrective | |
| Notify third parties of data access requests that relates to the third party. CC ID 08703 | Establish/Maintain Documentation | Preventive | |
| Allow affected third parties to consent or object to a data access request. CC ID 08704 | Process or Activity | Preventive | |
| Establish, implement, and maintain restricted data use limitation procedures. CC ID 00128 | Establish/Maintain Documentation | Preventive | |
| Identify any adverse effects the processing of personal data will have on the data subject. CC ID 15299 | Data and Information Management | Preventive | |
| Disclose de-identified data, as necessary. CC ID 13034 | Communicate | Preventive | |
| Notify the data subject after personal data is used or disclosed. CC ID 06247 | Behavior | Preventive | |
| Refrain from processing restricted data, as necessary. CC ID 12551 | Records Management | Preventive | |
| Refrain from processing restricted data if the restricted data is involved in a legal claim. CC ID 12668 | Process or Activity | Preventive | |
| Refrain from providing information to the data subject when the organization cannot identify the data subject. CC ID 12667 | Process or Activity | Preventive | |
| Refrain from erasing personal data when the data subject consents to retention. CC ID 14326 | Business Processes | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for statistical purposes. CC ID 12656 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for historical research purposes. CC ID 12655 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for scientific research purposes. CC ID 12654 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for exercising freedom of expression. CC ID 12684 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon data subject request when it is used to provide a service. CC ID 13779 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon data subject request when it is being used for incident detection. CC ID 13778 | Process or Activity | Detective | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for archival purposes. CC ID 12653 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is for compliance with a legal obligation. CC ID 12652 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for the public interest. CC ID 12649 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing concerns legal claims. CC ID 12644 | Process or Activity | Preventive | |
| Refrain from processing personal data when it is likely to cause unlawful discrimination or arbitrary discrimination. CC ID 00197 | Data and Information Management | Preventive | |
| Refrain from processing personal data when it is used for behavioral monitoring. CC ID 16528 | Data and Information Management | Preventive | |
| Refrain from processing personal data when it reveals trade union membership. CC ID 12583 | Business Processes | Preventive | |
| Refrain from processing personal data when it concerns an individual's sexual orientation. CC ID 12582 | Business Processes | Preventive | |
| Refrain from processing personal data when it concerns an individual's sex life. CC ID 12581 | Business Processes | Preventive | |
| Refrain from processing personal data when it contains Individually Identifiable Health Information. CC ID 12580 | Business Processes | Preventive | |
| Refrain from processing personal data when biometric data is used for the purpose of identifying an individual. CC ID 12579 | Business Processes | Preventive | |
| Refrain from processing personal data when the genetic data is used for the purpose of identifying individuals. CC ID 12578 | Business Processes | Preventive | |
| Refrain from processing personal data when it reveals philosophical beliefs. CC ID 12577 | Business Processes | Preventive | |
| Refrain from processing personal data when it reveals religious beliefs. CC ID 12576 | Business Processes | Preventive | |
| Refrain from processing personal data when it reveals political opinions. CC ID 12575 | Business Processes | Preventive | |
| Refrain from processing personal data if it reveals ethnic origin. CC ID 12574 | Business Processes | Preventive | |
| Refrain from processing personal data if the data subject opposes the data erasure of personal data. CC ID 12619 | Process or Activity | Preventive | |
| Establish and maintain a record of processing activities when processing restricted data. CC ID 12636 | Establish/Maintain Documentation | Preventive | |
| Refrain from maintaining a record of processing activities if the data processor employs a limited number of persons. CC ID 13378 | Establish/Maintain Documentation | Preventive | |
| Refrain from maintaining a record of processing activities if the personal data relates to criminal records. CC ID 13377 | Establish/Maintain Documentation | Preventive | |
| Refrain from maintaining a record of processing activities if the data being processed is restricted data. CC ID 13376 | Establish/Maintain Documentation | Preventive | |
| Refrain from maintaining a record of processing activities if it could result in a risk to the data subject's rights or data subject's freedom. CC ID 13375 | Establish/Maintain Documentation | Preventive | |
| Include the data protection officer's contact information in the record of processing activities. CC ID 12640 | Records Management | Preventive | |
| Include the data processor's contact information in the record of processing activities. CC ID 12657 | Records Management | Preventive | |
| Include the data processor's representative's contact information in the record of processing activities. CC ID 12658 | Records Management | Preventive | |
| Include a general description of the implemented security measures in the record of processing activities. CC ID 12641 | Records Management | Preventive | |
| Include a description of the data subject categories in the record of processing activities. CC ID 12659 | Records Management | Preventive | |
| Include the purpose of processing restricted data in the record of processing activities. CC ID 12663 | Records Management | Preventive | |
| Include the personal data processing categories in the record of processing activities. CC ID 12661 | Records Management | Preventive | |
| Include the time limits for erasing each data category in the record of processing activities. CC ID 12690 | Records Management | Preventive | |
| Include the data recipient categories to whom restricted data has been or will be disclosed in the record of processing activities. CC ID 12664 | Records Management | Preventive | |
| Include a description of the personal data categories in the record of processing activities. CC ID 12660 | Records Management | Preventive | |
| Include the joint data controller's contact information in the record of processing activities. CC ID 12639 | Records Management | Preventive | |
| Include the data controller's representative's contact information in the record of processing activities. CC ID 12638 | Records Management | Preventive | |
| Include documentation of the transferee's safeguards for transferring restricted data in the record of processing activities. CC ID 12643 | Records Management | Preventive | |
| Include the identification of transferees for transferring restricted data in the record of processing activities. CC ID 12642 | Records Management | Preventive | |
| Include the data controller's contact information in the record of processing activities. CC ID 12637 | Records Management | Preventive | |
| Process restricted data lawfully and carefully. CC ID 00086 | Establish Roles | Preventive | |
| Analyze requirements for processing personal data in contracts. CC ID 12550 | Investigate | Detective | |
| Implement technical controls that limit processing restricted data for specific purposes. CC ID 12646 | Technical Security | Preventive | |
| Process personal data pertaining to a patient's health in order to treat those patients. CC ID 00200 | Data and Information Management | Preventive | |
| Notify the subject of care when a lack of availability of health information systems might have adversely affected their care. CC ID 13990 | Communicate | Corrective | |
| Refrain from disclosing Individually Identifiable Health Information when in violation of territorial or federal law. CC ID 11966 | Records Management | Preventive | |
| Document the conditions for the use or disclosure of Individually Identifiable Health Information by a covered entity to another covered entity. CC ID 00210 | Establish/Maintain Documentation | Preventive | |
| Disclose Individually Identifiable Health Information for a covered entity's own use. CC ID 00211 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information for a healthcare provider's treatment activities by a covered entity. CC ID 00212 | Data and Information Management | Preventive | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is permitted with the consent of the data subject. CC ID 11970 | Records Management | Preventive | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is to support the treatment of the individual. CC ID 11969 | Process or Activity | Preventive | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is permitted by law. CC ID 11976 | Records Management | Preventive | |
| Disclose Individually Identifiable Health Information for payment activities between covered entities or healthcare providers. CC ID 00213 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information for Treatment, Payment, and Health Care Operations activities when both covered entities have a relationship with the data subject. CC ID 00214 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information for Treatment, Payment, and Health Care Operations activities between a covered entity and a participating healthcare provider when the information is collected from the data subject and a third party. CC ID 00215 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information in accordance with agreed upon restrictions. CC ID 06249 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information in accordance with the privacy notice. CC ID 06250 | Data and Information Management | Preventive | |
| Disclose permitted Individually Identifiable Health Information for facility directories. CC ID 06251 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information for cadaveric organ donation purposes, eye donation purposes, or tissue donation purposes. CC ID 06252 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information for medical suitability determinations. CC ID 06253 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information for armed forces personnel appropriately. CC ID 06254 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information in order to provide public benefits by government agencies. CC ID 06255 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information for fundraising. CC ID 06256 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information for research use when the appropriate requirements are included in the approval documentation or waiver documentation. CC ID 06257 | Establish/Maintain Documentation | Preventive | |
| Document the conditions for the disclosure of Individually Identifiable Health Information by an organization providing healthcare services to organizations other than business associates or other covered entities. CC ID 00201 | Establish/Maintain Documentation | Preventive | |
| Disclose Individually Identifiable Health Information when the data subject cannot physically or legally provide consent and the disclosing organization is a healthcare provider. CC ID 00202 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information to provide appropriate treatment to the data subject when the disclosing organization is a healthcare provider. CC ID 00203 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information when it is not contrary to the data subject's wish prior to becoming unable to provide consent and the disclosing organization is a healthcare provider. CC ID 00204 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information that is reasonable or necessary for the disclosure purpose when the disclosing organization is a healthcare provider. CC ID 00205 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information consistent with the law when the disclosing organization is a healthcare provider. CC ID 00206 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the disclosing organization is a healthcare provider. CC ID 00207 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the data subject has provided consent and the disclosing organization is a healthcare provider. CC ID 00208 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the data subject's guardian or representative has provided consent and the disclosing organization is a healthcare provider. CC ID 00209 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information when the disclosing organization is a healthcare provider that supports public health and safety activities. CC ID 06248 | Data and Information Management | Preventive | |
| Disclose Individually Identifiable Health Information in order to report abuse or neglect when the disclosing organization is a healthcare provider. CC ID 06819 | Data and Information Management | Preventive | |
| Document how Individually Identifiable Health Information is used and disclosed when authorization has been granted. CC ID 00216 | Establish/Maintain Documentation | Preventive | |
| Define and implement valid authorization control requirements. CC ID 06258 | Establish/Maintain Documentation | Preventive | |
| Obtain explicit consent for authorization to release Individually Identifiable Health Information. CC ID 00217 | Data and Information Management | Preventive | |
| Obtain explicit consent for authorization to release psychotherapy notes. CC ID 00218 | Data and Information Management | Preventive | |
| Refrain from using Individually Identifiable Health Information to determine eligibility or continued eligibility for credit. CC ID 00219 | Data and Information Management | Preventive | |
| Process personal data after the data subject has granted explicit consent. CC ID 00180 [{implicit consent} PI is used only for the intended purposes for which it was collected and only when implicit or explicit consent has been obtained unless a law or regulation specifically requires otherwise. U4.1 Only uses PI for intended purposes] | Data and Information Management | Preventive | |
| Process personal data in order to perform a legal obligation or exercise a legal right. CC ID 00182 | Data and Information Management | Preventive | |
| Process personal data relating to criminal offenses when required by law. CC ID 00237 | Data and Information Management | Preventive | |
| Process personal data in order to prevent personal injury or damage to the data subject's health. CC ID 00183 | Data and Information Management | Preventive | |
| Process personal data in order to prevent personal injury or damage to a third party's health. CC ID 00184 | Data and Information Management | Preventive | |
| Process personal data for statistical purposes or scientific purposes. CC ID 00256 | Data and Information Management | Preventive | |
| Process personal data during legitimate activities with safeguards for the data subject's legal rights. CC ID 00185 | Data and Information Management | Preventive | |
| Process traffic data in a controlled manner. CC ID 00130 | Data and Information Management | Preventive | |
| Process personal data for health insurance, social insurance, state social benefits, social welfare, or child protection. CC ID 00186 | Data and Information Management | Preventive | |
| Process personal data when it is publicly accessible. CC ID 00187 | Data and Information Management | Preventive | |
| Process personal data for direct marketing and other personalized mail programs. CC ID 00188 | Data and Information Management | Preventive | |
| Refrain from processing personal data for marketing or advertising to children. CC ID 14010 | Business Processes | Preventive | |
| Refrain from disseminating and communicating with individuals that have opted out of direct marketing communications. CC ID 13708 | Communicate | Corrective | |
| Process personal data for the purposes of employment. CC ID 16527 | Data and Information Management | Preventive | |
| Process personal data for justice administration, lawsuits, judicial decisions, and investigations. CC ID 00189 | Data and Information Management | Preventive | |
| Process personal data for debt collection or benefit payments. CC ID 00190 | Data and Information Management | Preventive | |
| Process personal data in order to advance the public interest. CC ID 00191 | Data and Information Management | Preventive | |
| Process personal data for surveys, archives, or scientific research. CC ID 00192 | Data and Information Management | Preventive | |
| Process personal data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00193 | Data and Information Management | Preventive | |
| Process personal data for academic purposes or religious purposes. CC ID 00194 | Data and Information Management | Preventive | |
| Process personal data when it is used by a public authority for National Security policy or criminal policy. CC ID 00195 | Data and Information Management | Preventive | |
| Refrain from storing data in newly created files or registers which directly or indirectly reveals the restricted data. CC ID 00196 | Data and Information Management | Preventive | |
| Follow legal obligations while processing personal data. CC ID 04794 | Data and Information Management | Preventive | |
| Start personal data processing only after the needed notifications are submitted. CC ID 04791 | Data and Information Management | Preventive | |
| Process personal data absent consent for specific and well-documented circumstances. CC ID 13537 | Data and Information Management | Preventive | |
| Process personal data absent consent in order to protect the vital interests of the data subject. CC ID 14012 | Process or Activity | Preventive | |
| Process personal data absent consent when the data subject has been notified the personal data may be collected, used, or disclosed. CC ID 13617 | Data and Information Management | Preventive | |
| Process personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13615 | Data and Information Management | Preventive | |
| Process personal data absent consent when the data subject is notified that the business transaction is completed and their information was disclosed. CC ID 13612 | Data and Information Management | Preventive | |
| Process personal data absent consent when the disclosure concerns the data subject's products and services obtained from the organization. CC ID 13611 | Data and Information Management | Preventive | |
| Process personal data absent consent when it is impracticable to obtain consent. CC ID 13580 | Data and Information Management | Preventive | |
| Process personal data absent consent when it is in the data subject's interest and consent cannot be obtained in a timely manner. CC ID 15282 | Data and Information Management | Preventive | |
| Process personal data absent consent to determine whether to proceed with business transactions. CC ID 13587 | Data and Information Management | Preventive | |
| Process personal data absent consent in order to perform a contract. CC ID 13586 | Data and Information Management | Preventive | |
| Process personal data absent consent when the privacy commissioner is notified before the information is used. CC ID 13581 | Data and Information Management | Preventive | |
| Process personal data absent consent to perform obligations in the field of employment law. CC ID 16814 | Data and Information Management | Preventive | |
| Process personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 15294 | Data and Information Management | Preventive | |
| Process personal data absent consent when it is used in a manner to ensure confidentiality. CC ID 13579 | Data and Information Management | Preventive | |
| Process personal data absent consent when it is used for statistical research, scientific research, or scholarly research. CC ID 13578 | Data and Information Management | Preventive | |
| Process personal data absent consent when it is needed by law. CC ID 13577 | Data and Information Management | Preventive | |
| Process personal data for public interests absent consent in order to protect historical records or archival records. CC ID 15296 | Data and Information Management | Preventive | |
| Process personal data absent consent when it is from publicly available information. CC ID 13576 | Data and Information Management | Preventive | |
| Process personal data absent consent to create a credit report. CC ID 15288 | Data and Information Management | Preventive | |
| Process personal data absent consent if its use is consistent with the intended purpose. CC ID 13575 | Data and Information Management | Preventive | |
| Process personal data absent consent to administer a trust fund or benefit plan. CC ID 15291 | Data and Information Management | Preventive | |
| Process personal data absent consent when produced for business purposes. CC ID 13563 | Data and Information Management | Preventive | |
| Process personal data absent consent for handling insurance claims. CC ID 13561 | Data and Information Management | Preventive | |
| Process personal data absent consent when it is necessary for corporate restructuring. CC ID 16533 | Data and Information Management | Preventive | |
| Process personal data absent consent if the information is contained in a witness statement. CC ID 13560 | Data and Information Management | Preventive | |
| Process personal data absent consent for life-threatening emergencies. CC ID 13558 | Data and Information Management | Preventive | |
| Process personal data absent consent for reasonable investigative purposes. CC ID 13557 | Data and Information Management | Preventive | |
| Notify the individual before restricted data is collected, used, or disclosed. CC ID 00132 | Behavior | Preventive | |
| Define security breach notification requirement exceptions. CC ID 04797 | Establish/Maintain Documentation | Preventive | |
| Refrain from disclosing a security breach if an investigation concludes none has occurred. CC ID 13086 | Communicate | Corrective | |
| Refrain from disclosing personal data absent consent of the individual or for defined exceptions. CC ID 11967 | Records Management | Preventive | |
| Notify the data subject when personal data has been inadvertently disclosed. CC ID 13989 | Communicate | Corrective | |
| Disclose restricted data when the data subject has given unambiguous and implicit consent. CC ID 00157 [The entity discloses PI to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity's objectives related to privacy. D6.1 PI is disclosed to third parties for new purposes or uses only with the prior implicit or explicit consent of data subjects. D6.1 Discloses information to third parties for new purposes and uses PI is disclosed to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject, unless a law or regulation specifically requires otherwise. D6.1 Discloses PI only when appropriate] | Data and Information Management | Preventive | |
| Define what restricted data is not required to be disclosed absent consent. CC ID 00134 | Establish/Maintain Documentation | Preventive | |
| Define the exceptions to disclosure absent consent. CC ID 00135 | Establish/Maintain Documentation | Preventive | |
| Disclose personal data when the data subject has consented and has the ability to opt out. CC ID 00158 | Data and Information Management | Detective | |
| Define opt-out exceptions for disclosing restricted data. CC ID 00159 | Establish/Maintain Documentation | Preventive | |
| Define how a data subject may give consent. CC ID 00160 [{explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2 The entity's policies and procedures require data subjects to explicitly agree and consent to the provision and collection of the data subject's PI. In some circumstances where the entity is unable to confirm explicit consent directly with a data subject, the entity's policies and procedures require the entity to formally document its rationale and basis for determining that it has obtained the data subject's implicit consent. C3.2 Explicit and implicit consent] | Establish/Maintain Documentation | Preventive | |
| Disclose Personal Identification Numbers absent consent in order to update address information. CC ID 04793 | Data and Information Management | Preventive | |
| Disclose personal data absent consent for specific and well-documented circumstances. CC ID 15267 | Communicate | Preventive | |
| Disclose restricted data absent consent when the law does not require consent. CC ID 00136 | Data and Information Management | Preventive | |
| Disclose data absent consent if its disclosure is consistent with the intended purpose. CC ID 15270 | Data and Information Management | Preventive | |
| Disclose restricted data when a relevant connection exists between the data subject and the data controller's operations. CC ID 00137 | Data and Information Management | Preventive | |
| Disclose personal data absent consent if the disclosure with the consent or knowledge of the data subject would compromise the ability to prevent, detect, or suppress fraud. CC ID 13594 | Data and Information Management | Preventive | |
| Disclose personal data absent consent when it is in the data subject's interest and consent cannot be obtained in a timely manner. CC ID 15284 | Data and Information Management | Preventive | |
| Disclose personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13616 | Data and Information Management | Preventive | |
| Disclose personal data absent consent when the data subject is notified that the business transaction is completed and their information was disclosed. CC ID 13613 | Data and Information Management | Preventive | |
| Disclose personal data absent consent when the data subject has been notified the personal data may be collected, used, or disclosed. CC ID 13603 | Data and Information Management | Preventive | |
| Disclose personal data absent consent if disclosure is made a predetermined number of years after the death of the data subject. CC ID 13598 | Data and Information Management | Preventive | |
| Disclose personal data absent consent when disclosure is made a predetermined number of years after the information was created. CC ID 13597 | Data and Information Management | Preventive | |
| Disclose personal data absent consent if the data subject is notified of the disclosure. CC ID 13596 | Data and Information Management | Preventive | |
| Disclose personal data absent consent to detect, suppress, or prevent fraud. CC ID 13592 | Data and Information Management | Preventive | |
| Disclose personal data absent consent to create a credit report. CC ID 15297 | Data and Information Management | Preventive | |
| Disclose personal data absent consent if it is necessary to identify an individual who is injured, ill or deceased. CC ID 13595 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent if the disclosure is to a government institution. CC ID 13583 | Data and Information Management | Preventive | |
| Disclose personal data absent consent for reasonable investigative purposes. CC ID 13593 | Data and Information Management | Preventive | |
| Disclose personal data absent consent to determine whether to proceed with business transactions. CC ID 15285 | Data and Information Management | Preventive | |
| Disclose personal data absent consent for handling insurance claims. CC ID 13585 | Data and Information Management | Preventive | |
| Disclose personal data absent consent if the information is contained in a witness statement. CC ID 13584 | Data and Information Management | Preventive | |
| Disclose personal data absent consent if the data subject is believed to be a victim of financial abuse. CC ID 13555 | Data and Information Management | Preventive | |
| Disclose personal data absent consent for transactions related to the consumer. CC ID 14853 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent to a government institution that has requested the information. CC ID 13582 | Data and Information Management | Preventive | |
| Disclose personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 13554 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent when it is for the data controller's legitimate interest or third party's legitimate interest and it prevails over individual rights. CC ID 00138 [PI is disclosed to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject, unless a law or regulation specifically requires otherwise. D6.1 Discloses PI only when appropriate] | Data and Information Management | Preventive | |
| Disclose personal data absent consent if the organization notifies the privacy commissioner before disclosing the information. CC ID 13553 | Data and Information Management | Preventive | |
| Disclose personal data absent consent if it is impracticable to obtain consent. CC ID 13552 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent in order to perform a contract. CC ID 00139 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent in order to assist Telecommunications Ombudsmen in resolving complaints. CC ID 00140 | Data and Information Management | Preventive | |
| Disclose personal data absent consent to administer a trust fund or benefit plan. CC ID 15290 | Data and Information Management | Preventive | |
| Disclose personal data absent consent for research purposes and the data subject is not identified. CC ID 15286 | Data and Information Management | Preventive | |
| Disclose personal data absent consent when the personal data is disclosed by calling an emergency service number. CC ID 00141 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent when the restricted data prevents life-threatening emergencies to third parties. CC ID 00142 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent when the restricted data preserves human life at sea. CC ID 00143 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent in order to process the restricted data for public interests. CC ID 00144 | Data and Information Management | Preventive | |
| Disclose restricted data for public interests absent consent in order to provide social work assistance services. CC ID 00145 | Data and Information Management | Preventive | |
| Disclose restricted data for public interests absent consent if confidentiality is assured and the disclosure is for statistical research, scientific research, or scholarly research. CC ID 00146 | Data and Information Management | Preventive | |
| Disclose restricted data for public interests absent consent in order to protect historical records or archival records. CC ID 00147 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent for public economic interests. CC ID 00148 | Data and Information Management | Preventive | |
| Disclose restricted data for public interests absent consent for National Security reasons. CC ID 00149 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00150 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent when it is publicly accessible. CC ID 00151 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent when it is related to publicly available information. CC ID 00152 | Data and Information Management | Preventive | |
| Disclose publicly accessible restricted data absent consent when the data subject has already published it. CC ID 00153 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent in order to protect the data subject's vital interests. CC ID 00154 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent in order to protect the data subject's vital interests when there is a life-threatening emergency. CC ID 00155 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent when it is for judicial decisions, lawsuits, and investigations. CC ID 00161 | Data and Information Management | Preventive | |
| Disclose restricted data for judicial decisions, lawsuits, and investigations only after the data controller includes a note of the disclosure in the record. CC ID 00162 | Establish/Maintain Documentation | Detective | |
| Disclose restricted data absent consent when it is needed by law. CC ID 00163 | Data and Information Management | Preventive | |
| Disclose personal data required by law absent consent for special cases involving security or law enforcement. CC ID 04796 | Data and Information Management | Preventive | |
| Disclose personal data absent consent when it is being disclosed to the data subject. CC ID 00164 | Data and Information Management | Preventive | |
| Disclose personal data absent consent for direct marketing or other personalized mail programs. CC ID 14855 | Data and Information Management | Preventive | |
| Disclose personal data absent consent in order to collect a debt owed by the data subject. CC ID 00165 | Data and Information Management | Preventive | |
| Disclose personal data absent consent when the data subject or data owner is anonymous. CC ID 00166 | Data and Information Management | Preventive | |
| Disclose restricted data absent consent when the disclosure concerns the individual's products or services obtained from the organization. CC ID 13469 | Communicate | Preventive | |
| Establish, implement, and maintain restricted data retention procedures. CC ID 00167 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain personal data disposition procedures. CC ID 13498 | Establish/Maintain Documentation | Preventive | |
| Capture personal data removal requests. CC ID 13507 [Requests for deletion of PI are captured and information related to the requests is identified and flagged for destruction to meet the entity's objectives related to privacy. U4.3 Captures, identifies and flags requests for deletion Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Communicate | Preventive | |
| Remove personal data from records after receiving a personal data removal request. CC ID 11972 [Requests for deletion of PI are captured and information related to the requests is identified and flagged for destruction to meet the entity's objectives related to privacy. U4.3 Captures, identifies and flags requests for deletion] | Records Management | Preventive | |
| Refrain from erasing personal data upon receiving a personal data removal request when it is necessary for maintaining information assets. CC ID 13789 | Process or Activity | Preventive | |
| Refrain from erasing personal data upon receiving a personal data removal request when it is necessary to complete a payment transaction. CC ID 13788 | Process or Activity | Preventive | |
| Dispose of personal data removal requests, as necessary. CC ID 13512 | Business Processes | Preventive | |
| Limit the redisclosure and reuse of restricted data. CC ID 00168 | Data and Information Management | Preventive | |
| Refrain from redisclosing or reusing restricted data. CC ID 00169 | Data and Information Management | Preventive | |
| Document the redisclosing restricted data exceptions. CC ID 00170 | Establish/Maintain Documentation | Preventive | |
| Redisclose restricted data when the data subject consents. CC ID 00171 | Data and Information Management | Preventive | |
| Redisclose restricted data when it is for criminal law enforcement. CC ID 00172 | Data and Information Management | Preventive | |
| Redisclose restricted data in order to protect public revenue. CC ID 00173 | Data and Information Management | Preventive | |
| Redisclose restricted data in order to assist a Telecommunications Ombudsman. CC ID 00174 | Data and Information Management | Preventive | |
| Redisclose restricted data in order to prevent a life-threatening emergency. CC ID 00175 | Data and Information Management | Preventive | |
| Redisclose restricted data when it deals with installing, maintaining, operating, or providing access to a Public Telecommunications Network or a telecommunication facility. CC ID 00176 | Data and Information Management | Preventive | |
| Redisclose restricted data in order to preserve human life at sea. CC ID 00177 | Data and Information Management | Preventive | |
| Obtain explicit consent directly from the data subject prior to the use of that person's sensitive data. CC ID 00178 [The entity discloses PI to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity's objectives related to privacy. D6.1 {explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2 The entity's policies and procedures require data subjects to explicitly agree and consent to the provision and collection of the data subject's PI. In some circumstances where the entity is unable to confirm explicit consent directly with a data subject, the entity's policies and procedures require the entity to formally document its rationale and basis for determining that it has obtained the data subject's implicit consent. C3.2 Explicit and implicit consent Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Data and Information Management | Preventive | |
| Obtain consent from a parent or legal representative in order to use or disclose a child's data. CC ID 00198 | Data and Information Management | Preventive | |
| Obtain opt-in consent from teenagers prior to the collection, use, or disclosure of personal data. CC ID 00199 | Data and Information Management | Preventive | |
| Obtain explicit consent prior to using the data subject's Personal Identification Number. CC ID 00238 | Data and Information Management | Preventive | |
| Process Personal Identification Numbers with consent. CC ID 00239 | Data and Information Management | Preventive | |
| Refrain from requiring individuals to use Personal Identification Numbers as an account number or password. CC ID 00253 | Behavior | Preventive | |
| Obtain consent prior to selling a Personal Identification Number. CC ID 00240 | Data and Information Management | Preventive | |
| Obtain consent prior to displaying a Personal Identification Number. CC ID 00241 | Data and Information Management | Preventive | |
| Refrain from displaying Personal Identification Numbers on government-issued checks or other paperwork. CC ID 00254 | Data and Information Management | Preventive | |
| Refrain from displaying Personal Identification Numbers on identification cards or badges. CC ID 00255 | Data and Information Management | Preventive | |
| Document the conditions to use Personal Identification Numbers absent consent. CC ID 00242 | Establish/Maintain Documentation | Preventive | |
| Use Personal Identification Numbers absent consent for granting credit or collecting a debt. CC ID 00252 | Data and Information Management | Preventive | |
| Use Personal Identification Numbers absent consent for research purposes. CC ID 00247 | Data and Information Management | Preventive | |
| Refrain from requiring consent to use a Personal Identification Number when protecting the public health and safety or an individual's safety in an emergency. CC ID 00244 | Data and Information Management | Preventive | |
| Use Personal Identification Numbers absent consent when a federal law mandates its use. CC ID 00243 | Data and Information Management | Preventive | |
| Allow data subjects the ability to restrict the use and disclosure of personal data. CC ID 06821 | Data and Information Management | Preventive | |
| Establish, implement, and maintain data disclosure procedures. CC ID 00133 [The entity has policies and procedures for disclosing and transmitting PI to external third-party individuals and organizations not under the direct management or control of the entity. Refer to Component D6.0. M1.0 Disclosure to third parties] | Establish/Maintain Documentation | Preventive | |
| Identify any adverse effects the disclosure of personal data will have on the data subject. CC ID 15298 | Data and Information Management | Preventive | |
| Review personal data disclosure requests. CC ID 07129 | Data and Information Management | Preventive | |
| Notify the data subject of the disclosure purpose. CC ID 15268 | Communicate | Preventive | |
| Establish, implement, and maintain data request denial procedures. CC ID 00434 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1 When data subjects are denied access to their PI, the entity informs them of the denial and the reasons for the denial in a timely manner, unless prohibited by law or regulation. A5.1 Informs data subjects when access is denied] | Establish/Maintain Documentation | Preventive | |
| Include frivolous requests or vexatious requests as a reason for denial in the personal data request denial procedures. CC ID 00435 | Data and Information Management | Preventive | |
| Include when the required information is unavailable as a reason for denial in the personal data request denial procedures. CC ID 00436 | Data and Information Management | Preventive | |
| Include when the disclosure of personal data constitutes contempt of court or contempt of House of Representatives as a reason for denial in the personal data request denial procedures. CC ID 00437 | Data and Information Management | Preventive | |
| Include disclosing personal data that would identify suppliers or breaches an express promise of privacy or implied promise of privacy as a reason for denial in the personal data request denial procedures. CC ID 00438 | Data and Information Management | Preventive | |
| Include disclosing personal data that would compromise National Security as a reason for denial in the personal data request denial procedures. CC ID 00439 | Data and Information Management | Preventive | |
| Include information that is protected by attorney-client privilege as a reason for denial in the personal data request denial procedures. CC ID 00440 | Data and Information Management | Preventive | |
| Include disclosing personal data that would reveal trade secrets, commercial information, or harmful financial information as a reason for denial in the personal data request denial procedures. CC ID 00441 | Data and Information Management | Preventive | |
| Include disclosing personal data that would threaten an individual's life or an individual's security as a reason for denial in the personal data request denial procedures. CC ID 00442 | Data and Information Management | Preventive | |
| Include disclosing personal data that would have an unreasonable impact on another individual's privacy as a reason for denial in the personal data request denial procedures. CC ID 00443 | Data and Information Management | Preventive | |
| Include disclosing personal data that would threaten facilities, property, transport, or communication systems as a reason for denial in the personal data request denial procedures. CC ID 08702 | Process or Activity | Preventive | |
| Include responding to access requests after the time limit as a reason for denial in the personal data request denial procedures. CC ID 13600 | Data and Information Management | Preventive | |
| Include information that was generated from a formal dispute as a reason for denial in the personal data request denial procedures. CC ID 00444 | Data and Information Management | Preventive | |
| Include personal data that is used solely for scientific research, scholarly research, statistical research, library purposes, museum purposes, or archival purposes as a reason for denial in the personal data request denial procedures. CC ID 00445 | Data and Information Management | Preventive | |
| Include personal data that is for the state's economic interest as a reason for denial in the personal data request denial procedures. CC ID 00446 | Data and Information Management | Detective | |
| Include personal data that is for protecting the civil rights or other's freedoms as a reason for denial in the personal data request denial procedures. CC ID 00447 | Data and Information Management | Preventive | |
| Include disclosing personal data that constitutes a state secret as a reason for denial in the personal data request denial procedures. CC ID 00448 | Data and Information Management | Preventive | |
| Include disclosing personal data that would result in interference with the operation of public functions as a reason for denial in the personal data request denial procedures. CC ID 00449 | Data and Information Management | Preventive | |
| Include disclosing personal data that would interrupt criminal investigation and surveillance or other legal purposes as a reason for denial in the personal data request denial procedures. CC ID 00450 | Data and Information Management | Preventive | |
| Include when a country's laws prevent disclosure as a reason for denial in the personal data request denial procedures. CC ID 00451 | Data and Information Management | Preventive | |
| Include disclosing personal data that would interfere with grievance proceeding or employee security investigations as a reason for denial in the personal data request denial procedures. CC ID 06873 | Data and Information Management | Preventive | |
| Include disclosing personal data that would interfere with commercial acquisitions or reorganizations as a reason for denial in the personal data request denial procedures. CC ID 06874 | Data and Information Management | Preventive | |
| Include if the cost or burden of disclosing the personal data is disproportionate as a reason for denial in the personal data request denial procedures. CC ID 06875 | Data and Information Management | Preventive | |
| Notify interested personnel and affected parties of the reasons the data access request was refused. CC ID 00453 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1 When data subjects are denied access to their PI, the entity informs them of the denial and the reasons for the denial in a timely manner, unless prohibited by law or regulation. A5.1 Informs data subjects when access is denied Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Data and Information Management | Preventive | |
| Notify the individual of the organization's legal rights to refuse the personal data access request, as necessary. CC ID 13509 [Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Communicate | Preventive | |
| Notify individuals of their right to challenge a refusal to a data access request. CC ID 00454 [Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Data and Information Management | Preventive | |
| Include if the record would constitute an action for breach of a duty of confidence as a reason for denial in the personal data request denial procedures. CC ID 08700 | Process or Activity | Preventive | |
| Disseminate and communicate personal data to the individual that it relates to. CC ID 00428 | Data and Information Management | Preventive | |
| Provide personal data to an individual after the individual's identity has been confirmed. CC ID 06876 [The identity of data subjects who request access to their PI is authenticated before they are given access to that information. A5.1 Authenticates data subjects’ identities The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1] | Data and Information Management | Preventive | |
| Notify that data subject of any exclusions to requested personal data. CC ID 15271 | Communicate | Preventive | |
| Provide data or records in a reasonable time frame. CC ID 00429 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Data and Information Management | Preventive | |
| Notify individuals of the new time limit for responding to an access request in a notice of extension. CC ID 13599 | Communicate | Preventive | |
| Extend the time limit for providing personal data in order to convert it to an alternative format. CC ID 13591 | Data and Information Management | Preventive | |
| Extend the time limit for providing personal data if the time is impracticable to respond to the access request. CC ID 13590 | Data and Information Management | Preventive | |
| Extend the time limit for providing data if it would unreasonably interfere with the organization's activities. CC ID 13589 | Data and Information Management | Preventive | |
| Provide data at a cost that is not excessive. CC ID 00430 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Data and Information Management | Preventive | |
| Provide records or data in a reasonable manner. CC ID 00431 | Data and Information Management | Preventive | |
| Provide personal data in a form that is intelligible. CC ID 00432 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Data and Information Management | Preventive | |
| Provide restricted data that would threaten the life or security of another individual after that information has been redacted. CC ID 13604 | Data and Information Management | Preventive | |
| Provide restricted data that would reveal confidential commercial information after that information has been redacted. CC ID 13602 | Data and Information Management | Preventive | |
| Remove data pertaining to third parties before giving the requestor access to the information. CC ID 13601 | Data and Information Management | Preventive | |
| Document that a data search was conducted in case the requested data cannot be found. CC ID 06953 | Establish/Maintain Documentation | Preventive | |
| Include cookie management in the privacy framework. CC ID 13809 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain cookie management procedures. CC ID 13810 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a personal data collection program. CC ID 06487 [The entity has defined policies and procedures for collecting and creating a data subject's PI. Refer to Component C3.0. M1.0 Collection and creation The entity has a process to collect and create (rendering and aggregating from multiple sources or information providers) PI as identified in the entity's privacy agreements. The process is consistent with its objectives related to privacy. C3.1 PI collection and creation] | Establish/Maintain Documentation | Preventive | |
| Identify any adverse effects the collection of personal data will have on the data subject. CC ID 15279 | Data and Information Management | Preventive | |
| Refrain from collecting personal data, as necessary. CC ID 15269 | Data and Information Management | Preventive | |
| Determine the financial impact for the unauthorized disclosure of privacy-related data and privacy-related information. CC ID 06488 | Business Processes | Detective | |
| Establish, implement, and maintain personal data collection limitation boundaries. CC ID 00507 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a personal data use policy. CC ID 00076 | Establish/Maintain Documentation | Preventive | |
| Use personal data for specified purposes. CC ID 11831 [The entity limits the use of PI to the purposes identified in its objectives related to privacy. U4.1 {implicit consent} PI is used only for the intended purposes for which it was collected and only when implicit or explicit consent has been obtained unless a law or regulation specifically requires otherwise. U4.1 Only uses PI for intended purposes {explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2] | Data and Information Management | Preventive | |
| Post the collection purpose. CC ID 00101 | Establish/Maintain Documentation | Preventive | |
| Obtain the data subject's consent and acknowledgment before collecting data. CC ID 00012 [Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information] | Data and Information Management | Preventive | |
| Document each individual's personal data collection consent preferences. CC ID 06945 | Establish/Maintain Documentation | Preventive | |
| Provide explicit consent that is clear and unambiguous. CC ID 00181 | Data and Information Management | Preventive | |
| Allow individuals to change their personal data collection consent preferences. CC ID 06946 | Data and Information Management | Preventive | |
| Adhere to each individual's personal data collection consent preferences. CC ID 06947 | Data and Information Management | Preventive | |
| Notify the data subject of the source of collected personal data. CC ID 00083 | Behavior | Preventive | |
| Furnish disclosure of information and usage of information to data subjects when oral consent is given. CC ID 04717 | Data and Information Management | Preventive | |
| Disclose the direct marketing purpose before obtaining consent for collecting information. CC ID 04718 | Data and Information Management | Preventive | |
| Establish and maintain a personal data definition. CC ID 00028 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Establish/Maintain Documentation | Preventive | |
| Include an individual's name in the personal data definition. CC ID 04710 | Data and Information Management | Preventive | |
| Include an individual's name combined with other personal data in the personal data definition. CC ID 04709 | Data and Information Management | Preventive | |
| Include the legal surname of the parent or legal representative prior to marriage in the personal data definition. CC ID 04686 | Data and Information Management | Preventive | |
| Include an individual's signature in the personal data definition. CC ID 04711 | Data and Information Management | Preventive | |
| Include an individual's date of birth in the personal data definition. CC ID 04770 | Data and Information Management | Preventive | |
| Include the number of children in the personal data definition. CC ID 13759 | Establish/Maintain Documentation | Preventive | |
| Include the individual's religion in the personal data definition. CC ID 13765 | Establish/Maintain Documentation | Preventive | |
| Include an individual's physical characteristics or description in the personal data definition. CC ID 04712 | Data and Information Management | Preventive | |
| Include an individual's biometric data in the personal data definition. CC ID 04698 | Data and Information Management | Preventive | |
| Include an individual's photographic image in the personal data definition. CC ID 04779 | Data and Information Management | Preventive | |
| Include an individual's fingerprints in the personal data definition. CC ID 04689 | Data and Information Management | Preventive | |
| Include an individual's address in the personal data definition. CC ID 04687 | Data and Information Management | Preventive | |
| Include an individual's telephone number in the personal data definition. CC ID 04688 | Data and Information Management | Preventive | |
| Include an individual's fax number in the personal data definition. CC ID 07120 | Data and Information Management | Preventive | |
| Include an individual's political party affiliation in the personal data definition. CC ID 13764 | Establish/Maintain Documentation | Preventive | |
| Include an individual's license plate number in the personal data definition. CC ID 13763 | Establish/Maintain Documentation | Preventive | |
| Include an individual's financial account number in the personal data definition. CC ID 04692 | Data and Information Management | Preventive | |
| Include an individual's account balances in the personal data definition. CC ID 13770 | Establish/Maintain Documentation | Preventive | |
| Include stock numbers, bond numbers, and other security certificate numbers in the personal data definition. CC ID 04768 | Data and Information Management | Preventive | |
| Include an individual's electronic identification name or number in the personal data definition. CC ID 04694 | Data and Information Management | Preventive | |
| Include an individual's logon credentials in the personal data definition. CC ID 13771 | Establish/Maintain Documentation | Preventive | |
| Include an individual's Alien Registration Number in the personal data definition. CC ID 04743 | Data and Information Management | Preventive | |
| Include an individual's passport number in the personal data definition. CC ID 04713 | Data and Information Management | Preventive | |
| Include an individual's driver's license number or an individual's state identification card number in the personal data definition. CC ID 04691 | Data and Information Management | Preventive | |
| Include an individual's Social Security Number or Personal Identification Number in the personal data definition. CC ID 04690 | Data and Information Management | Preventive | |
| Include an individual's military identification number in the personal data definition. CC ID 13083 | Establish/Maintain Documentation | Preventive | |
| Include an individual's e-mail address in the personal data definition. CC ID 04696 | Data and Information Management | Preventive | |
| Include electronic signatures in the personal data definition. CC ID 04697 | Data and Information Management | Preventive | |
| Include an individual's payment card information in the personal data definition. CC ID 04751 | Data and Information Management | Preventive | |
| Include an individual's credit card number or an individual's debit card number in the personal data definition. CC ID 04693 | Data and Information Management | Preventive | |
| Include an individual's payment card service code in the personal data definition. CC ID 04753 | Data and Information Management | Preventive | |
| Include an individual's payment card expiration date in the personal data definition. CC ID 04755 | Data and Information Management | Preventive | |
| Include the payment transaction data and transaction authentication data in the personal data definition. CC ID 04825 | Data and Information Management | Preventive | |
| Include an individual's Individually Identifiable Health Information in the personal data definition. CC ID 04700 | Data and Information Management | Preventive | |
| Include an individual's medical history in the personal data definition. CC ID 04701 | Data and Information Management | Preventive | |
| Include an individual's medical treatment in the personal data definition. CC ID 04702 | Data and Information Management | Preventive | |
| Include an individual's medical diagnosis in the personal data definition. CC ID 04703 | Data and Information Management | Preventive | |
| Include an individual's mental condition or an individual's physical condition in the personal data definition. CC ID 04704 | Data and Information Management | Preventive | |
| Include an individual's medical record numbers in the personal data definition. CC ID 07121 | Data and Information Management | Preventive | |
| Include an individual's health insurance information in the personal data definition. CC ID 04705 | Data and Information Management | Preventive | |
| Include an individual's health insurance policy number in the personal data definition. CC ID 04706 | Data and Information Management | Preventive | |
| Include an individual's health insurance application and health insurance claims history (including appeals) in the personal data definition. CC ID 04707 | Data and Information Management | Preventive | |
| Include an individual's education information in the personal data definition. CC ID 04714 | Data and Information Management | Preventive | |
| Include an individual's professional certification numbers or an individual's professional license numbers in the personal data definition. CC ID 07122 | Data and Information Management | Preventive | |
| Include an individual's employment information in the personal data definition. CC ID 04715 | Data and Information Management | Preventive | |
| Include an employer's Taxpayer Identification Number in the personal data definition. CC ID 04767 | Data and Information Management | Preventive | |
| Include an individual's Taxpayer Identification Number in the personal data definition. CC ID 04763 | Data and Information Management | Preventive | |
| Include an individual's employment history in the personal data definition. CC ID 04716 | Data and Information Management | Preventive | |
| Include an individual's place of employment in the personal data definition. CC ID 04765 | Data and Information Management | Preventive | |
| Include an individual's Employee Identification Number in the personal data definition. CC ID 04766 | Data and Information Management | Preventive | |
| Include an individual's property information in the personal data definition. CC ID 04780 | Data and Information Management | Preventive | |
| Include an individual's property title in the personal data definition. CC ID 04781 | Data and Information Management | Preventive | |
| Include an individual's vehicle registration in the personal data definition. CC ID 04782 | Data and Information Management | Preventive | |
| Include hardware asset identification information in the personal data definition. CC ID 07123 | Data and Information Management | Preventive | |
| Include MAC addresses in the personal data definition. CC ID 04778 | Data and Information Management | Preventive | |
| Include Internet Protocol addresses in the personal data definition. CC ID 04777 | Data and Information Management | Preventive | |
| Include asset serial numbers in the personal data definition. CC ID 07124 | Data and Information Management | Preventive | |
| Include Uniform Resource Locators in the personal data definition. CC ID 07125 | Data and Information Management | Preventive | |
| Refrain from including publicly available information in the personal data definition. CC ID 13084 | Establish/Maintain Documentation | Preventive | |
| Define specially restricted data. CC ID 00037 | Data and Information Management | Preventive | |
| Protect an individual's civil rights during personal data collection and personal data processing. CC ID 00079 | Data and Information Management | Preventive | |
| Refrain from compiling data that is likely to give rise to unlawful discrimination or arbitrary discrimination. CC ID 00075 | Data and Information Management | Preventive | |
| Refrain from subjecting an individual to a solely automated decision process that produces legal effects based on the evaluation of certain characteristics. CC ID 00080 | Data and Information Management | Preventive | |
| Implement a nondiscrimination principle. CC ID 00081 | Data and Information Management | Preventive | |
| Include the collection and use of personal data in the nondiscrimination principle. CC ID 11799 | Data and Information Management | Preventive | |
| Preserve each individual's right to human dignity. CC ID 00082 | Data and Information Management | Preventive | |
| Manage Personal Identification Numbers and PIN verification code numbers. CC ID 00058 | Data and Information Management | Preventive | |
| Employ a random number generator to create authenticators. CC ID 13782 | Technical Security | Preventive | |
| Collect Personal Identification Numbers with the individual's consent. CC ID 00059 | Data and Information Management | Preventive | |
| Collect Personal Identification Numbers absent consent when the law mandates. CC ID 00061 | Data and Information Management | Preventive | |
| Collect Personal Identification Numbers absent consent for research purposes. CC ID 00065 | Data and Information Management | Preventive | |
| Collect Personal Identification Numbers absent consent to realize the rights or duties of the data subject or data controller. CC ID 04792 | Data and Information Management | Preventive | |
| Refrain from requiring a Personal Identification Number to purchase goods or services. CC ID 00069 | Behavior | Preventive | |
| Manage health data collection. CC ID 00050 | Data and Information Management | Preventive | |
| Collect Individually Identifiable Health Information to provide health care services. CC ID 00052 | Data and Information Management | Preventive | |
| Collect Individually Identifiable Health Information when the law dictates. CC ID 00053 | Data and Information Management | Preventive | |
| Collect Individually Identifiable Health Information for research. CC ID 00054 | Data and Information Management | Preventive | |
| Remove personal data before disclosing health data. CC ID 00055 | Data and Information Management | Preventive | |
| Give special attention to collecting children's data. CC ID 00038 | Data and Information Management | Preventive | |
| Use simple understandable language to collect information from children. CC ID 00039 | Behavior | Preventive | |
| Notify parents or legal representatives of what information is collected from children. CC ID 00040 | Establish/Maintain Documentation | Preventive | |
| Obtain consent from a parent or legal representative before collecting information from children. CC ID 00041 | Data and Information Management | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to collect online contact information for a one-time only response to a specific request. CC ID 00043 | Data and Information Management | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to request the parent or legal representative's information to obtain consent. CC ID 00044 | Data and Information Management | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to additional requests which do not go beyond the scope of the request. CC ID 00045 | Data and Information Management | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to protect the child's safety. CC ID 00046 | Data and Information Management | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to take liability precautions. CC ID 00047 | Data and Information Management | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to a judicial process. CC ID 00048 | Data and Information Management | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to a request for law enforcement purposes. CC ID 00049 | Data and Information Management | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to protect the website's security or integrity or the online service's security or integrity. CC ID 06199 | Data and Information Management | Preventive | |
| Establish, implement, and maintain a personal data collection policy. CC ID 00029 [The entity has a process to collect and create (rendering and aggregating from multiple sources or information providers) PI as identified in the entity's privacy agreements. The process is consistent with its objectives related to privacy. C3.1 PI collection and creation] | Establish/Maintain Documentation | Preventive | |
| Collect personal data directly from the data subject. CC ID 00011 | Data and Information Management | Preventive | |
| Create and manage user account aliases to maintain pseudonymity. CC ID 04549 | Data and Information Management | Preventive | |
| Provide unlinkability for users and resources. CC ID 04550 | Data and Information Management | Preventive | |
| Provide unobservability of users and resources. CC ID 04551 | Technical Security | Preventive | |
| Confirm the data quality of personal data collected from third parties. CC ID 13510 | Investigate | Detective | |
| Collect restricted data in a fair and lawful manner. CC ID 00010 | Data and Information Management | Preventive | |
| Collect restricted data absent consent for specific and well-documented circumstances. CC ID 00013 | Data and Information Management | Preventive | |
| Collect restricted data absent consent when the data collection is in the individual's interests and consent can not be obtained in a timely manner. CC ID 00014 | Data and Information Management | Preventive | |
| Collect restricted data absent consent when consent compromises data accuracy. CC ID 00015 | Data and Information Management | Preventive | |
| Collect personal data absent consent in order to make a disclosure. CC ID 13550 | Data and Information Management | Preventive | |
| Collect personal data absent consent for reasonable investigative purposes. CC ID 11801 | Data and Information Management | Preventive | |
| Collect personal data absent consent if the collection is consistent with the intended purpose. CC ID 13548 | Data and Information Management | Preventive | |
| Collect personal data absent consent when the personal data was produced by the data subject in the course of employment, business, or profession. CC ID 13544 | Data and Information Management | Preventive | |
| Collect personal data absent consent for handling insurance claims. CC ID 13543 | Data and Information Management | Preventive | |
| Collect personal data absent consent when the data subject has authorized the collection through another individual. CC ID 00016 | Data and Information Management | Preventive | |
| Collect personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 15295 | Data and Information Management | Preventive | |
| Collect personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13614 | Data and Information Management | Preventive | |
| Collect personal data absent consent in order to protect the data subject's vital interests. CC ID 15277 | Data and Information Management | Preventive | |
| Collect personal data for public interests absent consent in order to protect historical records or archival records. CC ID 15289 | Data and Information Management | Preventive | |
| Collect personal data absent consent to administer a trust fund or benefit plan. CC ID 15292 | Data and Information Management | Preventive | |
| Collect restricted data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00017 | Data and Information Management | Preventive | |
| Collect personal data absent consent in order to collect a debt owed by the data subject. CC ID 15293 | Data and Information Management | Preventive | |
| Collect personal data absent consent for statistical purposes or research purposes and the data subject is not identified. CC ID 00018 | Data and Information Management | Preventive | |
| Collect restricted data absent consent from publicly available information. CC ID 00019 | Data and Information Management | Preventive | |
| Collect restricted data absent consent when needed by law. CC ID 00020 | Data and Information Management | Preventive | |
| Collect personal data absent consent to create a credit report. CC ID 15287 | Data and Information Management | Preventive | |
| Collect restricted data absent consent when no potential harm can come to the data subject. CC ID 00021 | Data and Information Management | Preventive | |
| Collect personal data absent consent when collecting personal data from the data subject is impossible or the data collection involves a disproportionate effort. CC ID 00022 | Data and Information Management | Preventive | |
| Collect the minimum amount of restricted data necessary. CC ID 00078 | Data and Information Management | Preventive | |
| Collect restricted data in a proper information framework. CC ID 00009 | Data and Information Management | Preventive | |
| Collect and record restricted data for specific, explicit, and legitimate purposes. CC ID 00027 [PI is relevant for the purposes for which it is to be used. Q8.1 Ensures relevance of PI] | Data and Information Management | Preventive | |
| Collect restricted data when required by law. CC ID 00031 | Data and Information Management | Preventive | |
| Collect restricted data to prevent life-threatening emergencies. CC ID 00032 | Data and Information Management | Preventive | |
| Collect restricted data relating solely to nonprofit organization members or individuals who are in regular contact during the nonprofit organization's activities. CC ID 00034 | Data and Information Management | Preventive | |
| Collect restricted data for legal purposes. CC ID 00036 | Data and Information Management | Preventive | |
| Review the methods for collecting personal data, as necessary. CC ID 13511 | Investigate | Detective | |
| Provide the data subject with information about the data controller during the collection process. CC ID 00023 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the data collector's name and contact information to all interested personnel. CC ID 13760 | Communicate | Preventive | |
| Provide the data subject with the data collector's name and contact information. CC ID 00024 | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with the name of the data collector who will hold the collected restricted data. CC ID 00025 | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with the third party processor's contact information when the data controller is not processing the restricted data. CC ID 00026 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a data handling program. CC ID 13427 [The entity has defined policies and procedures for collecting and creating a data subject's PI. Refer to Component C3.0. M1.0 Collection and creation The entity has policies and procedures for handling PI to achieve the stated purposes and needs for which the PI was initially collected. Refer to Component U4.0. M1.0 Use, retention and disposal] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain data handling policies. CC ID 00353 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain data and information confidentiality policies. CC ID 00361 | Establish/Maintain Documentation | Preventive | |
| Prohibit personal data from being sent by e-mail or instant messaging. CC ID 00565 | Data and Information Management | Preventive | |
| Protect electronic messaging information. CC ID 12022 | Technical Security | Preventive | |
| Establish, implement, and maintain record structures to support information confidentiality. CC ID 00360 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Data and Information Management | Preventive | |
| Include passwords, Personal Identification Numbers, and card security codes in the personal data definition. CC ID 04699 | Configuration | Preventive | |
| Refrain from storing data elements containing payment card full magnetic stripe data. CC ID 04757 | Testing | Detective | |
| Store payment card data in secure chips, if possible. CC ID 13065 | Configuration | Preventive | |
| Refrain from storing data elements containing sensitive authentication data after authorization is approved. CC ID 04758 | Configuration | Preventive | |
| Render unrecoverable sensitive authentication data after authorization is approved. CC ID 11952 | Technical Security | Preventive | |
| Automate the disposition process for records that contain "do not store" data or "delete after transaction process" data. CC ID 06083 | Data and Information Management | Preventive | |
| Log the disclosure of personal data. CC ID 06628 | Log Management | Preventive | |
| Log the modification of personal data. CC ID 11844 | Log Management | Preventive | |
| Encrypt, truncate, or tokenize data fields, as necessary. CC ID 06850 | Technical Security | Preventive | |
| Implement security measures to protect personal data. CC ID 13606 [The entity has policies and procedures for protecting the integrity of PI during initial and subsequent collection, creation, usage, processing, alteration, adaptation, re-organization, storage, destruction and erasure. Refer to Component S7.0. M1.0 Security for privacy] | Technical Security | Preventive | |
| Implement physical controls to protect personal data. CC ID 00355 | Testing | Preventive | |
| Limit data leakage. CC ID 00356 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Data and Information Management | Preventive | |
| Conduct personal data risk assessments. CC ID 00357 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Testing | Detective | |
| Identify potential red flags to alert the organization before a data leakage has occurred. CC ID 04654 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain Consumer Reporting Agency notification procedures. CC ID 04851 | Business Processes | Preventive | |
| Establish, implement, and maintain suspicious document procedures. CC ID 04852 | Establish/Maintain Documentation | Detective | |
| Establish, implement, and maintain suspicious personal data procedures. CC ID 04853 | Data and Information Management | Detective | |
| Compare certain personal data such as name, date of birth, address, driver's license, or other identification against personal data on file for the applicant. CC ID 04855 | Data and Information Management | Detective | |
| Establish, implement, and maintain suspicious user account activity procedures. CC ID 04854 | Monitor and Evaluate Occurrences | Detective | |
| Perform an identity check prior to approving an account change request. CC ID 13670 | Investigate | Detective | |
| Use the contact information on file to contact the individual identified in an account change request. CC ID 04857 | Behavior | Detective | |
| Match consumer reports with current accounts on file to ensure account misuse or information misuse has not occurred. CC ID 04873 | Data and Information Management | Detective | |
| Log account access dates and report when dormant accounts suddenly exhibit unusual activity. CC ID 04874 | Log Management | Detective | |
| Report fraudulent account activity, unauthorized transactions, or discrepancies with current accounts. CC ID 04875 | Monitor and Evaluate Occurrences | Corrective | |
| Log dates for account name changes or address changes. CC ID 04876 | Log Management | Detective | |
| Review accounts that are changed for additional user requests. CC ID 11846 | Monitor and Evaluate Occurrences | Detective | |
| Send change notices for change of address requests to the old address and the new address. CC ID 04877 | Data and Information Management | Detective | |
| Acquire enough insurance to cover the liability for damages due to data leakage. CC ID 06408 | Acquisition/Sale of Assets or Services | Preventive | |
| Search the Internet for evidence of data leakage. CC ID 10419 | Process or Activity | Detective | |
| Alert appropriate personnel when data leakage is detected. CC ID 14715 | Process or Activity | Preventive | |
| Review monitored websites for data leakage. CC ID 10593 | Monitor and Evaluate Occurrences | Detective | |
| Take appropriate action when a data leakage is discovered. CC ID 14716 | Process or Activity | Corrective | |
| Include text about data ownership in the data handling policy. CC ID 15720 | Data and Information Management | Preventive | |
| Establish, implement, and maintain a telephone systems usage policy. CC ID 15170 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain call metadata controls. CC ID 04790 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain de-identifying and re-identifying procedures. CC ID 07126 | Data and Information Management | Preventive | |
| Use de-identifying code and re-identifying code that is not derived from or related to information about the data subject. CC ID 07127 | Data and Information Management | Preventive | |
| Store de-identifying code and re-identifying code separately. CC ID 16535 | Data and Information Management | Preventive | |
| Prevent the disclosure of de-identifying code and re-identifying code. CC ID 07128 | Data and Information Management | Preventive | |
| Disseminate and communicate the data handling policy to all interested personnel and affected parties. CC ID 15465 | Communicate | Preventive | |
| Establish, implement, and maintain data handling procedures. CC ID 11756 | Establish/Maintain Documentation | Preventive | |
| Define personal data that falls under breach notification rules. CC ID 00800 | Establish/Maintain Documentation | Preventive | |
| Include data elements that contain an individual's name combined with account numbers or other identifying information as personal data that falls under the breach notification rules. CC ID 04662 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's legal surname prior to marriage as personal data that falls under the breach notification rules. CC ID 04669 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's date of birth as personal data that falls under the breach notification rules. CC ID 04771 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's address as personal data that falls under the breach notification rules. CC ID 04671 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's telephone number as personal data that falls under the breach notification rules. CC ID 04672 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's fingerprints as personal data that falls under the breach notification rules. CC ID 04670 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's Social Security Number or Personal Identification Number as personal data that falls under the breach notification rules. CC ID 04656 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's driver's license number or an individual's state identification card number as personal data that falls under the breach notification rules. CC ID 04657 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's passport number as personal data that falls under the breach notification rules. CC ID 04774 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's Alien Registration Number as personal data that falls under the breach notification rules. CC ID 04775 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's Taxpayer Identification Number as personal data that falls under the breach notification rules. CC ID 04764 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's financial account number as personal data that falls under the breach notification rules. CC ID 04658 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's financial account number with associated password or password hint as personal data that falls under the breach notification rules. CC ID 04660 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's electronic identification name or number as personal data that falls under the breach notification rules. CC ID 04663 | Data and Information Management | Preventive | |
| Include data elements that contain electronic signatures as personal data that falls under the breach notification rules. CC ID 04666 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's biometric data as personal data that falls under the breach notification rules. CC ID 04667 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's account number, password, or password hint as personal data that falls under the breach notification rules. CC ID 04668 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's payment card information as personal data that falls under the breach notification rules. CC ID 04752 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's credit card number or an individual's debit card number as personal data that falls under the breach notification rules. CC ID 04659 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's payment card service code as personal data that falls under the breach notification rules. CC ID 04754 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's payment card expiration date as personal data that falls under the breach notification rules. CC ID 04756 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's payment card full magnetic stripe data as personal data that falls under the breach notification rules. CC ID 04759 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's payment card security codes (Card Authentication Value 2/Card Validation Code Value 2/Card Verification Value 2/Card Identification Number) as personal data that falls under the breach notification rules. CC ID 04760 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's payment card associated password or password hint as personal data that falls under the breach notification rules. CC ID 04661 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's Individually Identifiable Health Information as personal data that falls under the breach notification rules. CC ID 04673 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's medical history as personal data that falls under the breach notification rules. CC ID 04674 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's medical treatment as personal data that falls under the breach notification rules. CC ID 04675 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's medical diagnosis as personal data that falls under the breach notification rules. CC ID 04676 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's mental condition or physical condition as personal data that falls under the breach notification rules. CC ID 04682 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's health insurance information as personal data that falls under the breach notification rules. CC ID 04681 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's health insurance policy number as personal data that falls under the breach notification rules. CC ID 04683 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's health insurance application and health insurance claims history (including appeals) as personal data that falls under the breach notification rules. CC ID 04684 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's employment information as personal data that falls under the breach notification rules. CC ID 04772 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's Employee Identification Number as personal data that falls under the breach notification rules. CC ID 04773 | Data and Information Management | Preventive | |
| Include data elements that contain an individual's place of employment as personal data that falls under the breach notification rules. CC ID 04788 | Data and Information Management | Preventive | |
| Define an out of scope privacy breach. CC ID 04677 | Establish/Maintain Documentation | Preventive | |
| Include personal data that is publicly available information as an out of scope privacy breach. CC ID 04678 | Business Processes | Preventive | |
| Include personal data that is encrypted or redacted as an out of scope privacy breach. CC ID 04679 | Monitor and Evaluate Occurrences | Preventive | |
| Include cryptographic keys not being accessed during a privacy breach as an out of scope privacy breach. CC ID 04761 | Monitor and Evaluate Occurrences | Preventive | |
| Include any personal data that is on an encrypted mobile device as an out of scope privacy breach, if the encryption keys were not accessed and the mobile device was recovered. CC ID 04762 | Monitor and Evaluate Occurrences | Preventive | |
| Conduct internal data processing audits. CC ID 00374 | Testing | Detective | |
| Disseminate and communicate the data handling procedures to all interested personnel and affected parties. CC ID 15466 | Communicate | Preventive | |
| Establish, implement, and maintain a personal data transfer program. CC ID 00307 | Establish/Maintain Documentation | Preventive | |
| Obtain consent from an individual prior to transferring personal data. CC ID 06948 [Consent is obtained before PI is transferred to or from an individual's computer or other similar device. C3.2 Obtains consent for data transfers] | Data and Information Management | Preventive | |
| Include procedures for transferring personal data from one data controller to another data controller in the personal data transfer program. CC ID 00351 | Establish/Maintain Documentation | Preventive | |
| Refrain from requiring independent recourse mechanisms when transferring personal data from one data controller to another data controller. CC ID 12528 | Business Processes | Preventive | |
| Notify data subjects when their personal data is transferred. CC ID 00352 | Behavior | Preventive | |
| Include procedures for transferring personal data to third parties in the personal data transfer program. CC ID 00333 [The entity has policies and procedures for disclosing and transmitting PI to external third-party individuals and organizations not under the direct management or control of the entity. Refer to Component D6.0. M1.0 Disclosure to third parties] | Establish/Maintain Documentation | Preventive | |
| Notify data subjects of the geographic locations of the third parties when transferring personal data to third parties. CC ID 14414 | Communicate | Preventive | |
| Provide an adequate data protection level by the transferee prior to transferring personal data to another country. CC ID 00314 | Data and Information Management | Preventive | |
| Refrain from restricting personal data transfers to member states of the European Union. CC ID 00312 | Data and Information Management | Preventive | |
| Prohibit the transfer of personal data when security is inadequate. CC ID 00345 | Data and Information Management | Preventive | |
| Meet the use of limitation exceptions in order to transfer personal data. CC ID 00346 | Data and Information Management | Preventive | |
| Refrain from transferring past the first transfer. CC ID 00347 | Data and Information Management | Preventive | |
| Document transfer disagreements by the data subject in writing. CC ID 00348 | Establish/Maintain Documentation | Preventive | |
| Allow the data subject the right to object to the personal data transfer. CC ID 00349 | Data and Information Management | Preventive | |
| Authorize the transfer of restricted data in accordance with organizational standards. CC ID 16428 | Records Management | Preventive | |
| Follow the instructions of the data transferrer. CC ID 00334 | Behavior | Preventive | |
| Define the personal data transfer exceptions for transferring personal data to another country when adequate protection level standards are not met. CC ID 00315 | Establish/Maintain Documentation | Preventive | |
| Include publicly available information as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00316 | Data and Information Management | Preventive | |
| Include transfer agreements between data controllers and third parties when it is for the data subject's interest as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00317 | Data and Information Management | Preventive | |
| Include personal data for the health field and for treatment as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00318 | Data and Information Management | Preventive | |
| Include personal data for journalistic purposes or private purposes as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00319 | Data and Information Management | Preventive | |
| Include personal data for important public interest as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00320 | Data and Information Management | Preventive | |
| Include consent by the data subject as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00321 | Data and Information Management | Preventive | |
| Include personal data used for a contract as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00322 | Data and Information Management | Preventive | |
| Include personal data for protecting the data subject or the data subject's interests, such as saving his/her life or providing healthcare as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00323 | Data and Information Management | Preventive | |
| Include personal data that is necessary to fulfill international law obligations as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00324 | Data and Information Management | Preventive | |
| Include personal data used for legal investigations as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00325 | Data and Information Management | Preventive | |
| Include personal data that is authorized by a legislative act as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00326 | Data and Information Management | Preventive | |
| Require transferees to implement adequate data protection levels for the personal data. CC ID 00335 | Data and Information Management | Preventive | |
| Refrain from requiring a contract between the data controller and trusted third parties when personal information is transferred. CC ID 12527 | Business Processes | Preventive | |
| Define the personal data transfer exceptions for transferring personal data to another organization when adequate protection level standards are not met. CC ID 00336 | Establish/Maintain Documentation | Preventive | |
| Include personal data that is publicly available information as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00337 | Data and Information Management | Preventive | |
| Include personal data that is used for journalistic purposes or private purposes as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00338 | Data and Information Management | Preventive | |
| Include personal data that is used for important public interest as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00339 | Data and Information Management | Preventive | |
| Include consent by the data subject as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00340 | Data and Information Management | Preventive | |
| Include personal data that is used for a contract as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00341 | Data and Information Management | Preventive | |
| Include personal data that is used for protecting the data subject or the data subject's interests, such as providing healthcare or saving his/her life as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00342 | Data and Information Management | Preventive | |
| Include personal data that is used for a legal investigation as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00343 | Data and Information Management | Preventive | |
| Include personal data that is authorized by a legislative act as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00344 | Data and Information Management | Preventive | |
| Notify data subjects about organizational liability when transferring personal data to third parties. CC ID 12353 | Communicate | Preventive | |
| Notify the data subject of any personal data changes during the personal data transfer. CC ID 00350 | Behavior | Preventive | |
| Establish, implement, and maintain Internet interactivity data transfer procedures. CC ID 06949 | Establish/Maintain Documentation | Preventive | |
| Obtain consent prior to storing cookies on an individual's browser. CC ID 06950 | Data and Information Management | Preventive | |
| Obtain consent prior to downloading software to an individual's computer. CC ID 06951 | Data and Information Management | Preventive | |
| Refrain from installing software on an individual's computer unless acting in accordance with a court order. CC ID 14000 | Process or Activity | Preventive | |
| Remove or uninstall software from an individual's computer, as necessary. CC ID 13998 | Process or Activity | Preventive | |
| Remove or uninstall software from an individual's computer when consent is revoked. CC ID 13997 | Process or Activity | Preventive | |
| Obtain consent prior to tracking Internet traffic patterns or browsing history of an individual. CC ID 06961 | Data and Information Management | Preventive | |
| Establish, implement, and maintain a privacy impact assessment. CC ID 13712 [The entity performs a privacy (risk) impact assessment to identify and evaluate privacy specific risks, vulnerabilities and scenarios that could result in a system or information privacy breach situation. Privacy (risk) impact assessments are also used to identify security control weaknesses that need to be addressed as well as to report upon the entity's ability to comply with applicable system and privacy information breach notification laws and regulations. M1.3 Privacy (risk) impact assessment] | Establish/Maintain Documentation | Preventive | |
| Include the individuals with whom information is shared in the privacy impact assessment. CC ID 15520 | Establish/Maintain Documentation | Preventive | |
| Include how to grant consent in the privacy impact assessment. CC ID 15519 | Establish/Maintain Documentation | Preventive | |
| Include the opportunities for individuals to consent to using their information in the privacy impact assessment. CC ID 15518 | Establish/Maintain Documentation | Preventive | |
| Include the opportunities for opting out of information collection in the privacy impact assessment. CC ID 15517 | Establish/Maintain Documentation | Preventive | |
| Include data handling procedures in the privacy impact assessment. CC ID 15516 | Establish/Maintain Documentation | Preventive | |
| Include the intended use of information in the privacy impact assessment. CC ID 15515 | Establish/Maintain Documentation | Preventive | |
| Include the reason information is being collected in the privacy impact assessment. CC ID 15514 | Establish/Maintain Documentation | Preventive | |
| Include the type of information to be collected in the privacy impact assessment. CC ID 15513 | Business Processes | Preventive | |
| Disseminate and communicate the results of the Privacy Impact Assessment to interested personnel and affected parties. CC ID 15458 | Communicate | Preventive | |
| Review compliance with the organization's privacy objectives. CC ID 13490 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Human Resources Management | Detective | |
| Develop remedies and sanctions for privacy policy violations. CC ID 00474 [The entity has procedures for identifying and addressing instances when non-compliance with information privacy policies and procedures are identified. M1.2 Policy compliance Ongoing procedures are performed for monitoring the effectiveness of controls over PI and for taking timely corrective actions when necessary. M9.1 Performs ongoing monitoring] | Data and Information Management | Preventive | |
| Define the behaviors and actions that are included in privacy rights violations. CC ID 14852 | Behavior | Preventive | |
| Implement procedures to file privacy rights violation complaints. CC ID 00476 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1 A process is in place to address inquiries, complaints and disputes. M9.1 Addresses inquiries, complaints and disputes] | Data and Information Management | Corrective | |
| File privacy rights violation complaints in writing. CC ID 00477 | Establish/Maintain Documentation | Corrective | |
| Include the acts or omissions that are in violation of privacy rights in the privacy rights violation complaint. CC ID 14360 | Establish/Maintain Documentation | Corrective | |
| Include the individual's name who is the subject of the complaint in the privacy rights violation complaint. CC ID 14359 | Establish/Maintain Documentation | Preventive | |
| Provide assistance to data subjects for filing privacy rights violation complaints. CC ID 00478 | Behavior | Corrective | |
| Refrain from charging a fee to file a privacy rights violation complaint. CC ID 16807 | Business Processes | Preventive | |
| File privacy rights violation complaints inside the mandate stipulated from the refusal. CC ID 00479 | Behavior | Corrective | |
| Change or destroy any personal data that is incorrect. CC ID 00462 [The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Data and Information Management | Corrective | |
| Notify the data subject of changes made to personal data as the result of a dispute. CC ID 00463 | Behavior | Corrective | |
| Refrain from updating personal data on a regular basis, unless it is necessary for the purposes it was collected. CC ID 13610 | Data and Information Management | Preventive | |
| Escalate the appeal process to change personal data when the data controller fails to make changes to the disputed data. CC ID 00465 | Data and Information Management | Corrective | |
| Establish, implement, and maintain a privacy dispute resolution program. CC ID 12526 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Establish/Maintain Documentation | Preventive | |
| Include potential remedies in the privacy dispute resolution program. CC ID 12531 | Establish/Maintain Documentation | Preventive | |
| Provide the data subject with the name, title, and address to whom complaints are forwarded. CC ID 00395 [Data subjects are informed, in writing, about the reason a request for correction of PI was denied and how they may appeal. A5.2 Communicates denial of correction requests Data subjects are informed about how to contact the entity with inquiries, complaints and disputes. M9.1 Communicates to data subjects] | Establish/Maintain Documentation | Preventive | |
| Include the time frames in which privacy rights violation complaints are processed in the privacy dispute resolution program. CC ID 12529 | Establish/Maintain Documentation | Preventive | |
| Document unresolved challenges. CC ID 13568 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an accuracy resolution policy. CC ID 00460 | Establish/Maintain Documentation | Preventive | |
| Notify individuals of their right to challenge personal data. CC ID 00457 [{be accurate}{be complete} Individuals are informed that they are responsible for providing the entity with accurate and complete PI and for contacting the entity if correction of such information is required. Q8.1 Communicates to data subjects] | Data and Information Management | Preventive | |
| Notify individuals of their right to object to personal data for legitimate reasons. CC ID 00458 | Data and Information Management | Preventive | |
| Terminate an individual's restriction agreement under specific circumstances. CC ID 06260 | Configuration | Preventive | |
| Notify individuals of their ability to challenge personal behavioral assessments on record. CC ID 04798 | Human Resources Management | Preventive | |
| Notify individuals of their ability to object to personal data processing, absent cost. CC ID 00459 | Data and Information Management | Preventive | |
| Notify individuals of the time frame in which they may challenge personal data. CC ID 16861 | Communicate | Preventive | |
| Investigate the disputed accuracy of personal data. CC ID 00461 | Data and Information Management | Preventive | |
| Notify the data subject of which and why disputed changes were not made to personal data. CC ID 00466 [The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Behavior | Corrective | |
| Notify entities to whom personal data was transferred that the personal data is wrong, along with the corrections. CC ID 00467 [Data subjects are able to update or correct PI held by the entity. The entity provides such updated or corrected information to third parties that were previously provided with the data subject's PI consistent with the entity's objective related to privacy. A5.2 Permits data subjects to update or correct PI The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Behavior | Corrective | |
| Notify third parties of unresolved challenges. CC ID 13559 | Communicate | Preventive | |
| Document disagreements as to whether personal data is complete and accurate. CC ID 06952 | Establish/Maintain Documentation | Preventive | |
| Include the change to the personal data that the data subject requested and the reason the organization refused to make the change in the statement of disagreement. CC ID 06954 [Data subjects are informed, in writing, about the reason a request for correction of PI was denied and how they may appeal. A5.2 Communicates denial of correction requests] | Establish/Maintain Documentation | Preventive | |
| Order the cessation of data processing when a violation of the privacy policy is detected. CC ID 00475 | Data and Information Management | Corrective | |
| Investigate privacy rights violation complaints. CC ID 00480 [Each complaint is addressed and the resolution is documented and communicated to the individual. M9.1 Documents and communicates dispute resolution and recourse] | Behavior | Detective | |
| Cooperate with authorities during a privacy rights violation complaint investigation. CC ID 14364 | Business Processes | Corrective | |
| Notify respondents after a privacy rights violation complaint investigation begins. CC ID 00491 | Behavior | Detective | |
| Include the allegations against the organization in the notice of investigation. CC ID 13031 | Establish/Maintain Documentation | Preventive | |
| Investigate privacy rights violation complaints in private. CC ID 00492 | Behavior | Detective | |
| Make appropriate inquiries and obtain appropriate information regarding privacy rights violation complaints. CC ID 00493 | Behavior | Detective | |
| Allow the complainant to appear before the commissioner and make a submission, orally or in writing, about the privacy rights violation complaint investigation prior to an adverse decision to the complainant is reached. CC ID 00494 | Behavior | Detective | |
| Refer privacy rights violation complaints to the Privacy Commissioner under certain conditions. CC ID 00481 | Behavior | Preventive | |
| Determine not to investigate privacy rights violation complaints under certain conditions. CC ID 00482 | Behavior | Preventive | |
| Refrain from investigating a privacy rights violation complaint when the act or practice does not interfere with an individual's privacy. CC ID 00483 | Behavior | Preventive | |
| Refrain from investigating a privacy rights violation complaint when the complaint is created outside the stipulated time frame after the complainant became aware of it. CC ID 00484 | Behavior | Preventive | |
| Refrain from investigating a privacy rights violation complaint when the complaint is frivolous, vexatious, misconceived, or lacking in substance. CC ID 00485 | Behavior | Preventive | |
| Refrain from investigating a privacy rights violation complaint if the act or practice is subject to an application under another commonwealth law, state law, or territory law, and the complaint was or is being dealt with adequately under the law. CC ID 00486 | Behavior | Preventive | |
| Defer privacy rights violation complaint investigations under certain conditions. CC ID 00487 | Behavior | Preventive | |
| Defer privacy rights violation complaint investigations when the respondent has made an application for a determination. CC ID 00488 | Behavior | Preventive | |
| Defer privacy rights violation complaint investigations when the Privacy Commissioner believes the data subject's interests would not be affected if the investigation or further investigation were deferred until the application was disposed of. CC ID 00489 | Behavior | Preventive | |
| Notify respondents after a privacy rights violation complaint investigation has been resolved. CC ID 13513 [Each complaint is addressed and the resolution is documented and communicated to the individual. M9.1 Documents and communicates dispute resolution and recourse] | Communicate | Corrective | |
| Create an investigative report in regards to a privacy rights violation complaint. CC ID 00495 | Establish/Maintain Documentation | Corrective | |
| Respond to an investigative report in regards to a privacy rights violation complaint. CC ID 00496 | Behavior | Corrective | |
| Define the available administrative remedies in regards to a privacy rights violation complaint. CC ID 00497 | Establish/Maintain Documentation | Detective | |
| Order the organization to change to be in compliance with applicable law. CC ID 00499 | Behavior | Corrective | |
| Order the organization to publish a notice with the corrections or actions taken. CC ID 00500 | Behavior | Corrective | |
| Award damages based on applicable law. CC ID 00501 | Behavior | Corrective | |
| Destroy personal data that breaches privacy after the privacy breach has been detected. CC ID 00503 | Data and Information Management | Corrective | |
| Define the organization's liability based on the applicable law. CC ID 00504 | Establish/Maintain Documentation | Preventive | |
| Define the sanctions and fines available for privacy rights violations based on applicable law. CC ID 00505 | Establish/Maintain Documentation | Preventive | |
| Define the appeal process based on the applicable law. CC ID 00506 | Establish/Maintain Documentation | Preventive | |
| Define the fee structure for the appeal process. CC ID 16532 | Process or Activity | Preventive | |
| Define the time requirements for the appeal process. CC ID 16531 | Process or Activity | Preventive | |
| Disseminate and communicate instructions for the appeal process to interested personnel and affected parties. CC ID 16544 | Communicate | Preventive | |
| Disseminate and communicate a written explanation of the reasons for appeal decisions to interested personnel and affected parties. CC ID 16542 | Communicate | Preventive | |
| Provide notice of proposed penalties. CC ID 06216 | Establish/Maintain Documentation | Preventive | |
| Notify the public and other agencies after a penalty becomes final. CC ID 06217 | Behavior | Preventive | |
| Refrain from subjecting individuals to retaliation or intimidation after a complaint is created. CC ID 06218 | Testing | Detective | |
| Establish, implement, and maintain a Customer Information Management program. CC ID 00084 | Data and Information Management | Preventive | |
| Establish, implement, and maintain customer data authentication procedures. CC ID 13187 | Establish/Maintain Documentation | Preventive | |
| Check the accuracy of restricted data. CC ID 00088 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1 {be complete} PI is accurate and complete for the purposes for which it is to be used. Q8.1 Ensures accuracy and completeness of PI] | Data and Information Management | Preventive | |
| Record restricted data correctly. CC ID 00089 | Testing | Detective | |
| Check that restricted data is complete. CC ID 00090 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1 {be complete} PI is accurate and complete for the purposes for which it is to be used. Q8.1 Ensures accuracy and completeness of PI] | Data and Information Management | Preventive | |
| Keep restricted data up-to-date and valid. CC ID 00091 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1] | Data and Information Management | Preventive | |
| Maintain restricted data in a form that does not permit the identification of data subjects for longer than the processing purpose. CC ID 00092 [PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI] | Data and Information Management | Preventive | |
Records management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Records management CC ID 00902 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain an information management program. CC ID 14315 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Establish/Maintain Documentation | Preventive | |
| Ensure data sets have the appropriate characteristics. CC ID 15000 | Data and Information Management | Detective | |
| Ensure data sets are complete, are accurate, and are relevant. CC ID 14999 | Data and Information Management | Detective | |
| Establish, implement, and maintain records management policies. CC ID 00903 | Establish/Maintain Documentation | Preventive | |
| Define each system's preservation requirements for records and logs. CC ID 00904 | Establish/Maintain Documentation | Detective | |
| Establish, implement, and maintain a data retention program. CC ID 00906 | Establish/Maintain Documentation | Detective | |
| Maintain continued integrity for all stored data and stored records. CC ID 00969 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity] | Testing | Detective | |
| Determine how long to keep records and logs before disposing them. CC ID 11661 | Process or Activity | Preventive | |
| Retain records in accordance with applicable requirements. CC ID 00968 [The entity retains PI consistent with its objectives related to privacy. U4.2 PI is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise. U4.2 Retains PI The entity creates and retains a complete, accurate and timely record of authorized disclosures of PI to meet the entity's objectives related to privacy. D6.2 The entity creates and retains a complete, accurate and timely record of detected or reported unauthorized disclosures (including breaches) of PI to meet the entity's objectives related to privacy. D6.3] | Records Management | Preventive | |
| Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657 | Establish/Maintain Documentation | Preventive | |
| Sanitize electronic storage media in accordance with organizational standards. CC ID 16464 | Data and Information Management | Preventive | |
| Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Data and Information Management | Preventive | |
| Destroy electronic storage media following the storage media disposition and destruction procedures. CC ID 00970 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Testing | Detective | |
| Manage waste materials in accordance with the storage media disposition and destruction procedures. CC ID 16485 | Process or Activity | Preventive | |
| Maintain media sanitization equipment in operational condition. CC ID 00721 | Testing | Detective | |
| Use approved media sanitization equipment for destruction. CC ID 16459 | Business Processes | Preventive | |
| Define each system's disposition requirements for records and logs. CC ID 11651 | Process or Activity | Preventive | |
| Establish, implement, and maintain records disposition procedures. CC ID 00971 | Establish/Maintain Documentation | Preventive | |
| Remove and/or destroy records according to the records' retention event and retention period schedule. CC ID 06621 [PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI] | Records Management | Preventive | |
| Place printed records awaiting destruction into secure containers. CC ID 12464 | Physical and Environmental Protection | Preventive | |
| Destroy printed records so they cannot be reconstructed. CC ID 11779 | Physical and Environmental Protection | Preventive | |
| Automate a programmatic process to remove stored data and records that exceed retention requirements. CC ID 06082 | Data and Information Management | Preventive | |
| Establish, implement, and maintain records management procedures. CC ID 11619 | Establish/Maintain Documentation | Preventive | |
| Protect records from loss in accordance with applicable requirements. CC ID 12007 [Policies and procedures have been implemented to protect PI from erasure or destruction during the specified retention period of the information. U4.2 Protects PI] | Records Management | Preventive | |
| Capture the records required by organizational compliance requirements. CC ID 00912 | Records Management | Detective | |
| Classify restricted data or restricted information in Records Management systems according to the data or information's sensitivity. CC ID 04720 [The types of PI and sensitive PI and the related processes, systems and third parties involved in the handling of such information are identified. D6.7 Identifies types of PI and handling processes {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Data and Information Management | Detective | |
| Establish, implement, and maintain electronic storage media management procedures. CC ID 00931 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain online storage controls. CC ID 00942 | Technical Security | Preventive | |
| Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943 | Records Management | Preventive | |
| Provide encryption for different types of electronic storage media. CC ID 00945 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data {physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Technical Security | Preventive | |
| Physically secure printed records. CC ID 11778 [The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Physical and Environmental Protection | Preventive | |
System hardening through configuration management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| System hardening through configuration management CC ID 00860 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a Configuration Management program. CC ID 00867 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain configuration control and Configuration Status Accounting. CC ID 00863 | Business Processes | Preventive | |
| Establish, implement, and maintain appropriate system labeling. CC ID 01900 | Establish/Maintain Documentation | Preventive | |
| Include the identification number of the third party who performed the conformity assessment procedures on all promotional materials. CC ID 15041 | Establish/Maintain Documentation | Preventive | |
| Include the identification number of the third party who conducted the conformity assessment procedures after the CE marking of conformity. CC ID 15040 | Establish/Maintain Documentation | Preventive | |
| Verify configuration files requiring passwords for automation do not contain those passwords after the installation process is complete. CC ID 06555 | Configuration | Preventive | |
| Establish, implement, and maintain a configuration management policy. CC ID 14023 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain configuration management procedures. CC ID 14074 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the configuration management procedures to interested personnel and affected parties. CC ID 14139 | Communicate | Preventive | |
| Include compliance requirements in the configuration management policy. CC ID 14072 | Establish/Maintain Documentation | Preventive | |
| Include coordination amongst entities in the configuration management policy. CC ID 14071 | Establish/Maintain Documentation | Preventive | |
| Include management commitment in the configuration management policy. CC ID 14070 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the configuration management policy. CC ID 14069 | Establish/Maintain Documentation | Preventive | |
| Include the scope in the configuration management policy. CC ID 14068 | Establish/Maintain Documentation | Preventive | |
| Include the purpose in the configuration management policy. CC ID 14067 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the configuration management policy to interested personnel and affected parties. CC ID 14066 | Communicate | Preventive | |
| Establish, implement, and maintain a configuration management plan. CC ID 01901 | Establish/Maintain Documentation | Preventive | |
| Include configuration management procedures in the configuration management plan. CC ID 14248 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the configuration management plan. CC ID 14247 | Establish/Maintain Documentation | Preventive | |
| Approve the configuration management plan. CC ID 14717 | Business Processes | Preventive | |
| Establish, implement, and maintain system tracking documentation. CC ID 15266 | Establish/Maintain Documentation | Preventive | |
| Include prioritization codes in the system tracking documentation. CC ID 15283 | Establish/Maintain Documentation | Preventive | |
| Include the type and category of the request in the system tracking documentation. CC ID 15281 | Establish/Maintain Documentation | Preventive | |
| Include contact information in the system tracking documentation. CC ID 15280 | Establish/Maintain Documentation | Preventive | |
| Include the username in the system tracking documentation. CC ID 15278 | Establish/Maintain Documentation | Preventive | |
| Include a problem description in the system tracking documentation. CC ID 15276 | Establish/Maintain Documentation | Preventive | |
| Include affected systems in the system tracking documentation. CC ID 15275 | Establish/Maintain Documentation | Preventive | |
| Include root causes in the system tracking documentation. CC ID 15274 | Establish/Maintain Documentation | Preventive | |
| Include the name of who is responsible for resolution in the system tracking documentation. CC ID 15273 | Establish/Maintain Documentation | Preventive | |
| Include current status in the system tracking documentation. CC ID 15272 | Establish/Maintain Documentation | Preventive | |
| Employ the Configuration Management program. CC ID 11904 | Configuration | Preventive | |
| Record Configuration Management items in the Configuration Management database. CC ID 00861 | Establish/Maintain Documentation | Preventive | |
| Test network access controls for proper Configuration Management settings. CC ID 01281 | Testing | Detective | |
| Disseminate and communicate the configuration management program to all interested personnel and affected parties. CC ID 11946 | Communicate | Preventive | |
| Establish, implement, and maintain a Configuration Management Database with accessible reporting capabilities. CC ID 02132 | Establish/Maintain Documentation | Preventive | |
| Document external connections for all systems. CC ID 06415 | Configuration | Preventive | |
| Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Establish/Maintain Documentation | Preventive | |
| Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285 | Establish/Maintain Documentation | Preventive | |
| Include the differences between test environments and production environments in the baseline configuration. CC ID 13284 | Establish/Maintain Documentation | Preventive | |
| Include the applied security patches in the baseline configuration. CC ID 13271 | Establish/Maintain Documentation | Preventive | |
| Include the installed application software and version numbers in the baseline configuration. CC ID 13270 | Establish/Maintain Documentation | Preventive | |
| Include installed custom software in the baseline configuration. CC ID 13274 | Establish/Maintain Documentation | Preventive | |
| Include network ports in the baseline configuration. CC ID 13273 | Establish/Maintain Documentation | Preventive | |
| Include the operating systems and version numbers in the baseline configuration. CC ID 13269 | Establish/Maintain Documentation | Preventive | |
| Include backup procedures in the Configuration Management policy. CC ID 01314 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a system hardening standard. CC ID 00876 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain configuration standards for all systems based upon industry best practices. CC ID 11953 [The entity implements logical access security control software, infrastructures, authentication mechanisms and related architectures and security configuration controls over protected information assets to protect them from security incidents and events that might result in unauthorized access, alteration, destruction or disclosure of that information, and to meet the entity's privacy objectives. S7.1] | Configuration | Preventive | |
| Include common security parameter settings in the configuration standards for all systems. CC ID 12544 | Establish/Maintain Documentation | Preventive | |
| Apply configuration standards to all systems, as necessary. CC ID 12503 | Configuration | Preventive | |
| Document and justify system hardening standard exceptions. CC ID 06845 | Configuration | Preventive | |
| Configure security parameter settings on all system components appropriately. CC ID 12041 | Technical Security | Preventive | |
| Provide documentation verifying devices are not susceptible to known exploits. CC ID 11987 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain system hardening procedures. CC ID 12001 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Establish/Maintain Documentation | Preventive | |
| Configure session timeout and reauthentication settings according to organizational standards. CC ID 12460 | Technical Security | Preventive | |
| Configure the Intrusion Detection System and Intrusion Prevention System in accordance with organizational standards. CC ID 04831 | Configuration | Preventive | |
| Enable historical logging on the Intrusion Detection System and Intrusion Prevention System. CC ID 04836 | Configuration | Preventive | |
| Configure automatic logoff to terminate the sessions based on inactivity according to organizational standards. CC ID 04490 | Configuration | Preventive | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to detect rogue devices and unauthorized connections. CC ID 04837 | Configuration | Preventive | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to alert upon finding rogue devices and unauthorized connections. CC ID 07062 | Configuration | Preventive | |
| Display an explicit logout message when disconnecting an authenticated communications session. CC ID 10093 | Configuration | Preventive | |
| Invalidate session identifiers upon session termination. CC ID 10649 | Technical Security | Preventive | |
| Configure “Docker” to organizational standards. CC ID 14457 | Configuration | Preventive | |
| Configure the "autolock" argument to organizational standards. CC ID 14547 | Configuration | Preventive | |
| Configure the "COPY" instruction to organizational standards. CC ID 14515 | Configuration | Preventive | |
| Configure the "memory" argument to organizational standards. CC ID 14497 | Configuration | Preventive | |
| Configure the "docker0" bridge to organizational standards. CC ID 14504 | Configuration | Preventive | |
| Configure the "docker exec commands" to organizational standards. CC ID 14502 | Configuration | Preventive | |
| Configure the "health-cmd" argument to organizational standards. CC ID 14527 | Configuration | Preventive | |
| Configure the "HEALTHCHECK" to organizational standards. CC ID 14511 | Configuration | Detective | |
| Configure the maximum number of images to organizational standards. CC ID 14545 | Configuration | Preventive | |
| Configure the minimum number of manager nodes to organizational standards. CC ID 14543 | Configuration | Preventive | |
| Configure the "on-failure" restart policy to organizational standards. CC ID 14542 | Configuration | Preventive | |
| Configure the maximum number of containers to organizational standards. CC ID 14540 | Configuration | Preventive | |
| Configure the "lifetime_minutes" to organizational standards. CC ID 14539 | Configuration | Preventive | |
| Configure the "Linux kernel capabilities" to organizational standards. CC ID 14531 | Configuration | Preventive | |
| Configure the "Docker socket" to organizational standards. CC ID 14506 | Configuration | Preventive | |
| Configure the "read-only" argument to organizational standards. CC ID 14498 | Configuration | Preventive | |
| Configure the signed image enforcement to organizational standards. CC ID 14517 | Configuration | Preventive | |
| Configure the "storage-opt" argument to organizational standards. CC ID 14658 | Configuration | Preventive | |
| Configure the "swarm services" to organizational standards. CC ID 14516 | Configuration | Preventive | |
| Configure the "experimental" argument to organizational standards. CC ID 14494 | Configuration | Preventive | |
| Configure the cluster role-based access control policies to organizational standards. CC ID 14514 | Configuration | Preventive | |
| Configure the "secret management commands" to organizational standards. CC ID 14512 | Configuration | Preventive | |
| Configure the "renewal_threshold_minutes" to organizational standards. CC ID 14538 | Configuration | Preventive | |
| Configure the "docker swarm unlock-key" command to organizational standards. CC ID 14490 | Configuration | Preventive | |
| Configure the "per_user_limit" to organizational standards. CC ID 14523 | Configuration | Preventive | |
| Configure the "privileged" argument to organizational standards. CC ID 14510 | Configuration | Preventive | |
| Configure the "update instructions" to organizational standards. CC ID 14525 | Configuration | Preventive | |
| Configure the "swarm mode" to organizational standards. CC ID 14508 | Configuration | Preventive | |
| Configure the "USER" directive to organizational standards. CC ID 14507 | Configuration | Preventive | |
| Configure the "DOCKER_CONTENT_TRUST" to organizational standards. CC ID 14488 | Configuration | Preventive | |
| Configure the "no-new-privileges" argument to organizational standards. CC ID 14474 | Configuration | Preventive | |
| Configure the "seccomp-profile" argument to organizational standards. CC ID 14503 | Configuration | Preventive | |
| Configure the "cpu-shares" argument to organizational standards. CC ID 14489 | Configuration | Preventive | |
| Configure the "volume" argument to organizational standards. CC ID 14533 | Configuration | Preventive | |
| Configure the "cgroup-parent" to organizational standards. CC ID 14466 | Configuration | Preventive | |
| Configure the "live-restore" argument to organizational standards. CC ID 14465 | Configuration | Preventive | |
| Configure the "userland-proxy" argument to organizational standards. CC ID 14464 | Configuration | Preventive | |
| Configure the "user namespace support" to organizational standards. CC ID 14462 | Configuration | Preventive | |
| Configure "etcd" to organizational standards. CC ID 14535 | Configuration | Preventive | |
| Configure the "auto-tls" argument to organizational standards. CC ID 14621 | Configuration | Preventive | |
| Configure the "peer-auto-tls" argument to organizational standards. CC ID 14636 | Configuration | Preventive | |
| Configure the "peer-client-cert-auth" argument to organizational standards. CC ID 14614 | Configuration | Preventive | |
| Configure the "peer-cert-file" argument to organizational standards. CC ID 14606 | Configuration | Preventive | |
| Configure the "key-file" argument to organizational standards. CC ID 14604 | Configuration | Preventive | |
| Configure the "cert-file" argument to organizational standards. CC ID 14602 | Configuration | Preventive | |
| Configure the "client-cert-auth" argument to organizational standards. CC ID 14596 | Configuration | Preventive | |
| Configure the "peer-key-file" argument to organizational standards. CC ID 14595 | Configuration | Preventive | |
| Establish, implement, and maintain container orchestration. CC ID 16350 | Technical Security | Preventive | |
| Configure "Kubernetes" to organizational standards. CC ID 14528 | Configuration | Preventive | |
| Configure the "ImagePolicyWebhook" admission controller to organizational standards. CC ID 14657 | Configuration | Preventive | |
| Configure the "allowedCapabilities" to organizational standards. CC ID 14653 | Configuration | Preventive | |
| Configure the "allowPrivilegeEscalation" flag to organizational standards. CC ID 14645 | Configuration | Preventive | |
| Configure the "Security Context" to organizational standards. CC ID 14656 | Configuration | Preventive | |
| Configure the "cluster-admin" role to organizational standards. CC ID 14642 | Configuration | Preventive | |
| Configure the "automountServiceAccountToken" to organizational standards. CC ID 14639 | Configuration | Preventive | |
| Configure the "audit-log-maxsize" argument to organizational standards. CC ID 14624 | Configuration | Detective | |
| Configure the "seccomp" profile to organizational standards. CC ID 14652 | Configuration | Preventive | |
| Configure the "securityContext.privileged" flag to organizational standards. CC ID 14641 | Configuration | Preventive | |
| Configure the "audit-log-path" argument to organizational standards. CC ID 14622 | Configuration | Detective | |
| Configure the "audit-log-maxbackup" argument to organizational standards. CC ID 14613 | Configuration | Detective | |
| Configure the "audit-policy-file" to organizational standards. CC ID 14610 | Configuration | Preventive | |
| Configure the "audit-log-maxage" argument to organizational standards. CC ID 14605 | Configuration | Detective | |
| Configure the "bind-address" argument to organizational standards. CC ID 14601 | Configuration | Preventive | |
| Configure the "request-timeout" argument to organizational standards. CC ID 14583 | Configuration | Preventive | |
| Configure the "secure-port" argument to organizational standards. CC ID 14582 | Configuration | Preventive | |
| Configure the "service-account-key-file" argument to organizational standards. CC ID 14581 | Configuration | Preventive | |
| Configure the "insecure-bind-address" argument to organizational standards. CC ID 14580 | Configuration | Preventive | |
| Configure the "service-account-lookup" argument to organizational standards. CC ID 14579 | Configuration | Preventive | |
| Configure the "admission control plugin PodSecurityPolicy" to organizational standards. CC ID 14578 | Configuration | Preventive | |
| Configure the "profiling" argument to organizational standards. CC ID 14577 | Configuration | Preventive | |
| Configure the "hostNetwork" flag to organizational standards. CC ID 14649 | Configuration | Preventive | |
| Configure the "hostPID" flag to organizational standards. CC ID 14648 | Configuration | Preventive | |
| Configure the "etcd-certfile" argument to organizational standards. CC ID 14584 | Configuration | Preventive | |
| Configure the "runAsUser.rule" to organizational standards. CC ID 14651 | Configuration | Preventive | |
| Configure the "requiredDropCapabilities" to organizational standards. CC ID 14650 | Configuration | Preventive | |
| Configure the "hostIPC" flag to organizational standards. CC ID 14643 | Configuration | Preventive | |
| Configure the "admission control plugin ServiceAccount" to organizational standards. CC ID 14576 | Configuration | Preventive | |
| Configure the "insecure-port" argument to organizational standards. CC ID 14575 | Configuration | Preventive | |
| Configure the "admission control plugin AlwaysPullImages" to organizational standards. CC ID 14574 | Configuration | Preventive | |
| Configure the "pod" to organizational standards. CC ID 14644 | Configuration | Preventive | |
| Configure the "ClusterRoles" to organizational standards. CC ID 14637 | Configuration | Preventive | |
| Configure the "event-qps" argument to organizational standards. CC ID 14633 | Configuration | Preventive | |
| Configure the "Kubelet" to organizational standards. CC ID 14635 | Configuration | Preventive | |
| Configure the "NET_RAW" to organizational standards. CC ID 14647 | Configuration | Preventive | |
| Configure the "make-iptables-util-chains" argument to organizational standards. CC ID 14638 | Configuration | Preventive | |
| Configure the "hostname-override" argument to organizational standards. CC ID 14631 | Configuration | Preventive | |
| Configure the "admission control plugin NodeRestriction" to organizational standards. CC ID 14573 | Configuration | Preventive | |
| Configure the "admission control plugin AlwaysAdmit" to organizational standards. CC ID 14572 | Configuration | Preventive | |
| Configure the "etcd-cafile" argument to organizational standards. CC ID 14592 | Configuration | Preventive | |
| Configure the "encryption-provider-config" argument to organizational standards. CC ID 14587 | Configuration | Preventive | |
| Configure the "rotate-certificates" argument to organizational standards. CC ID 14640 | Configuration | Preventive | |
| Configure the "etcd-keyfile" argument to organizational standards. CC ID 14586 | Configuration | Preventive | |
| Configure the "client-ca-file" argument to organizational standards. CC ID 14585 | Configuration | Preventive | |
| Configure the "kube-apiserver" to organizational standards. CC ID 14589 | Configuration | Preventive | |
| Configure the "tls-private-key-file" argument to organizational standards. CC ID 14590 | Configuration | Preventive | |
| Configure the "streaming-connection-idle-timeout" argument to organizational standards. CC ID 14634 | Configuration | Preventive | |
| Configure the "RotateKubeletServerCertificate" argument to organizational standards. CC ID 14626 | Configuration | Preventive | |
| Configure the "protect-kernel-defaults" argument to organizational standards. CC ID 14629 | Configuration | Preventive | |
| Configure the "read-only-port" argument to organizational standards. CC ID 14627 | Configuration | Preventive | |
| Configure the "admission control plugin NamespaceLifecycle" to organizational standards. CC ID 14571 | Configuration | Preventive | |
| Configure the "terminated-pod-gc-threshold" argument to organizational standards. CC ID 14593 | Configuration | Preventive | |
| Configure the "tls-cert-file" argument to organizational standards. CC ID 14588 | Configuration | Preventive | |
| Configure the "kubelet-certificate-authority" argument to organizational standards. CC ID 14570 | Configuration | Preventive | |
| Configure the "service-account-private-key-file" argument to organizational standards. CC ID 14607 | Configuration | Preventive | |
| Configure the "admission control plugin SecurityContextDeny" to organizational standards. CC ID 14569 | Configuration | Preventive | |
| Configure the "kubelet-client-certificate" argument to organizational standards. CC ID 14568 | Configuration | Preventive | |
| Configure the "root-ca-file" argument to organizational standards. CC ID 14599 | Configuration | Preventive | |
| Configure the "admission control plugin EventRateLimit" to organizational standards. CC ID 14567 | Configuration | Preventive | |
| Configure the "use-service-account-credentials" argument to organizational standards. CC ID 14594 | Configuration | Preventive | |
| Configure the "token-auth-file" argument to organizational standards. CC ID 14566 | Configuration | Preventive | |
| Configure the "authorization-mode" argument to organizational standards. CC ID 14565 | Configuration | Preventive | |
| Configure the "anonymous-auth" argument to organizational standards. CC ID 14564 | Configuration | Preventive | |
| Configure the "kubelet-client-key" argument to organizational standards. CC ID 14563 | Configuration | Preventive | |
| Configure the "kubelet-https" argument to organizational standards. CC ID 14561 | Configuration | Preventive | |
| Configure the "basic-auth-file" argument to organizational standards. CC ID 14559 | Configuration | Preventive | |
| Configure the Remote Deposit Capture system to organizational standards. CC ID 13569 | Configuration | Preventive | |
| Prohibit files from containing wild cards, as necessary. CC ID 16318 | Process or Activity | Preventive | |
| Block and/or remove unnecessary software and unauthorized software. CC ID 00865 | Configuration | Preventive | |
| Assign system hardening to qualified personnel. CC ID 06813 | Establish Roles | Preventive | |
| Use the latest approved version of all software. CC ID 00897 | Technical Security | Preventive | |
| Install the most current Windows Service Pack. CC ID 01695 | Configuration | Preventive | |
| Install critical security updates and important security updates in a timely manner. CC ID 01696 | Configuration | Preventive | |
| Include risk information when communicating critical security updates. CC ID 14948 | Communicate | Preventive | |
| Change default configurations, as necessary. CC ID 00877 | Configuration | Preventive | |
| Configure custom security parameters for X-Windows. CC ID 02168 | Configuration | Preventive | |
| Configure custom security settings for Lotus Domino. CC ID 02171 | Configuration | Preventive | |
| Configure custom security settings for the Automated Security Enhancement Tool. CC ID 02177 | Configuration | Preventive | |
| Configure custom Security settings for Sun Answerbook2. CC ID 02178 | Configuration | Preventive | |
| Configure custom security settings for Command (PROM) Monitor. CC ID 02180 | Configuration | Preventive | |
| Configure and secure each interface for Executive Interfaces. CC ID 02182 | Configuration | Preventive | |
| Reconfigure the default settings and configure the system security for Site Management Complex. CC ID 02183 | Configuration | Preventive | |
| Configure the unisys executive (GENNED) GEN tags. CC ID 02184 | Configuration | Preventive | |
| Reconfigure the default Console Mode privileges. CC ID 02189 | Configuration | Preventive | |
| Restrict access to security-related Console Mode key-in groups based on the security profiles. CC ID 02190 | Configuration | Preventive | |
| Configure security profiles for the various Console Mode levels. CC ID 02191 | Configuration | Preventive | |
| Configure custom access privileges for all mapper files. CC ID 02194 | Configuration | Preventive | |
| Configure custom access privileges for the PSERVER configuration file. CC ID 02195 | Configuration | Preventive | |
| Configure custom access privileges for the DEPCON configuration file. CC ID 02196 | Configuration | Preventive | |
| Disable the default NetWare user web page unless absolutely necessary. CC ID 04447 | Configuration | Preventive | |
| Enable and reset the primary administrator names, primary administrator passwords, root names, and root passwords. CC ID 04448 | Configuration | Preventive | |
| Remove unnecessary documentation or unprotected documentation from installed applications. CC ID 04452 | Configuration | Preventive | |
| Complete the NetWare eGuide configuration. CC ID 04449 | Configuration | Preventive | |
| Verify the usr/aset/masters/uid_aliases file exists and contains an appropriate aliases list. CC ID 04902 | Configuration | Preventive | |
| Set the low security directory list properly. CC ID 04903 | Configuration | Preventive | |
| Set the medium security directory list properly. CC ID 04904 | Configuration | Preventive | |
| Set the high security directory list properly. CC ID 04905 | Configuration | Preventive | |
| Set the UID aliases pointer properly. CC ID 04906 | Configuration | Preventive | |
| Verify users are listed in the ASET userlist file. CC ID 04907 | Technical Security | Preventive | |
| Verify Automated Security Enhancement Tool checks the NIS+ tables, as appropriate. CC ID 04908 | Testing | Preventive | |
| Reconfigure the encryption keys from their default setting or previous setting. CC ID 06079 | Configuration | Preventive | |
| Change the default Service Set Identifier for Wireless Access Points and wireless bridges. CC ID 06086 | Configuration | Preventive | |
| Revoke public execute privileges for all processes or applications that allow such privileges. CC ID 06568 | Configuration | Preventive | |
| Configure the system's booting configuration. CC ID 10656 | Configuration | Preventive | |
| Configure the system to boot directly to the correct Operating System. CC ID 04509 | Configuration | Preventive | |
| Verify an appropriate bootloader is used. CC ID 04900 | Configuration | Preventive | |
| Configure the ability to boot from USB devices, as appropriate. CC ID 04901 | Configuration | Preventive | |
| Configure the system to boot from hardware enforced read-only media. CC ID 10657 | Configuration | Preventive | |
| Establish, implement, and maintain procedures to standardize operating system software installation. CC ID 00869 | Establish/Maintain Documentation | Preventive | |
| Verify operating system installation plans include software security considerations. CC ID 00870 | Establish/Maintain Documentation | Preventive | |
| Configure the "Approved Installation Sites for ActiveX Controls" security mechanism properly. CC ID 04909 | Configuration | Preventive | |
| Configure Least Functionality and Least Privilege settings to organizational standards. CC ID 07599 | Configuration | Preventive | |
| Prohibit directories from having read/write capability, as appropriate. CC ID 16313 | Configuration | Preventive | |
| Configure "Block public access (bucket settings)" to organizational standards. CC ID 15444 | Configuration | Preventive | |
| Configure S3 Bucket Policies to organizational standards. CC ID 15431 | Configuration | Preventive | |
| Configure "Allow suggested apps in Windows Ink Workspace" to organizational standards. CC ID 15417 | Configuration | Preventive | |
| Configure "Allow Cloud Search" to organizational standards. CC ID 15416 | Configuration | Preventive | |
| Configure "Configure Watson events" to organizational standards. CC ID 15414 | Configuration | Preventive | |
| Configure "Allow Clipboard synchronization across devices" to organizational standards. CC ID 15412 | Configuration | Preventive | |
| Configure "Prevent users from modifying settings" to organizational standards. CC ID 15411 | Configuration | Preventive | |
| Configure "Prevent users from sharing files within their profile" to organizational standards. CC ID 15408 | Configuration | Preventive | |
| Configure "Manage preview builds" to organizational standards. CC ID 15405 | Configuration | Preventive | |
| Configure "Turn off Help Experience Improvement Program" to organizational standards. CC ID 15403 | Configuration | Preventive | |
| Configure "Sign-in and lock last interactive user automatically after a restart" to organizational standards. CC ID 15402 | Configuration | Preventive | |
| Configure "Hardened UNC Paths" to organizational standards. CC ID 15400 | Configuration | Preventive | |
| Configure "Turn off all Windows spotlight features" to organizational standards. CC ID 15397 | Configuration | Preventive | |
| Configure "Allow Message Service Cloud Sync" to organizational standards. CC ID 15396 | Configuration | Preventive | |
| Configure "Configure local setting override for reporting to Microsoft MAPS" to organizational standards. CC ID 15394 | Configuration | Preventive | |
| Configure "Configure Windows spotlight on lock screen" to organizational standards. CC ID 15391 | Configuration | Preventive | |
| Configure "Do not suggest third-party content in Windows spotlight" to organizational standards. CC ID 15389 | Configuration | Preventive | |
| Configure "Enable Font Providers" to organizational standards. CC ID 15388 | Configuration | Preventive | |
| Configure "Disallow copying of user input methods to the system account for sign-in" to organizational standards. CC ID 15386 | Configuration | Preventive | |
| Configure "Do not display network selection UI" to organizational standards. CC ID 15381 | Configuration | Preventive | |
| Configure "Turn off KMS Client Online AVS Validation" to organizational standards. CC ID 15380 | Configuration | Preventive | |
| Configure "Allow Telemetry" to organizational standards. CC ID 15378 | Configuration | Preventive | |
| Configure "Allow users to enable online speech recognition services" to organizational standards. CC ID 15377 | Configuration | Preventive | |
| Configure "Prevent enabling lock screen camera" to organizational standards. CC ID 15373 | Configuration | Preventive | |
| Configure "Continue experiences on this device" to organizational standards. CC ID 15372 | Configuration | Preventive | |
| Configure "Prevent the usage of OneDrive for file storage" to organizational standards. CC ID 15369 | Configuration | Preventive | |
| Configure "Do not use diagnostic data for tailored experiences" to organizational standards. CC ID 15367 | Configuration | Preventive | |
| Configure "Network access: Restrict clients allowed to make remote calls to SAM" to organizational standards. CC ID 15365 | Configuration | Preventive | |
| Configure "Turn off Microsoft consumer experiences" to organizational standards. CC ID 15363 | Configuration | Preventive | |
| Configure "Allow Use of Camera" to organizational standards. CC ID 15362 | Configuration | Preventive | |
| Configure "Allow Online Tips" to organizational standards. CC ID 15360 | Configuration | Preventive | |
| Configure "Turn off cloud optimized content" to organizational standards. CC ID 15357 | Configuration | Preventive | |
| Configure "Apply UAC restrictions to local accounts on network logons" to organizational standards. CC ID 15356 | Configuration | Preventive | |
| Configure "Toggle user control over Insider builds" to organizational standards. CC ID 15354 | Configuration | Preventive | |
| Configure "Allow network connectivity during connected-standby (plugged in)" to organizational standards. CC ID 15353 | Configuration | Preventive | |
| Configure "Do not show feedback notifications" to organizational standards. CC ID 15350 | Configuration | Preventive | |
| Configure "Prevent enabling lock screen slide show" to organizational standards. CC ID 15349 | Configuration | Preventive | |
| Configure "Turn off the advertising ID" to organizational standards. CC ID 15348 | Configuration | Preventive | |
| Configure "Allow Windows Ink Workspace" to organizational standards. CC ID 15346 | Configuration | Preventive | |
| Configure "Allow a Windows app to share application data between users" to organizational standards. CC ID 15345 | Configuration | Preventive | |
| Configure "Turn off handwriting personalization data sharing" to organizational standards. CC ID 15339 | Configuration | Preventive | |
| Configure the "Devices: Prevent users from installing printer drivers" to organizational standards. CC ID 07600 | Configuration | Preventive | |
| Configure the "Log on as a service" to organizational standards. CC ID 07609 | Configuration | Preventive | |
| Configure "Restore files and directories" to organizational standards. CC ID 07610 | Configuration | Preventive | |
| Configure the "Back up files and directories" to organizational standards. CC ID 07629 | Configuration | Preventive | |
| Configure the "Change the system time" to organizational standards. CC ID 07633 | Configuration | Preventive | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" to organizational standards. CC ID 07635 | Configuration | Preventive | |
| Configure the "Perform volume maintenance tasks" to organizational standards. CC ID 07653 | Configuration | Preventive | |
| Configure the "Create global objects" to organizational standards. CC ID 07659 | Configuration | Preventive | |
| Configure the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" to organizational standards. CC ID 07660 | Configuration | Preventive | |
| Configure the "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07671 | Configuration | Preventive | |
| Configure the "Network access: Named Pipes that can be accessed anonymously" to organizational standards. CC ID 07676 | Configuration | Preventive | |
| Configure the "Change the time zone" to organizational standards. CC ID 07677 | Configuration | Preventive | |
| Configure the "Adjust memory quotas for a process" to organizational standards. CC ID 07685 | Configuration | Preventive | |
| Configure the "Add workstations to domain" to organizational standards. CC ID 07689 | Configuration | Preventive | |
| Configure the "Take ownership of files or other objects" to organizational standards. CC ID 07691 | Configuration | Preventive | |
| Configure the "Access this computer from the network" to organizational standards. CC ID 07706 | Configuration | Preventive | |
| Configure the "MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)" to organizational standards. CC ID 07710 | Configuration | Preventive | |
| Configure the "Shutdown: Allow system to be shut down without having to log on" to organizational standards. CC ID 07717 | Configuration | Preventive | |
| Configure the "System objects: Require case insensitivity for non-Windows subsystems" to organizational standards. CC ID 07718 | Configuration | Preventive | |
| Configure the "Domain controller: Allow server operators to schedule tasks" to organizational standards. CC ID 07722 | Configuration | Preventive | |
| Configure the "Debug programs" to organizational standards. CC ID 07729 | Configuration | Preventive | |
| Configure the "Increase scheduling priority" to organizational standards. CC ID 07739 | Configuration | Preventive | |
| Configure the "Load and unload device drivers" to organizational standards. CC ID 07745 | Configuration | Preventive | |
| Configure the "Modify an object label" to organizational standards. CC ID 07755 | Configuration | Preventive | |
| Configure the "Deny log on as a service" to organizational standards. CC ID 07762 | Configuration | Preventive | |
| Configure the "Recovery console: Allow automatic administrative logon" to organizational standards. CC ID 07770 | Configuration | Preventive | |
| Configure the "Create a token object" to organizational standards. CC ID 07774 | Configuration | Preventive | |
| Configure the "Create symbolic links" to organizational standards. CC ID 07778 | Configuration | Preventive | |
| Configure the "Deny access to this computer from the network" to organizational standards. CC ID 07779 | Configuration | Preventive | |
| Configure the "Deny log on locally" to organizational standards. CC ID 07781 | Configuration | Preventive | |
| Configure the "Manage auditing and security log" to organizational standards. CC ID 07783 | Configuration | Preventive | |
| Configure the "Lock pages in memory" to organizational standards. CC ID 07784 | Configuration | Preventive | |
| Configure the "Shutdown: Clear virtual memory pagefile" to organizational standards. CC ID 07787 | Configuration | Preventive | |
| Configure the "Increase a process working set" to organizational standards. CC ID 07788 | Configuration | Preventive | |
| Configure the "Generate security audits" to organizational standards. CC ID 07796 | Configuration | Preventive | |
| Configure the "Remove computer from docking station" to organizational standards. CC ID 07802 | Configuration | Preventive | |
| Configure the "System settings: Optional subsystems" to organizational standards. CC ID 07804 | Configuration | Preventive | |
| Configure the "Shut down the system" to organizational standards. CC ID 07808 | Configuration | Preventive | |
| Configure the "Bypass traverse checking" to organizational standards. CC ID 07809 | Configuration | Preventive | |
| Configure the "Always install with elevated privileges" to organizational standards. CC ID 07811 | Configuration | Preventive | |
| Configure the "Allow log on through Remote Desktop Services" to organizational standards. CC ID 07813 | Configuration | Preventive | |
| Configure the "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" to organizational standards. CC ID 07814 | Configuration | Preventive | |
| Configure the "Create permanent shared objects" to organizational standards. CC ID 07818 | Configuration | Preventive | |
| Configure the "Devices: Allow undock without having to log on" to organizational standards. CC ID 07821 | Configuration | Preventive | |
| Configure the "Devices: Restrict floppy access to locally logged-on user only" to organizational standards. CC ID 07823 | Configuration | Preventive | |
| Configure the "Log on as a batch job" to organizational standards. CC ID 07838 | Configuration | Preventive | |
| Configure the "MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 07841 | Configuration | Preventive | |
| Configure the "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07842 | Configuration | Preventive | |
| Configure the "Replace a process level token" to organizational standards. CC ID 07845 | Configuration | Preventive | |
| Configure the "Modify firmware environment values" to organizational standards. CC ID 07847 | Configuration | Preventive | |
| Configure the "Deny log on through Remote Desktop Services" to organizational standards. CC ID 07854 | Configuration | Preventive | |
| Configure the "Devices: Allowed to format and eject removable media" to organizational standards. CC ID 07862 | Configuration | Preventive | |
| Configure the "Profile single process" to organizational standards. CC ID 07866 | Configuration | Preventive | |
| Configure the "Turn off Autoplay" to organizational standards. CC ID 07867 | Configuration | Preventive | |
| Configure the "Devices: Restrict CD-ROM access to locally logged-on user only" to organizational standards. CC ID 07871 | Configuration | Preventive | |
| Configure the "Deny log on as a batch job" to organizational standards. CC ID 07876 | Configuration | Preventive | |
| Configure the "Create a pagefile" to organizational standards. CC ID 07878 | Configuration | Preventive | |
| Configure the "Profile system performance" to organizational standards. CC ID 07879 | Configuration | Preventive | |
| Configure the "Impersonate a client after authentication" to organizational standards. CC ID 07882 | Configuration | Preventive | |
| Configure the "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" to organizational standards. CC ID 07886 | Configuration | Preventive | |
| Configure the "Force shutdown from a remote system" to organizational standards. CC ID 07889 | Configuration | Preventive | |
| Configure the "Act as part of the operating system" to organizational standards. CC ID 07891 | Configuration | Preventive | |
| Configure the "Allow log on locally" to organizational standards. CC ID 07894 | Configuration | Preventive | |
| Configure the "Synchronize directory service data" to organizational standards. CC ID 07897 | Configuration | Preventive | |
| Configure the "Access Credential Manager as a trusted caller" to organizational standards. CC ID 07898 | Configuration | Preventive | |
| Configure the "Enable computer and user accounts to be trusted for delegation" to organizational standards. CC ID 07900 | Configuration | Preventive | |
| Configure the "Recovery console: Allow floppy copy and access to all drives and all folders" to organizational standards. CC ID 07901 | Configuration | Preventive | |
| Configure the "Software channel permissions" to organizational standards. CC ID 07910 | Configuration | Preventive | |
| Configure the "Allow drag and drop or copy and paste files" to organizational standards. CC ID 07915 | Configuration | Preventive | |
| Configure the "Disable Per-User Installation of ActiveX Controls" to organizational standards. CC ID 07918 | Configuration | Preventive | |
| Configure the "Download signed ActiveX controls" to organizational standards. CC ID 07921 | Configuration | Preventive | |
| Configure the "Disable "Configuring History"" to organizational standards. CC ID 07922 | Configuration | Preventive | |
| Configure the "Turn off ActiveX opt-in prompt" to organizational standards. CC ID 07928 | Configuration | Preventive | |
| Configure the "Allow installation of desktop items" to organizational standards. CC ID 07931 | Configuration | Preventive | |
| Configure the "Only allow approved domains to use ActiveX controls without prompt" to organizational standards. CC ID 07936 | Configuration | Preventive | |
| Configure the "Initialize and script ActiveX controls not marked as safe" to organizational standards. CC ID 07945 | Configuration | Preventive | |
| Configure the "Allow file downloads" to organizational standards. CC ID 07960 | Configuration | Preventive | |
| Configure the "Turn off the Security Settings Check feature" to organizational standards. CC ID 07979 | Configuration | Preventive | |
| Configure the "Disable the Advanced page" to organizational standards. CC ID 07981 | Configuration | Preventive | |
| Configure the "Intranet Sites: Include all network paths (UNCs)" to organizational standards. CC ID 07986 | Configuration | Preventive | |
| Configure the "Disable changing Automatic Configuration settings" to organizational standards. CC ID 07992 | Configuration | Preventive | |
| Configure the "Turn off "Delete Browsing History" functionality" to organizational standards. CC ID 07993 | Configuration | Preventive | |
| Configure the "Allow META REFRESH" to organizational standards. CC ID 07998 | Configuration | Preventive | |
| Configure the "Prevent Deleting Temporary Internet Files" to organizational standards. CC ID 08000 | Configuration | Preventive | |
| Configure the "Security Zones: Do not allow users to change policies" to organizational standards. CC ID 08001 | Configuration | Preventive | |
| Configure the "Only use the ActiveX Installer Service for installation of ActiveX Controls" to organizational standards. CC ID 08003 | Configuration | Preventive | |
| Configure the "Prevent "Fix settings" functionality" to organizational standards. CC ID 08010 | Configuration | Preventive | |
| Configure the "XAML browser applications" to organizational standards. CC ID 08011 | Configuration | Preventive | |
| Configure the "Run .NET Framework-reliant components signed with Authenticode" to organizational standards CC ID 08014 | Configuration | Preventive | |
| Configure the "Access data sources across domains" to organizational standards. CC ID 08018 | Configuration | Preventive | |
| Configure the "Allow script-initiated windows without size or position constraints" to organizational standards. CC ID 08020 | Configuration | Preventive | |
| Configure the "Disable Save this program to disk option" to organizational standards. CC ID 08021 | Configuration | Preventive | |
| Configure the "Security Zones: Do not allow users to add/delete sites" to organizational standards. CC ID 08061 | Configuration | Preventive | |
| Configure the "Script ActiveX controls marked safe for scripting" to organizational standards. CC ID 08067 | Configuration | Preventive | |
| Configure the "Prevent Deleting Cookies" to organizational standards. CC ID 08069 | Configuration | Preventive | |
| Configure the "Allow binary and script behaviors" to organizational standards. CC ID 08070 | Configuration | Preventive | |
| Configure the "Launching applications and files in an IFRAME" to organizational standards. CC ID 08078 | Configuration | Preventive | |
| Configure the "Allow status bar updates via script" to organizational standards. CC ID 08081 | Configuration | Preventive | |
| Configure the "Turn off Crash Detection" to organizational standards. CC ID 08085 | Configuration | Preventive | |
| Configure the "Security Zones: Use only machine settings" to organizational standards. CC ID 08088 | Configuration | Preventive | |
| Configure the "Web sites in less privileged Web content zones can navigate into this zone" to organizational standards. CC ID 08089 | Configuration | Preventive | |
| Configure the "Disable the Security page" to organizational standards. CC ID 08090 | Configuration | Preventive | |
| Configure the "Automatically check for Internet Explorer updates" to organizational standards. CC ID 08094 | Configuration | Preventive | |
| Configure the "Navigate windows and frames across different domains" to organizational standards. CC ID 08107 | Configuration | Preventive | |
| Configure the "Allow active scripting" setting to organizational standards. CC ID 08115 | Configuration | Preventive | |
| Configure the "Allow font downloads" to organizational standards. CC ID 08116 | Configuration | Preventive | |
| Configure the "Disable changing proxy settings" to organizational standards. CC ID 08126 | Configuration | Preventive | |
| Configure the "Disable changing connection settings" to organizational standards. CC ID 08129 | Configuration | Preventive | |
| Configure the "Run .NET Framework-reliant components not signed with Authenticode" to organizational standards CC ID 08130 | Configuration | Preventive | |
| Configure the "Turn off printing over HTTP" to organizational standards. CC ID 08162 | Configuration | Preventive | |
| Configure the "Registry policy processing" to organizational standards. CC ID 08169 | Configuration | Preventive | |
| Configure the "Disable remote Desktop Sharing" to organizational standards. CC ID 08186 | Configuration | Preventive | |
| Configure the "Report operating system errors" to organizational standards. CC ID 08187 | Configuration | Preventive | |
| Configure the "Enumerate administrator accounts on elevation" to organizational standards. CC ID 08190 | Configuration | Preventive | |
| Configure the "Turn off Windows Update device driver searching" to organizational standards. CC ID 08193 | Configuration | Preventive | |
| Configure the "Do not allow drive redirection" to organizational standards. CC ID 08199 | Configuration | Preventive | |
| Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" to organizational standards. CC ID 08204 | Configuration | Preventive | |
| Configure the "Turn off downloading of print drivers over HTTP" to organizational standards. CC ID 08218 | Configuration | Preventive | |
| Configure the "Do not process the run once list" to organizational standards. CC ID 08219 | Configuration | Preventive | |
| Configure the "Deny log on through Terminal Services" to organizational standards. CC ID 08220 | Configuration | Preventive | |
| Configure the "Offer Remote Assistance" to organizational standards. CC ID 08222 | Configuration | Preventive | |
| Configure the "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" to organizational standards. CC ID 08228 | Configuration | Preventive | |
| Configure the "Allow users to connect remotely using Remote Desktop Services" to organizational standards. CC ID 08234 | Configuration | Preventive | |
| Configure the "MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 08247 | Configuration | Preventive | |
| Configure the "MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames" to organizational standards. CC ID 08253 | Configuration | Preventive | |
| Configure the "Solicited Remote Assistance" to organizational standards. CC ID 08265 | Configuration | Preventive | |
| Configure "Turn off the "Publish to Web" task for files and folders" to organizational standards. CC ID 08285 | Configuration | Preventive | |
| Configure the "Do not allow Windows Messenger to be run" to organizational standards. CC ID 08288 | Configuration | Preventive | |
| Configure the "Allow log on through Terminal Services" to organizational standards. CC ID 08291 | Configuration | Preventive | |
| Configure the "Require trusted path for credential entry." to organizational standards CC ID 08293 | Configuration | Preventive | |
| Configure the "Turn off Search Companion content file updates" to organizational standards. CC ID 08302 | Configuration | Preventive | |
| Configure the "Prevent access to registry editing tools" to organizational standards. CC ID 08331 | Configuration | Preventive | |
| Configure the "Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08347 | Configuration | Preventive | |
| Configure the "Turn on SmartScreen Filter scan" to organizational standards. CC ID 08357 | Configuration | Preventive | |
| Configure the "Disallow WinRM from storing RunAs credentials" to organizational standards. CC ID 08362 | Configuration | Preventive | |
| Configure the "Turn off URL Suggestions" to organizational standards. CC ID 08372 | Configuration | Preventive | |
| Configure the "Prevent users from bypassing SmartScreen Filter's application reputation warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08385 | Configuration | Preventive | |
| Configure the "Prevent access to Delete Browsing History" to organizational standards. CC ID 08387 | Configuration | Preventive | |
| Configure the "Turn off InPrivate Browsing" to organizational standards. CC ID 08421 | Configuration | Preventive | |
| Configure the "Turn off Windows Location Provider" to organizational standards. CC ID 08427 | Configuration | Preventive | |
| Configure the "Turn on Suggested Sites" to organizational standards. CC ID 08434 | Configuration | Preventive | |
| Configure the "Turn off access to the Store" to organizational standards. CC ID 08436 | Configuration | Preventive | |
| Configure the "Point and Print Restrictions" to organizational standards. CC ID 08441 | Configuration | Preventive | |
| Configure the "Prevent changing proxy settings" to organizational standards. CC ID 08447 | Configuration | Preventive | |
| Configure the "Allow deleting browsing history on exit" to organizational standards. CC ID 08456 | Configuration | Preventive | |
| Configure the "Allow scripting of Internet Explorer WebBrowser controls" to organizational standards. CC ID 08464 | Configuration | Preventive | |
| Configure the "Turn off Managing SmartScreen Filter for Internet Explorer 9" to organizational standards. CC ID 08472 | Configuration | Preventive | |
| Configure the "Check Administrator Group Membership" to organizational standards. CC ID 08473 | Configuration | Preventive | |
| Configure the "Check if AppLocker is Enabled" to organizational standards. CC ID 08475 | Configuration | Preventive | |
| Configure the "Prevent the computer from joining a homegroup" to organizational standards. CC ID 08486 | Configuration | Preventive | |
| Configure the "Disable Browser Geolocation" to organizational standards. CC ID 08491 | Configuration | Preventive | |
| Configure the "Allow Remote Shell Access" to organizational standards. CC ID 08496 | Configuration | Preventive | |
| Configure the "Turn Off the Display (Plugged In)" to organizational standards. CC ID 08502 | Configuration | Preventive | |
| Configure the "Do not enumerate connected users on domain-joined computers" to organizational standards. CC ID 08507 | Configuration | Preventive | |
| Configure the "Enable dragging of content from different domains across windows" to organizational standards. CC ID 08517 | Configuration | Preventive | |
| Configure the "Turn off first-run prompt" to organizational standards. CC ID 08521 | Configuration | Preventive | |
| Configure the "Allow Scriptlets" to organizational standards. CC ID 08523 | Configuration | Preventive | |
| Configure the "Turn on ActiveX Filtering" to organizational standards. CC ID 08524 | Configuration | Preventive | |
| Configure the "Userdata persistence" to organizational standards. CC ID 08533 | Configuration | Preventive | |
| Configure the "Enable dragging of content from different domains within a window" to organizational standards. CC ID 08535 | Configuration | Preventive | |
| Configure the "Turn off app notifications on the lock screen" to organizational standards. CC ID 08536 | Configuration | Preventive | |
| Configure the "Allow updates to status bar via script" to organizational standards. CC ID 08540 | Configuration | Preventive | |
| Configure the "Enumerate local users on domain-joined computers" to organizational standards. CC ID 08546 | Configuration | Preventive | |
| Configure the "Prevent deleting websites that the user has visited" to organizational standards. CC ID 08547 | Configuration | Preventive | |
| Configure the "Install new versions of Internet Explorer automatically" to organizational standards. CC ID 08551 | Configuration | Preventive | |
| Configure the "Make proxy settings per-machine (rather than per-user)" to organizational standards. CC ID 08553 | Configuration | Preventive | |
| Configure the "Disable external branding of Internet Explorer" to organizational standards. CC ID 08555 | Configuration | Preventive | |
| Configure the "Include local path when user is uploading files to a server" to organizational standards. CC ID 08557 | Configuration | Preventive | |
| Configure the "Configure Solicited Remote Assistance" to organizational standards. CC ID 08561 | Configuration | Preventive | |
| Configure the "Allow loading of XAML files" to organizational standards. CC ID 08562 | Configuration | Preventive | |
| Configure the "Do not display the password reveal button" to organizational standards. CC ID 08567 | Configuration | Preventive | |
| Configure the "Prevent running First Run wizard" to organizational standards. CC ID 08572 | Configuration | Preventive | |
| Configure the "Turn off location" to organizational standards. CC ID 08575 | Configuration | Preventive | |
| Configure the "Turn on Enhanced Protected Mode" to organizational standards. CC ID 08577 | Configuration | Preventive | |
| Configure the "Turn off browser geolocation" to organizational standards. CC ID 08580 | Configuration | Preventive | |
| Configure the "Do not display the reveal password button" to organizational standards. CC ID 08583 | Configuration | Preventive | |
| Configure the "Include updated website lists from Microsoft" to organizational standards. CC ID 08593 | Configuration | Preventive | |
| Configure the "Turn off Event Viewer "Events.asp" links" to organizational standards. CC ID 08604 | Configuration | Preventive | |
| Configure the "Configure Offer Remote Assistance" to organizational standards. CC ID 08605 | Configuration | Preventive | |
| Configure the "Prevent specifying the update check interval (in days)" to organizational standards. CC ID 08608 | Configuration | Preventive | |
| Configure the "Turn Off the Display (On Battery)" to organizational standards. CC ID 08609 | Configuration | Preventive | |
| Configure the "Prevent participation in the Customer Experience Improvement Program" to organizational standards. CC ID 08611 | Configuration | Preventive | |
| Configure the "Add a specific list of search providers to the user's search provider list" setting to organizational standards. CC ID 10420 | Configuration | Preventive | |
| Configure the "Admin-approved behaviors" setting to organizational standards. CC ID 10421 | Configuration | Preventive | |
| Configure the "Allow the display of image download placeholders" setting to organizational standards. CC ID 10422 | Configuration | Preventive | |
| Configure the "Allow the printing of background colors and images" setting to organizational standards. CC ID 10423 | Configuration | Preventive | |
| Configure the "Audio/Video Player" setting to organizational standards. CC ID 10424 | Configuration | Preventive | |
| Configure the "Auto-hide the Toolbars" setting to organizational standards. CC ID 10425 | Configuration | Preventive | |
| Configure the "Binary Behavior Security Restriction: All Processes" setting to organizational standards. CC ID 10426 | Configuration | Preventive | |
| Configure the "Binary Behavior Security Restriction: Internet Explorer Processes" setting to organizational standards. CC ID 10427 | Configuration | Preventive | |
| Configure the "Binary Behavior Security Restriction: Process List" setting to organizational standards. CC ID 10428 | Configuration | Preventive | |
| Configure the "Carpoint" setting to organizational standards. CC ID 10429 | Configuration | Preventive | |
| Configure the "Configure new tab page default behavior" setting to organizational standards. CC ID 10430 | Configuration | Preventive | |
| Configure the "Customize Command Labels" setting to organizational standards. CC ID 10431 | Configuration | Preventive | |
| Configure the "Customize User Agent String" setting to organizational standards. CC ID 10432 | Configuration | Preventive | |
| Configure the "Deploy default Accelerators" setting to organizational standards. CC ID 10433 | Configuration | Preventive | |
| Configure the "Deploy non-default Accelerators" setting to organizational standards. CC ID 10434 | Configuration | Preventive | |
| Configure the "DHTML Edit Control" setting to organizational standards. CC ID 10435 | Configuration | Preventive | |
| Configure the "Disable caching of Auto-Proxy scripts" setting to organizational standards. CC ID 10436 | Configuration | Preventive | |
| Configure the "Disable changing accessibility settings" setting to organizational standards. CC ID 10437 | Configuration | Preventive | |
| Configure the "Disable changing Calendar and Contact settings" setting to organizational standards. CC ID 10438 | Configuration | Preventive | |
| Configure the "Disable changing color settings" setting to organizational standards. CC ID 10439 | Configuration | Preventive | |
| Configure the "Disable changing default browser check" setting to organizational standards. CC ID 10440 | Configuration | Preventive | |
| Configure the "Disable changing font settings" setting to organizational standards. CC ID 10441 | Configuration | Preventive | |
| Configure the "Disable changing home page settings" setting to organizational standards. CC ID 10442 | Configuration | Preventive | |
| Configure the "Disable changing language settings" setting to organizational standards. CC ID 10443 | Configuration | Preventive | |
| Configure the "Disable changing link color settings" setting to organizational standards. CC ID 10444 | Configuration | Preventive | |
| Configure the "Disable changing Messaging settings" setting to organizational standards. CC ID 10445 | Configuration | Preventive | |
| Configure the "Disable changing ratings settings" setting to organizational standards. CC ID 10446 | Configuration | Preventive | |
| Configure the "Disable changing secondary home page settings" setting to organizational standards. CC ID 10447 | Configuration | Preventive | |
| Configure the "Disable changing Temporary Internet files settings" setting to organizational standards. CC ID 10448 | Configuration | Preventive | |
| Configure the "Disable Context menu" setting to organizational standards. CC ID 10449 | Configuration | Preventive | |
| Configure the "Disable customizing browser toolbar buttons" setting to organizational standards. CC ID 10450 | Configuration | Preventive | |
| Configure the "Disable customizing browser toolbars" setting to organizational standards. CC ID 10451 | Configuration | Preventive | |
| Configure the "Disable Import/Export Settings wizard" setting to organizational standards. CC ID 10452 | Configuration | Preventive | |
| Configure the "Disable Open in New Window menu option" setting to organizational standards. CC ID 10453 | Configuration | Preventive | |
| Configure the "Disable the Connections page" setting to organizational standards. CC ID 10454 | Configuration | Preventive | |
| Configure the "Disable the Content page" setting to organizational standards. CC ID 10455 | Configuration | Preventive | |
| Configure the "Disable the General page" setting to organizational standards. CC ID 10456 | Configuration | Preventive | |
| Configure the "Disable the Programs page" setting to organizational standards. CC ID 10457 | Configuration | Preventive | |
| Configure the "Disable toolbars and extensions when InPrivate Browsing starts" setting to organizational standards. CC ID 10458 | Configuration | Preventive | |
| Configure the "Display error message on proxy script download failure" setting to organizational standards. CC ID 10459 | Configuration | Preventive | |
| Configure the "Do not collect InPrivate Filtering data" setting to organizational standards. CC ID 10460 | Configuration | Preventive | |
| Configure the "Do not save encrypted pages to disk" setting to organizational standards. CC ID 10461 | Configuration | Preventive | |
| Configure the "Empty Temporary Internet Files folder when browser is closed" setting to organizational standards. CC ID 10462 | Configuration | Preventive | |
| Configure the "Enforce Full Screen Mode" setting to organizational standards. CC ID 10463 | Configuration | Preventive | |
| Configure the "File menu: Disable closing the browser and Explorer windows" setting to organizational standards. CC ID 10464 | Configuration | Preventive | |
| Configure the "File menu: Disable New menu option" setting to organizational standards. CC ID 10465 | Configuration | Preventive | |
| Configure the "File menu: Disable Open menu option" setting to organizational standards. CC ID 10466 | Configuration | Preventive | |
| Configure the "File menu: Disable Save As Web Page Complete" setting to organizational standards. CC ID 10467 | Configuration | Preventive | |
| Configure the "File menu: Disable Save As.. menu option" setting to organizational standards. CC ID 10468 | Configuration | Preventive | |
| Configure the "File size limits for Internet zone" setting to organizational standards. CC ID 10469 | Configuration | Preventive | |
| Configure the "File size limits for Intranet zone" setting to organizational standards. CC ID 10470 | Configuration | Preventive | |
| Configure the "File size limits for Local Machine zone" setting to organizational standards. CC ID 10471 | Configuration | Preventive | |
| Configure the "File size limits for Restricted Sites zone" setting to organizational standards. CC ID 10472 | Configuration | Preventive | |
| Configure the "File size limits for Trusted Sites zone" setting to organizational standards. CC ID 10473 | Configuration | Preventive | |
| Configure the "Help menu: Remove 'Send Feedback' menu option" setting to organizational standards. CC ID 10474 | Configuration | Preventive | |
| Configure the "Help menu: Remove 'Tour' menu option" setting to organizational standards. CC ID 10475 | Configuration | Preventive | |
| Configure the "Hide Favorites menu" setting to organizational standards. CC ID 10476 | Configuration | Preventive | |
| Configure the "Hide the Command Bar" setting to organizational standards. CC ID 10477 | Configuration | Preventive | |
| Configure the "Hide the Status Bar" setting to organizational standards. CC ID 10478 | Configuration | Preventive | |
| Configure the "InPrivate Filtering Threshold" setting to organizational standards. CC ID 10479 | Configuration | Preventive | |
| Configure the "Internet Zone Restricted Protocols" setting to organizational standards. CC ID 10480 | Configuration | Preventive | |
| Configure the "Internet Zone Template" setting to organizational standards. CC ID 10481 | Configuration | Preventive | |
| Configure the "Intranet Sites: Include all local (intranet) sites not listed in other zones" setting to organizational standards. CC ID 10482 | Configuration | Preventive | |
| Configure the "Intranet Sites: Include all sites that bypass the proxy server" setting to organizational standards. CC ID 10483 | Configuration | Preventive | |
| Configure the "Intranet Zone Restricted Protocols" setting to organizational standards. CC ID 10484 | Configuration | Preventive | |
| Configure the "Intranet Zone Template" setting to organizational standards. CC ID 10485 | Configuration | Preventive | |
| Configure the "Investor" setting to organizational standards. CC ID 10486 | Configuration | Preventive | |
| Configure the "Local Machine Zone Restricted Protocols" setting to organizational standards. CC ID 10487 | Configuration | Preventive | |
| Configure the "Local Machine Zone Template" setting to organizational standards. CC ID 10488 | Configuration | Preventive | |
| Configure the "Lock all Toolbars" setting to organizational standards. CC ID 10489 | Configuration | Preventive | |
| Configure the "Locked-Down Internet Zone Template" setting to organizational standards. CC ID 10490 | Configuration | Preventive | |
| Configure the "Locked-Down Intranet Zone Template" setting to organizational standards. CC ID 10491 | Configuration | Preventive | |
| Configure the "Locked-Down Local Machine Zone Template" setting to organizational standards. CC ID 10492 | Configuration | Preventive | |
| Configure the "Locked-Down Restricted Sites Zone Template" setting to organizational standards. CC ID 10493 | Configuration | Preventive | |
| Configure the "Locked-Down Trusted Sites Zone Template" setting to organizational standards. CC ID 10494 | Configuration | Preventive | |
| Configure the "Maximum number of connections per server (HTTP 1.0)" setting to organizational standards. CC ID 10495 | Configuration | Preventive | |
| Configure the "Maximum number of connections per server (HTTP 1.1)" setting to organizational standards. CC ID 10496 | Configuration | Preventive | |
| Configure the "Menu Controls" setting to organizational standards. CC ID 10497 | Configuration | Preventive | |
| Configure the "Microsoft Agent" setting to organizational standards. CC ID 10498 | Configuration | Preventive | |
| Configure the "Microsoft Chat" setting to organizational standards. CC ID 10499 | Configuration | Preventive | |
| Configure the "Microsoft Scriptlet Component" setting to organizational standards. CC ID 10500 | Configuration | Preventive | |
| Configure the "Microsoft Survey Control" setting to organizational standards. CC ID 10501 | Configuration | Preventive | |
| Configure the "Moving the menu bar above the navigation bar" setting to organizational standards. CC ID 10502 | Configuration | Preventive | |
| Configure the "MSNBC" setting to organizational standards. CC ID 10503 | Configuration | Preventive | |
| Configure the "NetShow File Transfer Control" setting to organizational standards. CC ID 10504 | Configuration | Preventive | |
| Configure the "Network Protocol Lockdown: All Processes" setting to organizational standards. CC ID 10505 | Configuration | Preventive | |
| Configure the "Network Protocol Lockdown: Internet Explorer Processes" setting to organizational standards. CC ID 10506 | Configuration | Preventive | |
| Configure the "Network Protocol Lockdown: Process List" setting to organizational standards. CC ID 10507 | Configuration | Preventive | |
| Configure the "Play animations in web pages" setting to organizational standards. CC ID 10508 | Configuration | Preventive | |
| Configure the "Play sounds in web pages" setting to organizational standards. CC ID 10509 | Configuration | Preventive | |
| Configure the "Pop-up allow list" setting to organizational standards. CC ID 10510 | Configuration | Preventive | |
| Configure the "Prevent configuration of search from the Address bar" setting to organizational standards. CC ID 10511 | Configuration | Preventive | |
| Configure the "Prevent Deleting Favorites Site Data" setting to organizational standards. CC ID 10512 | Configuration | Preventive | |
| Configure the "Prevent Deleting Form Data" setting to organizational standards. CC ID 10513 | Configuration | Preventive | |
| Configure the "Prevent Deleting InPrivate Filtering data" setting to organizational standards. CC ID 10514 | Configuration | Preventive | |
| Configure the "Prevent Deleting Passwords" setting to organizational standards. CC ID 10515 | Configuration | Preventive | |
| Configure the "Prevent Internet Explorer Search box from displaying" setting to organizational standards. CC ID 10516 | Configuration | Preventive | |
| Configure the "Prevent setting of the code download path for each machine" setting to organizational standards. CC ID 10517 | Configuration | Preventive | |
| Configure the "Prevent the configuration of cipher strength update information URLs" setting to organizational standards. CC ID 10518 | Configuration | Preventive | |
| Configure the "Prevent the use of Windows colors" setting to organizational standards. CC ID 10519 | Configuration | Preventive | |
| Configure the "Prevent users from choosing default text size" setting to organizational standards. CC ID 10520 | Configuration | Preventive | |
| Configure the "Prevent users from configuring background color" setting to organizational standards. CC ID 10521 | Configuration | Preventive | |
| Configure the "Prevent users from configuring text color" setting to organizational standards. CC ID 10522 | Configuration | Preventive | |
| Configure the "Prevent users from configuring the color of links that have already been clicked" setting to organizational standards. CC ID 10523 | Configuration | Preventive | |
| Configure the "Prevent users from configuring the color of links that have not yet been clicked" setting to organizational standards. CC ID 10524 | Configuration | Preventive | |
| Configure the "Prevent users from configuring the hover color" setting to organizational standards. CC ID 10525 | Configuration | Preventive | |
| Configure the "Restrict changing the default search provider" setting to organizational standards. CC ID 10526 | Configuration | Preventive | |
| Configure the "Restrict search providers to a specific list of providers" setting to organizational standards. CC ID 10527 | Configuration | Preventive | |
| Configure the "Restricted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10528 | Configuration | Preventive | |
| Configure the "Restricted Sites Zone Template" setting to organizational standards. CC ID 10529 | Configuration | Preventive | |
| Configure the "Send internationalized domain names" setting to organizational standards. CC ID 10530 | Configuration | Preventive | |
| Configure the "Set location of Stop and Refresh buttons" setting to organizational standards. CC ID 10531 | Configuration | Preventive | |
| Configure the "Set tab process growth" setting to organizational standards. CC ID 10532 | Configuration | Preventive | |
| Configure the "Flash" setting to organizational standards. CC ID 10533 | Configuration | Preventive | |
| Configure the "Tools menu: Disable Internet Options.. menu option" setting to organizational standards. CC ID 10534 | Configuration | Preventive | |
| Configure the "Trusted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10535 | Configuration | Preventive | |
| Configure the "Trusted Sites Zone Template" setting to organizational standards. CC ID 10536 | Configuration | Preventive | |
| Configure the "Turn off Accelerators" setting to organizational standards. CC ID 10537 | Configuration | Preventive | |
| Configure the "Turn off Automatic Crash Recovery Prompt" setting to organizational standards. CC ID 10538 | Configuration | Preventive | |
| Configure the "Turn off automatic image resizing" setting to organizational standards. CC ID 10539 | Configuration | Preventive | |
| Configure the "Turn off ClearType" setting to organizational standards. CC ID 10540 | Configuration | Preventive | |
| Configure the "Turn off Compatibility View button" setting to organizational standards. CC ID 10541 | Configuration | Preventive | |
| Configure the "Turn off Compatibility View" setting to organizational standards. CC ID 10542 | Configuration | Preventive | |
| Configure the "Turn off configuration of default behavior of new tab creation" setting to organizational standards. CC ID 10543 | Configuration | Preventive | |
| Configure the "Turn off configuration of tabbed browsing pop-up behavior" setting to organizational standards. CC ID 10544 | Configuration | Preventive | |
| Configure the "Turn off configuration of window reuse" setting to organizational standards. CC ID 10545 | Configuration | Preventive | |
| Configure the "Turn off configuring underline links" setting to organizational standards. CC ID 10546 | Configuration | Preventive | |
| Configure the "Turn off Cross Document Messaging" setting to organizational standards. CC ID 10547 | Configuration | Preventive | |
| Configure the "Turn off Data URI Support" setting to organizational standards. CC ID 10548 | Configuration | Preventive | |
| Configure the "Turn off Developer Tools" setting to organizational standards. CC ID 10549 | Configuration | Preventive | |
| Configure the "Turn off displaying the Internet Explorer Help Menu" setting to organizational standards. CC ID 10550 | Configuration | Preventive | |
| Configure the "Turn off Favorites bar" setting to organizational standards. CC ID 10551 | Configuration | Preventive | |
| Configure the "Turn off friendly http error messages" setting to organizational standards. CC ID 10552 | Configuration | Preventive | |
| Configure the "Turn off InPrivate Filtering" setting to organizational standards. CC ID 10553 | Configuration | Preventive | |
| Configure the "Turn off Managing Pop-up Allow list" setting to organizational standards. CC ID 10554 | Configuration | Preventive | |
| Configure the "Turn off managing Pop-up filter level" setting to organizational standards. CC ID 10555 | Configuration | Preventive | |
| Configure the "Turn off page zooming functionality" setting to organizational standards. CC ID 10556 | Configuration | Preventive | |
| Configure the "Turn off picture display" setting to organizational standards. CC ID 10557 | Configuration | Preventive | |
| Configure the "Turn off pop-up management" setting to organizational standards. CC ID 10558 | Configuration | Preventive | |
| Configure the "Turn off Print Menu" setting to organizational standards. CC ID 10559 | Configuration | Preventive | |
| Configure the "Turn off Quick Tabs functionality" setting to organizational standards. CC ID 10560 | Configuration | Preventive | |
| Configure the "Turn off Reopen Last Browsing Session" setting to organizational standards. CC ID 10561 | Configuration | Preventive | |
| Configure the "Turn off sending URLs as UTF-8 (requires restart)" setting to organizational standards. CC ID 10562 | Configuration | Preventive | |
| Configure the "Turn off smart image dithering" setting to organizational standards. CC ID 10563 | Configuration | Preventive | |
| Configure the "Turn off smooth scrolling" setting to organizational standards. CC ID 10564 | Configuration | Preventive | |
| Configure the "Turn off suggestions for all user-installed providers" setting to organizational standards. CC ID 10565 | Configuration | Preventive | |
| Configure the "Turn off Tab Grouping" setting to organizational standards. CC ID 10566 | Configuration | Preventive | |
| Configure the "Turn off tabbed browsing" setting to organizational standards. CC ID 10567 | Configuration | Preventive | |
| Configure the "Turn off the activation of the quick pick menu" setting to organizational standards. CC ID 10568 | Configuration | Preventive | |
| Configure the "Turn off the auto-complete feature for web addresses" setting to organizational standards. CC ID 10569 | Configuration | Preventive | |
| Configure the "Turn off the XDomainRequest Object" setting to organizational standards. CC ID 10570 | Configuration | Preventive | |
| Configure the "Turn off toolbar upgrade tool" setting to organizational standards. CC ID 10571 | Configuration | Preventive | |
| Configure the "Turn off Windows Search AutoComplete" setting to organizational standards. CC ID 10572 | Configuration | Preventive | |
| Configure the "Turn on automatic detection of the intranet" setting to organizational standards. CC ID 10573 | Configuration | Preventive | |
| Configure the "Turn on Automatic Signup" setting to organizational standards. CC ID 10574 | Configuration | Preventive | |
| Configure the "Turn on Caret Browsing support" setting to organizational standards. CC ID 10575 | Configuration | Preventive | |
| Configure the "Turn on Compatibility Logging" setting to organizational standards. CC ID 10576 | Configuration | Preventive | |
| Configure the "Turn on Information bar notification for intranet content" setting to organizational standards. CC ID 10577 | Configuration | Preventive | |
| Configure the "Turn on inline AutoComplete for Web addresses" setting to organizational standards. CC ID 10578 | Configuration | Preventive | |
| Configure the "Turn on Internet Explorer 7 Standards Mode" setting to organizational standards. CC ID 10579 | Configuration | Preventive | |
| Configure the "Turn on Internet Explorer Standards Mode for Local Intranet" setting to organizational standards. CC ID 10580 | Configuration | Preventive | |
| Configure the "Turn on menu bar by default" setting to organizational standards. CC ID 10581 | Configuration | Preventive | |
| Configure the "Turn on the display of a notification about every script error" setting to organizational standards. CC ID 10582 | Configuration | Preventive | |
| Configure the "Turn on the hover color option" setting to organizational standards. CC ID 10583 | Configuration | Preventive | |
| Configure the "Use Automatic Detection for dial-up connections" setting to organizational standards. CC ID 10584 | Configuration | Preventive | |
| Configure the "Use HTTP 1.1 through proxy connections" setting to organizational standards. CC ID 10585 | Configuration | Preventive | |
| Configure the "Use HTTP 1.1" setting to organizational standards. CC ID 10586 | Configuration | Preventive | |
| Configure the "Use large Icons for Command Buttons" setting to organizational standards. CC ID 10587 | Configuration | Preventive | |
| Configure the "Use Policy Accelerators" setting to organizational standards. CC ID 10588 | Configuration | Preventive | |
| Configure the "Use Policy List of Internet Explorer 7 sites" setting to organizational standards. CC ID 10589 | Configuration | Preventive | |
| Configure the "Use UTF-8 for mailto links" setting to organizational standards. CC ID 10590 | Configuration | Preventive | |
| Configure the "View menu: Disable Full Screen menu option" setting to organizational standards. CC ID 10591 | Configuration | Preventive | |
| Configure the "View menu: Disable Source menu option" setting to organizational standards. CC ID 10592 | Configuration | Preventive | |
| Configure the "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting to organizational standards. CC ID 10607 | Configuration | Preventive | |
| Configure the "AutoRun" setting to organizational standards. CC ID 10608 | Configuration | Preventive | |
| Implement hardware-based write-protect for system firmware components. CC ID 10659 | Technical Security | Preventive | |
| Implement procedures to manually disable hardware-based write-protect to change computer firmware. CC ID 10660 | Technical Security | Preventive | |
| Configure the "Disable binding directly to IPropertySetStorage without intermediate layers." setting to organizational standards. CC ID 10861 | Configuration | Preventive | |
| Configure the "Disable delete notifications on all volumes" setting to organizational standards. CC ID 10862 | Configuration | Preventive | |
| Configure the "Disable IE security prompt for Windows Installer scripts" setting to organizational standards. CC ID 10863 | Configuration | Preventive | |
| Configure the "Disable or enable software Secure Attention Sequence" setting to organizational standards. CC ID 10865 | Configuration | Preventive | |
| Configure the "Disable text prediction" setting to organizational standards. CC ID 10867 | Configuration | Preventive | |
| Configure the "Disable Windows Error Reporting" machine setting should be configured correctly. to organizational standards. CC ID 10868 | Configuration | Preventive | |
| Configure the "Disable Windows Installer" setting to organizational standards. CC ID 10869 | Configuration | Preventive | |
| Configure the "Display a custom message when installation is prevented by a policy setting" setting to organizational standards. CC ID 10886 | Configuration | Preventive | |
| Configure the "Enable/Disable PerfTrack" setting to organizational standards. CC ID 10953 | Configuration | Preventive | |
| Configure the "Enforce disk quota limit" setting to organizational standards. CC ID 10956 | Configuration | Preventive | |
| Configure the "Limit audio playback quality" setting to organizational standards. CC ID 11006 | Configuration | Preventive | |
| Configure the "Limit disk space used by offline files" setting to organizational standards. CC ID 11007 | Configuration | Preventive | |
| Configure the "Limit maximum color depth" setting to organizational standards. CC ID 11008 | Configuration | Preventive | |
| Configure the "Limit maximum display resolution" setting to organizational standards. CC ID 11009 | Configuration | Preventive | |
| Configure the "Limit maximum number of monitors" setting to organizational standards. CC ID 11010 | Configuration | Preventive | |
| Configure the "Limit outstanding packets" setting to organizational standards. CC ID 11012 | Configuration | Preventive | |
| Configure the "Limit reservable bandwidth" setting to organizational standards. CC ID 11013 | Configuration | Preventive | |
| Configure the "Limit the age of files in the BITS Peercache" setting to organizational standards. CC ID 11014 | Configuration | Preventive | |
| Configure the "Limit the BITS Peercache size" setting to organizational standards. CC ID 11015 | Configuration | Preventive | |
| Configure the "Limit the maximum BITS job download time" setting to organizational standards. CC ID 11016 | Configuration | Preventive | |
| Configure the "Limit the maximum number of BITS jobs for each user" setting to organizational standards. CC ID 11018 | Configuration | Preventive | |
| Configure the "Limit the maximum number of BITS jobs for this computer" setting to organizational standards. CC ID 11019 | Configuration | Preventive | |
| Configure the "Limit the maximum number of ranges that can be added to the file in a BITS job" setting to organizational standards. CC ID 11021 | Configuration | Preventive | |
| Configure the "Limit the size of the entire roaming user profile cache" setting to organizational standards. CC ID 11022 | Configuration | Preventive | |
| Configure the "Microsoft Support Diagnostic Tool: Restrict tool download" setting to organizational standards. CC ID 11044 | Configuration | Preventive | |
| Configure the "Prevent access to 16-bit applications" setting to organizational standards. CC ID 11066 | Configuration | Preventive | |
| Configure the "Prevent Automatic Updates" setting to organizational standards. CC ID 11067 | Configuration | Preventive | |
| Configure the "Prevent Back-ESC mapping" setting to organizational standards. CC ID 11068 | Configuration | Preventive | |
| Configure the "Prevent backing up to local disks" setting to organizational standards. CC ID 11069 | Configuration | Preventive | |
| Configure the "Prevent backing up to optical media (CD/DVD)" setting to organizational standards. CC ID 11071 | Configuration | Preventive | |
| Configure the "Prevent display of the user interface for critical errors" setting to organizational standards. CC ID 11074 | Configuration | Preventive | |
| Configure the "Prevent flicks" setting to organizational standards. CC ID 11075 | Configuration | Preventive | |
| Configure the "Prevent Flicks Learning Mode" setting to organizational standards. CC ID 11076 | Configuration | Preventive | |
| Configure the "Prevent Input Panel tab from appearing" setting to organizational standards. CC ID 11077 | Configuration | Preventive | |
| Configure the "Prevent launch an application" setting to organizational standards. CC ID 11081 | Configuration | Preventive | |
| Configure the "Prevent license upgrade" setting to organizational standards. CC ID 11082 | Configuration | Preventive | |
| Configure the "Prevent Media Sharing" setting to organizational standards. CC ID 11083 | Configuration | Preventive | |
| Configure the "Prevent plaintext PINs from being returned by Credential Manager" setting to organizational standards. CC ID 11084 | Configuration | Preventive | |
| Configure the "Prevent press and hold" setting to organizational standards. CC ID 11085 | Configuration | Preventive | |
| Configure the "Prevent Quick Launch Toolbar Shortcut Creation" setting to organizational standards. CC ID 11086 | Configuration | Preventive | |
| Configure the "Prevent restoring local previous versions" setting to organizational standards. CC ID 11087 | Configuration | Preventive | |
| Configure the "Prevent restoring previous versions from backups" setting to organizational standards. CC ID 11088 | Configuration | Preventive | |
| Configure the "Prevent Roaming Profile changes from propagating to the server" setting to organizational standards. CC ID 11090 | Configuration | Preventive | |
| Configure the "Prevent Video Smoothing" setting to organizational standards. CC ID 11091 | Configuration | Preventive | |
| Configure the "Prevent Windows Anytime Upgrade from running." setting to organizational standards. CC ID 11092 | Configuration | Preventive | |
| Configure the "Prohibit Access of the Windows Connect Now wizards" setting to organizational standards. CC ID 11100 | Configuration | Preventive | |
| Configure the "Prohibit Flyweight Patching" setting to organizational standards. CC ID 11101 | Configuration | Preventive | |
| Configure the "Prohibit installing or uninstalling color profiles" setting to organizational standards. CC ID 11103 | Configuration | Preventive | |
| Configure the "Prohibit patching" setting to organizational standards. CC ID 11104 | Configuration | Preventive | |
| Configure the "Prohibit removal of updates" setting to organizational standards. CC ID 11105 | Configuration | Preventive | |
| Configure the "Prohibit rollback" setting to organizational standards. CC ID 11106 | Configuration | Preventive | |
| Configure the "Prohibit Use of Restart Manager" setting to organizational standards. CC ID 11107 | Configuration | Preventive | |
| Configure the "Restrict Internet communication" setting to organizational standards. CC ID 11140 | Configuration | Preventive | |
| Configure the "Restrict potentially unsafe HTML Help functions to specified folders" setting to organizational standards. CC ID 11141 | Configuration | Preventive | |
| Configure the "Restrict system locales" setting to organizational standards. CC ID 11143 | Configuration | Preventive | |
| Configure the "Restrict these programs from being launched from Help" setting to organizational standards. CC ID 11144 | Configuration | Preventive | |
| Configure the "Restrict unpacking and installation of gadgets that are not digitally signed." setting to organizational standards. CC ID 11145 | Configuration | Preventive | |
| Configure the "Restrict user locales" setting to organizational standards. CC ID 11146 | Configuration | Preventive | |
| Configure the "Terminate session when time limits are reached" setting to organizational standards. CC ID 11241 | Configuration | Preventive | |
| Configure the "Turn off access to all Windows Update features" setting to organizational standards. CC ID 11254 | Configuration | Preventive | |
| Configure the "Turn off access to the OEM and Microsoft branding section" setting to organizational standards. CC ID 11255 | Configuration | Preventive | |
| Configure the "Turn off access to the performance center core section" setting to organizational standards. CC ID 11256 | Configuration | Preventive | |
| Configure the "Turn off access to the solutions to performance problems section" setting to organizational standards. CC ID 11257 | Configuration | Preventive | |
| Configure the "Turn off Active Help" setting to organizational standards. CC ID 11258 | Configuration | Preventive | |
| Configure the "Turn off Application Compatibility Engine" setting to organizational standards. CC ID 11261 | Configuration | Preventive | |
| Configure the "Turn off Application Telemetry" setting to organizational standards. CC ID 11262 | Configuration | Preventive | |
| Configure the "Turn off AutoComplete integration with Input Panel" setting to organizational standards. CC ID 11263 | Configuration | Preventive | |
| Configure the "Turn off automatic learning" setting to organizational standards. CC ID 11264 | Configuration | Preventive | |
| Configure the "Turn off Automatic Root Certificates Update" setting to organizational standards. CC ID 11265 | Configuration | Preventive | |
| Configure the "Turn off automatic termination of applications that block or cancel shutdown" setting to organizational standards. CC ID 11266 | Configuration | Preventive | |
| Configure the "Turn off automatic wake" setting to organizational standards. CC ID 11267 | Configuration | Preventive | |
| Configure the "Turn Off Boot and Resume Optimizations" setting to organizational standards. CC ID 11269 | Configuration | Preventive | |
| Configure the "Turn off Configuration" setting to organizational standards. CC ID 11271 | Configuration | Preventive | |
| Configure the "Turn off creation of System Restore Checkpoints" setting to organizational standards. CC ID 11273 | Configuration | Preventive | |
| Configure the "Turn off Data Execution Prevention for HTML Help Executible" setting to organizational standards. CC ID 11274 | Configuration | Preventive | |
| Configure the "Turn off downloading of game information" setting to organizational standards. CC ID 11276 | Configuration | Preventive | |
| Configure the "Turn off Fair Share CPU Scheduling" setting to organizational standards. CC ID 11277 | Configuration | Preventive | |
| Configure the "Turn off game updates" setting to organizational standards. CC ID 11279 | Configuration | Preventive | |
| Configure the "Turn off hardware buttons" setting to organizational standards. CC ID 11280 | Configuration | Preventive | |
| Configure the "Turn off location scripting" setting to organizational standards. CC ID 11287 | Configuration | Preventive | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Global" to organizational standards. CC ID 11290 | Configuration | Preventive | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Site Local" to organizational standards. CC ID 11292 | Configuration | Preventive | |
| Configure the "Turn off Multicast Name Resolution" setting to organizational standards. CC ID 11293 | Configuration | Preventive | |
| Configure the "Turn Off Non Volatile Cache Feature" setting to organizational standards. CC ID 11294 | Configuration | Preventive | |
| Configure the "Turn off numerical sorting in Windows Explorer" setting to organizational standards. CC ID 11295 | Configuration | Preventive | |
| Configure the "Turn off pen feedback" setting to organizational standards. CC ID 11297 | Configuration | Preventive | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Global" to organizational standards. CC ID 11298 | Configuration | Preventive | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Site Local" to organizational standards. CC ID 11300 | Configuration | Preventive | |
| Configure the "Turn off Problem Steps Recorder" setting to organizational standards. CC ID 11301 | Configuration | Preventive | |
| Configure the "Turn off Program Compatibility Assistant" setting to organizational standards. CC ID 11302 | Configuration | Preventive | |
| Configure the "Turn off Program Inventory" setting to organizational standards. CC ID 11303 | Configuration | Preventive | |
| Configure the "Turn off Real-Time Monitoring" setting to organizational standards. CC ID 11304 | Configuration | Preventive | |
| Configure the "Turn off restore functionality" setting to organizational standards. CC ID 11306 | Configuration | Preventive | |
| Configure the "Turn off Routinely Taking Action" setting to organizational standards. CC ID 11308 | Configuration | Preventive | |
| Configure the "Turn off sensors" setting to organizational standards. CC ID 11309 | Configuration | Preventive | |
| Configure the "Turn Off Solid State Mode" setting to organizational standards. CC ID 11310 | Configuration | Preventive | |
| Configure the "Turn off SwitchBack Compatibility Engine" setting to organizational standards. CC ID 11311 | Configuration | Preventive | |
| Configure the "Turn off System Restore" setting to organizational standards. CC ID 11312 | Configuration | Preventive | |
| Configure the "Turn off Tablet PC touch input" setting to organizational standards. CC ID 11313 | Configuration | Preventive | |
| Configure the "Turn off the ability to back up data files" setting to organizational standards. CC ID 11315 | Configuration | Preventive | |
| Configure the "Turn off the ability to create a system image" setting to organizational standards. CC ID 11316 | Configuration | Preventive | |
| Configure the "Turn off the communities features" setting to organizational standards. CC ID 11317 | Configuration | Preventive | |
| Configure the "Turn off Touch Panning" setting to organizational standards. CC ID 11320 | Configuration | Preventive | |
| Configure the "Turn off tracking of last play time of games in the Games folder" setting to organizational standards. CC ID 11321 | Configuration | Preventive | |
| Configure the "Turn off Windows Customer Experience Improvement Program" setting to organizational standards. CC ID 11323 | Configuration | Preventive | |
| Configure the "Turn off Windows Defender" setting to organizational standards. CC ID 11324 | Configuration | Preventive | |
| Configure the "Turn off Windows HotStart" setting to organizational standards. CC ID 11325 | Configuration | Preventive | |
| Configure the "Turn off Windows Installer RDS Compatibility" setting to organizational standards. CC ID 11326 | Configuration | Preventive | |
| Configure the "Turn off Windows Mobility Center" setting to organizational standards. CC ID 11327 | Configuration | Preventive | |
| Configure the "Turn off Windows presentation settings" setting to organizational standards. CC ID 11329 | Configuration | Preventive | |
| Configure the "Turn off Windows SideShow" setting to organizational standards. CC ID 11330 | Configuration | Preventive | |
| Configure the "Turn off Windows Startup Sound" setting to organizational standards. CC ID 11331 | Configuration | Preventive | |
| Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 | Configuration | Preventive | |
| Refrain from using assertion lifetimes to limit each session. CC ID 13871 | Technical Security | Preventive | |
| Configure Session Configuration settings in accordance with organizational standards. CC ID 07698 | Configuration | Preventive | |
| Invalidate unexpected session identifiers. CC ID 15307 | Configuration | Preventive | |
| Configure the "MaxStartups" settings to organizational standards. CC ID 15329 | Configuration | Preventive | |
| Reject session identifiers that are not valid. CC ID 15306 | Configuration | Preventive | |
| Configure the "MaxSessions" settings to organizational standards. CC ID 15330 | Configuration | Preventive | |
| Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699 | Configuration | Preventive | |
| Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328 | Configuration | Preventive | |
| Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738 | Configuration | Preventive | |
| Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758 | Configuration | Preventive | |
| Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824 | Configuration | Preventive | |
| Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826 | Configuration | Preventive | |
| Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832 | Configuration | Preventive | |
| Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848 | Configuration | Preventive | |
| Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870 | Configuration | Preventive | |
| Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229 | Configuration | Preventive | |
| Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350 | Configuration | Preventive | |
| Install custom applications, only if they are trusted. CC ID 04822 | Configuration | Preventive | |
| Configure virtual networks in accordance with the information security policy. CC ID 13165 | Configuration | Preventive | |
| Configure Simple Network Management Protocol (SNMP) to organizational standards. CC ID 12423 | Configuration | Preventive | |
| Establish access requirements for SNMP community strings. CC ID 16357 | Technical Security | Preventive | |
| Configure Simple Network Management Protocol to enable authentication and privacy. CC ID 12427 | Configuration | Preventive | |
| Change the community string for Simple Network Management Protocol, as necessary. CC ID 01872 | Configuration | Preventive | |
| Configure the system's storage media. CC ID 10618 | Configuration | Preventive | |
| Configure the system's electronic storage media's encryption settings. CC ID 11927 | Configuration | Preventive | |
| Prohibit the use of sanitization-resistant media in Information Systems. CC ID 10617 | Configuration | Preventive | |
| Configure Internet Browser security options according to organizational standards. CC ID 02166 | Configuration | Preventive | |
| Configure the "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting. CC ID 04910 | Configuration | Preventive | |
| Configure the "Disable Internet Connection wizard" setting. CC ID 02242 | Configuration | Preventive | |
| Configure the "Disable Automatic Install of Internet Explorer components" setting. CC ID 04337 | Configuration | Preventive | |
| Configure the "Disable Periodic Check for Internet Explorer software updates" setting. CC ID 04338 | Configuration | Preventive | |
| Configure the "Do not allow users to enable or disable add-ons" setting in Internet Explorer properly. CC ID 04340 | Configuration | Preventive | |
| Configure the "Turn off Crash Detection" setting in Internet Explorer properly. CC ID 04345 | Configuration | Preventive | |
| Configure the "internet explorer processes (mk protocol)" setting. CC ID 04347 | Configuration | Preventive | |
| Configure the "internet explorer processes (consistent MIME handling)" setting. CC ID 04348 | Configuration | Preventive | |
| Configure the "internet explorer processes (MIME sniffing)" setting. CC ID 04349 | Configuration | Preventive | |
| Configure the "Internet Explorer Processes (Restrict ActiveX Install)" setting. CC ID 04352 | Configuration | Preventive | |
| Configure the "internet explorer processes (restrict file download)" setting. CC ID 04353 | Configuration | Preventive | |
| Configure the "Deny all add-ons unless specifically allowed in the Add-on List" setting. CC ID 04354 | Configuration | Preventive | |
| Configure the "Disable Save this program to disk option" setting in limited functionality environments properly. CC ID 04366 | Configuration | Preventive | |
| Configure the "Disable the Advanced Page" setting in limited functionality environments. CC ID 04367 | Configuration | Preventive | |
| Configure the "Disable the Security Page" setting in limited functionality environments properly. CC ID 04368 | Configuration | Preventive | |
| Configure the "Disable adding channels" setting in Internet Explorer properly. CC ID 04369 | Configuration | Preventive | |
| Configure the "Disable adding schedules for offline pages" setting. CC ID 04370 | Configuration | Preventive | |
| Configure the "Disable all scheduled offline pages" setting. CC ID 04371 | Configuration | Preventive | |
| Configure the "Disable channel user interface completely" setting. CC ID 04372 | Configuration | Preventive | |
| Configure the "Disable downloading of site subscription content" setting. CC ID 04373 | Configuration | Preventive | |
| Configure the "Disable editing and creating of schedule groups" setting. CC ID 04374 | Configuration | Preventive | |
| Configure the "Disable editing schedules for offline pages" setting. CC ID 04375 | Configuration | Preventive | |
| Configure the "Disable offline page hit logging" setting. CC ID 04376 | Configuration | Preventive | |
| Configure the "Disable removing channels" setting. CC ID 04377 | Configuration | Preventive | |
| Configure the "Disable removing schedules for offline pages" setting. CC ID 04378 | Configuration | Preventive | |
| Configure the "Disable 'Configuring History'" setting in specialized security environments properly. CC ID 04405 | Configuration | Preventive | |
| Configure the "Disable AutoComplete for forms" setting in limited functionality environments properly. CC ID 04406 | Configuration | Preventive | |
| Configure the "Prevent 'fix settings' functionality" setting in limited functionality environments properly. CC ID 04407 | Configuration | Preventive | |
| Configure the "Prevent deletion of 'Temporary Internet Files and Cookies'" setting in limited functionality environments properly. CC ID 04408 | Configuration | Preventive | |
| Configure the "Turn Off 'Delete Browsing History' Functionality" setting in limited functionality environments properly. CC ID 04409 | Configuration | Preventive | |
| Configure the "Turn off the Security Settings Check feature" setting in limited functionality environments properly. CC ID 04410 | Configuration | Preventive | |
| Configure the "Prevent ignoring certificate errors" setting in limited functionality environments properly. CC ID 04411 | Configuration | Preventive | |
| Configure the "allow install on demand (Internet Explorer)" setting in limited functionality environments properly. CC ID 04412 | Configuration | Preventive | |
| Configure the "Check for server certificate revocation" setting in limited functionality environments properly. CC ID 04413 | Configuration | Preventive | |
| Configure the "Access data sources across domains" setting. CC ID 04415 | Configuration | Preventive | |
| Configure the "Allow active scripting" setting in limited functionality environments properly. CC ID 04416 | Configuration | Preventive | |
| Configure the "Allow binary and script behaviors" setting in limited functionality environments properly. CC ID 04417 | Configuration | Preventive | |
| Configure the "Allow cut, copy, or paste operations from the clipboard via script" setting. CC ID 04418 | Configuration | Preventive | |
| Configure the "Allow drag and drop or copy and paste files" setting. CC ID 04419 | Configuration | Preventive | |
| Configure the "Allow file downloads" setting in limited functionality environments properly. CC ID 04420 | Configuration | Preventive | |
| Configure the "Allow font downloads" setting in limited functionality environments properly. CC ID 04421 | Configuration | Preventive | |
| Configure the "Allow installation of desktop items" setting in limited functionality environments properly. CC ID 04422 | Configuration | Preventive | |
| Configure the "Allow META REFRESH" setting in limited functionality environments properly. CC ID 04423 | Configuration | Preventive | |
| Configure the "Allow script-initiated windows without size or position constraints" setting in limited functionality environments properly. CC ID 04424 | Configuration | Preventive | |
| Configure the "Allow status bar updates via script" setting in limited functionality environments properly. CC ID 04425 | Configuration | Preventive | |
| Configure the "Automatic prompting for file downloads" setting in limited functionality environments properly. CC ID 04426 | Configuration | Preventive | |
| Configure the "Download signed ActiveX controls" setting in limited functionality environments properly. CC ID 04427 | Configuration | Preventive | |
| Configure the "Download unsigned ActiveX controls" setting in limited functionality environments properly. CC ID 04428 | Configuration | Preventive | |
| Configure the "Initialize and script ActiveX controls not marked as safe" setting in limited functionality environments properly. CC ID 04429 | Configuration | Preventive | |
| Configure the "Java permissions" setting in limited functionality environments properly. CC ID 04430 | Configuration | Preventive | |
| Configure the "Launching applications and files in an IFRAME" setting in limited functionality environments properly. CC ID 04431 | Configuration | Preventive | |
| Configure the "Logon Options" setting in limited functionality environments. CC ID 04432 | Configuration | Preventive | |
| Configure the "Navigate sub-frames across different domains" setting in limited functionality environments properly. CC ID 04433 | Configuration | Preventive | |
| Configure the "Open file based on content, not on file extension" setting in limited functionality environments properly. CC ID 04434 | Configuration | Preventive | |
| Configure the "Run.NET Framework-reliant components not signed with Authenticode" setting in limited functionality environments properly. CC ID 04435 | Configuration | Preventive | |
| Configure the "Run.NET Framework-reliant components signed with Authenticode" setting in limited functionality environments properly. CC ID 04436 | Configuration | Preventive | |
| Configure the "Run ActiveX controls and plugins" setting in limited functionality environments properly. CC ID 04437 | Configuration | Preventive | |
| Configure the "Script ActiveX controls marked safe for scripting" setting in limited functionality environments properly. CC ID 04438 | Configuration | Preventive | |
| Configure the "Scripting of Java applets" setting in limited functionality environments properly. CC ID 04439 | Configuration | Preventive | |
| Configure the "Software channel permissions" setting in limited functionality environments properly. CC ID 04440 | Configuration | Preventive | |
| Configure the "Use Pop-up Blocker" setting in limited functionality environments properly. CC ID 04441 | Configuration | Preventive | |
| Configure the "Web sites in less privileged Web content zones could navigate into this zone" setting in limited functionality environments properly. CC ID 04442 | Configuration | Preventive | |
| Configure the .NET Framework to prevent unauthorized mobile code from executing. CC ID 04531 | Configuration | Preventive | |
| Configure the "Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools" setting. CC ID 04644 | Configuration | Preventive | |
| Configure the "Prevent performance of first run customize settings" setting. CC ID 04645 | Configuration | Preventive | |
| Configure the "Allow Scriptlets" setting in limited functionality environments properly. CC ID 02237 | Configuration | Preventive | |
| Configure the "Disable showing the splash screen" setting. CC ID 02238 | Configuration | Preventive | |
| Configure the "Add-on List" setting. CC ID 02239 | Configuration | Preventive | |
| Configure the "Loose XAML" setting in limited functionality environments properly. CC ID 02240 | Configuration | Preventive | |
| Configure the "Disable the Privacy page" setting. CC ID 02241 | Configuration | Preventive | |
| Configure the "XPS documents" setting in limited functionality environments properly. CC ID 02243 | Configuration | Preventive | |
| Configure the "Turn off Managing Phishing filter" setting. CC ID 02244 | Configuration | Preventive | |
| Configure the "Turn on Protected Mode" setting in limited functionality environments properly. CC ID 02245 | Configuration | Preventive | |
| Configure the "Userdata persistence" setting in limited functionality environments properly. CC ID 02246 | Configuration | Preventive | |
| Configure the "Display mixed content" setting in limited functionality environments properly. CC ID 02247 | Configuration | Preventive | |
| Configure the "Check for signature on download programs" setting. CC ID 02250 | Configuration | Preventive | |
| Configure the "Turn on the Internet Connection Wizard Auto Detect" setting. CC ID 02252 | Configuration | Preventive | |
| Configure the "Web Browser Applications" setting for the Restricted Sites Zone properly. CC ID 02254 | Configuration | Preventive | |
| Configure the "Turn off page transitions" setting. CC ID 02255 | Configuration | Preventive | |
| Configure the "Turn off configuring the update check interval (in days)" setting. CC ID 02257 | Configuration | Preventive | |
| Configure the "Web Browser Applications" setting for the Internet Zone properly. CC ID 02259 | Configuration | Preventive | |
| Configure the "Turn Off First-Run Opt-In" setting in limited functionality environments properly. CC ID 02261 | Configuration | Preventive | |
| Configure the "Do not allow resetting Internet Explorer settings" setting. CC ID 02262 | Configuration | Preventive | |
| Configure the "Enable third-party browser extensions" setting. CC ID 02263 | Configuration | Preventive | |
| Configure the "Disable the reset Web settings feature" setting. CC ID 02264 | Configuration | Preventive | |
| Configure the "Disable external branding of Internet Explorer" setting. CC ID 02266 | Configuration | Preventive | |
| Configure the "Enable Native XMLHttp Support" setting. CC ID 02267 | Configuration | Preventive | |
| Configure the "Site to Zone Assignment List" to organizational standards. CC ID 08650 | Configuration | Preventive | |
| Configure the "Notification bar" setting to organizational standards. CC ID 10008 | Configuration | Preventive | |
| Implement only one application or primary function per network component or server. CC ID 00879 | Systems Design, Build, and Implementation | Preventive | |
| Remove all unnecessary functionality. CC ID 00882 | Configuration | Preventive | |
| Document that all enabled functions support secure configurations. CC ID 11985 | Establish/Maintain Documentation | Preventive | |
| Find and eradicate unauthorized world writable files. CC ID 01541 | Configuration | Preventive | |
| Strip dangerous/unneeded SUID/SGID system executables. CC ID 01542 | Configuration | Preventive | |
| Find and eradicate unauthorized SUID/SGID system executables. CC ID 01543 | Configuration | Preventive | |
| Find and eradicate unowned files and unowned directories. CC ID 01544 | Configuration | Preventive | |
| Disable logon prompts on serial ports. CC ID 01553 | Configuration | Preventive | |
| Disable "nobody" access for Secure RPC. CC ID 01554 | Configuration | Preventive | |
| Disable all unnecessary interfaces. CC ID 04826 | Configuration | Preventive | |
| Enable or disable all unused USB ports as appropriate. CC ID 06042 | Configuration | Preventive | |
| Disable all user-mounted removable file systems. CC ID 01536 | Configuration | Preventive | |
| Set the Bluetooth Security Mode to the organizational standard. CC ID 00587 | Configuration | Preventive | |
| Secure the Bluetooth headset connections. CC ID 00593 | Configuration | Preventive | |
| Verify wireless peripherals meet organizational security requirements. CC ID 00657 | Testing | Detective | |
| Disable automatic dial-in access to computers that have installed modems. CC ID 02036 | Configuration | Preventive | |
| Configure the "Turn off AutoPlay" setting. CC ID 01787 | Configuration | Preventive | |
| Configure the "Devices: Restrict floppy access to locally logged on users only" setting. CC ID 01732 | Configuration | Preventive | |
| Configure the "Devices: Restrict CD-ROM access to locally logged on users" setting. CC ID 01731 | Configuration | Preventive | |
| Configure the "Remove CD Burning features" setting. CC ID 04379 | Configuration | Preventive | |
| Disable Autorun. CC ID 01790 | Configuration | Preventive | |
| Disable USB devices (aka hotplugger). CC ID 01545 | Configuration | Preventive | |
| Enable or disable all unused auxiliary ports as appropriate. CC ID 06414 | Configuration | Preventive | |
| Remove rhosts support unless absolutely necessary. CC ID 01555 | Configuration | Preventive | |
| Remove weak authentication services from Pluggable Authentication Modules. CC ID 01556 | Configuration | Preventive | |
| Remove the /etc/hosts.equiv file. CC ID 01559 | Configuration | Preventive | |
| Create the /etc/ftpd/ftpusers file. CC ID 01560 | Configuration | Preventive | |
| Remove the X Wrapper and enable the X Display Manager. CC ID 01564 | Configuration | Preventive | |
| Remove empty crontab files and restrict file permissions to the file. CC ID 01571 | Configuration | Preventive | |
| Remove all compilers and assemblers from the system. CC ID 01594 | Configuration | Preventive | |
| Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827 | Configuration | Preventive | |
| Restrict and control the use of privileged utility programs. CC ID 12030 | Technical Security | Preventive | |
| Disable the storing of movies in cache in Apple's QuickTime. CC ID 04489 | Configuration | Preventive | |
| Install and enable file sharing utilities, as necessary. CC ID 02174 | Configuration | Preventive | |
| Disable boot services unless boot services are absolutely necessary. CC ID 01481 | Configuration | Preventive | |
| Disable File Services for Macintosh unless File Services for Macintosh are absolutely necessary. CC ID 04279 | Configuration | Preventive | |
| Configure the Trivial FTP Daemon service to organizational standards. CC ID 01484 | Configuration | Preventive | |
| Disable printer daemons or the printer service unless printer daemons or the printer service is absolutely necessary. CC ID 01487 | Configuration | Preventive | |
| Disable web server unless web server is absolutely necessary. CC ID 01490 | Configuration | Preventive | |
| Disable portmapper unless portmapper is absolutely necessary. CC ID 01492 | Configuration | Preventive | |
| Disable writesrv, pmd, and httpdlite unless writesrv, pmd, and httpdlite are absolutely necessary. CC ID 01498 | Configuration | Preventive | |
| Disable hwscan hardware detection unless hwscan hardware detection is absolutely necessary. CC ID 01504 | Configuration | Preventive | |
| Configure the “xinetd” service to organizational standards. CC ID 01509 | Configuration | Preventive | |
| Configure the /etc/xinetd.conf file permissions as appropriate. CC ID 01568 | Configuration | Preventive | |
| Disable inetd unless inetd is absolutely necessary. CC ID 01508 | Configuration | Preventive | |
| Disable Network Computing System unless it is absolutely necessary. CC ID 01497 | Configuration | Preventive | |
| Disable print server for macintosh unless print server for macintosh is absolutely necessary. CC ID 04284 | Configuration | Preventive | |
| Disable Print Server unless Print Server is absolutely necessary. CC ID 01488 | Configuration | Preventive | |
| Disable ruser/remote login/remote shell/rcp command, unless it is absolutely necessary. CC ID 01480 | Configuration | Preventive | |
| Disable xfsmd unless xfsmd is absolutely necessary. CC ID 02179 | Configuration | Preventive | |
| Disable RPC-based services unless RPC-based services are absolutely necessary. CC ID 01455 | Configuration | Preventive | |
| Disable netfs script unless netfs script is absolutely necessary. CC ID 01495 | Configuration | Preventive | |
| Disable Remote Procedure Calls unless Remote Procedure Calls are absolutely necessary and if enabled, set restrictions. CC ID 01456 | Configuration | Preventive | |
| Configure the "RPC Endpoint Mapper Client Authentication" setting. CC ID 04327 | Configuration | Preventive | |
| Disable ncpfs Script unless ncpfs Script is absolutely necessary. CC ID 01494 | Configuration | Preventive | |
| Disable sendmail server unless sendmail server is absolutely necessary. CC ID 01511 | Configuration | Preventive | |
| Disable postfix unless postfix is absolutely necessary. CC ID 01512 | Configuration | Preventive | |
| Disable directory server unless directory server is absolutely necessary. CC ID 01464 | Configuration | Preventive | |
| Disable Windows-compatibility client processes unless Windows-compatibility client processes are absolutely necessary. CC ID 01471 | Configuration | Preventive | |
| Disable Windows-compatibility servers unless Windows-compatibility servers are absolutely necessary. CC ID 01470 | Configuration | Preventive | |
| Configure the “Network File System” server to organizational standards CC ID 01472 | Configuration | Preventive | |
| Configure NFS to respond or not as appropriate to NFS client requests that do not include a User ID. CC ID 05981 | Configuration | Preventive | |
| Configure NFS with appropriate authentication methods. CC ID 05982 | Configuration | Preventive | |
| Configure the "AUTH_DES authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08971 | Configuration | Preventive | |
| Configure the "AUTH_KERB authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08972 | Configuration | Preventive | |
| Configure the "AUTH_NONE authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08973 | Configuration | Preventive | |
| Configure the "AUTH_UNIX authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08974 | Configuration | Preventive | |
| Disable webmin processes unless the webmin process is absolutely necessary. CC ID 01501 | Configuration | Preventive | |
| Disable automount daemon unless automount daemon is absolutely necessary. CC ID 01476 | Configuration | Preventive | |
| Disable CDE-related daemons unless CDE-related daemons are absolutely necessary. CC ID 01474 | Configuration | Preventive | |
| Disable finger unless finger is absolutely necessary. CC ID 01505 | Configuration | Preventive | |
| Disable Rexec unless Rexec is absolutely necessary. CC ID 02164 | Configuration | Preventive | |
| Disable Squid cache server unless Squid cache server is absolutely necessary. CC ID 01502 | Configuration | Preventive | |
| Disable Kudzu hardware detection unless Kudzu hardware detection is absolutely necessary. CC ID 01503 | Configuration | Preventive | |
| Install and enable public Instant Messaging clients as necessary. CC ID 02173 | Configuration | Preventive | |
| Disable x font server unless x font server is absolutely necessary. CC ID 01499 | Configuration | Preventive | |
| Validate, approve, and document all UNIX shells prior to use. CC ID 02161 | Establish/Maintain Documentation | Preventive | |
| Disable NFS client processes unless NFS client processes are absolutely necessary. CC ID 01475 | Configuration | Preventive | |
| Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 | Data and Information Management | Preventive | |
| Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477 | Configuration | Preventive | |
| Disable GSS daemon unless GSS daemon is absolutely necessary. CC ID 01465 | Configuration | Preventive | |
| Disable Computer Browser unless Computer Browser is absolutely necessary. CC ID 01814 | Configuration | Preventive | |
| Configure the Computer Browser ResetBrowser Frames as appropriate. CC ID 05984 | Configuration | Preventive | |
| Configure the /etc/samba/smb.conf file file permissions as appropriate. CC ID 05989 | Configuration | Preventive | |
| Disable NetMeeting remote desktop sharing unless NetMeeting remote desktop sharing is absolutely necessary. CC ID 01821 | Configuration | Preventive | |
| Disable web directory browsing on all web-enabled devices. CC ID 01874 | Configuration | Preventive | |
| Disable WWW publishing services unless WWW publishing services are absolutely necessary. CC ID 01833 | Configuration | Preventive | |
| Install and enable samba, as necessary. CC ID 02175 | Configuration | Preventive | |
| Configure the samba hosts allow option with an appropriate set of networks. CC ID 05985 | Configuration | Preventive | |
| Configure the samba security option option as appropriate. CC ID 05986 | Configuration | Preventive | |
| Configure the samba encrypt passwords option as appropriate. CC ID 05987 | Configuration | Preventive | |
| Configure the Samba 'smb passwd file' option with an appropriate password file or no password file. CC ID 05988 | Configuration | Preventive | |
| Disable Usenet Internet news package file capabilities unless Usenet Internet news package file capabilities are absolutely necessary. CC ID 02176 | Configuration | Preventive | |
| Disable iPlanet Web Server unless iPlanet Web Server is absolutely necessary. CC ID 02172 | Configuration | Preventive | |
| Disable volume manager unless volume manager is absolutely necessary. CC ID 01469 | Configuration | Preventive | |
| Disable Solaris Management Console unless Solaris Management Console is absolutely necessary. CC ID 01468 | Configuration | Preventive | |
| Disable the Graphical User Interface unless it is absolutely necessary. CC ID 01466 | Configuration | Preventive | |
| Disable help and support unless help and support is absolutely necessary. CC ID 04280 | Configuration | Preventive | |
| Disable speech recognition unless speech recognition is absolutely necessary. CC ID 04491 | Configuration | Preventive | |
| Disable or secure the NetWare QuickFinder search engine. CC ID 04453 | Configuration | Preventive | |
| Disable messenger unless messenger is absolutely necessary. CC ID 01819 | Configuration | Preventive | |
| Configure the "Do not allow Windows Messenger to be run" setting. CC ID 04516 | Configuration | Preventive | |
| Configure the "Do not automatically start Windows Messenger initially" setting. CC ID 04517 | Configuration | Preventive | |
| Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" setting. CC ID 04330 | Configuration | Preventive | |
| Disable automatic updates unless automatic updates are absolutely necessary. CC ID 01811 | Configuration | Preventive | |
| Configure automatic update installation and shutdown/restart options and shutdown/restart procedures to organizational standards. CC ID 05979 | Configuration | Preventive | |
| Disable Name Service Cache Daemon unless Name Service Cache Daemon is absolutely necessary. CC ID 04846 | Configuration | Preventive | |
| Prohibit R-command files from existing for root or administrator. CC ID 16322 | Configuration | Preventive | |
| Verify the /bin/rsh file exists or not, as appropriate. CC ID 05101 | Configuration | Preventive | |
| Verify the /sbin/rsh file exists or not, as appropriate. CC ID 05102 | Configuration | Preventive | |
| Verify the /usr/bin/rsh file exists or not, as appropriate. CC ID 05103 | Configuration | Preventive | |
| Verify the /etc/ftpusers file exists or not, as appropriate. CC ID 05104 | Configuration | Preventive | |
| Verify the /etc/rsh file exists or not, as appropriate. CC ID 05105 | Configuration | Preventive | |
| Install or uninstall the AIDE package, as appropriate. CC ID 05106 | Configuration | Preventive | |
| Enable the GNOME automounter (gnome-volume-manager) as necessary. CC ID 05107 | Configuration | Preventive | |
| Install or uninstall the setroubleshoot package, as appropriate. CC ID 05108 | Configuration | Preventive | |
| Configure Avahi properly. CC ID 05109 | Configuration | Preventive | |
| Install or uninstall OpenNTPD, as appropriate. CC ID 05110 | Configuration | Preventive | |
| Configure the "httpd" service to organizational standards. CC ID 05111 | Configuration | Preventive | |
| Install or uninstall the net-smtp package properly. CC ID 05112 | Configuration | Preventive | |
| Configure the apache web service properly. CC ID 05113 | Configuration | Preventive | |
| Configure the vlock package properly. CC ID 05114 | Configuration | Preventive | |
| Establish, implement, and maintain service accounts. CC ID 13861 | Technical Security | Preventive | |
| Review the ownership of service accounts, as necessary. CC ID 13863 | Technical Security | Detective | |
| Manage access credentials for service accounts. CC ID 13862 | Technical Security | Preventive | |
| Configure the daemon account properly. CC ID 05115 | Configuration | Preventive | |
| Configure the bin account properly. CC ID 05116 | Configuration | Preventive | |
| Configure the nuucp account properly. CC ID 05117 | Configuration | Preventive | |
| Configure the smmsp account properly. CC ID 05118 | Configuration | Preventive | |
| Configure the listen account properly. CC ID 05119 | Configuration | Preventive | |
| Configure the gdm account properly. CC ID 05120 | Configuration | Preventive | |
| Configure the webservd account properly. CC ID 05121 | Configuration | Preventive | |
| Configure the nobody account properly. CC ID 05122 | Configuration | Preventive | |
| Configure the noaccess account properly. CC ID 05123 | Configuration | Preventive | |
| Configure the nobody4 account properly. CC ID 05124 | Configuration | Preventive | |
| Configure the sys account properly. CC ID 05125 | Configuration | Preventive | |
| Configure the adm account properly. CC ID 05126 | Configuration | Preventive | |
| Configure the lp account properly. CC ID 05127 | Configuration | Preventive | |
| Configure the uucp account properly. CC ID 05128 | Configuration | Preventive | |
| Install or uninstall the tftp-server package, as appropriate. CC ID 05130 | Configuration | Preventive | |
| Enable the web console as necessary. CC ID 05131 | Configuration | Preventive | |
| Enable rlogin auth by Pluggable Authentication Modules or pam.d properly. CC ID 05132 | Configuration | Preventive | |
| Enable rsh auth by Pluggable Authentication Modules properly. CC ID 05133 | Configuration | Preventive | |
| Enable the listening sendmail daemon, as appropriate. CC ID 05134 | Configuration | Preventive | |
| Configure Squid properly. CC ID 05135 | Configuration | Preventive | |
| Configure the "global Package signature checking" setting to organizational standards. CC ID 08735 | Establish/Maintain Documentation | Preventive | |
| Configure the "Package signature checking" setting for "all configured repositories" to organizational standards. CC ID 08736 | Establish/Maintain Documentation | Preventive | |
| Configure the "verify against the package database" setting for "all installed software packages" to organizational standards. CC ID 08737 | Establish/Maintain Documentation | Preventive | |
| Configure the "isdn4k-utils" package to organizational standards. CC ID 08738 | Establish/Maintain Documentation | Preventive | |
| Configure the "postfix" package to organizational standards. CC ID 08739 | Establish/Maintain Documentation | Preventive | |
| Configure the "vsftpd" package to organizational standards. CC ID 08740 | Establish/Maintain Documentation | Preventive | |
| Configure the "net-snmpd" package to organizational standards. CC ID 08741 | Establish/Maintain Documentation | Preventive | |
| Configure the "rsyslog" package to organizational standards. CC ID 08742 | Establish/Maintain Documentation | Preventive | |
| Configure the "ipsec-tools" package to organizational standards. CC ID 08743 | Establish/Maintain Documentation | Preventive | |
| Configure the "pam_ccreds" package to organizational standards. CC ID 08744 | Establish/Maintain Documentation | Preventive | |
| Configure the "talk-server" package to organizational standards. CC ID 08745 | Establish/Maintain Documentation | Preventive | |
| Configure the "talk" package to organizational standards. CC ID 08746 | Establish/Maintain Documentation | Preventive | |
| Configure the "irda-utils" package to organizational standards. CC ID 08747 | Establish/Maintain Documentation | Preventive | |
| Configure the "/etc/shells" file to organizational standards. CC ID 08978 | Configuration | Preventive | |
| Configure the LDAP package to organizational standards. CC ID 09937 | Configuration | Preventive | |
| Configure the "FTP server" package to organizational standards. CC ID 09938 | Configuration | Preventive | |
| Configure the "HTTP Proxy Server" package to organizational standards. CC ID 09939 | Configuration | Preventive | |
| Configure the "prelink" package to organizational standards. CC ID 11379 | Configuration | Preventive | |
| Configure the Network Information Service (NIS) package to organizational standards. CC ID 11380 | Configuration | Preventive | |
| Configure the "time" setting to organizational standards. CC ID 11381 | Configuration | Preventive | |
| Configure the "biosdevname" package to organizational standards. CC ID 11383 | Configuration | Preventive | |
| Configure the "ufw" setting to organizational standards. CC ID 11384 | Configuration | Preventive | |
| Configure the "Devices: Allow undock without having to log on" setting. CC ID 01728 | Configuration | Preventive | |
| Limit the user roles that are allowed to format and eject removable storage media. CC ID 01729 | Configuration | Preventive | |
| Prevent users from installing printer drivers. CC ID 01730 | Configuration | Preventive | |
| Minimize the inetd.conf file and set the file to the appropriate permissions. CC ID 01506 | Configuration | Preventive | |
| Configure the unsigned driver installation behavior. CC ID 01733 | Configuration | Preventive | |
| Configure the unsigned non-driver installation behavior. CC ID 02038 | Configuration | Preventive | |
| Remove all demonstration applications on the system. CC ID 01875 | Configuration | Preventive | |
| Configure the system to disallow optional Subsystems. CC ID 04265 | Configuration | Preventive | |
| Configure the "Remove Security tab" setting. CC ID 04380 | Configuration | Preventive | |
| Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Configuration | Preventive | |
| Disable rquotad unless rquotad is absolutely necessary. CC ID 01473 | Configuration | Preventive | |
| Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983 | Configuration | Preventive | |
| Disable telnet unless telnet use is absolutely necessary. CC ID 01478 | Configuration | Preventive | |
| Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479 | Configuration | Preventive | |
| Configure anonymous FTP to restrict the use of restricted data. CC ID 16314 | Configuration | Preventive | |
| Disable anonymous access to File Transfer Protocol. CC ID 06739 | Configuration | Preventive | |
| Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485 | Configuration | Preventive | |
| Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486 | Configuration | Preventive | |
| Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500 | Configuration | Preventive | |
| Disable alerter unless alerter use is absolutely necessary. CC ID 01810 | Configuration | Preventive | |
| Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812 | Configuration | Preventive | |
| Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813 | Configuration | Preventive | |
| Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815 | Configuration | Preventive | |
| Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817 | Configuration | Preventive | |
| Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818 | Configuration | Preventive | |
| Disable net logon unless net logon use is absolutely necessary. CC ID 01820 | Configuration | Preventive | |
| Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822 | Configuration | Preventive | |
| Disable the "Offer Remote Assistance" setting. CC ID 04325 | Configuration | Preventive | |
| Disable the "Solicited Remote Assistance" setting. CC ID 04326 | Configuration | Preventive | |
| Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823 | Configuration | Preventive | |
| Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824 | Configuration | Preventive | |
| Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829 | Configuration | Preventive | |
| Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831 | Configuration | Preventive | |
| Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832 | Configuration | Preventive | |
| Disable File Service Protocol. CC ID 02167 | Configuration | Preventive | |
| Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282 | Configuration | Preventive | |
| Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285 | Configuration | Preventive | |
| Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286 | Configuration | Preventive | |
| Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287 | Configuration | Preventive | |
| Disable remote installation unless remote installation is absolutely necessary. CC ID 04288 | Configuration | Preventive | |
| Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289 | Configuration | Preventive | |
| Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290 | Configuration | Preventive | |
| Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291 | Configuration | Preventive | |
| Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292 | Configuration | Preventive | |
| Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293 | Configuration | Preventive | |
| Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294 | Configuration | Preventive | |
| Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315 | Configuration | Preventive | |
| Configure the "ntpd service" setting to organizational standards. CC ID 04911 | Configuration | Preventive | |
| Configure the "echo service" setting to organizational standards. CC ID 04912 | Configuration | Preventive | |
| Configure the "echo-dgram service" setting to organizational standards. CC ID 09927 | Configuration | Preventive | |
| Configure the "echo-stream service" setting to organizational standards. CC ID 09928 | Configuration | Preventive | |
| Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327 | Configuration | Preventive | |
| Configure the "tcpmux-server" setting to organizational standards. CC ID 09929 | Configuration | Preventive | |
| Configure the "netstat service" setting to organizational standards. CC ID 04913 | Configuration | Preventive | |
| Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914 | Configuration | Preventive | |
| Configure the "tftpd service" setting to organizational standards. CC ID 04915 | Configuration | Preventive | |
| Configure the "walld service" setting to organizational standards. CC ID 04916 | Configuration | Preventive | |
| Configure the "rstatd service" setting to organizational standards. CC ID 04917 | Configuration | Preventive | |
| Configure the "sprayd service" setting to organizational standards. CC ID 04918 | Configuration | Preventive | |
| Configure the "rusersd service" setting to organizational standards. CC ID 04919 | Configuration | Preventive | |
| Configure the "inn service" setting to organizational standards. CC ID 04920 | Configuration | Preventive | |
| Configure the "font service" setting to organizational standards. CC ID 04921 | Configuration | Preventive | |
| Configure the "ident service" setting to organizational standards. CC ID 04922 | Configuration | Preventive | |
| Configure the "rexd service" setting to organizational standards. CC ID 04923 | Configuration | Preventive | |
| Configure the "daytime service" setting to organizational standards. CC ID 04924 | Configuration | Preventive | |
| Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925 | Configuration | Preventive | |
| Configure the "cmsd service" setting to organizational standards. CC ID 04926 | Configuration | Preventive | |
| Configure the "ToolTalk service" setting to organizational standards. CC ID 04927 | Configuration | Preventive | |
| Configure the "discard service" setting to organizational standards. CC ID 04928 | Configuration | Preventive | |
| Configure the "vino-server service" setting to organizational standards. CC ID 04929 | Configuration | Preventive | |
| Configure the "bind service" setting to organizational standards. CC ID 04930 | Configuration | Preventive | |
| Configure the "nfsd service" setting to organizational standards. CC ID 04931 | Configuration | Preventive | |
| Configure the "mountd service" setting to organizational standards. CC ID 04932 | Configuration | Preventive | |
| Configure the "statd service" setting to organizational standards. CC ID 04933 | Configuration | Preventive | |
| Configure the "lockd service" setting to organizational standards. CC ID 04934 | Configuration | Preventive | |
| Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980 | Configuration | Preventive | |
| Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935 | Configuration | Preventive | |
| Configure the sendmail vrfy command, as appropriate. CC ID 04936 | Configuration | Preventive | |
| Configure the sendmail expn command, as appropriate. CC ID 04937 | Configuration | Preventive | |
| Configure .netrc with an appropriate set of services. CC ID 04938 | Configuration | Preventive | |
| Enable NFS insecure locks as necessary. CC ID 04939 | Configuration | Preventive | |
| Configure the "X server ac" setting to organizational standards. CC ID 04940 | Configuration | Preventive | |
| Configure the "X server core" setting to organizational standards. CC ID 04941 | Configuration | Preventive | |
| Enable or disable the setroubleshoot service, as appropriate. CC ID 05540 | Configuration | Preventive | |
| Configure the "X server nolock" setting to organizational standards. CC ID 04942 | Configuration | Preventive | |
| Enable or disable the mcstrans service, as appropriate. CC ID 05541 | Configuration | Preventive | |
| Configure the "PAM console" setting to organizational standards. CC ID 04943 | Configuration | Preventive | |
| Enable or disable the restorecond service, as appropriate. CC ID 05542 | Configuration | Preventive | |
| Enable the rhnsd service as necessary. CC ID 04944 | Configuration | Preventive | |
| Enable the yum-updatesd service as necessary. CC ID 04945 | Configuration | Preventive | |
| Enable the autofs service as necessary. CC ID 04946 | Configuration | Preventive | |
| Enable the ip6tables service as necessary. CC ID 04947 | Configuration | Preventive | |
| Configure syslog to organizational standards. CC ID 04949 | Configuration | Preventive | |
| Enable the auditd service as necessary. CC ID 04950 | Configuration | Preventive | |
| Enable the logwatch service as necessary. CC ID 04951 | Configuration | Preventive | |
| Enable the logrotate (syslog rotator) service as necessary. CC ID 04952 | Configuration | Preventive | |
| Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953 | Configuration | Preventive | |
| Enable the ypbind service as necessary. CC ID 04954 | Configuration | Preventive | |
| Enable the ypserv service as necessary. CC ID 04955 | Configuration | Preventive | |
| Enable the firstboot service as necessary. CC ID 04956 | Configuration | Preventive | |
| Enable the gpm service as necessary. CC ID 04957 | Configuration | Preventive | |
| Enable the irqbalance service as necessary. CC ID 04958 | Configuration | Preventive | |
| Enable the isdn service as necessary. CC ID 04959 | Configuration | Preventive | |
| Enable the kdump service as necessary. CC ID 04960 | Configuration | Preventive | |
| Enable the mdmonitor service as necessary. CC ID 04961 | Configuration | Preventive | |
| Enable the microcode_ctl service as necessary. CC ID 04962 | Configuration | Preventive | |
| Enable the pcscd service as necessary. CC ID 04963 | Configuration | Preventive | |
| Enable the smartd service as necessary. CC ID 04964 | Configuration | Preventive | |
| Enable the readahead_early service as necessary. CC ID 04965 | Configuration | Preventive | |
| Enable the readahead_later service as necessary. CC ID 04966 | Configuration | Preventive | |
| Enable the messagebus service as necessary. CC ID 04967 | Configuration | Preventive | |
| Enable the haldaemon service as necessary. CC ID 04968 | Configuration | Preventive | |
| Enable the apmd service as necessary. CC ID 04969 | Configuration | Preventive | |
| Enable the acpid service as necessary. CC ID 04970 | Configuration | Preventive | |
| Enable the cpuspeed service as necessary. CC ID 04971 | Configuration | Preventive | |
| Enable the network service as necessary. CC ID 04972 | Configuration | Preventive | |
| Enable the hidd service as necessary. CC ID 04973 | Configuration | Preventive | |
| Enable the crond service as necessary. CC ID 04974 | Configuration | Preventive | |
| Install and enable the anacron service as necessary. CC ID 04975 | Configuration | Preventive | |
| Enable the xfs service as necessary. CC ID 04976 | Configuration | Preventive | |
| Install and enable the Avahi daemon service, as necessary. CC ID 04977 | Configuration | Preventive | |
| Enable the CUPS service, as necessary. CC ID 04978 | Configuration | Preventive | |
| Enable the hplip service as necessary. CC ID 04979 | Configuration | Preventive | |
| Enable the dhcpd service as necessary. CC ID 04980 | Configuration | Preventive | |
| Enable the nfslock service as necessary. CC ID 04981 | Configuration | Preventive | |
| Enable the rpcgssd service as necessary. CC ID 04982 | Configuration | Preventive | |
| Enable the rpcidmapd service as necessary. CC ID 04983 | Configuration | Preventive | |
| Enable the rpcsvcgssd service as necessary. CC ID 04985 | Configuration | Preventive | |
| Configure root squashing for all NFS shares, as appropriate. CC ID 04986 | Configuration | Preventive | |
| Configure write access to NFS shares, as appropriate. CC ID 04987 | Configuration | Preventive | |
| Configure the named service, as appropriate. CC ID 04988 | Configuration | Preventive | |
| Configure the vsftpd service, as appropriate. CC ID 04989 | Configuration | Preventive | |
| Configure the “dovecot” service to organizational standards. CC ID 04990 | Configuration | Preventive | |
| Configure Server Message Block (SMB) to organizational standards. CC ID 04991 | Configuration | Preventive | |
| Enable the snmpd service as necessary. CC ID 04992 | Configuration | Preventive | |
| Enable the calendar manager as necessary. CC ID 04993 | Configuration | Preventive | |
| Enable the GNOME logon service as necessary. CC ID 04994 | Configuration | Preventive | |
| Enable the WBEM services as necessary. CC ID 04995 | Configuration | Preventive | |
| Enable the keyserv service as necessary. CC ID 04996 | Configuration | Preventive | |
| Enable the Generic Security Service daemon as necessary. CC ID 04997 | Configuration | Preventive | |
| Enable the volfs service as necessary. CC ID 04998 | Configuration | Preventive | |
| Enable the smserver service as necessary. CC ID 04999 | Configuration | Preventive | |
| Enable the mpxio-upgrade service as necessary. CC ID 05000 | Configuration | Preventive | |
| Enable the metainit service as necessary. CC ID 05001 | Configuration | Preventive | |
| Enable the meta service as necessary. CC ID 05003 | Configuration | Preventive | |
| Enable the metaed service as necessary. CC ID 05004 | Configuration | Preventive | |
| Enable the metamh service as necessary. CC ID 05005 | Configuration | Preventive | |
| Enable the Local RPC Port Mapping Service as necessary. CC ID 05006 | Configuration | Preventive | |
| Enable the Kerberos kadmind service as necessary. CC ID 05007 | Configuration | Preventive | |
| Enable the Kerberos krb5kdc service as necessary. CC ID 05008 | Configuration | Preventive | |
| Enable the Kerberos kpropd service as necessary. CC ID 05009 | Configuration | Preventive | |
| Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010 | Configuration | Preventive | |
| Enable the sadmin service as necessary. CC ID 05011 | Configuration | Preventive | |
| Enable the IPP listener as necessary. CC ID 05012 | Configuration | Preventive | |
| Enable the serial port listener as necessary. CC ID 05013 | Configuration | Preventive | |
| Enable the Smart Card Helper service as necessary. CC ID 05014 | Configuration | Preventive | |
| Enable the Application Management service as necessary. CC ID 05015 | Configuration | Preventive | |
| Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016 | Configuration | Preventive | |
| Enable the Network News Transport Protocol service as necessary. CC ID 05017 | Configuration | Preventive | |
| Enable the network Dynamic Data Exchange service as necessary. CC ID 05018 | Configuration | Preventive | |
| Enable the Distributed Link Tracking Server service as necessary. CC ID 05019 | Configuration | Preventive | |
| Enable the RARP service as necessary. CC ID 05020 | Configuration | Preventive | |
| Configure the ".NET Framework service" setting to organizational standards. CC ID 05021 | Configuration | Preventive | |
| Enable the Network DDE Share Database Manager service as necessary. CC ID 05022 | Configuration | Preventive | |
| Enable the Certificate Services service as necessary. CC ID 05023 | Configuration | Preventive | |
| Configure the ATI hotkey poller service properly. CC ID 05024 | Configuration | Preventive | |
| Configure the Interix Subsystem Startup service properly. CC ID 05025 | Configuration | Preventive | |
| Configure the Cluster Service service properly. CC ID 05026 | Configuration | Preventive | |
| Configure the IAS Jet Database Access service properly. CC ID 05027 | Configuration | Preventive | |
| Configure the IAS service properly. CC ID 05028 | Configuration | Preventive | |
| Configure the IP Version 6 Helper service properly. CC ID 05029 | Configuration | Preventive | |
| Configure "Message Queuing service" to organizational standards. CC ID 05030 | Configuration | Preventive | |
| Configure the Message Queuing Down Level Clients service properly. CC ID 05031 | Configuration | Preventive | |
| Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033 | Configuration | Preventive | |
| Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034 | Configuration | Preventive | |
| Configure the Utility Manager service properly. CC ID 05035 | Configuration | Preventive | |
| Configure the secondary logon service properly. CC ID 05036 | Configuration | Preventive | |
| Configure the Windows Management Instrumentation service properly. CC ID 05037 | Configuration | Preventive | |
| Configure the Workstation service properly. CC ID 05038 | Configuration | Preventive | |
| Configure the Windows Installer service properly. CC ID 05039 | Configuration | Preventive | |
| Configure the Windows System Resource Manager service properly. CC ID 05040 | Configuration | Preventive | |
| Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041 | Configuration | Preventive | |
| Configure the Services for Unix Client for NFS service properly. CC ID 05042 | Configuration | Preventive | |
| Configure the Services for Unix Server for PCNFS service properly. CC ID 05043 | Configuration | Preventive | |
| Configure the Services for Unix Perl Socket service properly. CC ID 05044 | Configuration | Preventive | |
| Configure the Services for Unix User Name Mapping service properly. CC ID 05045 | Configuration | Preventive | |
| Configure the Services for Unix Windows Cron service properly. CC ID 05046 | Configuration | Preventive | |
| Configure the Windows Media Services service properly. CC ID 05047 | Configuration | Preventive | |
| Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048 | Configuration | Preventive | |
| Configure the Web Element Manager service properly. CC ID 05049 | Configuration | Preventive | |
| Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050 | Configuration | Preventive | |
| Configure the Terminal Services Licensing service properly. CC ID 05051 | Configuration | Preventive | |
| Configure the COM+ Event System service properly. CC ID 05052 | Configuration | Preventive | |
| Configure the Event Log service properly. CC ID 05053 | Configuration | Preventive | |
| Configure the Infrared Monitor service properly. CC ID 05054 | Configuration | Preventive | |
| Configure the Services for Unix Server for NFS service properly. CC ID 05055 | Configuration | Preventive | |
| Configure the System Event Notification Service properly. CC ID 05056 | Configuration | Preventive | |
| Configure the NTLM Security Support Provider service properly. CC ID 05057 | Configuration | Preventive | |
| Configure the Performance Logs and Alerts service properly. CC ID 05058 | Configuration | Preventive | |
| Configure the Protected Storage service properly. CC ID 05059 | Configuration | Preventive | |
| Configure the QoS Admission Control (RSVP) service properly. CC ID 05060 | Configuration | Preventive | |
| Configure the Remote Procedure Call service properly. CC ID 05061 | Configuration | Preventive | |
| Configure the Removable Storage service properly. CC ID 05062 | Configuration | Preventive | |
| Configure the Server service properly. CC ID 05063 | Configuration | Preventive | |
| Configure the Security Accounts Manager service properly. CC ID 05064 | Configuration | Preventive | |
| Configure the “Network Connections” service to organizational standards. CC ID 05065 | Configuration | Preventive | |
| Configure the Logical Disk Manager service properly. CC ID 05066 | Configuration | Preventive | |
| Configure the Logical Disk Manager Administrative Service properly. CC ID 05067 | Configuration | Preventive | |
| Configure the File Replication service properly. CC ID 05068 | Configuration | Preventive | |
| Configure the Kerberos Key Distribution Center service properly. CC ID 05069 | Configuration | Preventive | |
| Configure the Intersite Messaging service properly. CC ID 05070 | Configuration | Preventive | |
| Configure the Remote Procedure Call locator service properly. CC ID 05071 | Configuration | Preventive | |
| Configure the Distributed File System service properly. CC ID 05072 | Configuration | Preventive | |
| Configure the Windows Internet Name Service service properly. CC ID 05073 | Configuration | Preventive | |
| Configure the FTP Publishing Service properly. CC ID 05074 | Configuration | Preventive | |
| Configure the Windows Search service properly. CC ID 05075 | Configuration | Preventive | |
| Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076 | Configuration | Preventive | |
| Configure the Remote Shell service properly. CC ID 05077 | Configuration | Preventive | |
| Configure Simple TCP/IP services to organizational standards. CC ID 05078 | Configuration | Preventive | |
| Configure the Print Services for Unix service properly. CC ID 05079 | Configuration | Preventive | |
| Configure the File Shares service to organizational standards. CC ID 05080 | Configuration | Preventive | |
| Configure the NetMeeting service properly. CC ID 05081 | Configuration | Preventive | |
| Configure the Application Layer Gateway service properly. CC ID 05082 | Configuration | Preventive | |
| Configure the Cryptographic Services service properly. CC ID 05083 | Configuration | Preventive | |
| Configure the Help and Support Service properly. CC ID 05084 | Configuration | Preventive | |
| Configure the Human Interface Device Access service properly. CC ID 05085 | Configuration | Preventive | |
| Configure the IMAPI CD-Burning COM service properly. CC ID 05086 | Configuration | Preventive | |
| Configure the MS Software Shadow Copy Provider service properly. CC ID 05087 | Configuration | Preventive | |
| Configure the Network Location Awareness service properly. CC ID 05088 | Configuration | Preventive | |
| Configure the Portable Media Serial Number Service service properly. CC ID 05089 | Configuration | Preventive | |
| Configure the System Restore Service service properly. CC ID 05090 | Configuration | Preventive | |
| Configure the Themes service properly. CC ID 05091 | Configuration | Preventive | |
| Configure the Uninterruptible Power Supply service properly. CC ID 05092 | Configuration | Preventive | |
| Configure the Upload Manager service properly. CC ID 05093 | Configuration | Preventive | |
| Configure the Volume Shadow Copy Service properly. CC ID 05094 | Configuration | Preventive | |
| Configure the WebClient service properly. CC ID 05095 | Configuration | Preventive | |
| Configure the Windows Audio service properly. CC ID 05096 | Configuration | Preventive | |
| Configure the Windows Image Acquisition service properly. CC ID 05097 | Configuration | Preventive | |
| Configure the WMI Performance Adapter service properly. CC ID 05098 | Configuration | Preventive | |
| Enable file uploads via vsftpd service, as appropriate. CC ID 05100 | Configuration | Preventive | |
| Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885 | Configuration | Preventive | |
| Configure the "SNMP version 1" setting to organizational standards. CC ID 08976 | Configuration | Preventive | |
| Configure the "xdmcp service" setting to organizational standards. CC ID 08985 | Configuration | Preventive | |
| Disable the automatic display of remote images in HTML-formatted e-mail. CC ID 04494 | Configuration | Preventive | |
| Disable Remote Apply Events unless Remote Apply Events are absolutely necessary. CC ID 04495 | Configuration | Preventive | |
| Disable Xgrid unless Xgrid is absolutely necessary. CC ID 04496 | Configuration | Preventive | |
| Configure the "Do Not Show First Use Dialog Boxes" setting for Windows Media Player properly. CC ID 05136 | Configuration | Preventive | |
| Disable Core dumps unless absolutely necessary. CC ID 01507 | Configuration | Preventive | |
| Set hard core dump size limits, as appropriate. CC ID 05990 | Configuration | Preventive | |
| Configure the "Prevent Desktop Shortcut Creation" setting for Windows Media Player properly. CC ID 05137 | Configuration | Preventive | |
| Set the Squid EUID and Squid GUID to an appropriate user and group. CC ID 05138 | Configuration | Preventive | |
| Verify groups referenced in /etc/passwd are included in /etc/group, as appropriate. CC ID 05139 | Configuration | Preventive | |
| Use of the cron.allow file should be enabled or disabled as appropriate. CC ID 06014 | Configuration | Preventive | |
| Use of the at.allow file should be enabled or disabled as appropriate. CC ID 06015 | Configuration | Preventive | |
| Enable or disable the Dynamic DNS feature of the DHCP Server as appropriate. CC ID 06039 | Configuration | Preventive | |
| Enable or disable each user's Screen saver software, as necessary. CC ID 06050 | Configuration | Preventive | |
| Disable any unnecessary scripting languages, as necessary. CC ID 12137 | Configuration | Preventive | |
| Establish, implement, and maintain the interactive logon settings. CC ID 01739 | Establish/Maintain Documentation | Preventive | |
| Configure the system to refrain from completing authentication methods when a security breach is detected. CC ID 13790 | Configuration | Preventive | |
| Allow logon to privileged accounts, as appropriate. CC ID 05281 | Configuration | Preventive | |
| Verify the logon accounts include an appropriate GECOS identifier, as appropriate. CC ID 05280 | Configuration | Preventive | |
| Configure the "/etc/shadow" settings to organizational standards. CC ID 15332 | Configuration | Preventive | |
| Set the default su console properly. CC ID 05279 | Configuration | Preventive | |
| Set the default logon console properly. CC ID 05278 | Configuration | Preventive | |
| Enable or disable local user logon to the vsftpd service, as appropriate. CC ID 05277 | Configuration | Preventive | |
| Enable or disable anonymous root logons, as appropriate. CC ID 05276 | Configuration | Preventive | |
| Enable or disable interactive logon to non-root system accounts, as necessary. CC ID 05275 | Configuration | Preventive | |
| Enable or disable logins through the primary console device, as appropriate. CC ID 05274 | Configuration | Preventive | |
| Enable or disable logins through the named virtual console device, as appropriate. CC ID 05273 | Configuration | Preventive | |
| Enable or disable logons through the named virtual console interface, as appropriate. CC ID 05272 | Configuration | Preventive | |
| Configure the "Interactive logon: Do not display last user name" setting to organizational standards. CC ID 01740 | Configuration | Preventive | |
| Configure the "Interactive logon: Do not require CTRL+ALT+DEL" setting. CC ID 01741 | Configuration | Preventive | |
| Configure the system logon banner. CC ID 01742 | Configuration | Preventive | |
| Configure the system logon banner message title. CC ID 01743 | Configuration | Preventive | |
| Configure the "interactive logon: number of previous logons to cache (in case domain controller is not available" setting. CC ID 01744 | Configuration | Preventive | |
| Configure the "Interactive logon: Require Domain Controller authentication to unlock workstation" setting. CC ID 01746 | Configuration | Preventive | |
| Configure the Prompt for password on resume from hibernate / suspend setting. CC ID 04356 | Configuration | Preventive | |
| Configure the "Interactive logon: Smart card removal behavior" setting. CC ID 01747 | Configuration | Preventive | |
| Configure the "Recovery console: Allow automatic administrative logon" setting. CC ID 01776 | Configuration | Preventive | |
| Configure the "Recovery console: Allow floppy copy and access to all drivers and all folders" setting. CC ID 01777 | Configuration | Preventive | |
| Configure the system to require an Open Firmware password on system startup. CC ID 04479 | Configuration | Preventive | |
| Configure the "Interactive logon: Require removal card" setting. CC ID 06053 | Configuration | Preventive | |
| Configure the settings of the system registry and the systems objects (for Windows OS only). CC ID 01781 | Configuration | Preventive | |
| Configure ICMP timestamp request responses properly. CC ID 05150 | Configuration | Preventive | |
| Configure the Administrators group as the default owner for all new objects. CC ID 01782 | Configuration | Preventive | |
| Configure the "System objects: Require case-insensitivity for non-Windows systems" setting. CC ID 01783 | Configuration | Preventive | |
| Configure the "System objects: Strengthen default permissions of internal system objects" setting. CC ID 01784 | Configuration | Preventive | |
| Configure the system to suppress Dr. Watson Crash dumps. CC ID 01785 | Configuration | Preventive | |
| Disable automatic execution of the system debugger. CC ID 01786 | Configuration | Preventive | |
| Disable automatic logon. CC ID 01788 | Configuration | Preventive | |
| Disable automatic reboots after a Blue Screen of Death. CC ID 01789 | Configuration | Preventive | |
| Remove administrative shares on workstations. CC ID 01791 | Configuration | Preventive | |
| Configure the system to protect against Browser Spoofing attacks. CC ID 01792 | Configuration | Preventive | |
| Configure the system to protect against source-routing spoofing. CC ID 01793 | Configuration | Preventive | |
| Configure the system to protect the default gateway network setting. CC ID 01794 | Configuration | Preventive | |
| Configure the TCP/IP Dead Gateway Detection as appropriate. CC ID 06025 | Configuration | Preventive | |
| Configure the system to ensure ICMP routing via the shortest path first. CC ID 01795 | Configuration | Preventive | |
| Configure the system to protect against packet fragmentation. CC ID 01796 | Configuration | Preventive | |
| Configure the keep-alive times. CC ID 01797 | Configuration | Preventive | |
| Configure the system to protect against malicious Name-Release Attacks. CC ID 01798 | Configuration | Preventive | |
| Disable Internet Router Discovery Protocol. CC ID 01799 | Configuration | Preventive | |
| Configure the system to protect against SYN Flood attacks. CC ID 01800 | Configuration | Preventive | |
| Configure the TCP Maximum half-open sockets. CC ID 01801 | Configuration | Preventive | |
| Configure the TCP Maximum half-open retired sockets. CC ID 01802 | Configuration | Preventive | |
| Configure the number of dropped connect requests to a set maximum. CC ID 04272 | Configuration | Preventive | |
| Enable Internet Protocol Security to protect Kerberos RSVP communication. CC ID 01803 | Configuration | Preventive | |
| Configure the system to hide workstations from the network browser listing. CC ID 01804 | Configuration | Preventive | |
| Enable the safe DSS search mode. CC ID 01805 | Configuration | Preventive | |
| Disable WebDAV basic authentication (sp 2 only). CC ID 01806 | Configuration | Preventive | |
| Disable basic authentication over a clear channel (sp 2 only). CC ID 01807 | Configuration | Preventive | |
| Enable the usb block storage device policy (sp 2 only). CC ID 01808 | Configuration | Preventive | |
| Block the Distributed Transaction Coordinator service and set additional Distributed Transaction Coordinator parameters, if necessary. CC ID 01809 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software\Classes. CC ID 02010 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software. CC ID 02011 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\NetDDE. CC ID 02012 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\OS/2 Subsystem for NT. CC ID 02013 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows NT\CurrentVersion\AsrCommands. CC ID 02014 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib. CC ID 02015 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy. CC ID 02016 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Installer. CC ID 02017 | Configuration | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies. CC ID 02018 | Configuration | Preventive | |
| Set the registry permission for HKLM\System. CC ID 02019 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\Clone. CC ID 02020 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\ControlSet001. CC ID 02021 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\ControlSet00x. CC ID 02022 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Control\SecurePipeServers\WinReg. CC ID 02023 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Control\WMI\Security. CC ID 02024 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Enum. CC ID 02025 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Hardware Profiles. CC ID 02026 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers. CC ID 02027 | Configuration | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities. CC ID 02028 | Configuration | Preventive | |
| Set the registry permission for HKU\.Default. CC ID 02029 | Configuration | Preventive | |
| Set the registry permission for HKU\.Default\Software\Microsoft\NetDDE. CC ID 02030 | Configuration | Preventive | |
| Set the registry permission for HKU\.Default\Software\Microsoft\Protected Storage System Provider. CC ID 02031 | Configuration | Preventive | |
| Set the registry permission for %SystemDrive%. CC ID 02032 | Configuration | Preventive | |
| Enable auditing for HKLM\Software and set its registry permission. CC ID 02033 | Configuration | Preventive | |
| Enable auditing for HKLM\System and set its registry permission. CC ID 02034 | Configuration | Preventive | |
| Configure the system to a set number of unacknowledged data retransmissions. CC ID 04271 | Configuration | Preventive | |
| Configure the system to remap folder types to Notepad. CC ID 04312 | Configuration | Preventive | |
| Configure the system to show hidden file types. CC ID 04313 | Configuration | Preventive | |
| Configure the "Do not process the legacy run list" setting. CC ID 04322 | Configuration | Preventive | |
| Configure the "Do not process the run once list" setting. CC ID 04323 | Configuration | Preventive | |
| Configure "Registry policy processing" to organizational standards. CC ID 04324 | Configuration | Preventive | |
| Configure the "Restrict Terminal Server users to a single remote session" setting to organizational standards. CC ID 04510 | Configuration | Preventive | |
| Configure the "Do not use temporary folders per session" setting to organizational standards. CC ID 04513 | Configuration | Preventive | |
| Configure the "Do not delete temp folder upon exit" setting to organizational standards. CC ID 04514 | Configuration | Preventive | |
| Configure the "Turn off background refresh of Group Policy" setting to organizational standards. CC ID 04520 | Configuration | Preventive | |
| Configure the "Configure Windows NTP Client" setting. CC ID 04522 | Configuration | Preventive | |
| Configure the "Disallow installation of printers using kernel-mode drivers" setting to organizational standards. CC ID 04523 | Configuration | Preventive | |
| Configure the "Prevent codec download" setting to organizational standards. CC ID 04524 | Configuration | Preventive | |
| Verify the Posix registry key does not exist. CC ID 04525 | Configuration | Preventive | |
| Configure the Recycle Bin to delete files on assets running Windows Server 2003. CC ID 04526 | Configuration | Preventive | |
| Configure the system to allow only administrators with permissions to change the security settings of Distributed Component Object Model objects. CC ID 04529 | Configuration | Preventive | |
| Configure the system to allow Distributed Component Object Model calls to be executed only under the calling user's security context. CC ID 04530 | Configuration | Preventive | |
| Configure the version string reported by the bind service properly. CC ID 05140 | Configuration | Preventive | |
| Enable or disable performing source validation by reverse path, as appropriate. CC ID 05141 | Configuration | Preventive | |
| Verify the environment variable "Os2LibPath" exists, as appropriate. CC ID 05142 | Configuration | Preventive | |
| Define the path to the Microsoft OS/2 version 1.x library properly. CC ID 05143 | Configuration | Preventive | |
| Set the "Specify intranet Microsoft update service location" properly. CC ID 05144 | Configuration | Preventive | |
| Set the path to the debugger used for Just-In-Time debugging properly. CC ID 05145 | Configuration | Preventive | |
| Set the OS/2 Subsystem location properly. CC ID 05146 | Configuration | Preventive | |
| Configure extended TCP reserved ports properly. CC ID 05147 | Configuration | Preventive | |
| Enable or disable ICMPv4 redirects, as appropriate. CC ID 05148 | Configuration | Preventive | |
| Enable or disable ICMPv6 redirects, as appropriate. CC ID 05149 | Configuration | Preventive | |
| Configure ICMP timestamp broadcast request responses properly. CC ID 05151 | Configuration | Preventive | |
| Configure Internet Control Message Protocol echo (ping) request responses properly. CC ID 05152 | Configuration | Preventive | |
| Configure ICMP netmask request responses properly. CC ID 05153 | Configuration | Preventive | |
| Set the registry permission for HKEY_CLASSES_ROOT properly. CC ID 05154 | Configuration | Preventive | |
| Set the registry key HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Os2 properly. CC ID 05155 | Configuration | Preventive | |
| Set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Debugger properly. CC ID 05156 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Regfile\Shell\Open\Command properly. CC ID 05157 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography properly. CC ID 05158 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp properly. CC ID 05159 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\helpfile properly. CC ID 05160 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing properly. CC ID 05161 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais properly. CC ID 05162 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell properly. CC ID 05163 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony properly. CC ID 05164 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability properly. CC ID 05165 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell properly. CC ID 05166 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion properly. CC ID 05167 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech properly. CC ID 05168 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC properly. CC ID 05169 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem properly. CC ID 05170 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates properly. CC ID 05171 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports properly. CC ID 05172 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing properly. CC ID 05173 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Policies properly. CC ID 05174 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor properly. CC ID 05175 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ads\Providers\WinNT properly. CC ID 05176 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT properly. CC ID 05177 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS properly. CC ID 05178 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions properly. CC ID 05179 | Configuration | Preventive | |
| Set the registry permission for HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots properly. CC ID 05180 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager properly. CC ID 05181 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help properly. CC ID 05182 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip properly. CC ID 05183 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing properly. CC ID 05184 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DeviceManager properly. CC ID 05185 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security properly. CC ID 05186 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP properly. CC ID 05187 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent properly. CC ID 05188 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security properly. CC ID 05189 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security properly. CC ID 05190 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security properly. CC ID 05191 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security properly. CC ID 05192 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security properly. CC ID 05193 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security properly. CC ID 05194 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security properly. CC ID 05195 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security properly. CC ID 05196 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility properly. CC ID 05197 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security properly. CC ID 05198 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security properly. CC ID 05199 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services properly. CC ID 05200 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers properly. CC ID 05201 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network properly. CC ID 05202 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\LSA\Data properly. CC ID 05203 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG properly. CC ID 05204 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1 properly. CC ID 05205 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD properly. CC ID 05206 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control properly. CC ID 05207 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wbem properly. CC ID 05208 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security properly. CC ID 05209 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font properly. CC ID 05210 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog properly. CC ID 05211 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares properly. CC ID 05212 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status properly. CC ID 05213 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Secure properly. CC ID 05214 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups properly. CC ID 05215 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon properly. CC ID 05216 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones properly. CC ID 05217 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping properly. CC ID 05218 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS properly. CC ID 05219 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper properly. CC ID 05220 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility properly. CC ID 05221 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug properly. CC ID 05222 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx properly. CC ID 05223 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce properly. CC ID 05224 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run properly. CC ID 05225 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows properly. CC ID 05226 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Secure properly. CC ID 05227 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC properly. CC ID 05228 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options properly. CC ID 05229 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole properly. CC ID 05230 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions properly. CC ID 05231 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout properly. CC ID 05232 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex properly. CC ID 05233 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName properly. CC ID 05234 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy properly. CC ID 05235 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule properly. CC ID 05236 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost properly. CC ID 05237 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit properly. CC ID 05238 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList properly. CC ID 05239 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS properly. CC ID 05240 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 properly. CC ID 05241 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes properly. CC ID 05242 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion properly. CC ID 05243 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates properly. CC ID 05244 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows properly. CC ID 05245 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole properly. CC ID 05246 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers properly. CC ID 05247 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies properly. CC ID 05248 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey properly. CC ID 05249 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host properly. CC ID 05250 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings properly. CC ID 05251 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class properly. CC ID 05252 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security properly. CC ID 05253 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache properly. CC ID 05254 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security properly. CC ID 05255 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security properly. CC ID 05256 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt properly. CC ID 05257 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess properly. CC ID 05259 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security properly. CC ID 05260 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security properly. CC ID 05261 | Configuration | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries properly. CC ID 05262 | Configuration | Preventive | |
| Configure the "audit the %SystemDrive% directory" setting to organizational standards. CC ID 10099 | Configuration | Preventive | |
| Configure the "audit the HKEY_LOCAL_MACHINESOFTWARE registry key" setting to organizational standards. CC ID 10100 | Configuration | Preventive | |
| Configure the "audit the HKEY_LOCAL_MACHINESYSTEM registry key" setting to organizational standards. CC ID 10101 | Configuration | Preventive | |
| Configure the "%ProgramFiles%" directory permissions to organizational standards. CC ID 10102 | Configuration | Preventive | |
| Configure the "%ProgramFiles%Resource Kit" directory permissions to organizational standards. CC ID 10103 | Configuration | Preventive | |
| Configure the "%ProgramFiles%Resource Pro Kit" directory permissions to organizational standards. CC ID 10104 | Configuration | Preventive | |
| Configure the "%SystemDrive%" directory permissions to organizational standards. CC ID 10105 | Configuration | Preventive | |
| Configure the "%SystemDrive%AUTOEXEC.BAT" file permissions to organizational standards. CC ID 10106 | Configuration | Preventive | |
| Configure the "%SystemDrive%BOOT.INI" file permissions to organizational standards. CC ID 10107 | Configuration | Preventive | |
| Configure the "%SystemDrive%CONFIG.SYS" file permissions to organizational standards. CC ID 10108 | Configuration | Preventive | |
| Configure the "%SystemDrive%Documents and Settings" file permissions to organizational standards. CC ID 10109 | Configuration | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAdministrator" directory permissions to organizational standards. CC ID 10110 | Configuration | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAll Users" directory permissions to organizational standards. CC ID 10111 | Configuration | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersDocumentsDrWatson" directory permissions to organizational standards. CC ID 10112 | Configuration | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersDocumentsDrWatsondrwtsn32.log" file permissions to organizational standards. CC ID 10113 | Configuration | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsDefault User" directory permissions to organizational standards. CC ID 10114 | Configuration | Preventive | |
| Configure the "%SystemDrive%IO.SYS" file permissions to organizational standards. CC ID 10115 | Configuration | Preventive | |
| Configure the "%SystemDrive%MSDOS.SYS" file permissions to organizational standards. CC ID 10116 | Configuration | Preventive | |
| Configure the "%SystemDrive%NTBOOTDD.SYS" file permissions to organizational standards. CC ID 10117 | Configuration | Preventive | |
| Configure the "%SystemDrive%NTDETECT.COM" file permissions to organizational standards. CC ID 10118 | Configuration | Preventive | |
| Configure the "%SystemDrive%NTLDR" file permissions to organizational standards. CC ID 10119 | Configuration | Preventive | |
| Configure the "%SystemDrive%Temp" directory permissions to organizational standards. CC ID 10120 | Configuration | Preventive | |
| Configure the "%SystemDrive%My Download Files" directory permissions to organizational standards. CC ID 10121 | Configuration | Preventive | |
| Configure the "%SystemDrive%System Volume Information" file permissions to organizational standards. CC ID 10122 | Configuration | Preventive | |
| Configure the "%SystemRoot%" directory permissions to organizational standards. CC ID 10123 | Configuration | Preventive | |
| Configure the "%SystemRoot%Driver CacheI386Driver.cab" directory permissions to organizational standards. CC ID 10124 | Configuration | Preventive | |
| Configure the "%SystemRoot%$NtServicePackUninstall$" directory permissions to organizational standards. CC ID 10125 | Configuration | Preventive | |
| Configure the "%SystemRoot%$NtServicePackUninstall$" directory permissions to organizational standards. CC ID 10126 | Configuration | Preventive | |
| Configure the "%SystemRoot%$NtUninstall*" directories permissions to organizational standards. CC ID 10127 | Configuration | Preventive | |
| Configure the "%SystemRoot%CSC" directory permissions to organizational standards. CC ID 10128 | Configuration | Preventive | |
| Configure the "%SystemRoot%Debug" directory permissions to organizational standards. CC ID 10129 | Configuration | Preventive | |
| Configure the "%SystemRoot%DebugUserMode" directory permissions to organizational standards. CC ID 10130 | Configuration | Preventive | |
| Configure the "%SystemRoot% egedit.exe" file permissions to organizational standards. CC ID 10131 | Configuration | Preventive | |
| Configure the "%SystemDrive%NTDS" directory permissions to organizational standards. CC ID 10132 | Configuration | Preventive | |
| Configure the "%SystemRoot%Offline Web Pages" directory permissions to organizational standards. CC ID 10133 | Configuration | Preventive | |
| Configure the "%SystemRoot%Registration" directory permissions to organizational standards. CC ID 10134 | Configuration | Preventive | |
| Configure the "%SystemRoot% epair" directory permissions to organizational standards. CC ID 10135 | Configuration | Preventive | |
| Configure the "%SystemRoot%security" directory permissions to organizational standards. CC ID 10136 | Configuration | Preventive | |
| Configure the "%SystemRoot%SYSVOL" directory permissions to organizational standards. CC ID 10137 | Configuration | Preventive | |
| Configure the "%SystemRoot%SYSVOLdomainPolicies" directory permissions to organizational standards. CC ID 10138 | Configuration | Preventive | |
| Configure the "%SystemRoot%Temp" directory permissions to organizational standards. CC ID 10139 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32" directory permissions to organizational standards. CC ID 10140 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32arp.exe" directory permissions to organizational standards. CC ID 10141 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32at.exe" file permissions to organizational standards. CC ID 10142 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32CONFIG" file permissions to organizational standards. CC ID 10143 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32CONFIGAppEvent.evt" file permissions to organizational standards. CC ID 10144 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32CONFIG*.evt" file permissions to organizational standards. CC ID 10145 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32dllcache" directory permissions to organizational standards. CC ID 10146 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32DTCLog" directory permissions to organizational standards. CC ID 10147 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32GroupPolicy" directory permissions to organizational standards. CC ID 10148 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32ias" directory permissions to organizational standards. CC ID 10149 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32Ntbackup.exe" file permissions to organizational standards. CC ID 10150 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32NTMSData" directory permissions to organizational standards. CC ID 10151 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32Rcp.exe" file permissions to organizational standards. CC ID 10152 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32Regedt32.exe" file permissions to organizational standards. CC ID 10153 | Configuration | Preventive | |
| Configure the "%SystemRoot%system32ReinstallBackups" directory permissions to organizational standards. CC ID 10154 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32Rexec.exe" file permissions to organizational standards. CC ID 10155 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32Rsh.exe" file permissions to organizational standards. CC ID 10156 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32Secedit.exe" file permissions to organizational standards. CC ID 10157 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32Setup" directory permissions to organizational standards. CC ID 10158 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 epl" directory permissions to organizational standards. CC ID 10159 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 eplexport" directory permissions to organizational standards. CC ID 10160 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 eplimport" directory permissions to organizational standards. CC ID 10161 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32spoolPrinters" directory permissions to organizational standards. CC ID 10162 | Configuration | Preventive | |
| Configure the "%SystemRoot%Tasks" directory permissions to organizational standards. CC ID 10163 | Configuration | Preventive | |
| Configure the "%ALL%Program FilesMQSeries" directory permissions to organizational standards. CC ID 10164 | Configuration | Preventive | |
| Configure the "%ALL%Program FilesMQSeriesqmggr" directory permissions to organizational standards. CC ID 10165 | Configuration | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersApplication DataMicrosoftHTML Help ACL" directory permissions to organizational standards. CC ID 10166 | Configuration | Preventive | |
| Configure the "%SystemDrive%WINNTSECURITYDatabaseSECEDIT.SDB ACL" directory permissions to organizational standards. CC ID 10167 | Configuration | Preventive | |
| Configure the "HKEY_CLASSES_ROOT" registry key permissions to organizational standards. CC ID 10168 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWARE" registry key permissions to organizational standards. CC ID 10169 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasses" registry key permissions to organizational standards. CC ID 10170 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClassesRegfileShellOpenCommand" registry key permissions to organizational standards. CC ID 10171 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftNetDDE" registry key permissions to organizational standards. CC ID 10172 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftOS/2 Subsystem for NT" registry key permissions to organizational standards. CC ID 10173 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAsrCommands" registry key permissions to organizational standards. CC ID 10174 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib" registry key permissions to organizational standards. CC ID 10175 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup Policy" registry key permissions to organizational standards. CC ID 10176 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller" registry key permissions to organizational standards. CC ID 10177 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPolicies" registry key permissions to organizational standards. CC ID 10178 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEM" registry key permissions to organizational standards. CC ID 10179 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMclone" registry key permissions to organizational standards. CC ID 10180 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset001" registry key permissions to organizational standards. CC ID 10181 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset002" registry key permissions to organizational standards. CC ID 10182 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset003" registry key permissions to organizational standards. CC ID 10183 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset004" registry key permissions to organizational standards. CC ID 10184 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset005" registry key permissions to organizational standards. CC ID 10185 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset006" registry key permissions to organizational standards. CC ID 10186 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset007" registry key permissions to organizational standards. CC ID 10187 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset008" registry key permissions to organizational standards. CC ID 10188 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset009" registry key permissions to organizational standards. CC ID 10189 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset010" registry key permissions to organizational standards. CC ID 10190 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServerswinreg" registry key permissions to organizational standards. CC ID 10191 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlWmiSecurity" registry key permissions to organizational standards. CC ID 10192 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum" registry key permissions to organizational standards. CC ID 10193 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetHardware Profiles" registry key permissions to organizational standards. CC ID 10194 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers" registry key permissions to organizational standards. CC ID 10195 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities" registry key permissions to organizational standards. CC ID 10196 | Configuration | Preventive | |
| Configure the "HKEY_USERS.DEFAULT " registry key permissions to organizational standards. CC ID 10197 | Configuration | Preventive | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftNetDDE" registry key permissions to organizational standards. CC ID 10198 | Configuration | Preventive | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftProtected Storage System Provider" registry key permissions to organizational standards. CC ID 10199 | Configuration | Preventive | |
| Configure the "HKEY_CLASSES_ROOT" registry key permissions to organizational standards. CC ID 10200 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 unas.exe" file permissions to organizational standards. CC ID 10222 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAEDebugDebugger" registry key to organizational standards. CC ID 10233 | Configuration | Preventive | |
| Configure the "%SystemDrive%perflogs" directory permissions to organizational standards. CC ID 10266 | Configuration | Preventive | |
| Configure the "%SystemDrive%i386" directory permissions to organizational standards. CC ID 10267 | Configuration | Preventive | |
| Configure the "%ProgramFiles%Common FilesSpeechEnginesTTS" directory permissions to organizational standards. CC ID 10268 | Configuration | Preventive | |
| Configure the "%SystemRoot%\_default.plf" file permissions to organizational standards. CC ID 10269 | Configuration | Preventive | |
| Configure the "%SystemRoot%addins" directory permissions to organizational standards. CC ID 10270 | Configuration | Preventive | |
| Configure the "%SystemRoot%appPatch" directory permissions to organizational standards. CC ID 10271 | Configuration | Preventive | |
| Configure the "%SystemRoot%clock.avi" file permissions to organizational standards. CC ID 10272 | Configuration | Preventive | |
| Configure the "%SystemRoot%Connection Wizard" directory permissions to organizational standards. CC ID 10273 | Configuration | Preventive | |
| Configure the "%SystemRoot%Driver Cache" file permissions to organizational standards. CC ID 10274 | Configuration | Preventive | |
| Configure the "%SystemRoot%explorer.scf" file permissions to organizational standards. CC ID 10275 | Configuration | Preventive | |
| Configure the "%SystemRoot%explorer.exe" file permissions to organizational standards. CC ID 10276 | Configuration | Preventive | |
| Configure the "%SystemRoot%Help" directory permissions to organizational standards. CC ID 10277 | Configuration | Preventive | |
| Configure the "%SystemRoot%infunregmp2.exe" file permissions to organizational standards. CC ID 10278 | Configuration | Preventive | |
| Configure the "%SystemRoot%Java" directory permissions to organizational standards. CC ID 10279 | Configuration | Preventive | |
| Configure the "%SystemRoot%mib.bin" file permissions to organizational standards. CC ID 10280 | Configuration | Preventive | |
| Configure the "%SystemRoot%msagent" directory permissions to organizational standards. CC ID 10281 | Configuration | Preventive | |
| Configure the "%SystemRoot%msdfmap.ini" file permissions to organizational standards. CC ID 10282 | Configuration | Preventive | |
| Configure the "%SystemRoot%mui" directory permissions to organizational standards. CC ID 10283 | Configuration | Preventive | |
| Configure the "%SystemRoot%security emplates" directory permissions to organizational standards. CC ID 10284 | Configuration | Preventive | |
| Configure the "%SystemRoot%speech" directory permissions to organizational standards. CC ID 10285 | Configuration | Preventive | |
| Configure the "%SystemRoot%system.ini" file permissions to organizational standards. CC ID 10286 | Configuration | Preventive | |
| Configure the "%SystemRoot%systemsetup.inf" file permissions to organizational standards. CC ID 10287 | Configuration | Preventive | |
| Configure the "%SystemRoot%systemstdole.tlb" file permissions to organizational standards. CC ID 10288 | Configuration | Preventive | |
| Configure the "%SystemRoot% wain_32" directory permissions to organizational standards. CC ID 10289 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32cacls.exe" directory permissions to organizational standards. CC ID 10290 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32attrib.exe" directory permissions to organizational standards. CC ID 10291 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32CatRoot" directory permissions to organizational standards. CC ID 10292 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32configsystemprofile" directory permissions to organizational standards. CC ID 10293 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32debug.exe" file permissions to organizational standards. CC ID 10294 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32dhcp" directory permissions to organizational standards. CC ID 10295 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32drivers" directory permissions to organizational standards. CC ID 10296 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32eventtriggers.exe" file permissions to organizational standards. CC ID 10297 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32edlin.exe" file permissions to organizational standards. CC ID 10298 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32eventcreate.exe" file permissions to organizational standards. CC ID 10299 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32Export" directory permissions to organizational standards. CC ID 10300 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32ipconfig.exe" file permissions to organizational standards. CC ID 10301 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32\nslookup.exe" file permissions to organizational standards CC ID 10302 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 etstat.exe" file permissions to organizational standards. CC ID 10303 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 btstat.exe" file permissions to organizational standards. CC ID 10304 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32ftp.exe" file permissions to organizational standards. CC ID 10305 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32LogFiles" directory permissions to organizational standards. CC ID 10306 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32mshta.exe" file permissions to organizational standards. CC ID 10307 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32mui" directory permissions to organizational standards. CC ID 10308 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 et.exe" file permissions to organizational standards. CC ID 10309 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 etsh.exe" file permissions to organizational standards. CC ID 10310 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 et1.exe" file permissions to organizational standards. CC ID 10311 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 eg.exe" file permissions to organizational standards. CC ID 10312 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 egini.exe" file permissions to organizational standards. CC ID 10313 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 egsvr32.exe" file permissions to organizational standards. CC ID 10314 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 oute.exe" file permissions to organizational standards. CC ID 10315 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32sc.exe" file permissions to organizational standards. CC ID 10316 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32ShellExt" directory permissions to organizational standards. CC ID 10317 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32subst.exe" file permissions to organizational standards. CC ID 10318 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32systeminfo.exe" file permissions to organizational standards. CC ID 10319 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 elnet.exe" file permissions to organizational standards. CC ID 10320 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 ftp.exe" file permissions to organizational standards. CC ID 10321 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32wbem" directory permissions to organizational standards. CC ID 10322 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32 lntsvr.exe" file permissions to organizational standards. CC ID 10323 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32wbemmof" directory permissions to organizational standards. CC ID 10324 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32wbem epository" directory permissions to organizational standards. CC ID 10325 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32wbemlogs" directory permissions to organizational standards. CC ID 10326 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography" registry key permissions to organizational standards. CC ID 10327 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasses.hlp" registry key permissions to organizational standards. CC ID 10328 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasseshelpfile" registry key permissions to organizational standards. CC ID 10329 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftTracing" registry key permissions to organizational standards. CC ID 10330 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyCalais" registry key permissions to organizational standards. CC ID 10331 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell" registry key permissions to organizational standards. CC ID 10332 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionTelephony" registry key permissions to organizational standards. CC ID 10333 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionReliability" registry key permissions to organizational standards. CC ID 10334 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerUser Shell" registry key permissions to organizational standards. CC ID 10335 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion" registry key permissions to organizational standards. CC ID 10336 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSpeech" registry key permissions to organizational standards. CC ID 10337 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTC" registry key permissions to organizational standards. CC ID 10338 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEventSystem" registry key permissions to organizational standards. CC ID 10339 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEnterpriseCertificates" registry key permissions to organizational standards. CC ID 10340 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPorts" registry key permissions to organizational standards. CC ID 10341 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftDriver Signing" registry key permissions to organizational standards. CC ID 10342 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREPolicies" registry key permissions to organizational standards. CC ID 10343 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor" registry key permissions to organizational standards. CC ID 10344 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdsProvidersWinNT" registry key permissions to organizational standards. CC ID 10345 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersNWCOMPAT" registry key permissions to organizational standards. CC ID 10346 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersNDS" registry key permissions to organizational standards. CC ID 10347 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersLDAPExtensions" registry key permissions to organizational standards. CC ID 10348 | Configuration | Preventive | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftSystemCertificatesRootProtectedRoots" registry key permissions to organizational standards. CC ID 10349 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager" registry key permissions to organizational standards. CC ID 10350 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsHelp" registry key permissions to organizational standards. CC ID 10351 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip" registry key permissions to organizational standards. CC ID 10352 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftNon-Driver Signing" registry key permissions to organizational standards. CC ID 10353 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftDeviceManager" registry key permissions to organizational standards. CC ID 10354 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesClipSrvSecurity" registry key permissions to organizational standards. CC ID 10355 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDHCP" registry key permissions to organizational standards. CC ID 10356 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlServiceCurrent" registry key permissions to organizational standards. CC ID 10357 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogSecurity" registry key permissions to organizational standards. CC ID 10358 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWMISecurity" registry key permissions to organizational standards. CC ID 10359 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeSecurity" registry key permissions to organizational standards. CC ID 10360 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTapiSrvSecurity" registry key permissions to organizational standards. CC ID 10361 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSCardSvrSecurity" registry key permissions to organizational standards. CC ID 10362 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSamssSecurity" registry key permissions to organizational standards. CC ID 10363 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRpcSsSecurity" registry key permissions to organizational standards. CC ID 10364 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDEdsdmSecurity" registry key permissions to organizational standards. CC ID 10365 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAccessibility" registry key permissions to organizational standards. CC ID 10366 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceskdcSecurity" registry key permissions to organizational standards. CC ID 10367 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAppMgmtSecurity" registry key permissions to organizational standards. CC ID 10368 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices" registry key permissions to organizational standards. CC ID 10369 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServers" registry key permissions to organizational standards. CC ID 10370 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetwork" registry key permissions to organizational standards. CC ID 10371 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAData" registry key permissions to organizational standards. CC ID 10372 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAGBG" registry key permissions to organizational standards. CC ID 10373 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSASkew1" registry key permissions to organizational standards. CC ID 10374 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAJD" registry key permissions to organizational standards. CC ID 10375 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl" registry key permissions to organizational standards. CC ID 10376 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftwbem" registry key permissions to organizational standards. CC ID 10377 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDESecurity" registry key permissions to organizational standards. CC ID 10378 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFont" registry key permissions to organizational standards. CC ID 10379 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLog" registry key permissions to organizational standards. CC ID 10380 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerShares" registry key permissions to organizational standards. CC ID 10381 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREWindows 3.1 Migration Status" registry key permissions to organizational standards. CC ID 10382 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWARESecure" registry key permissions to organizational standards. CC ID 10383 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREProgram Groups" registry key permissions to organizational standards. CC ID 10384 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" registry key permissions to organizational standards. CC ID 10385 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTime Zones" registry key permissions to organizational standards. CC ID 10386 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMapping" registry key permissions to organizational standards. CC ID 10387 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUPS" registry key permissions to organizational standards. CC ID 10388 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontMapper" registry key permissions to organizational standards. CC ID 10389 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionCompatibility" registry key permissions to organizational standards. CC ID 10390 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAEDebug" registry key permissions to organizational standards. CC ID 10391 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx" registry key permissions to organizational standards. CC ID 10392 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce" registry key permissions to organizational standards. CC ID 10393 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" registry key permissions to organizational standards. CC ID 10394 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows" registry key permissions to organizational standards. CC ID 10395 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecure" registry key permissions to organizational standards. CC ID 10396 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftRPC" registry key permissions to organizational standards. CC ID 10397 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" registry key permissions to organizational standards. CC ID 10398 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSetupRecoveryConsole" registry key permissions to organizational standards. CC ID 10399 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlProductOptions" registry key permissions to organizational standards. CC ID 10400 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlKeyboard Layout" registry key permissions to organizational standards. CC ID 10401 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlContentIndex" registry key permissions to organizational standards. CC ID 10402 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlComputerName" registry key permissions to organizational standards. CC ID 10403 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup Policy" registry key permissions to organizational standards. CC ID 10404 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule" registry key permissions to organizational standards. CC ID 10405 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost" registry key permissions to organizational standards. CC ID 10406 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSecEdit" registry key permissions to organizational standards. CC ID 10407 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList" registry key permissions to organizational standards. CC ID 10408 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionEFS" registry key permissions to organizational standards. CC ID 10409 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32" registry key permissions to organizational standards. CC ID 10410 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionClasses" registry key permissions to organizational standards. CC ID 10411 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion" registry key permissions to organizational standards. CC ID 10412 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSystemCertificates" registry key permissions to organizational standards. CC ID 10413 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows" registry key permissions to organizational standards. CC ID 10414 | Configuration | Preventive | |
| Configure the "%SystemRoot%Web" directory permissions to organizational standards. CC ID 10415 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle" registry key permissions to organizational standards. CC ID 10416 | Configuration | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintPrinters" registry key permissions to organizational standards. CC ID 10417 | Configuration | Preventive | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionPolicies" registry key permissions to organizational standards. CC ID 10418 | Configuration | Preventive | |
| Apply the appropriate warning message to systems. CC ID 01596 | Configuration | Preventive | |
| Create a warning message for standard logon services. CC ID 01597 | Configuration | Preventive | |
| Create a warning message for graphical logons. CC ID 01598 | Configuration | Preventive | |
| Create a warning message for terminal session logons. CC ID 06564 | Configuration | Preventive | |
| Create a warning message for FTP daemon. CC ID 01599 | Configuration | Preventive | |
| Create a warning message for telnet daemon. CC ID 01600 | Configuration | Preventive | |
| Create a power on warning message. CC ID 01601 | Configuration | Preventive | |
| Enable the Kerberos TGT expiration warning, as appropriate. CC ID 05263 | Configuration | Preventive | |
| Configure the sendmail greeting properly. CC ID 05264 | Configuration | Preventive | |
| Set the Electrically-Erasable Programmable Read-Only Memory warning message properly. CC ID 05265 | Configuration | Preventive | |
| Set the warning messages switchpoint distance to an appropriate value. CC ID 05266 | Configuration | Preventive | |
| Enable logon authentication management techniques. CC ID 00553 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Configuration | Preventive | |
| Configure the system to log all access attempts to all systems. CC ID 00554 | Configuration | Preventive | |
| Include the date and time that access was granted in the system record. CC ID 15174 | Establish/Maintain Documentation | Preventive | |
| Include the access level granted in the system record. CC ID 15173 | Establish/Maintain Documentation | Preventive | |
| Include when access is withdrawn in the system record. CC ID 15172 | Establish/Maintain Documentation | Preventive | |
| Configure devices and users to re-authenticate, as necessary. CC ID 10609 | Configuration | Preventive | |
| Restrict logons by specified source addresses. CC ID 16394 | Technical Security | Preventive | |
| Configure the "Lockout Enabled" setting to organizational standards. CC ID 09859 | Configuration | Preventive | |
| Prohibit the use of cached authenticators and credentials after a defined period of time. CC ID 10610 | Configuration | Preventive | |
| Establish, implement, and maintain authenticators. CC ID 15305 | Technical Security | Preventive | |
| Establish, implement, and maintain an authenticator standard. CC ID 01702 | Establish/Maintain Documentation | Preventive | |
| Disallow personal data in authenticators. CC ID 13864 | Technical Security | Preventive | |
| Establish, implement, and maintain an authenticator management system. CC ID 12031 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a repository of authenticators. CC ID 16372 | Data and Information Management | Preventive | |
| Establish, implement, and maintain authenticator procedures. CC ID 12002 | Establish/Maintain Documentation | Preventive | |
| Restrict access to authentication files to authorized personnel, as necessary. CC ID 12127 | Technical Security | Preventive | |
| Configure authenticators to comply with organizational standards. CC ID 06412 | Configuration | Preventive | |
| Configure the system to require new users to change their authenticator on first use. CC ID 05268 | Configuration | Preventive | |
| Configure authenticators so that group authenticators or shared authenticators are prohibited. CC ID 00519 | Configuration | Preventive | |
| Change the authenticator for shared accounts when the group membership changes. CC ID 14249 | Business Processes | Corrective | |
| Configure the system to prevent unencrypted authenticator use. CC ID 04457 | Configuration | Preventive | |
| Disable store passwords using reversible encryption. CC ID 01708 | Configuration | Preventive | |
| Configure the system to encrypt authenticators. CC ID 06735 | Configuration | Preventive | |
| Configure the system to mask authenticators. CC ID 02037 | Configuration | Preventive | |
| Configure the authenticator policy to ban the use of usernames or user identifiers in authenticators. CC ID 05992 | Configuration | Preventive | |
| Configure the "minimum number of digits required for new passwords" setting to organizational standards. CC ID 08717 | Establish/Maintain Documentation | Preventive | |
| Configure the "minimum number of upper case characters required for new passwords" setting to organizational standards. CC ID 08718 | Establish/Maintain Documentation | Preventive | |
| Configure the system to refrain from specifying the type of information used as password hints. CC ID 13783 | Configuration | Preventive | |
| Configure the "minimum number of lower case characters required for new passwords" setting to organizational standards. CC ID 08719 | Establish/Maintain Documentation | Preventive | |
| Disable machine account password changes. CC ID 01737 | Configuration | Preventive | |
| Configure the "minimum number of special characters required for new passwords" setting to organizational standards. CC ID 08720 | Establish/Maintain Documentation | Preventive | |
| Configure the "require new passwords to differ from old ones by the appropriate minimum number of characters" setting to organizational standards. CC ID 08722 | Establish/Maintain Documentation | Preventive | |
| Configure the "password reuse" setting to organizational standards. CC ID 08724 | Establish/Maintain Documentation | Preventive | |
| Configure the "Disable Remember Password" setting. CC ID 05270 | Configuration | Preventive | |
| Configure the "Minimum password age" to organizational standards. CC ID 01703 | Configuration | Preventive | |
| Configure the LILO/GRUB password. CC ID 01576 | Configuration | Preventive | |
| Configure the system to use Apple's Keychain Access to store passwords and certificates. CC ID 04481 | Configuration | Preventive | |
| Change the default password to Apple's Keychain. CC ID 04482 | Configuration | Preventive | |
| Configure Apple's Keychain items to ask for the Keychain password. CC ID 04483 | Configuration | Preventive | |
| Configure the Syskey Encryption Key and associated password. CC ID 05978 | Configuration | Preventive | |
| Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting. CC ID 04505 | Configuration | Preventive | |
| Configure the "System cryptography: Force strong key protection for user keys stored in the computer" setting. CC ID 04534 | Configuration | Preventive | |
| Configure interactive logon for accounts that do not have assigned authenticators in accordance with organizational standards. CC ID 05267 | Configuration | Preventive | |
| Enable or disable remote connections from accounts with empty authenticators, as appropriate. CC ID 05269 | Configuration | Preventive | |
| Configure the "Send LanMan compatible password" setting. CC ID 05271 | Configuration | Preventive | |
| Configure the authenticator policy to ban or allow authenticators as words found in dictionaries, as appropriate. CC ID 05993 | Configuration | Preventive | |
| Set the most number of characters required for the BitLocker Startup PIN correctly. CC ID 06054 | Configuration | Preventive | |
| Set the default folder for BitLocker recovery passwords correctly. CC ID 06055 | Configuration | Preventive | |
| Notify affected parties to keep authenticators confidential. CC ID 06787 | Behavior | Preventive | |
| Discourage affected parties from recording authenticators. CC ID 06788 | Behavior | Preventive | |
| Ensure the root account is the first entry in password files. CC ID 16323 | Data and Information Management | Detective | |
| Configure the "shadow password for all accounts in /etc/passwd" setting to organizational standards. CC ID 08721 | Establish/Maintain Documentation | Preventive | |
| Configure the "password hashing algorithm" setting to organizational standards. CC ID 08723 | Establish/Maintain Documentation | Preventive | |
| Configure the "Disable password strength validation for Peer Grouping" setting to organizational standards. CC ID 10866 | Configuration | Preventive | |
| Configure the "Set the interval between synchronization retries for Password Synchronization" setting to organizational standards. CC ID 11185 | Configuration | Preventive | |
| Configure the "Set the number of synchronization retries for servers running Password Synchronization" setting to organizational standards. CC ID 11187 | Configuration | Preventive | |
| Configure the "Turn off password security in Input Panel" setting to organizational standards. CC ID 11296 | Configuration | Preventive | |
| Configure the "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" setting to organizational standards. CC ID 11355 | Configuration | Preventive | |
| Configure the authenticator display screen to organizational standards. CC ID 13794 | Configuration | Preventive | |
| Configure the authenticator field to disallow memorized secrets found in the memorized secret list. CC ID 13808 | Configuration | Preventive | |
| Configure the authenticator display screen to display the memorized secret as an option. CC ID 13806 | Configuration | Preventive | |
| Disseminate and communicate with the end user when a memorized secret entered into an authenticator field matches one found in the memorized secret list. CC ID 13807 | Communicate | Preventive | |
| Configure the look-up secret authenticator to dispose of memorized secrets after their use. CC ID 13817 | Configuration | Corrective | |
| Configure the memorized secret verifiers to refrain from allowing anonymous users to access memorized secret hints. CC ID 13823 | Configuration | Preventive | |
| Configure the system to allow paste functionality for the authenticator field. CC ID 13819 | Configuration | Preventive | |
| Configure the system to require successful authentication before an authenticator for a user account is changed. CC ID 13821 | Configuration | Preventive | |
| Protect authenticators or authentication factors from unauthorized modification and disclosure. CC ID 15317 | Technical Security | Preventive | |
| Obscure authentication information during the login process. CC ID 15316 | Configuration | Preventive | |
| Change authenticators, as necessary. CC ID 15315 | Configuration | Preventive | |
| Implement safeguards to protect authenticators from unauthorized access. CC ID 15310 | Technical Security | Preventive | |
| Change all default authenticators. CC ID 15309 | Configuration | Preventive | |
| Configure each system's security alerts to organizational standards. CC ID 12113 | Technical Security | Preventive | |
| Configure the system to issue a security alert when an administrator account is created. CC ID 12122 | Configuration | Preventive | |
| Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881 | Configuration | Preventive | |
| Configure Hypertext Transfer Protocol headers in accordance with organizational standards. CC ID 16851 | Configuration | Preventive | |
| Configure Hypertext Transfer Protocol security headers in accordance with organizational standards. CC ID 16488 | Configuration | Preventive | |
| Configure "Enable Structured Exception Handling Overwrite Protection (SEHOP)" to organizational standards. CC ID 15385 | Configuration | Preventive | |
| Configure Microsoft Attack Surface Reduction rules in accordance with organizational standards. CC ID 16478 | Configuration | Preventive | |
| Configure "Remote host allows delegation of non-exportable credentials" to organizational standards. CC ID 15379 | Configuration | Preventive | |
| Configure "Configure enhanced anti-spoofing" to organizational standards. CC ID 15376 | Configuration | Preventive | |
| Configure "Block user from showing account details on sign-in" to organizational standards. CC ID 15374 | Configuration | Preventive | |
| Configure "Configure Attack Surface Reduction rules" to organizational standards. CC ID 15370 | Configuration | Preventive | |
| Configure "Turn on e-mail scanning" to organizational standards. CC ID 15361 | Configuration | Preventive | |
| Configure "Prevent users and apps from accessing dangerous websites" to organizational standards. CC ID 15359 | Configuration | Preventive | |
| Configure "Enumeration policy for external devices incompatible with Kernel DMA Protection" to organizational standards. CC ID 15352 | Configuration | Preventive | |
| Configure "Prevent Internet Explorer security prompt for Windows Installer scripts" to organizational standards. CC ID 15351 | Configuration | Preventive | |
| Store state information from applications and software separately. CC ID 14767 | Configuration | Preventive | |
| Configure the "aufs storage" to organizational standards. CC ID 14461 | Configuration | Preventive | |
| Configure the "AppArmor Profile" to organizational standards. CC ID 14496 | Configuration | Preventive | |
| Configure the "device" argument to organizational standards. CC ID 14536 | Configuration | Preventive | |
| Configure the "Docker" group ownership to organizational standards. CC ID 14495 | Configuration | Preventive | |
| Configure the "Docker" user ownership to organizational standards. CC ID 14505 | Configuration | Preventive | |
| Configure "Allow upload of User Activities" to organizational standards. CC ID 15338 | Configuration | Preventive | |
| Configure the system to restrict Core dumps to a protected directory. CC ID 01513 | Configuration | Preventive | |
| Configure the system to enable Stack protection. CC ID 01514 | Configuration | Preventive | |
| Configure the system to restrict NFS client requests to privileged ports. CC ID 01515 | Configuration | Preventive | |
| Configure the system to use better TCP Sequence Numbers. CC ID 01516 | Configuration | Preventive | |
| Configure the system to a default secure level. CC ID 01519 | Configuration | Preventive | |
| Configure the system to block users from viewing un-owned processes. CC ID 01520 | Configuration | Preventive | |
| Configure the system to block users from viewing processes in other groups. CC ID 01521 | Configuration | Preventive | |
| Add the "nosuid" option to /etc/rmmount.conf. CC ID 01532 | Configuration | Preventive | |
| Configure the system to block non-privileged mountd requests. CC ID 01533 | Configuration | Preventive | |
| Use host-based or Internet Protocol-based export lists for mountd. CC ID 06887 | Configuration | Preventive | |
| Add the "nodev" option to the appropriate partitions in /etc/fstab. CC ID 01534 | Configuration | Preventive | |
| Add the "nosuid" option and "nodev" option for removable storage media in the /etc/fstab file. CC ID 01535 | Configuration | Preventive | |
| Configure the sticky bit on world-writable directories. CC ID 01540 | Configuration | Preventive | |
| Verify system files are not world-writable. CC ID 01546 | Technical Security | Preventive | |
| Verify backup directories containing patches are not accessible. CC ID 01547 | Technical Security | Preventive | |
| Run hp_checkperms. CC ID 01548 | Configuration | Preventive | |
| Run fix-modes. CC ID 01549 | Configuration | Preventive | |
| Convert the system to "Trusted Mode", if possible. CC ID 01550 | Configuration | Preventive | |
| Configure the sadmind service to a higher Security level. CC ID 01551 | Configuration | Preventive | |
| Use host-based or Internet Protocol-based export lists for sadmind. CC ID 06886 | Configuration | Preventive | |
| Find files and directories with extended attributes. CC ID 01552 | Technical Security | Detective | |
| Configure all.rhosts files to be readable only by their owners. CC ID 01557 | Configuration | Preventive | |
| Set the symlink /etc/hosts.equiv file to /dev/null. CC ID 01558 | Configuration | Preventive | |
| Configure the default locking Screen saver timeout to a predetermined time period. CC ID 01570 | Configuration | Preventive | |
| Configure the Security Center (Domain PCs only). CC ID 01967 | Configuration | Preventive | |
| Configure the system to immediately protect the computer after the Screen saver is activated by setting the time before the Screen saver grace period expires to a predefined amount. CC ID 04276 | Configuration | Preventive | |
| Configure the system to require a password before it unlocks the Screen saver software. CC ID 04443 | Configuration | Preventive | |
| Enable the safe DLL search mode. CC ID 04273 | Configuration | Preventive | |
| Configure the computer to stop generating 8.3 filename formats. CC ID 04274 | Configuration | Preventive | |
| Configure the system to use certificate rules for software restriction policies. CC ID 04266 | Configuration | Preventive | |
| Configure the "Do not allow drive redirection" setting. CC ID 04316 | Configuration | Preventive | |
| Configure the "Turn off the 'Publish to Web' task for files and folders" setting. CC ID 04328 | Configuration | Preventive | |
| Configure the "Turn off Internet download for Web publishing and online ordering wizards" setting. CC ID 04329 | Configuration | Preventive | |
| Configure the "Turn off Search Companion content file updates" setting. CC ID 04331 | Configuration | Preventive | |
| Configure the "Turn off printing over HTTP" setting. CC ID 04332 | Configuration | Preventive | |
| Configure the "Turn off downloading of print drivers over HTTP" setting. CC ID 04333 | Configuration | Preventive | |
| Configure the "Turn off Windows Update device driver searching" setting. CC ID 04334 | Configuration | Preventive | |
| Configure the "Display Error Notification" setting to organizational standards. CC ID 04335 | Configuration | Preventive | |
| Configure the "Turn off Windows error reporting" setting to organizational standards. CC ID 04336 | Configuration | Preventive | |
| Configure the "Disable software update shell notifications on program launch" setting. CC ID 04339 | Configuration | Preventive | |
| Configure the "Make proxy settings per-machine (rather than per-user)" setting. CC ID 04341 | Configuration | Preventive | |
| Configure the "Security Zones: Do not allow users to add/delete sites" setting. CC ID 04342 | Configuration | Preventive | |
| Configure the "Security Zones: Do not allow users to change policies" setting. CC ID 04343 | Configuration | Preventive | |
| Configure the "Security Zones: Use only machine settings" setting. CC ID 04344 | Configuration | Preventive | |
| Configure the "Allow software to run or install even if the signature is invalid" setting. CC ID 04346 | Configuration | Preventive | |
| Configure the "internet explorer processes (scripted window security restrictions)" setting. CC ID 04350 | Configuration | Preventive | |
| Configure the "internet explorer processes (zone elevation protection)" setting. CC ID 04351 | Configuration | Preventive | |
| Configure the "Prevent access to registry editing tools" setting. CC ID 04355 | Configuration | Preventive | |
| Configure the "Do not preserve zone information in file attachments" setting. CC ID 04357 | Configuration | Preventive | |
| Configure the "Hide mechanisms to remove zone information" setting. CC ID 04358 | Configuration | Preventive | |
| Configure the "Notify antivirus programs when opening attachments" setting. CC ID 04359 | Configuration | Preventive | |
| Configure the "Configure Outlook Express" setting. CC ID 04360 | Configuration | Preventive | |
| Configure the "Disable Changing Automatic Configuration settings" setting. CC ID 04361 | Configuration | Preventive | |
| Configure the "Disable changing certificate settings" setting. CC ID 04362 | Configuration | Preventive | |
| Configure the "Disable changing connection settings" setting. CC ID 04363 | Configuration | Preventive | |
| Configure the "Disable changing proxy settings" setting. CC ID 04364 | Configuration | Preventive | |
| Configure the "Turn on the auto-complete feature for user names and passwords on forms" setting. CC ID 04365 | Configuration | Preventive | |
| Configure the NetWare bindery contexts. CC ID 04444 | Configuration | Preventive | |
| Configure the NetWare console's SECURE.NCF settings. CC ID 04445 | Configuration | Preventive | |
| Configure the CPU Hog Timeout setting. CC ID 04446 | Configuration | Preventive | |
| Configure the "Check Equivalent to Me" setting. CC ID 04463 | Configuration | Preventive | |
| Configure the /etc/sshd_config file. CC ID 04475 | Configuration | Preventive | |
| Configure the .Mac preferences. CC ID 04484 | Configuration | Preventive | |
| Configure the Fast User Switching setting. CC ID 04485 | Configuration | Preventive | |
| Configure the Recent Items List (servers, applications, documents) setting. CC ID 04486 | Configuration | Preventive | |
| Configure Apple's Dock preferences. CC ID 04487 | Configuration | Preventive | |
| Configure the "ulimit" to organizational standards. CC ID 14499 | Configuration | Preventive | |
| Configure the Energy Saver preferences. CC ID 04488 | Configuration | Preventive | |
| Configure the local system search preferences to directories that do not contain restricted data or restricted information. CC ID 04492 | Configuration | Preventive | |
| Digitally sign and encrypt e-mail, as necessary. CC ID 04493 | Technical Security | Preventive | |
| Manage temporary files, as necessary. CC ID 04847 | Technical Security | Preventive | |
| Configure the computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender properly. CC ID 05282 | Configuration | Preventive | |
| Enable or disable the ability of users to perform interactive startups, as appropriate. CC ID 05283 | Configuration | Preventive | |
| Set the /etc/passwd file's NIS file inclusions properly. CC ID 05284 | Configuration | Preventive | |
| Configure the "Turn off Help Ratings" setting. CC ID 05285 | Configuration | Preventive | |
| Configure the "Decoy Admin Account Not Disabled" policy properly. CC ID 05286 | Configuration | Preventive | |
| Configure the "Additional restrictions for anonymous connections" policy properly. CC ID 05287 | Configuration | Preventive | |
| Configure the "Anonymous access to the registry" policy properly. CC ID 05288 | Configuration | Preventive | |
| Configure the File System Checker and Popups setting. CC ID 05289 | Configuration | Preventive | |
| Configure the System File Checker setting. CC ID 05290 | Configuration | Preventive | |
| Configure the System File Checker Progress Meter setting. CC ID 05291 | Configuration | Preventive | |
| Configure the Protect Kernel object attributes properly. CC ID 05292 | Configuration | Preventive | |
| Configure the "Deleted Cached Copies of Roaming Profiles" policy properly. CC ID 05293 | Configuration | Preventive | |
| Verify that the X*.hosts file lists all authorized X-clients. CC ID 05294 | Configuration | Preventive | |
| Verify all files are owned by an existing account and group. CC ID 05295 | Configuration | Preventive | |
| Verify programs executed through the aliases file are owned by an appropriate user or group. CC ID 05296 | Configuration | Preventive | |
| Verify programs executed through the aliases file are stored in a directory with an appropriate owner. CC ID 05297 | Configuration | Preventive | |
| Verify the at directory is owned by an appropriate user or group. CC ID 05298 | Configuration | Preventive | |
| Verify the at.allow file is owned by an appropriate user or group. CC ID 05299 | Configuration | Preventive | |
| Verify the at.deny file is owned by an appropriate user or group. CC ID 05300 | Configuration | Preventive | |
| Verify the crontab directories are owned by an appropriate user or group. CC ID 05302 | Configuration | Preventive | |
| Verify the cron.allow file is owned by an appropriate user or group. CC ID 05303 | Configuration | Preventive | |
| Verify the cron.deny file is owned by an appropriate user or group. CC ID 05304 | Configuration | Preventive | |
| Verify crontab files are owned by an appropriate user or group. CC ID 05305 | Configuration | Preventive | |
| Verify the /etc/resolv.conf file is owned by an appropriate user or group. CC ID 05306 | Configuration | Preventive | |
| Verify the /etc/named.boot file is owned by an appropriate user or group. CC ID 05307 | Configuration | Preventive | |
| Verify the /etc/named.conf file is owned by an appropriate user or group. CC ID 05308 | Configuration | Preventive | |
| Verify the /var/named/chroot/etc/named.conf file is owned by an appropriate user or group. CC ID 05309 | Configuration | Preventive | |
| Verify home directories are owned by an appropriate user or group. CC ID 05310 | Configuration | Preventive | |
| Verify the inetd.conf file is owned by an appropriate user or group. CC ID 05311 | Configuration | Preventive | |
| Verify /etc/exports are owned by an appropriate user or group. CC ID 05312 | Configuration | Preventive | |
| Verify exported files and exported directories are owned by an appropriate user or group. CC ID 05313 | Configuration | Preventive | |
| Restrict the exporting of files and directories, as necessary. CC ID 16315 | Technical Security | Preventive | |
| Verify the /etc/services file is owned by an appropriate user or group. CC ID 05314 | Configuration | Preventive | |
| Verify the /etc/notrouter file is owned by an appropriate user or group. CC ID 05315 | Configuration | Preventive | |
| Verify the /etc/samba/smb.conf file is owned by an appropriate user or group. CC ID 05316 | Configuration | Preventive | |
| Verify the smbpasswd file and smbpasswd executable are owned by an appropriate user or group. CC ID 05317 | Configuration | Preventive | |
| Verify the aliases file is owned by an appropriate user or group. CC ID 05318 | Configuration | Preventive | |
| Verify the log file configured to capture critical sendmail messages is owned by an appropriate user or group. CC ID 05319 | Log Management | Preventive | |
| Verify Shell files are owned by an appropriate user or group. CC ID 05320 | Configuration | Preventive | |
| Verify the snmpd.conf file is owned by an appropriate user or group. CC ID 05321 | Configuration | Preventive | |
| Verify the /etc/syslog.conf file is owned by an appropriate user or group. CC ID 05322 | Configuration | Preventive | |
| Verify the traceroute executable is owned by an appropriate user or group. CC ID 05323 | Configuration | Preventive | |
| Verify the /usr/lib/sendmail file is owned by an appropriate user or group. CC ID 05324 | Technical Security | Preventive | |
| Verify the /etc/passwd file is owned by an appropriate user or group. CC ID 05325 | Configuration | Preventive | |
| Verify the /etc/shadow file is owned by an appropriate user or group. CC ID 05326 | Configuration | Preventive | |
| Verify the /etc/security/audit/config file is owned by an appropriate user or group. CC ID 05327 | Configuration | Preventive | |
| Verify the /etc/securit/audit/events file is owned by an appropriate user or group. CC ID 05328 | Configuration | Preventive | |
| Verify the /etc/security/audit/objects file is owned by an appropriate user or group. CC ID 05329 | Configuration | Preventive | |
| Verify the /usr/lib/trcload file is owned by an appropriate user or group. CC ID 05330 | Configuration | Preventive | |
| Verify the /usr/lib/semutil file is owned by an appropriate user or group. CC ID 05331 | Configuration | Preventive | |
| Verify system files are owned by an appropriate user or group. CC ID 05332 | Configuration | Preventive | |
| Verify the default/skeleton dot files are owned by an appropriate user or group. CC ID 05333 | Configuration | Preventive | |
| Verify the global initialization files are owned by an appropriate user or group. CC ID 05334 | Configuration | Preventive | |
| Verify the /etc/rc.config.d/auditing file is owned by an appropriate user or group. CC ID 05335 | Configuration | Preventive | |
| Verify the /etc/init.d file is owned by an appropriate user or group. CC ID 05336 | Configuration | Preventive | |
| Verify the /etc/hosts.lpd file is owned by an appropriate user or group. CC ID 05337 | Configuration | Preventive | |
| Verify the /etc/auto.master file is owned by an appropriate user or group. CC ID 05338 | Configuration | Preventive | |
| Verify the /etc/auto.misc file is owned by an appropriate user or group. CC ID 05339 | Configuration | Preventive | |
| Verify the /etc/auto.net file is owned by an appropriate user or group. CC ID 05340 | Configuration | Preventive | |
| Verify the boot/grub/grub.conf file is owned by an appropriate user or group. CC ID 05341 | Configuration | Preventive | |
| Verify the /etc/lilo.conf file is owned by an appropriate user or group. CC ID 05342 | Configuration | Preventive | |
| Verify the /etc/login.access file is owned by an appropriate user or group. CC ID 05343 | Configuration | Preventive | |
| Verify the /etc/security/access.conf file is owned by an appropriate user or group. CC ID 05344 | Configuration | Preventive | |
| Verify the /etc/sysctl.conf file is owned by an appropriate user or group. CC ID 05345 | Configuration | Preventive | |
| Configure the "secure_redirects" setting to organizational standards. CC ID 09941 | Configuration | Preventive | |
| Configure the "icmp_ignore_bogus_error_responses" setting to organizational standards. CC ID 09942 | Configuration | Preventive | |
| Configure the "rp_filter" setting to organizational standards. CC ID 09943 | Configuration | Preventive | |
| Verify the /etc/securetty file is owned by an appropriate user or group. CC ID 05346 | Configuration | Preventive | |
| Verify the /etc/audit/auditd.conf file is owned by an appropriate user or group. CC ID 05347 | Configuration | Preventive | |
| Verify the audit.rules file is owned by an appropriate user or group. CC ID 05348 | Configuration | Preventive | |
| Verify the /etc/group file is owned by an appropriate user or group. CC ID 05349 | Configuration | Preventive | |
| Verify the /etc/gshadow file is owned by an appropriate user or group. CC ID 05350 | Configuration | Preventive | |
| Verify the /usr/sbin/userhelper file is owned by an appropriate user or group. CC ID 05351 | Configuration | Preventive | |
| Verify all syslog log files are owned by an appropriate user or group. CC ID 05352 | Configuration | Preventive | |
| Verify the /etc/anacrontab file is owned by an appropriate user or group. CC ID 05353 | Configuration | Preventive | |
| Verify the /etc/pki/tls/ldap file is owned by an appropriate user or group. CC ID 05354 | Configuration | Preventive | |
| Verify the /etc/pki/tls/ldap/serverkey.pem file is owned by an appropriate user or group. CC ID 05355 | Configuration | Preventive | |
| Verify the /etc/pki/tls/CA/cacert.pem file is owned by an appropriate user or group. CC ID 05356 | Configuration | Preventive | |
| Verify the /etc/pki/tls/ldap/servercert.pem file is owned by an appropriate user or group. CC ID 05357 | Configuration | Preventive | |
| Verify the var/lib/ldap/* files are owned by an appropriate user or group. CC ID 05358 | Configuration | Preventive | |
| Verify the /etc/httpd/conf/* files are owned by an appropriate user or group. CC ID 05359 | Configuration | Preventive | |
| Verify the /etc/auto_* file is owned by an appropriate user. CC ID 05360 | Configuration | Preventive | |
| Verify the /etc/rmmount.conf file is owned by an appropriate user or group. CC ID 05361 | Configuration | Preventive | |
| Verify the /var/log/pamlog log is owned by an appropriate user or group. CC ID 05362 | Configuration | Preventive | |
| Verify the /etc/security/audit_control file is owned by an appropriate user or group. CC ID 05363 | Configuration | Preventive | |
| Verify the /etc/security/audit_class file is owned by an appropriate user or group. CC ID 05364 | Configuration | Preventive | |
| Verify the /etc/security/audit_event file is owned by an appropriate user or group. CC ID 05365 | Configuration | Preventive | |
| Verify the ASET userlist file is owned by an appropriate user or group. CC ID 05366 | Configuration | Preventive | |
| Verify the /var directory is owned by an appropriate user. CC ID 05367 | Configuration | Preventive | |
| Verify the /var/log directory is owned by an appropriate user. CC ID 05368 | Configuration | Preventive | |
| Verify the /var/adm directory is owned by an appropriate user. CC ID 05369 | Configuration | Preventive | |
| Restrict the debug level daemon logging file owner and daemon debug group owner. CC ID 05370 | Configuration | Preventive | |
| Restrict the Cron log file owner and Cron group owner. CC ID 05371 | Configuration | Preventive | |
| Restrict the system accounting file owner and system accounting group owner. CC ID 05372 | Configuration | Preventive | |
| Restrict audit log file ownership and audit group ownership. CC ID 05373 | Configuration | Preventive | |
| Set the X server timeout properly. CC ID 05374 | Configuration | Preventive | |
| Configure each user's authentication mechanism (system attribute) properly. CC ID 05375 | Configuration | Preventive | |
| Enable or disable SeLinux, as appropriate. CC ID 05376 | Configuration | Preventive | |
| Set the SELinux state properly. CC ID 05377 | Configuration | Preventive | |
| Set the SELinux policy properly. CC ID 05378 | Configuration | Preventive | |
| Configure Dovecot properly. CC ID 05379 | Configuration | Preventive | |
| Configure the "Prohibit Access of the Windows Connect Now Wizards" setting. CC ID 05380 | Configuration | Preventive | |
| Configure the "Allow remote access to the PnP interface" setting. CC ID 05381 | Configuration | Preventive | |
| Configure the "Do not create system restore point when new device driver installed" setting. CC ID 05382 | Configuration | Preventive | |
| Configure the "Turn Off Access to All Windows Update Feature" setting. CC ID 05383 | Configuration | Preventive | |
| Configure the "Turn Off Automatic Root Certificates Update" setting. CC ID 05384 | Configuration | Preventive | |
| Configure the "Turn Off Event Views 'Events.asp' Links" setting. CC ID 05385 | Configuration | Preventive | |
| Configure "Turn Off Handwriting Recognition Error Reporting" to organizational standards. CC ID 05386 | Configuration | Preventive | |
| Configure the "Turn off Help and Support Center 'Did You Know?' content" setting. CC ID 05387 | Configuration | Preventive | |
| Configure the "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting. CC ID 05388 | Configuration | Preventive | |
| Configure the "Turn Off Internet File Association Service" setting. CC ID 05389 | Configuration | Preventive | |
| Configure the "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting. CC ID 05390 | Configuration | Preventive | |
| Configure the "Turn off the 'Order Prints' Picture task" setting. CC ID 05391 | Configuration | Preventive | |
| Configure the "Turn Off Windows Movie Maker Online Web Links" setting. CC ID 05392 | Configuration | Preventive | |
| Configure the "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting. CC ID 05393 | Configuration | Preventive | |
| Configure the "Don't Display the Getting Started Welcome Screen at Logon" setting. CC ID 05394 | Configuration | Preventive | |
| Configure the "Turn off Windows Startup Sound" setting. CC ID 05395 | Configuration | Preventive | |
| Configure the "Allow only Vista or later connections" setting. CC ID 05396 | Configuration | Preventive | |
| Configure the "Turn on bandwidth optimization" setting. CC ID 05397 | Configuration | Preventive | |
| Configure the "Prevent IIS Installation" setting. CC ID 05398 | Configuration | Preventive | |
| Configure the "Turn off Active Help" setting. CC ID 05399 | Configuration | Preventive | |
| Configure the "Turn off Untrusted Content" setting. CC ID 05400 | Configuration | Preventive | |
| Configure the "Turn off downloading of enclosures" setting. CC ID 05401 | Configuration | Preventive | |
| Configure "Allow indexing of encrypted files" to organizational standards. CC ID 05402 | Configuration | Preventive | |
| Configure the "Prevent indexing uncached Exchange folders" setting. CC ID 05403 | Configuration | Preventive | |
| Configure the "Turn off Windows Calendar" setting. CC ID 05404 | Configuration | Preventive | |
| Configure the "Turn off Windows Defender" setting. CC ID 05405 | Configuration | Preventive | |
| Configure the "Turn off Heap termination on corruption" setting to organizational standards. CC ID 05406 | Configuration | Preventive | |
| Configure the "Turn off shell protocol protected mode" setting to organizational standards. CC ID 05407 | Configuration | Preventive | |
| Configure the "Prohibit non-administrators from applying vendor signed updates" setting. CC ID 05408 | Configuration | Preventive | |
| Configure the "Report when logon server was not available during user logon" setting. CC ID 05409 | Configuration | Preventive | |
| Configure the "Turn off the communication features" setting. CC ID 05410 | Configuration | Preventive | |
| Configure the "Turn off Windows Mail application" setting. CC ID 05411 | Configuration | Preventive | |
| Configure the "Prevent Windows Media DRM Internet Access" setting. CC ID 05412 | Configuration | Preventive | |
| Configure the "Turn off Windows Meeting Space" setting. CC ID 05413 | Configuration | Preventive | |
| Configure the "Turn on Windows Meeting Space auditing" setting. CC ID 05414 | Configuration | Preventive | |
| Configure the "Disable unpacking and installation of gadgets that are not digitally signed" setting. CC ID 05415 | Configuration | Preventive | |
| Configure the "Override the More Gadgets Link" setting. CC ID 05416 | Configuration | Preventive | |
| Configure the "Turn Off User Installed Windows Sidebar Gadgets" setting. CC ID 05417 | Configuration | Preventive | |
| Configure the "Do not allow Digital Locker to run" setting. CC ID 05418 | Configuration | Preventive | |
| Configure the "Turn off Downloading of Game Information" setting. CC ID 05419 | Configuration | Preventive | |
| Configure "Turn on Responder (RSPNDR) driver" to organizational standards. CC ID 05420 | Configuration | Preventive | |
| Verify ExecShield has been randomly placed in Virtual Memory regions. CC ID 05436 | Configuration | Preventive | |
| Enable the ExecShield, as appropriate. CC ID 05421 | Configuration | Preventive | |
| Configure Kernel support for the XD/NX processor feature, as appropriate. CC ID 05422 | Configuration | Preventive | |
| Configure the XD/NX processor feature in the BIOS, as appropriate. CC ID 05423 | Configuration | Preventive | |
| Configure the Shell for the bin account properly. CC ID 05424 | Configuration | Preventive | |
| Configure the Shell for the nuucp account properly. CC ID 05425 | Configuration | Preventive | |
| Configure the Shell for the smmsp account properly. CC ID 05426 | Configuration | Preventive | |
| Configure the Shell for the listen account properly. CC ID 05427 | Configuration | Preventive | |
| Configure the Shell for the gdm account properly. CC ID 05428 | Configuration | Preventive | |
| Configure the Shell for the webservd account properly. CC ID 05429 | Configuration | Preventive | |
| Configure the Shell for the nobody account properly. CC ID 05430 | Configuration | Preventive | |
| Configure the Shell for the noaccess account properly. CC ID 05431 | Configuration | Preventive | |
| Configure the Shell for the nobody4 account properly. CC ID 05432 | Configuration | Preventive | |
| Configure the Shell for the adm account properly. CC ID 05433 | Configuration | Preventive | |
| Configure the Shell for the lp account properly. CC ID 05434 | Configuration | Preventive | |
| Configure the Shell for the uucp account properly. CC ID 05435 | Configuration | Preventive | |
| Set the noexec_user_stack parameter properly. CC ID 05437 | Configuration | Preventive | |
| Set the no_exec_user_stack_log parameter properly. CC ID 05438 | Configuration | Preventive | |
| Set the noexec_user_stack flag on the user stack properly. CC ID 05439 | Configuration | Preventive | |
| Set the TCP max connection limit properly. CC ID 05440 | Configuration | Preventive | |
| Set the TCP abort interval properly. CC ID 05441 | Configuration | Preventive | |
| Enable or disable the GNOME screenlock, as appropriate. CC ID 05442 | Configuration | Preventive | |
| Set the ARP cache cleanup interval properly. CC ID 05443 | Configuration | Preventive | |
| Set the ARP IRE scan rate properly. CC ID 05444 | Configuration | Preventive | |
| Disable proxy ARP on all interfaces. CC ID 06570 | Configuration | Preventive | |
| Set the FileSpaceSwitch variable to an appropriate value. CC ID 05445 | Configuration | Preventive | |
| Set the wakeup switchpoint frequency to an appropriate time interval. CC ID 05446 | Configuration | Preventive | |
| Enable or disable the setuid option on removable storage media, as appropriate. CC ID 05447 | Configuration | Preventive | |
| Configure TCP/IP PMTU Discovery, as appropriate. CC ID 05991 | Configuration | Preventive | |
| Configure Secure Shell to enable or disable empty passwords, as appropriate. CC ID 06016 | Configuration | Preventive | |
| Configure each user's Screen Saver Executable Name. CC ID 06027 | Configuration | Preventive | |
| Configure the NIS+ server to operate at an appropriate security level. CC ID 06038 | Configuration | Preventive | |
| Configure the "restrict guest access to system log" policy, as appropriate. CC ID 06047 | Configuration | Preventive | |
| Configure the "Block saving of Open XML file types" setting, as appropriate. CC ID 06048 | Configuration | Preventive | |
| Enable or disable user-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence for keyboards. CC ID 06051 | Configuration | Preventive | |
| Configure the "Syskey mode" to organizational standards. CC ID 06052 | Configuration | Preventive | |
| Configure the Trusted Platform Module (TPM) platform validation profile, as appropriate. CC ID 06056 | Configuration | Preventive | |
| Configure the "Allow Remote Shell Access" setting, as appropriate. CC ID 06057 | Configuration | Preventive | |
| Configure the "Prevent the computer from joining a homegroup" setting, as appropriate. CC ID 06058 | Configuration | Preventive | |
| Enable or disable the authenticator requirement after waking, as appropriate. CC ID 06059 | Configuration | Preventive | |
| Enable or disable the standby states, as appropriate. CC ID 06060 | Configuration | Preventive | |
| Configure the Trusted Platform Module startup options properly. CC ID 06061 | Configuration | Preventive | |
| Configure the system to purge Policy Caches. CC ID 06569 | Configuration | Preventive | |
| Separate authenticator files and application system data on different file systems. CC ID 06790 | Configuration | Preventive | |
| Configure Application Programming Interfaces to limit or shut down interactivity based upon a rate limit. CC ID 06811 | Configuration | Preventive | |
| Configure the "all world-writable directories" user ownership to organizational standards. CC ID 08714 | Establish/Maintain Documentation | Preventive | |
| Configure the "all rsyslog log" files group ownership to organizational standards. CC ID 08715 | Establish/Maintain Documentation | Preventive | |
| Configure the "all rsyslog log" files user ownership to organizational standards. CC ID 08716 | Establish/Maintain Documentation | Preventive | |
| Configure the "Executable stack" setting to organizational standards. CC ID 08969 | Configuration | Preventive | |
| Configure the "smbpasswd executable" user ownership to organizational standards. CC ID 08975 | Configuration | Preventive | |
| Configure the "traceroute executable" group ownership to organizational standards. CC ID 08980 | Configuration | Preventive | |
| Configure the "traceroute executable" user ownership to organizational standards. CC ID 08981 | Configuration | Preventive | |
| Configure the "Apache configuration" directory group ownership to organizational standards. CC ID 08991 | Configuration | Preventive | |
| Configure the "Apache configuration" directory user ownership to organizational standards. CC ID 08992 | Configuration | Preventive | |
| Configure the "/var/log/httpd/" file group ownership to organizational standards. CC ID 09027 | Configuration | Preventive | |
| Configure the "/etc/httpd/conf.d" file group ownership to organizational standards. CC ID 09028 | Configuration | Preventive | |
| Configure the "/etc/httpd/conf/passwd" file group ownership to organizational standards. CC ID 09029 | Configuration | Preventive | |
| Configure the "/usr/sbin/apachectl" file group ownership to organizational standards. CC ID 09030 | Configuration | Preventive | |
| Configure the "/usr/sbin/httpd" file group ownership to organizational standards. CC ID 09031 | Configuration | Preventive | |
| Configure the "/var/www/html" file group ownership to organizational standards. CC ID 09032 | Configuration | Preventive | |
| Configure the "log files" the "/var/log/httpd/" directory user ownership to organizational standards. CC ID 09034 | Configuration | Preventive | |
| Configure the "/etc/httpd/conf.d" file ownership to organizational standards. CC ID 09035 | Configuration | Preventive | |
| Configure the "/etc/httpd/conf/passwd" file ownership to organizational standards. CC ID 09036 | Configuration | Preventive | |
| Configure the "/usr/sbin/apachectl" file ownership to organizational standards. CC ID 09037 | Configuration | Preventive | |
| Configure the "/usr/sbin/httpd" file ownership to organizational standards. CC ID 09038 | Configuration | Preventive | |
| Configure the "/var/www/html" file ownership to organizational standards. CC ID 09039 | Configuration | Preventive | |
| Configure the "httpd.conf" file user ownership to organizational standards. CC ID 09055 | Configuration | Preventive | |
| Configure the "httpd.conf" group ownership to organizational standards. CC ID 09056 | Configuration | Preventive | |
| Configure the "htpasswd" file user ownership to organizational standards. CC ID 09058 | Configuration | Preventive | |
| Configure the "htpasswd" file group ownership to organizational standards. CC ID 09059 | Configuration | Preventive | |
| Configure the "files specified by CustomLog" user ownership to organizational standards. CC ID 09074 | Configuration | Preventive | |
| Configure the "files specified by CustomLog" group ownership to organizational standards. CC ID 09075 | Configuration | Preventive | |
| Configure the "files specified by ErrorLog" user ownership to organizational standards. CC ID 09076 | Configuration | Preventive | |
| Configure the "files specified by ErrorLog" group ownership to organizational standards. CC ID 09077 | Configuration | Preventive | |
| Configure the "directories specified by ScriptAlias" user ownership to organizational standards. CC ID 09079 | Configuration | Preventive | |
| Configure the "directories specified by ScriptAlias" group ownership to organizational standards. CC ID 09080 | Configuration | Preventive | |
| Configure the "directories specified by ScriptAliasMatch" user ownership to organizational standards. CC ID 09082 | Configuration | Preventive | |
| Configure the "directories specified by ScriptAliasMatch" group ownership to organizational standards. CC ID 09083 | Configuration | Preventive | |
| Configure the "directories specified by DocumentRoot" user ownership to organizational standards. CC ID 09085 | Configuration | Preventive | |
| Configure the "directories specified by DocumentRoot" group ownership to organizational standards. CC ID 09086 | Configuration | Preventive | |
| Configure the "directories specified by Alias" user ownership to organizational standards. CC ID 09088 | Configuration | Preventive | |
| Configure the "directories specified by Alias" group ownership to organizational standards. CC ID 09089 | Configuration | Preventive | |
| Configure the "directories specified by ServerRoot" user ownership to organizational standards. CC ID 09091 | Configuration | Preventive | |
| Configure the "directories specified by ServerRoot" group ownership to organizational standards. CC ID 09092 | Configuration | Preventive | |
| Configure the "apache /bin" directory user ownership to organizational standards. CC ID 09094 | Configuration | Preventive | |
| Configure the "apache /bin" directory group ownership to organizational standards. CC ID 09095 | Configuration | Preventive | |
| Configure the "apache /logs" directory user ownership to organizational standards. CC ID 09097 | Configuration | Preventive | |
| Configure the "apache /logs" directory group ownership to organizational standards. CC ID 09098 | Configuration | Preventive | |
| Configure the "apache /htdocs" directory user ownership to organizational standards. CC ID 09100 | Configuration | Preventive | |
| Configure the "apache /htdocs" directory group ownership to organizational standards. CC ID 09101 | Configuration | Preventive | |
| Configure the "apache /cgi-bin" directory group ownership to organizational standards. CC ID 09104 | Configuration | Preventive | |
| Configure the "User-specific directories" setting to organizational standards. CC ID 09123 | Configuration | Preventive | |
| Configure the "apache process ID" file user ownership to organizational standards. CC ID 09125 | Configuration | Preventive | |
| Configure the "apache process ID" file group ownership to organizational standards. CC ID 09126 | Configuration | Preventive | |
| Configure the "apache scoreboard" file user ownership to organizational standards. CC ID 09128 | Configuration | Preventive | |
| Configure the "apache scoreboard" file group ownership to organizational standards. CC ID 09129 | Configuration | Preventive | |
| Configure the "Ownership of the asymmetric keys" setting to organizational standards. CC ID 09289 | Configuration | Preventive | |
| Configure the "SQLServer2005ReportServerUser" registry key permissions to organizational standards. CC ID 09326 | Configuration | Preventive | |
| Configure the "SQLServerADHelperUser" registry key permissions to organizational standards. CC ID 09329 | Configuration | Preventive | |
| Configure the "Tomcat home" directory user ownership to organizational standards. CC ID 09772 | Configuration | Preventive | |
| Configure the "group" setting for the "Tomcat installation" to organizational standards. CC ID 09773 | Configuration | Preventive | |
| Configure the "tomcat conf/" directory user ownership to organizational standards. CC ID 09774 | Configuration | Preventive | |
| Configure the "tomcat conf/" directory group ownership to organizational standards. CC ID 09775 | Configuration | Preventive | |
| Configure the "tomcat-users.xml" file user ownership to organizational standards. CC ID 09776 | Configuration | Preventive | |
| Configure the "tomcat-users.xml" file group ownership to organizational standards. CC ID 09777 | Configuration | Preventive | |
| Configure the "group membership" setting for "Tomcat" to organizational standards. CC ID 09793 | Configuration | Preventive | |
| Configure the "Tomcat home" directory group ownership to organizational standards. CC ID 09798 | Configuration | Preventive | |
| Configure the "Tomcat home/conf/" directory user ownership to organizational standards. CC ID 09800 | Configuration | Preventive | |
| Configure the "Tomcat home/conf/" directory group ownership to organizational standards. CC ID 09801 | Configuration | Preventive | |
| Configure the "system" files permissions to organizational standards. CC ID 09922 | Configuration | Preventive | |
| Configure the "size limit" setting for the "application log" to organizational standards. CC ID 10063 | Configuration | Preventive | |
| Configure the "restrict guest access to security log" setting to organizational standards. CC ID 10064 | Configuration | Preventive | |
| Configure the "size limit" setting for the "system log" to organizational standards. CC ID 10065 | Configuration | Preventive | |
| Configure the "Automatic Update service" setting to organizational standards. CC ID 10066 | Configuration | Preventive | |
| Configure the "Safe DLL Search Mode" setting to organizational standards. CC ID 10067 | Configuration | Preventive | |
| Configure the "screensaver" setting to organizational standards. CC ID 10068 | Configuration | Preventive | |
| Configure the "screensaver" setting for the "default" user to organizational standards. CC ID 10069 | Configuration | Preventive | |
| Configure the "Enable User Control Over Installs" setting to organizational standards. CC ID 10070 | Configuration | Preventive | |
| Configure the "Enable User to Browser for Source While Elevated" setting to organizational standards. CC ID 10071 | Configuration | Preventive | |
| Configure the "Enable User to Use Media Source While Elevated" setting to organizational standards. CC ID 10072 | Configuration | Preventive | |
| Configure the "Allow Administrator to Install from Terminal Services Session" setting to organizational standards. CC ID 10073 | Configuration | Preventive | |
| Configure the "Enable User to Patch Elevated Products" setting to organizational standards. CC ID 10074 | Configuration | Preventive | |
| Configure the "Cache Transforms in Secure Location" setting to organizational standards. CC ID 10075 | Configuration | Preventive | |
| Configure the "Disable Media Player for automatic updates" setting to organizational standards. CC ID 10076 | Configuration | Preventive | |
| Configure the "Internet access for Windows Messenger" setting to organizational standards. CC ID 10077 | Configuration | Preventive | |
| Configure the "Do Not Automatically Start Windows Messenger" setting to organizational standards. CC ID 10078 | Configuration | Preventive | |
| Configure the "Hide Property Pages" setting for the "task scheduler" to organizational standards. CC ID 10079 | Configuration | Preventive | |
| Configure the "Prohibit New Task Creation" setting for the "task scheduler" to organizational standards. CC ID 10080 | Configuration | Preventive | |
| Configure "Set time limit for disconnected sessions" to organizational standards. CC ID 10081 | Configuration | Preventive | |
| Configure the "Set time limit for idle sessions" setting to organizational standards. CC ID 10082 | Configuration | Preventive | |
| Configure the "Enable Keep-Alive Messages" setting to organizational standards. CC ID 10083 | Configuration | Preventive | |
| Configure the "Automatic Updates detection frequency" setting to organizational standards. CC ID 10084 | Configuration | Preventive | |
| Configure the "TCPMaxPortsExhausted" setting to organizational standards. CC ID 10085 | Configuration | Preventive | |
| Configure the "built-in Administrator" account to organizational standards. CC ID 10086 | Configuration | Preventive | |
| Configure the "Prevent System Maintenance of Computer Account Password" setting to organizational standards. CC ID 10087 | Configuration | Preventive | |
| Configure the "Digitally Sign Client Communication (When Possible)" setting to organizational standards. CC ID 10088 | Configuration | Preventive | |
| Configure the "number of SYN-ACK retransmissions sent when attempting to respond to a SYN request" setting to organizational standards. CC ID 10089 | Configuration | Preventive | |
| Configure the "warning level" setting for the "audit log" to organizational standards. CC ID 10090 | Configuration | Preventive | |
| Configure the "Change Password" setting for the "Ctrl+Alt+Del dialog" to organizational standards. CC ID 10091 | Configuration | Preventive | |
| Configure the "account description" setting for the "built-in Administrator" account to organizational standards. CC ID 10092 | Configuration | Preventive | |
| Configure the "Decoy Admin Account Not Disabled" setting to organizational standards. CC ID 10201 | Configuration | Preventive | |
| Configure the "when maximum log size is reached" setting for the "Application log" to organizational standards. CC ID 10202 | Configuration | Preventive | |
| Configure the "password filtering DLL" setting to organizational standards. CC ID 10203 | Configuration | Preventive | |
| Configure the "Anonymous access to the registry" setting to organizational standards. CC ID 10204 | Configuration | Preventive | |
| Configure the "Automatic Execution" setting for the "System Debugger" to organizational standards. CC ID 10205 | Configuration | Preventive | |
| Configure the "CD-ROM Autorun" setting to organizational standards. CC ID 10206 | Configuration | Preventive | |
| Configure the "ResetBrowser Frames" setting to organizational standards. CC ID 10207 | Configuration | Preventive | |
| Configure the "Dr. Watson Crash Dumps" setting to organizational standards. CC ID 10208 | Configuration | Preventive | |
| Configure the "File System Checker and Popups" setting to organizational standards. CC ID 10209 | Configuration | Preventive | |
| Configure the "System File Checker" setting to organizational standards. CC ID 10210 | Configuration | Preventive | |
| Configure the "System File Checker Progress Meter" setting to organizational standards. CC ID 10211 | Configuration | Preventive | |
| Configure the "number of TCP/IP Maximum Half-open Sockets" setting to organizational standards. CC ID 10212 | Configuration | Preventive | |
| Configure the "number of TCP/IP Maximum Retried Half-open Sockets" setting to organizational standards. CC ID 10213 | Configuration | Preventive | |
| Configure the "Protect Kernel object attributes" setting to organizational standards. CC ID 10214 | Configuration | Preventive | |
| Configure the "Unsigned Non-Driver Installation Behavior" setting to organizational standards. CC ID 10215 | Configuration | Preventive | |
| Configure the "Automatically Log Off Users When Logon Time Expires (local)" setting to organizational standards. CC ID 10216 | Configuration | Preventive | |
| Configure the "Local volumes" setting to organizational standards. CC ID 10217 | Configuration | Preventive | |
| Configure the "Unused USB Ports" setting to organizational standards. CC ID 10218 | Configuration | Preventive | |
| Configure the "Set Safe for Scripting" setting to organizational standards. CC ID 10219 | Configuration | Preventive | |
| Configure the "Use of the Recycle Bin on file deletion" setting to organizational standards. CC ID 10220 | Configuration | Preventive | |
| Configure the "Membership in the Power Users group" setting to organizational standards. CC ID 10224 | Configuration | Preventive | |
| Configure the "AutoBackupLogFiles" setting for the "security log" to organizational standards. CC ID 10225 | Configuration | Preventive | |
| Configure the "AutoBackupLogFiles" setting for the "application log" to organizational standards. CC ID 10226 | Configuration | Preventive | |
| Configure the "AutoBackupLogFiles" setting for the "system log" to organizational standards. CC ID 10227 | Configuration | Preventive | |
| Configure the "Syskey Encryption Key location and password method" setting to organizational standards. CC ID 10228 | Configuration | Preventive | |
| Configure the "Os2LibPath environmental variable" setting to organizational standards. CC ID 10229 | Configuration | Preventive | |
| Configure the "path to the Microsoft OS/2 version 1.x library" setting to organizational standards. CC ID 10230 | Configuration | Preventive | |
| Configure the "location of the OS/2 subsystem" setting to organizational standards. CC ID 10231 | Configuration | Preventive | |
| Configure the "location of the POSIX subsystem" setting to organizational standards. CC ID 10232 | Configuration | Preventive | |
| Configure the "path to the debugger used for Just-In-Time debugging" setting to organizational standards. CC ID 10234 | Configuration | Preventive | |
| Configure the "Distributed Component Object Model (DCOM)" setting to organizational standards. CC ID 10235 | Configuration | Preventive | |
| Configure the "The "encryption algorithm" setting for "EFS"" setting to organizational standards. CC ID 10236 | Configuration | Preventive | |
| Configure the "Interix Subsystem Startup service startup type" setting to organizational standards. CC ID 10238 | Configuration | Preventive | |
| Configure the "Services for Unix Perl Socket service startup type" setting to organizational standards. CC ID 10247 | Configuration | Preventive | |
| Configure the "Services for Unix Windows Cron service startup type" setting to organizational standards. CC ID 10248 | Configuration | Preventive | |
| Configure the "fDisableCdm" setting to organizational standards. CC ID 10259 | Configuration | Preventive | |
| Configure the "fDisableClip" setting to organizational standards. CC ID 10260 | Configuration | Preventive | |
| Configure the "Inheritance of the shadow setting" setting to organizational standards. CC ID 10261 | Configuration | Preventive | |
| Configure the "remote control configuration" setting to organizational standards. CC ID 10262 | Configuration | Preventive | |
| Configure the "fDisableCam" setting to organizational standards. CC ID 10263 | Configuration | Preventive | |
| Configure the "fDisableCcm" setting to organizational standards. CC ID 10264 | Configuration | Preventive | |
| Configure the "fDisableLPT" setting to organizational standards. CC ID 10265 | Configuration | Preventive | |
| Configure the "ActiveX installation policy for sites in Trusted zones" setting to organizational standards. CC ID 10691 | Configuration | Preventive | |
| Configure the "Add the Administrators security group to roaming user profiles" setting to organizational standards. CC ID 10694 | Configuration | Preventive | |
| Configure the "Administratively assigned offline files" setting to organizational standards. CC ID 10695 | Configuration | Preventive | |
| Configure the "Apply policy to removable media" setting to organizational standards. CC ID 10756 | Configuration | Preventive | |
| Configure the "Baseline file cache maximum size" setting to organizational standards. CC ID 10763 | Configuration | Preventive | |
| Configure the "Check for New Signatures Before Scheduled Scans" setting to organizational standards. CC ID 10770 | Configuration | Preventive | |
| Configure the "Check published state" setting to organizational standards. CC ID 10771 | Configuration | Preventive | |
| Configure the "Communities" setting to organizational standards. CC ID 10772 | Configuration | Preventive | |
| Configure the "Computer location" setting to organizational standards. CC ID 10773 | Configuration | Preventive | |
| Configure the "Background Sync" setting to organizational standards. CC ID 10775 | Configuration | Preventive | |
| Configure the "Corporate Windows Error Reporting" setting to organizational standards. CC ID 10777 | Configuration | Preventive | |
| Configure the "Corrupted File Recovery Behavior" setting to organizational standards. CC ID 10778 | Configuration | Preventive | |
| Configure the "Default consent" setting to organizational standards. CC ID 10780 | Configuration | Preventive | |
| Configure the "list of IEEE 1667 silos usable on your computer" setting to organizational standards. CC ID 10792 | Configuration | Preventive | |
| Configure the "Microsoft SpyNet Reporting" setting to organizational standards. CC ID 10794 | Configuration | Preventive | |
| Configure the "MSI Corrupted File Recovery Behavior" setting to organizational standards. CC ID 10795 | Configuration | Preventive | |
| Configure the "Reliability WMI Providers" setting to organizational standards. CC ID 10804 | Configuration | Preventive | |
| Configure the "Report Archive" setting to organizational standards. CC ID 10805 | Configuration | Preventive | |
| Configure the "Report Queue" setting to organizational standards. CC ID 10806 | Configuration | Preventive | |
| Configure the "root certificate clean up" setting to organizational standards. CC ID 10807 | Configuration | Preventive | |
| Configure the "Security Policy for Scripted Diagnostics" setting to organizational standards. CC ID 10816 | Configuration | Preventive | |
| Configure the "list of blocked TPM commands" setting to organizational standards. CC ID 10822 | Configuration | Preventive | |
| Configure the "refresh interval for Server Manager" setting to organizational standards. CC ID 10823 | Configuration | Preventive | |
| Configure the "server address, refresh interval, and issuer certificate authority of a target Subscription Manager" setting to organizational standards. CC ID 10824 | Configuration | Preventive | |
| Configure the "Customize consent settings" setting to organizational standards. CC ID 10837 | Configuration | Preventive | |
| Configure the "Default behavior for AutoRun" setting to organizational standards. CC ID 10839 | Configuration | Preventive | |
| Configure the "Define Activation Security Check exemptions" setting to organizational standards. CC ID 10841 | Configuration | Preventive | |
| Configure the "Define host name-to-Kerberos realm mappings" setting to organizational standards. CC ID 10842 | Configuration | Preventive | |
| Configure the "Define interoperable Kerberos V5 realm settings" setting to organizational standards. CC ID 10843 | Configuration | Preventive | |
| Configure the "Delay Restart for scheduled installations" setting to organizational standards. CC ID 10844 | Configuration | Preventive | |
| Configure the "Delete cached copies of roaming profiles" setting to organizational standards. CC ID 10845 | Configuration | Preventive | |
| Configure the "Delete user profiles older than a specified number of days on system restart" setting to organizational standards. CC ID 10847 | Configuration | Preventive | |
| Configure the "Diagnostics: Configure scenario retention" setting to organizational standards. CC ID 10857 | Configuration | Preventive | |
| Configure the "Directory pruning interval" setting to organizational standards. CC ID 10858 | Configuration | Preventive | |
| Configure the "Directory pruning priority" setting to organizational standards. CC ID 10859 | Configuration | Preventive | |
| Configure the "Directory pruning retry" setting to organizational standards. CC ID 10860 | Configuration | Preventive | |
| Configure the "Disk Diagnostic: Configure custom alert text" setting to organizational standards. CC ID 10882 | Configuration | Preventive | |
| Configure the "Display Shutdown Event Tracker" setting to organizational standards. CC ID 10888 | Configuration | Preventive | |
| Configure the "Display string when smart card is blocked" setting to organizational standards. CC ID 10889 | Configuration | Preventive | |
| Configure the "Do not automatically encrypt files moved to encrypted folders" setting to organizational standards. CC ID 10924 | Configuration | Preventive | |
| Configure the "Do not check for user ownership of Roaming Profile Folders" setting to organizational standards. CC ID 10925 | Configuration | Preventive | |
| Configure the "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" setting to organizational standards. CC ID 10932 | Configuration | Preventive | |
| Configure the "Do not send additional data" machine setting should be configured correctly. to organizational standards. CC ID 10934 | Configuration | Preventive | |
| Configure the "Domain Controller Address Type Returned" setting to organizational standards. CC ID 10939 | Configuration | Preventive | |
| Configure the "Domain Location Determination URL" setting to organizational standards. CC ID 10940 | Configuration | Preventive | |
| Configure the "Don't set the always do this checkbox" setting to organizational standards. CC ID 10941 | Configuration | Preventive | |
| Configure the "Download missing COM components" setting to organizational standards. CC ID 10942 | Configuration | Preventive | |
| Configure the "Dynamic Update" setting to organizational standards. CC ID 10944 | Configuration | Preventive | |
| Configure the "Enable client-side targeting" setting to organizational standards. CC ID 10946 | Configuration | Preventive | |
| Configure the "Enable NTFS pagefile encryption" setting to organizational standards. CC ID 10948 | Configuration | Preventive | |
| Configure the "Enable Persistent Time Stamp" setting to organizational standards. CC ID 10949 | Configuration | Preventive | |
| Configure the "Enable Transparent Caching" setting to organizational standards. CC ID 10950 | Configuration | Preventive | |
| Configure the "Enable Windows NTP Client" setting to organizational standards. CC ID 10951 | Configuration | Preventive | |
| Configure the "Enable Windows NTP Server" setting to organizational standards. CC ID 10952 | Configuration | Preventive | |
| Configure the "Encrypt the Offline Files cache" setting to organizational standards. CC ID 10955 | Configuration | Preventive | |
| Configure the "Enforce upgrade component rules" setting to organizational standards. CC ID 10958 | Configuration | Preventive | |
| Configure the "Events.asp program" setting to organizational standards. CC ID 10959 | Configuration | Preventive | |
| Configure the "Events.asp program command line parameters" setting to organizational standards. CC ID 10960 | Configuration | Preventive | |
| Configure the "Events.asp URL" setting to organizational standards. CC ID 10961 | Configuration | Preventive | |
| Configure the "Exclude credential providers" setting to organizational standards. CC ID 10962 | Configuration | Preventive | |
| Configure the "Exclude files from being cached" setting to organizational standards. CC ID 10963 | Configuration | Preventive | |
| Configure the "Final DC Discovery Retry Setting for Background Callers" setting to organizational standards. CC ID 10968 | Configuration | Preventive | |
| Configure the "For tablet pen input, don't show the Input Panel icon" setting to organizational standards. CC ID 10973 | Configuration | Preventive | |
| Configure the "For touch input, don't show the Input Panel icon" setting to organizational standards. CC ID 10974 | Configuration | Preventive | |
| Configure the "Force Rediscovery Interval" setting to organizational standards. CC ID 10975 | Configuration | Preventive | |
| Configure the "Force selected system UI language to overwrite the user UI language" setting to organizational standards. CC ID 10976 | Configuration | Preventive | |
| Configure the "Force the reading of all certificates from the smart card" setting to organizational standards. CC ID 10977 | Configuration | Preventive | |
| Configure the "ForwarderResourceUsage" setting to organizational standards. CC ID 10978 | Configuration | Preventive | |
| Configure the "Global Configuration Settings" setting to organizational standards. CC ID 10979 | Configuration | Preventive | |
| Configure the "Hash Publication for BranchCache" setting to organizational standards. CC ID 10986 | Configuration | Preventive | |
| Configure the "Hide entry points for Fast User Switching" setting to organizational standards. CC ID 10987 | Configuration | Preventive | |
| Configure the "Hide notifications about RD Licensing problems that affect the RD Session Host server" setting to organizational standards. CC ID 10988 | Configuration | Preventive | |
| Configure the "Hide previous versions list for local files" setting to organizational standards. CC ID 10989 | Configuration | Preventive | |
| Configure the "Hide previous versions of files on backup location" setting to organizational standards. CC ID 10991 | Configuration | Preventive | |
| Configure the "Ignore custom consent settings" setting to organizational standards. CC ID 10992 | Configuration | Preventive | |
| Configure the "Ignore Delegation Failure" setting to organizational standards. CC ID 10993 | Configuration | Preventive | |
| Configure the "Ignore the default list of blocked TPM commands" setting to organizational standards. CC ID 10994 | Configuration | Preventive | |
| Configure the "Ignore the local list of blocked TPM commands" setting to organizational standards. CC ID 10995 | Configuration | Preventive | |
| Configure the "Include rarely used Chinese, Kanji, or Hanja characters" setting to organizational standards. CC ID 10996 | Configuration | Preventive | |
| Configure the "Initial DC Discovery Retry Setting for Background Callers" setting to organizational standards. CC ID 10997 | Configuration | Preventive | |
| Configure the "IP-HTTPS State" setting to organizational standards. CC ID 11000 | Configuration | Preventive | |
| Configure the "ISATAP Router Name" setting to organizational standards. CC ID 11001 | Configuration | Preventive | |
| Configure the "ISATAP State" setting to organizational standards. CC ID 11002 | Configuration | Preventive | |
| Configure the "License server security group" setting to organizational standards. CC ID 11005 | Configuration | Preventive | |
| Configure the "List of applications to be excluded" setting to organizational standards. CC ID 11023 | Configuration | Preventive | |
| Configure the "Lock Enhanced Storage when the computer is locked" setting to organizational standards. CC ID 11025 | Configuration | Preventive | |
| Configure the "Make Parental Controls control panel visible on a Domain" setting to organizational standards. CC ID 11039 | Configuration | Preventive | |
| Configure the "MaxConcurrentUsers" setting to organizational standards. CC ID 11040 | Configuration | Preventive | |
| Configure the "Maximum DC Discovery Retry Interval Setting for Background Callers" setting to organizational standards. CC ID 11041 | Configuration | Preventive | |
| Configure the "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" setting to organizational standards. CC ID 11045 | Configuration | Preventive | |
| Configure the "Negative DC Discovery Cache Setting" setting to organizational standards. CC ID 11047 | Configuration | Preventive | |
| Configure the "Non-conforming packets" setting to organizational standards. CC ID 11053 | Configuration | Preventive | |
| Configure the "Notify blocked drivers" setting to organizational standards. CC ID 11054 | Configuration | Preventive | |
| Configure the "Notify user of successful smart card driver installation" setting to organizational standards. CC ID 11055 | Configuration | Preventive | |
| Configure the "Permitted Managers" setting to organizational standards. CC ID 11062 | Configuration | Preventive | |
| Configure the "Positive Periodic DC Cache Refresh for Background Callers" setting to organizational standards. CC ID 11063 | Configuration | Preventive | |
| Configure the "Positive Periodic DC Cache Refresh for Non-Background Callers" setting to organizational standards. CC ID 11064 | Configuration | Preventive | |
| Configure the "Prioritize all digitally signed drivers equally during the driver ranking and selection process" setting to organizational standards. CC ID 11098 | Configuration | Preventive | |
| Configure the "Prompt for credentials on the client computer" setting to organizational standards. CC ID 11108 | Configuration | Preventive | |
| Configure the "Propagation of extended error information" setting to organizational standards. CC ID 11110 | Configuration | Preventive | |
| Configure the "Register PTR Records" setting to organizational standards. CC ID 11121 | Configuration | Preventive | |
| Configure the "Registration Refresh Interval" setting to organizational standards. CC ID 11122 | Configuration | Preventive | |
| Configure the "Remove Program Compatibility Property Page" setting to organizational standards. CC ID 11128 | Configuration | Preventive | |
| Configure the "Remove users ability to invoke machine policy refresh" setting to organizational standards. CC ID 11129 | Configuration | Preventive | |
| Configure the "Remove Windows Security item from Start menu" setting to organizational standards. CC ID 11130 | Configuration | Preventive | |
| Configure the "Re-prompt for restart with scheduled installations" setting to organizational standards. CC ID 11131 | Configuration | Preventive | |
| Configure the "Require secure RPC communication" setting to organizational standards. CC ID 11134 | Configuration | Preventive | |
| Configure the "Require strict KDC validation" setting to organizational standards. CC ID 11135 | Configuration | Preventive | |
| Configure the "Reverse the subject name stored in a certificate when displaying" setting to organizational standards. CC ID 11148 | Configuration | Preventive | |
| Configure the "RPC Troubleshooting State Information" setting to organizational standards. CC ID 11150 | Configuration | Preventive | |
| Configure the "Run shutdown scripts visible" setting to organizational standards. CC ID 11152 | Configuration | Preventive | |
| Configure the "Run startup scripts asynchronously" setting to organizational standards. CC ID 11153 | Configuration | Preventive | |
| Configure the "Run startup scripts visible" setting to organizational standards. CC ID 11154 | Configuration | Preventive | |
| Configure the "Scavenge Interval" setting to organizational standards. CC ID 11158 | Configuration | Preventive | |
| Configure the "Server Authentication Certificate Template" setting to organizational standards. CC ID 11170 | Configuration | Preventive | |
| Configure the "Set BranchCache Distributed Cache mode" setting to organizational standards. CC ID 11172 | Configuration | Preventive | |
| Configure the "Set BranchCache Hosted Cache mode" setting to organizational standards. CC ID 11173 | Configuration | Preventive | |
| Configure the "Set compression algorithm for RDP data" setting to organizational standards. CC ID 11174 | Configuration | Preventive | |
| Configure the "Set percentage of disk space used for client computer cache" setting to organizational standards. CC ID 11177 | Configuration | Preventive | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Global" to organizational standards. CC ID 11178 | Configuration | Preventive | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Site Local" to organizational standards. CC ID 11180 | Configuration | Preventive | |
| Configure the "Set the Email IDs to which notifications are to be sent" setting to organizational standards. CC ID 11184 | Configuration | Preventive | |
| Configure the "Set the map update interval for NIS subordinate servers" setting to organizational standards. CC ID 11186 | Configuration | Preventive | |
| Configure the "Set the Seed Server" setting for "IPv6 Global" to organizational standards. CC ID 11189 | Configuration | Preventive | |
| Configure the "Set the Seed Server" setting for "IPv6 Site Local" to organizational standards. CC ID 11191 | Configuration | Preventive | |
| Configure the "Set the SMTP Server used to send notifications" setting to organizational standards. CC ID 11192 | Configuration | Preventive | |
| Configure the "Set timer resolution" setting to organizational standards. CC ID 11196 | Configuration | Preventive | |
| Configure the "Sets how often a DFS Client discovers DC's" setting to organizational standards. CC ID 11199 | Configuration | Preventive | |
| Configure the "Short name creation options" setting to organizational standards. CC ID 11200 | Configuration | Preventive | |
| Configure the "Site Name" setting to organizational standards. CC ID 11201 | Configuration | Preventive | |
| Configure the "Specify a default color" setting to organizational standards. CC ID 11208 | Configuration | Preventive | |
| Configure the "Specify idle Timeout" setting to organizational standards. CC ID 11210 | Configuration | Preventive | |
| Configure the "Specify maximum amount of memory in MB per Shell" setting to organizational standards. CC ID 11211 | Configuration | Preventive | |
| Configure the "Specify maximum number of processes per Shell" setting to organizational standards. CC ID 11212 | Configuration | Preventive | |
| Configure the "Specify Shell Timeout" setting to organizational standards. CC ID 11216 | Configuration | Preventive | |
| Configure the "Specify Windows installation file location" setting to organizational standards. CC ID 11225 | Configuration | Preventive | |
| Configure the "Specify Windows Service Pack installation file location" setting to organizational standards. CC ID 11226 | Configuration | Preventive | |
| Configure the "SSL Cipher Suite Order" setting to organizational standards. CC ID 11227 | Configuration | Preventive | |
| Configure the "Switch to the Simplified Chinese (PRC) gestures" setting to organizational standards. CC ID 11230 | Configuration | Preventive | |
| Configure the "Sysvol share compatibility" setting to organizational standards. CC ID 11231 | Configuration | Preventive | |
| Configure the "Tag Windows Customer Experience Improvement data with Study Identifier" setting to organizational standards. CC ID 11232 | Configuration | Preventive | |
| Configure the "Teredo Client Port" setting to organizational standards. CC ID 11236 | Configuration | Preventive | |
| Configure the "Teredo Default Qualified" setting to organizational standards. CC ID 11237 | Configuration | Preventive | |
| Configure the "Teredo Refresh Rate" setting to organizational standards. CC ID 11238 | Configuration | Preventive | |
| Configure the "Teredo Server Name" setting to organizational standards. CC ID 11239 | Configuration | Preventive | |
| Configure the "Teredo State" setting to organizational standards. CC ID 11240 | Configuration | Preventive | |
| Configure the "Time (in seconds) to force reboot" setting to organizational standards. CC ID 11242 | Configuration | Preventive | |
| Configure the "Time (in seconds) to force reboot when required for policy changes to take effect" setting to organizational standards. CC ID 11243 | Configuration | Preventive | |
| Configure the "Timeout for fast user switching events" setting to organizational standards. CC ID 11244 | Configuration | Preventive | |
| Configure the "Traps for public community" setting to organizational standards. CC ID 11246 | Configuration | Preventive | |
| Configure the "Trusted Hosts" setting to organizational standards. CC ID 11249 | Configuration | Preventive | |
| Configure the "Try Next Closest Site" setting to organizational standards. CC ID 11250 | Configuration | Preventive | |
| Configure the "TTL Set in the A and PTR records" setting to organizational standards. CC ID 11251 | Configuration | Preventive | |
| Configure the "Turn on Accounting for WSRM" setting to organizational standards. CC ID 11333 | Configuration | Preventive | |
| Configure the "Turn on BranchCache" setting to organizational standards. CC ID 11334 | Configuration | Preventive | |
| Configure the "Turn on certificate propagation from smart card" setting to organizational standards. CC ID 11335 | Configuration | Preventive | |
| Configure the "Turn On Compatibility HTTP Listener" setting to organizational standards. CC ID 11336 | Configuration | Preventive | |
| Configure the "Turn On Compatibility HTTPS Listener" setting to organizational standards. CC ID 11337 | Configuration | Preventive | |
| Configure the "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" setting to organizational standards. CC ID 11338 | Configuration | Preventive | |
| Configure the "Turn on definition updates through both WSUS and Windows Update" setting to organizational standards. CC ID 11339 | Configuration | Preventive | |
| Configure the "Turn on economical application of administratively assigned Offline Files" setting to organizational standards. CC ID 11342 | Configuration | Preventive | |
| Configure the "Turn on Mapper I/O (LLTDIO) driver" setting to organizational standards. CC ID 11346 | Configuration | Preventive | |
| Configure the "Turn on recommended updates via Automatic Updates" setting to organizational standards. CC ID 11347 | Configuration | Preventive | |
| Configure the "Turn on root certificate propagation from smart card" setting to organizational standards. CC ID 11349 | Configuration | Preventive | |
| Configure the "Turn on Software Notifications" setting to organizational standards. CC ID 11352 | Configuration | Preventive | |
| Configure the "Turn on TPM backup to Active Directory Domain Services" setting to organizational standards. CC ID 11356 | Configuration | Preventive | |
| Configure the "Use forest search order" setting for "Key Distribution Center (KDC) searches" to organizational standards. CC ID 11359 | Configuration | Preventive | |
| Configure the "Use forest search order" setting for "Kerberos client searches" to organizational standards. CC ID 11360 | Configuration | Preventive | |
| Configure the "Use IP Address Redirection" setting to organizational standards. CC ID 11361 | Configuration | Preventive | |
| Configure the "Use localized subfolder names when redirecting Start Menu and My Documents" setting to organizational standards. CC ID 11362 | Configuration | Preventive | |
| Configure the "Use mandatory profiles on the RD Session Host server" setting to organizational standards. CC ID 11363 | Configuration | Preventive | |
| Configure the "Verbose vs normal status messages" setting to organizational standards. CC ID 11368 | Configuration | Preventive | |
| Configure the "Verify old and new Folder Redirection targets point to the same share before redirecting" setting to organizational standards. CC ID 11369 | Configuration | Preventive | |
| Configure the "Windows Scaling Heuristics State" setting to organizational standards. CC ID 11372 | Configuration | Preventive | |
| Configure the "Obtain Software Package Updates with apt-get" setting to organizational standards. CC ID 11375 | Configuration | Preventive | |
| Configure the "display a banner before authentication" setting for "LightDM" to organizational standards. CC ID 11385 | Configuration | Preventive | |
| Configure the "shadow" group to organizational standards. CC ID 11386 | Configuration | Preventive | |
| Configure the "AppArmor" setting to organizational standards. CC ID 11387 | Configuration | Preventive | |
| Configure knowledge-based authentication tools in accordance with organizational standards. CC ID 13740 | Configuration | Preventive | |
| Configure the session timeout for the knowledge-based authentication tool used for the identity proofing process according to organizational standards. CC ID 13754 | Configuration | Preventive | |
| Configure the knowledge-based authentication tool to restart after a session timeout. CC ID 13753 | Configuration | Preventive | |
| Configure the number of attempts allowed to complete the knowledge-based authentication in the knowledge-based authentication tool. CC ID 13751 | Configuration | Preventive | |
| Disable or configure the e-mail server, as necessary. CC ID 06563 | Configuration | Preventive | |
| Configure e-mail servers to enable receiver-side verification. CC ID 12223 | Configuration | Preventive | |
| Configure the e-mail server to prevent it from listening to external interfaces. CC ID 01561 | Configuration | Preventive | |
| Configure the "Local-Only Mode" setting for the "Mail Transfer Agent" to organizational standards. CC ID 09940 | Configuration | Preventive | |
| Configure the system account settings and the permission settings in accordance with the organizational standards. CC ID 01538 | Configuration | Preventive | |
| Configure Windows User Account Control in accordance with organizational standards. CC ID 16437 | Configuration | Preventive | |
| Configure the at.allow file with the users who are permitted to use the at facility, as appropriate. CC ID 06005 | Configuration | Preventive | |
| Configure the /etc/xinetd.conf file group permissions, as appropriate. CC ID 05994 | Configuration | Preventive | |
| Create the default adduser.conf file. CC ID 01581 | Configuration | Preventive | |
| Remove unnecessary accounts. CC ID 16476 | Technical Security | Corrective | |
| Configure user accounts. CC ID 07036 | Configuration | Preventive | |
| Configure account expiration parameters on active accounts. CC ID 01580 | Configuration | Preventive | |
| Change default usernames, as necessary. CC ID 14661 | Configuration | Corrective | |
| Remove unnecessary default accounts. CC ID 01539 | Configuration | Preventive | |
| Disable or delete shared User IDs. CC ID 12478 | Configuration | Corrective | |
| Verify that no UID 0 accounts exist other than root. CC ID 01585 | Configuration | Detective | |
| Disable or delete generic user IDs. CC ID 12479 | Configuration | Corrective | |
| Disable all unnecessary user identifiers. CC ID 02185 | Configuration | Preventive | |
| Remove unnecessary user credentials. CC ID 16409 | Configuration | Preventive | |
| Remove the root user as appropriate. CC ID 01582 | Configuration | Preventive | |
| Disable or remove the null account. CC ID 06572 | Configuration | Preventive | |
| Change default accounts. CC ID 16468 | Process or Activity | Preventive | |
| Configure accounts with administrative privilege. CC ID 07033 | Configuration | Preventive | |
| Employ multifactor authentication for accounts with administrative privilege. CC ID 12496 | Technical Security | Preventive | |
| Disable root logons or limit the logons to the system console. CC ID 01573 | Configuration | Preventive | |
| Encrypt non-console administrative access. CC ID 00883 | Configuration | Preventive | |
| Invoke a strong encryption method before requesting an authenticator. CC ID 11986 | Technical Security | Preventive | |
| Configure the default group for the root user. CC ID 01586 | Configuration | Preventive | |
| Rename or disable the Administrator Account. CC ID 01721 | Configuration | Preventive | |
| Create a backup administrator account. CC ID 04497 | Configuration | Preventive | |
| Configure the general user ID parameters. CC ID 02186 | Configuration | Preventive | |
| Configure the Master user ID parameters inside the Site Management Complex. CC ID 02187 | Configuration | Preventive | |
| Configure the subadministrators user ID parameters. CC ID 02188 | Configuration | Preventive | |
| Configure the user account expiration date. CC ID 07101 | Configuration | Preventive | |
| Configure User Rights. CC ID 07034 | Configuration | Preventive | |
| Configure the "Access this computer from the network" User Right. CC ID 01834 | Configuration | Preventive | |
| Configure the "Act as a part of the operating system" User Right. CC ID 01835 | Configuration | Preventive | |
| Configure the "Add workstations to domain" User Right setting to organizational standards. CC ID 01836 | Configuration | Preventive | |
| Configure the "Adjust memory quotas for a process" User Right. CC ID 01837 | Configuration | Preventive | |
| Configure the "Allow log on through Terminal Services" User Right setting to organizational standards. CC ID 01838 | Configuration | Preventive | |
| Configure the "Back up files and directories" User Right. CC ID 01839 | Configuration | Preventive | |
| Configure the "Bypass traverse checking" User Right. CC ID 01840 | Configuration | Preventive | |
| Configure the "Change the system time" User Right. CC ID 01841 | Configuration | Preventive | |
| Configure the "Change the time zone" User Right. CC ID 04382 | Configuration | Preventive | |
| Configure the "Create a pagefile" User Right. CC ID 01842 | Configuration | Preventive | |
| Configure the "Create a token object" User Right. CC ID 01843 | Configuration | Preventive | |
| Configure the "Create permanent shared objects" User Right. CC ID 01844 | Configuration | Preventive | |
| Configure the "Debug programs" User Right. CC ID 01845 | Configuration | Preventive | |
| Configure the "Deny access to this computer from the network" User Right. CC ID 01846 | Configuration | Preventive | |
| Configure the "Deny log on as a batch job" User Right setting to organizational standards. CC ID 01847 | Configuration | Preventive | |
| Configure the "Deny log on as a service" User Right setting to organizational standards. CC ID 01848 | Configuration | Preventive | |
| Configure the "Deny log on locally" User Right setting to organizational standards. CC ID 01849 | Configuration | Preventive | |
| Configure the "Deny log on through Terminal Service" User Right setting to organizational standards. CC ID 01850 | Configuration | Preventive | |
| Configure the "Enable computer and user accounts to be trusted for delegation" User Right. CC ID 01851 | Configuration | Preventive | |
| Configure the "Force shutdown from a remote system" User Right. CC ID 01852 | Configuration | Preventive | |
| Configure the "Generate security audits" User Right. CC ID 01853 | Configuration | Preventive | |
| Configure the "Increase scheduling priority" User Right. CC ID 01854 | Configuration | Preventive | |
| Configure the "Load and unload device drivers" User Right. CC ID 01855 | Configuration | Preventive | |
| Configure the "Lock pages in memory" User Right. CC ID 01856 | Configuration | Preventive | |
| Configure the "Lock Inactive User Accounts" setting to organizational standards. CC ID 09921 | Configuration | Preventive | |
| Configure the "Log on as a batch job" User Right. CC ID 01857 | Configuration | Preventive | |
| Configure the "Log on as a service" User Right. CC ID 01858 | Configuration | Preventive | |
| Configure the "Allow log on locally" User Right setting to organizational standards. CC ID 01859 | Configuration | Preventive | |
| Configure the "Manage auditing and security log" User Right. CC ID 01860 | Configuration | Preventive | |
| Configure the "Modify firmware environment values" User Right. CC ID 01861 | Configuration | Preventive | |
| Configure the "Perform volume maintenance tasks" User Right. CC ID 01862 | Configuration | Preventive | |
| Configure the "Profile single process" User Right. CC ID 01863 | Configuration | Preventive | |
| Configure the "Profile system performance" User Right. CC ID 01864 | Configuration | Preventive | |
| Configure the "Remove computer from docking station" User Right. CC ID 01865 | Configuration | Preventive | |
| Configure the "Replace a process level token" User Right. CC ID 01866 | Configuration | Preventive | |
| Configure the "Restore files and directories" User Right. CC ID 01867 | Configuration | Preventive | |
| Configure the "Shut down the system" User Right. CC ID 01868 | Configuration | Preventive | |
| Configure the "Synchronize directory service data" User Right setting to organizational standards. CC ID 01869 | Configuration | Preventive | |
| Configure the "Take ownership of files or other objects" User Right. CC ID 01870 | Configuration | Preventive | |
| Configure the "Create global objects" User Right. CC ID 04383 | Configuration | Preventive | |
| Configure the "Create symbolic links" User Right. CC ID 04384 | Configuration | Preventive | |
| Configure the "Impersonate a client after authentication" User Right. CC ID 04385 | Configuration | Preventive | |
| Configure the "Increase a process working set" User Right. CC ID 04386 | Configuration | Preventive | |
| Configure file permissions and directory permissions to organizational standards. CC ID 07035 | Configuration | Preventive | |
| Configure "SYSVOL" to organizational standards. CC ID 15398 | Configuration | Preventive | |
| Configure the Cron log file permissions, as appropriate. CC ID 05998 | Configuration | Preventive | |
| Configure the "docker.service" file ownership to organizational standards. CC ID 14477 | Configuration | Preventive | |
| Establish and verify the file permissions for the passwd files, the shadow files, and the group files. CC ID 01537 | Technical Security | Preventive | |
| Verify uneven file permissions and uneven directory permissions do not occur, except on the WWW directory. CC ID 02159 | Configuration | Preventive | |
| Configure the "/dev/kmem" file permissions to organizational standards. CC ID 05449 | Configuration | Preventive | |
| Configure the "/dev/mem" file permissions to organizational standards. CC ID 05450 | Configuration | Preventive | |
| Configure the "/dev/null" file permissions to organizational standards. CC ID 05451 | Configuration | Preventive | |
| Configure the "resolv.conf" file permissions to organizational standards. CC ID 05452 | Configuration | Preventive | |
| Configure the "/etc/named.conf" file permissions to organizational standards. CC ID 05453 | Configuration | Preventive | |
| Configure the "/etc/group" file permissions to organizational standards. CC ID 05454 | Configuration | Preventive | |
| Set the /etc/exports file file permissions properly. CC ID 05455 | Configuration | Preventive | |
| Set the /usr/bin/at file file permissions properly. CC ID 05456 | Configuration | Preventive | |
| Configure the "/usr/bin/rdist" file permissions to organizational standards. CC ID 05457 | Configuration | Preventive | |
| Configure the "/usr/sbin/sync" file permissions to organizational standards. CC ID 05458 | Configuration | Preventive | |
| Configure the "aliases" file permissions to organizational standards. CC ID 05460 | Configuration | Preventive | |
| Set the file permissions for log file that is configured to capture critical sendmail messages properly. CC ID 05461 | Log Management | Preventive | |
| Set the file permissions for all files executed through /etc/aliases file entries properly. CC ID 05462 | Configuration | Preventive | |
| Configure the "/bin/csh" file permissions to organizational standards. CC ID 05463 | Configuration | Preventive | |
| Configure the "/bin/jsh" file permissions to organizational standards. CC ID 05464 | Configuration | Preventive | |
| Configure the "/bin/ksh" file permissions to organizational standards. CC ID 05465 | Configuration | Preventive | |
| Configure the "/bin/sh" file permissions to organizational standards. CC ID 05466 | Configuration | Preventive | |
| Configure the "/bin/bash" file permissions to organizational standards. CC ID 05467 | Configuration | Preventive | |
| Configure the "/sbin/csh" file permissions to organizational standards. CC ID 05468 | Configuration | Preventive | |
| Configure the "/sbin/jsh" file permissions to organizational standards. CC ID 05469 | Configuration | Preventive | |
| Configure the "/sbin/ksh" file permissions to organizational standards. CC ID 05470 | Configuration | Preventive | |
| Configure the "/sbin/sh" file permissions to organizational standards. CC ID 05471 | Configuration | Preventive | |
| Configure the "/sbin/bash" file permissions to organizational standards. CC ID 05472 | Configuration | Preventive | |
| Configure the "/usr/bin/csh" file permissions to organizational standards. CC ID 05473 | Configuration | Preventive | |
| Configure the "/usr/bin/jsh" file permissions to organizational standards. CC ID 05474 | Configuration | Preventive | |
| Configure the "/usr/bin/ksh" file permissions to organizational standards. CC ID 05475 | Configuration | Preventive | |
| Configure the "/usr/bin/sh" file permissions to organizational standards. CC ID 05476 | Configuration | Preventive | |
| Configure the "/usr/bin/bash" file permissions to organizational standards. CC ID 05477 | Configuration | Preventive | |
| Configure the "snmpd.conf" file permissions to organizational standards. CC ID 05478 | Configuration | Preventive | |
| Configure the "/tmp" file permissions to organizational standards. CC ID 05479 | Configuration | Preventive | |
| Configure the "/usr/tmp" file permissions to organizational standards. CC ID 05480 | Configuration | Preventive | |
| Configure the ".Xauthority" file permissions to organizational standards. CC ID 05481 | Configuration | Preventive | |
| Configure the "/etc/aliases" file permissions to organizational standards. CC ID 05482 | Configuration | Preventive | |
| Configure the "/etc/csh" file permissions to organizational standards. CC ID 05483 | Configuration | Preventive | |
| Configure the "/etc/default/docker" file permissions to organizational standards. CC ID 14487 | Configuration | Preventive | |
| Configure the "/etc/default/docker" file ownership to organizational standards. CC ID 14484 | Configuration | Preventive | |
| Configure the "/etc/default/*" file permissions to organizational standards. CC ID 05484 | Configuration | Preventive | |
| Configure the "/etc/docker" directory permissions to organizational standards. CC ID 14470 | Configuration | Preventive | |
| Configure the "/etc/docker" directory ownership to organizational standards. CC ID 14469 | Configuration | Preventive | |
| Set the file permissions for /etc/default/login properly. CC ID 05485 | Configuration | Preventive | |
| Configure the "/etc/gshadow" file permissions to organizational standards. CC ID 05486 | Configuration | Preventive | |
| Configure the "/etc/host.lpd" file permissions to organizational standards. CC ID 05487 | Configuration | Preventive | |
| Configure the "/etc/hostname*" file permissions to organizational standards. CC ID 05488 | Configuration | Preventive | |
| Configure the "/etc/hosts" file permissions to organizational standards. CC ID 05489 | Configuration | Preventive | |
| Set the /etc/inetd.conf file file permissions properly. CC ID 05490 | Configuration | Preventive | |
| Configure the "/etc/issue" file permissions to organizational standards. CC ID 05491 | Configuration | Preventive | |
| Configure the "/etc/jsh" file permissions to organizational standards. CC ID 05492 | Configuration | Preventive | |
| Configure the "/etc/kubernetes/pki/*.crt" file permissions to organizational standards. CC ID 14562 | Configuration | Preventive | |
| Configure the "/etc/kubernetes/pki/*.key" file permissions to organizational standards. CC ID 14557 | Configuration | Preventive | |
| Configure the "/etc/kubernetes/pki" file ownership to organizational standards. CC ID 14555 | Configuration | Preventive | |
| Configure the "/etc/ksh" file permissions to organizational standards. CC ID 05493 | Configuration | Preventive | |
| Configure the "/etc/mail/aliases" file permissions to organizational standards. CC ID 05494 | Configuration | Preventive | |
| Configure the "/etc/motd" file permissions to organizational standards. CC ID 05495 | Configuration | Preventive | |
| Configure the "/etc/netconfig" file permissions to organizational standards. CC ID 05496 | Configuration | Preventive | |
| Configure the "/etc/notrouter" file permissions to organizational standards. CC ID 05497 | Configuration | Preventive | |
| Configure the "/etc/passwd" file permissions to organizational standards. CC ID 05498 | Configuration | Preventive | |
| Configure the "/etc/security" file permissions to organizational standards. CC ID 05499 | Configuration | Preventive | |
| Configure the "/etc/services" file permissions to organizational standards. CC ID 05500 | Configuration | Preventive | |
| Configure the "/etc/sysconfig/docker" file ownership to organizational standards. CC ID 14491 | Configuration | Preventive | |
| Configure the "/etc/sh" file permissions to organizational standards. CC ID 05501 | Configuration | Preventive | |
| Configure the "/etc/sysconfig/docker" file permissions to organizational standards. CC ID 14486 | Configuration | Preventive | |
| Configure the "/etc/shadow" file permissions to organizational standards. CC ID 05502 | Configuration | Preventive | |
| Configure the "docker.socket" file ownership to organizational standards. CC ID 14472 | Configuration | Preventive | |
| Configure the "/etc/syslog.conf" file permissions to organizational standards. CC ID 05503 | Configuration | Preventive | |
| Configure the "/etc/fstab" file permissions to organizational standards. CC ID 05504 | Configuration | Preventive | |
| Configure the "docker.socket" file permissions to organizational standards. CC ID 14468 | Configuration | Preventive | |
| Configure the "/var/adm/messages" file permissions to organizational standards. CC ID 05505 | Configuration | Preventive | |
| Configure the "/var/adm/sulog" file permissions to organizational standards. CC ID 05506 | Configuration | Preventive | |
| Configure the "/var/adm/utmp" file permissions to organizational standards. CC ID 05507 | Configuration | Preventive | |
| Configure the "/var/adm/wtmp" file permissions to organizational standards. CC ID 05508 | Configuration | Preventive | |
| Configure the "/var/adm/authlog" file permissions to organizational standards. CC ID 05509 | Configuration | Preventive | |
| Configure the "/var/adm/syslog" file permissions to organizational standards. CC ID 05510 | Configuration | Preventive | |
| Configure the "/var/mail" file permissions to organizational standards. CC ID 05511 | Configuration | Preventive | |
| Configure the "/var/tmp" file permissions to organizational standards. CC ID 05512 | Configuration | Preventive | |
| Configure the "/usr/lib/pt_chmod" file permissions to organizational standards. CC ID 05513 | Configuration | Preventive | |
| Configure the "/usr/lib/embedded_us" file permissions to organizational standards. CC ID 05514 | Configuration | Preventive | |
| Configure the "/usr/kerberos/bin/rsh" file permissions to organizational standards. CC ID 05515 | Configuration | Preventive | |
| Configure the "/var/spool/mail" file permissions to organizational standards. CC ID 05516 | Configuration | Preventive | |
| Configure the "smbpasswd" file permissions to organizational standards. CC ID 05517 | Configuration | Preventive | |
| Configure the "/usr/lib/sendmail" file permissions to organizational standards. CC ID 05518 | Configuration | Preventive | |
| Set the /etc/security/audit/config file file permissions properly. CC ID 05519 | Configuration | Preventive | |
| Set the /etc/security/audit/events file file permissions properly. CC ID 05520 | Configuration | Preventive | |
| Set the /etc/security/audit/objects file file permissions properly. CC ID 05521 | Configuration | Preventive | |
| Set the /usr/lib/trcload file file permissions properly. CC ID 05522 | Configuration | Preventive | |
| Set the /usr/lib/semutil file file permissions properly. CC ID 05523 | Configuration | Preventive | |
| Set the /etc/rc.config.d/auditing file file permissions properly. CC ID 05524 | Configuration | Preventive | |
| Configure the "/etc/init.d" file permissions to organizational standards. CC ID 05525 | Configuration | Preventive | |
| Set the /etc/hosts.lpd file file permissions properly. CC ID 05526 | Configuration | Preventive | |
| Configure the "/etc/pam.conf" file permissions to organizational standards. CC ID 05527 | Configuration | Preventive | |
| Configure the "/boot/grub/grub.conf" file permissions to organizational standards. CC ID 05528 | Configuration | Preventive | |
| Configure the "/etc/grub.conf" file permissions to organizational standards. CC ID 05529 | Configuration | Preventive | |
| Configure the "/etc/lilo.conf" file permissions to organizational standards. CC ID 05530 | Configuration | Preventive | |
| Set the file permissions for /etc/login.access properly. CC ID 05531 | Configuration | Preventive | |
| Configure the "docker.service" file permissions to organizational standards. CC ID 14479 | Configuration | Preventive | |
| Configure the "/etc/security/access.conf" file permissions to organizational standards. CC ID 05532 | Configuration | Preventive | |
| Configure the "/etc/sysctl.conf" file permissions to organizational standards. CC ID 05533 | Configuration | Preventive | |
| Configure the "/etc/securetty" file permissions to organizational standards. CC ID 05534 | Configuration | Preventive | |
| Configure the "/etc/audit/auditd.conf" file permissions to organizational standards. CC ID 05535 | Configuration | Preventive | |
| Configure the "audit.rules" file permissions to organizational standards. CC ID 05536 | Configuration | Preventive | |
| Set the /usr/sbin/userhelper file file permissions properly. CC ID 05537 | Configuration | Preventive | |
| Set the file permissions for all syslog log files properly. CC ID 05538 | Configuration | Preventive | |
| Set the /etc/anacrontab file file permissions properly. CC ID 05543 | Configuration | Preventive | |
| Set the /etc/pki/tls/CA/cacert.pem file file permissions properly. CC ID 05544 | Configuration | Preventive | |
| Set the /etc/pki/tls/ldap/serverkey.pem file file permissions properly. CC ID 05545 | Configuration | Preventive | |
| Set the /etc/pki/tls/ldap/servercert.pem file file permissions properly. CC ID 05546 | Configuration | Preventive | |
| Set the /etc/pki/tls/ldap file file permissions properly. CC ID 05547 | Configuration | Preventive | |
| Set the /etc/httpd/conf file file permissions properly. CC ID 05548 | Configuration | Preventive | |
| Set the /etc/httpd/conf/* file file permissions properly. CC ID 05549 | Configuration | Preventive | |
| Set the /usr/sbin/httpd file file permissions properly. CC ID 05550 | Configuration | Preventive | |
| Set the /var/log/httpd file file permissions properly. CC ID 05551 | Configuration | Preventive | |
| Set the daemon debug log file file permissions properly. CC ID 05552 | Configuration | Preventive | |
| Set the Cron log file file permissions properly. CC ID 05553 | Configuration | Preventive | |
| Set the file permissions for system accounting properly. CC ID 05554 | Configuration | Preventive | |
| Set the /etc/dfs file file permissions properly. CC ID 05555 | Configuration | Preventive | |
| Set the /etc/fs file permissions properly. CC ID 05556 | Configuration | Preventive | |
| Set the /etc/ufs file file permissions properly. CC ID 05557 | Configuration | Preventive | |
| Set the /etc/vfstab file file permissions properly. CC ID 05558 | Configuration | Preventive | |
| Set the vold.conf file permissions properly. CC ID 05559 | Configuration | Preventive | |
| Configure the "Docker socket" file ownership to organizational standards. CC ID 14493 | Configuration | Preventive | |
| Configure the "daemon.json" file permissions to organizational standards. CC ID 14492 | Configuration | Preventive | |
| Set the ASET userlist file permissions properly. CC ID 05560 | Configuration | Preventive | |
| Set the /etc/rmmount.conf file file permissions properly. CC ID 05561 | Configuration | Preventive | |
| Configure the "Docker server certificate" file ownership to organizational standards. CC ID 14471 | Configuration | Preventive | |
| Configure the "Docker server certificate key" file permissions to organizational standards. CC ID 14485 | Configuration | Preventive | |
| Set the /etc/security/audit_control file file permissions properly. CC ID 05563 | Configuration | Preventive | |
| Configure the "daemon.json" file ownership to organizational standards. CC ID 14482 | Configuration | Preventive | |
| Configure the "Docker socket" file permissions to organizational standards. CC ID 14480 | Configuration | Preventive | |
| Set the /etc/security/audit_class file file permissions properly. CC ID 05564 | Configuration | Preventive | |
| Configure the "Docker server certificate key" file ownership to organizational standards. CC ID 14478 | Configuration | Preventive | |
| Configure the "admin.conf" file ownership to organizational standards. CC ID 14556 | Configuration | Preventive | |
| Set the /etc/security/audit_event file file permissions properly. CC ID 05565 | Configuration | Preventive | |
| Configure the "admin.conf" file permissions to organizational standards. CC ID 14554 | Configuration | Preventive | |
| Configure the "Certificate Authority" file ownership to organizational standards. CC ID 14630 | Configuration | Preventive | |
| Configure the "Docker server certificate" file permissions to organizational standards. CC ID 14476 | Configuration | Preventive | |
| Configure the "etcd" data directory ownership to organizational standards. CC ID 14620 | Configuration | Preventive | |
| Configure the "etcd" data directory permissions to organizational standards. CC ID 14618 | Configuration | Preventive | |
| Configure the "etcd.yaml" file ownership to organizational standards. CC ID 14615 | Configuration | Preventive | |
| Configure the "etcd.yaml" file permissions to organizational standards. CC ID 14609 | Configuration | Preventive | |
| Configure the file permissions for at.allow, as appropriate. CC ID 05995 | Configuration | Preventive | |
| Configure the file permissions for at.deny, as appropriate. CC ID 05996 | Configuration | Preventive | |
| Configure the file permissions for cron.allow, as appropriate. CC ID 05999 | Configuration | Preventive | |
| Configure the file permissions for cron.deny, as appropriate. CC ID 06000 | Configuration | Preventive | |
| Configure the "Certificate Authority" file permissions to organizational standards. CC ID 14623 | Configuration | Preventive | |
| Configure the file permissions for /usr/bin/at file, as appropriate. CC ID 06001 | Configuration | Preventive | |
| Configure the "kubelet --config" file ownership to organizational standards. CC ID 14632 | Configuration | Preventive | |
| Configure the file permissions for the /etc/cron.daily file, as appropriate. CC ID 06008 | Configuration | Preventive | |
| Configure the "kubelet.conf" file ownership to organizational standards. CC ID 14628 | Configuration | Preventive | |
| Configure the "kubelet --config" file permissions to organizational standards. CC ID 14625 | Configuration | Preventive | |
| Configure the file permissions for the /etc/cron.weekly file, as appropriate. CC ID 06009 | Configuration | Preventive | |
| Configure the file permissions for the /etc/cron.hourly file, as appropriate. CC ID 06010 | Configuration | Preventive | |
| Configure the "kubelet service" file permissions to organizational standards. CC ID 14660 | Configuration | Preventive | |
| Configure the "kubelet.conf" file permissions to organizational standards. CC ID 14619 | Configuration | Preventive | |
| Configure the "controller-manager.conf" file ownership to organizational standards. CC ID 14560 | Configuration | Preventive | |
| Configure the "kubeconfig" file ownership to organizational standards. CC ID 14617 | Configuration | Preventive | |
| Configure the "kubeconfig" file permissions to organizational standards. CC ID 14616 | Configuration | Preventive | |
| Configure the file permissions for the /etc/cron.monthly file, as appropriate. CC ID 06013 | Configuration | Preventive | |
| Configure the "kubelet service" file ownership to organizational standards. CC ID 14612 | Configuration | Preventive | |
| Configure the "kube-scheduler.yaml" file ownership to organizational standards. CC ID 14611 | Configuration | Preventive | |
| Configure the file permissions for all user home directories, as appropriate. CC ID 06019 | Configuration | Preventive | |
| Configure the "kube-scheduler.yaml" file permissions to organizational standards. CC ID 14603 | Configuration | Preventive | |
| Configure the "kube-controller-manager.yaml" file ownership to organizational standards. CC ID 14600 | Configuration | Preventive | |
| Configure the "kube-controller-manager.yaml" file permissions to organizational standards. CC ID 14598 | Configuration | Preventive | |
| Configure the "kube-apiserver.yaml" file ownership to organizational standards. CC ID 14597 | Configuration | Preventive | |
| Configure the "scheduler.conf" file ownership to organizational standards. CC ID 14558 | Configuration | Preventive | |
| Configure the .netrc file permissions, as necessary. CC ID 06022 | Configuration | Preventive | |
| Configure the "all rsyslog log files" permissions to organizational standards. CC ID 08748 | Establish/Maintain Documentation | Preventive | |
| Configure the "controller-manager.conf" file permissions to organizational standards. CC ID 14553 | Configuration | Preventive | |
| Configure the "Container Network Interface" file ownership to organizational standards. CC ID 14552 | Configuration | Preventive | |
| Configure the "Container Network Interface" file permissions to organizational standards. CC ID 14550 | Configuration | Preventive | |
| Configure the "crontab" directory permissions to organizational standards. CC ID 08967 | Configuration | Preventive | |
| Configure the "scheduler.conf" file permissions to organizational standards. CC ID 14551 | Configuration | Preventive | |
| Configure the "crontab" file permissions to organizational standards. CC ID 08968 | Configuration | Preventive | |
| Configure the "kube-apiserver.yaml" file permissions to organizational standards. CC ID 14549 | Configuration | Preventive | |
| Configure the "traceroute executable" file permissions to organizational standards. CC ID 08979 | Configuration | Preventive | |
| Configure the "httpd.conf" file permissions to organizational standards. CC ID 09041 | Configuration | Preventive | |
| Configure the "/etc/httpd/conf/passwd" file permissions to organizational standards. CC ID 09042 | Configuration | Preventive | |
| Configure the "/usr/sbin/apachectl" file permissions to organizational standards. CC ID 09043 | Configuration | Preventive | |
| Configure the "/var/www/html" file permissions to organizational standards. CC ID 09044 | Configuration | Preventive | |
| Configure the "apache configuration" directory permissions to organizational standards. CC ID 09045 | Configuration | Preventive | |
| Configure the "htpasswd" file permissions to organizational standards. CC ID 09057 | Configuration | Preventive | |
| Configure all "files specified by CustomLogs" file permissions to organizational standards. CC ID 09073 | Configuration | Preventive | |
| Configure the "apache /bin" directory permissions to organizational standards. CC ID 09093 | Configuration | Preventive | |
| Configure the "apache /logs" directory permissions to organizational standards. CC ID 09096 | Configuration | Preventive | |
| Configure the "registry certificate" file permissions to organizational standards. CC ID 14483 | Configuration | Preventive | |
| Configure the "apache /htdocs" directory permissions to organizational standards. CC ID 09099 | Configuration | Preventive | |
| Configure the "registry certificate" file ownership to organizational standards. CC ID 14481 | Configuration | Preventive | |
| Configure the "apache /cgi-bin" directory permissions to organizational standards. CC ID 09102 | Configuration | Preventive | |
| Configure the "cgi-bin" directory permissions to organizational standards. CC ID 09103 | Configuration | Preventive | |
| Configure the "apache process ID" file permissions to organizational standards. CC ID 09124 | Configuration | Preventive | |
| Configure the "apache scoreboard" file permissions to organizational standards. CC ID 09127 | Configuration | Preventive | |
| Configure the "htpasswd.exe" file permissions to organizational standards. CC ID 09143 | Configuration | Preventive | |
| Configure the "setgid" permissions to organizational standards. CC ID 14513 | Configuration | Preventive | |
| Configure the "TLS CA certificate" file permissions to organizational standards. CC ID 14475 | Configuration | Preventive | |
| Configure the "TLS CA certificate" file ownership to organizational standards. CC ID 14473 | Configuration | Preventive | |
| Configure the "apache /config" directory permissions to organizational standards. CC ID 09144 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32wscript.exe" file permissions to organizational standards. CC ID 09145 | Configuration | Preventive | |
| Configure the "%SystemRoot%System32cscript.exe" file permissions to organizational standards. CC ID 09146 | Configuration | Preventive | |
| Configure the "apache's process ID" file permissions to organizational standards. CC ID 09148 | Configuration | Preventive | |
| Configure the "/etc/httpd/conf.d" file permissions to organizational standards. CC ID 09149 | Configuration | Preventive | |
| Configure the "setuid" permissions to organizational standards. CC ID 14509 | Configuration | Preventive | |
| Configure the "Web Root 'Images'" directory permissions to organizational standards. CC ID 09191 | Configuration | Preventive | |
| Configure the "Web Root 'scripts'" directory permissions to organizational standards. CC ID 09192 | Configuration | Preventive | |
| Configure the "Web Root 'executables'" directory permissions to organizational standards. CC ID 09193 | Configuration | Preventive | |
| Configure the "Web Root 'docs'" directory permissions to organizational standards. CC ID 09194 | Configuration | Preventive | |
| Configure the "Web Root 'home'" directory permissions to organizational standards. CC ID 09195 | Configuration | Preventive | |
| Configure the "Web Root 'include'" directory permissions to organizational standards. CC ID 09196 | Configuration | Preventive | |
| Configure the "default Logfiles" directory permissions to organizational standards. CC ID 09197 | Configuration | Preventive | |
| Configure the "Inetpub" directory permissions to organizational standards. CC ID 09221 | Configuration | Preventive | |
| Configure the "inetsrv" directory permissions to organizational standards. CC ID 09222 | Configuration | Preventive | |
| Configure the "inetsrvasp.dll" file permissions to organizational standards. CC ID 09223 | Configuration | Preventive | |
| Configure the "Web Root" directory permissions . to organizational standards CC ID 09224 | Configuration | Preventive | |
| Configure the "files located in the folder specified by the Logger component (server.xml)" file permissions to organizational standards. CC ID 09733 | Configuration | Preventive | |
| Configure the "webapps" directory permissions to organizational standards. CC ID 09734 | Configuration | Preventive | |
| Configure the "tomcat installation" directory permissions to organizational standards. CC ID 09735 | Configuration | Preventive | |
| Configure the "tomcat /bin" directory permissions to organizational standards. CC ID 09736 | Configuration | Preventive | |
| Configure the "tomcat /common" directory permissions to organizational standards. CC ID 09737 | Configuration | Preventive | |
| Configure the "tomcat /conf" directory permissions to organizational standards. CC ID 09738 | Configuration | Preventive | |
| Configure the "tomcat /logs" directory permissions to organizational standards. CC ID 09739 | Configuration | Preventive | |
| Configure the "tomcat /server" directory permissions to organizational standards. CC ID 09740 | Configuration | Preventive | |
| Configure the "tomcat /shared" directory permissions to organizational standards. CC ID 09741 | Configuration | Preventive | |
| Configure the "tomcat /webapps" directory permissions to organizational standards. CC ID 09742 | Configuration | Preventive | |
| Configure the "tomcat /work" directory permissions to organizational standards. CC ID 09743 | Configuration | Preventive | |
| Configure the "tomcat /temp" directory permissions to organizational standards. CC ID 09744 | Configuration | Preventive | |
| Configure the "tomcat-users.xml" file permissions to organizational standards. CC ID 09778 | Configuration | Preventive | |
| Configure the "Tomcat home" directory permissions to organizational standards. CC ID 09799 | Configuration | Preventive | |
| Configure the "Tomcat home/conf/" directory permissions to organizational standards. CC ID 09802 | Configuration | Preventive | |
| Configure the "SerializedSystemIni.dat" file permissions to organizational standards. CC ID 09860 | Configuration | Preventive | |
| Configure the "Keystore" file permissions to organizational standards. CC ID 09900 | Configuration | Preventive | |
| Configure the "Weblogic Server Product Installation" directory permissions to organizational standards. CC ID 09902 | Configuration | Preventive | |
| Configure the "Domain Home" directory permissions to organizational standards. CC ID 09903 | Configuration | Preventive | |
| Configure the "Middleware Home" directory permissions to organizational standards. CC ID 09907 | Configuration | Preventive | |
| Restrict at/cron to authorized users. CC ID 01572 | Configuration | Preventive | |
| Configure the system to need authentication for single user mode. CC ID 01577 | Configuration | Preventive | |
| Configure the system to block certain system accounts. CC ID 01578 | Configuration | Preventive | |
| Verify that there are no accounts with empty password fields. CC ID 01579 | Configuration | Preventive | |
| Use standards-based encryption for encryption, hashing, and signing. CC ID 01583 | Configuration | Preventive | |
| Configure symbolic permissions for the passwd file, shadow file, and group files to organizational standards. CC ID 01584 | Configuration | Detective | |
| Configure the "dCOM: Machine access restrictions in Security Descriptor Definition Language (sddl)" setting. CC ID 01726 | Configuration | Preventive | |
| Configure the "dCOM: Machine launch restrictions in Security Descriptor Definition Language (sddl)" setting to organizational standards. CC ID 01727 | Configuration | Preventive | |
| Configure the root $PATH to not have any "." directories, group directories or world writable directories. CC ID 01587 | Configuration | Preventive | |
| Configure user home directories to be mode 750 or more restrictive. CC ID 01588 | Configuration | Preventive | |
| Configure user dot-files to not be group or world-writable. CC ID 01589 | Configuration | Preventive | |
| Remove .netrc files. CC ID 01590 | Configuration | Preventive | |
| Configure default UMASK for users. CC ID 01591 | Configuration | Preventive | |
| Configure the default UMASK for FTP users. CC ID 01592 | Configuration | Preventive | |
| Configure the "mesg n" as default for all users. CC ID 01593 | Configuration | Preventive | |
| Configure the system to restrict access to the root user from the su command. CC ID 01595 | Configuration | Preventive | |
| Establish, implement, and maintain an account lockout policy. CC ID 01709 | Establish/Maintain Documentation | Preventive | |
| Configure Restricted groups. CC ID 01928 | Configuration | Preventive | |
| Configure the run control scripts permissions. CC ID 02160 | Configuration | Preventive | |
| Configure root to be the Traceroute command owner. CC ID 02165 | Configuration | Preventive | |
| Coordinate the User ID access restrictions with the site-unique configuration file, the UOSS control file, and the Tape File Configuration Transfer file. CC ID 02192 | Configuration | Preventive | |
| Refrain from displaying user information when the system is locked. CC ID 04302 | Configuration | Preventive | |
| Configure systems to prevent dial-up passwords from being saved. CC ID 04303 | Configuration | Preventive | |
| Configure the "Always prompt client for password upon connection" setting. CC ID 04317 | Configuration | Preventive | |
| Configure the "Do not allow passwords to be saved" setting. CC ID 04320 | Configuration | Preventive | |
| Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting. CC ID 04388 | Configuration | Preventive | |
| Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" setting. CC ID 04389 | Configuration | Preventive | |
| Configure the "User Account Control: Behavior of the elevation prompt for standard users" setting. CC ID 04390 | Configuration | Preventive | |
| Configure the "User Account Control: Detect application installations and prompt for elevation" setting. CC ID 04391 | Configuration | Preventive | |
| Configure the "User Account Control: Only elevate executables that are signed and validated" setting. CC ID 04392 | Configuration | Preventive | |
| Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting. CC ID 04393 | Configuration | Preventive | |
| Configure the "User Account Control: Run all administrators in Admin Approval Mode" setting. CC ID 04394 | Configuration | Preventive | |
| Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" setting. CC ID 04395 | Configuration | Preventive | |
| Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" setting. CC ID 04396 | Configuration | Preventive | |
| Configure the "Enumerate administrator accounts on elevation" setting. CC ID 04403 | Configuration | Preventive | |
| Configure the "Required trusted path for credential entry" setting. CC ID 04404 | Configuration | Preventive | |
| Require proper authentication prior to accessing NetWare's eGuide. CC ID 04450 | Configuration | Preventive | |
| Disable the SAdmin account and SDebug account in NetWare. CC ID 04458 | Configuration | Preventive | |
| Configure the system to prevent helper applications from changing client rights. CC ID 04464 | Configuration | Preventive | |
| Delete authenticator hint field contents or authenticator hint field files. CC ID 04477 | Configuration | Preventive | |
| Configure the "Limit number of simultaneous connections" setting to organizational standards. CC ID 04511 | Configuration | Preventive | |
| Configure the "Do not allow local administrators to customize permissions" setting to organizational standards. CC ID 04512 | Configuration | Preventive | |
| Configure the default Distributed Component Object Model authorization level to 'connect' or higher. CC ID 04528 | Configuration | Preventive | |
| Configure the "Network access: Shares that can be accessed anonymously" setting. CC ID 04533 | Configuration | Preventive | |
| Configure domain-connected workstations to not have any local user accounts. CC ID 04535 | Configuration | Preventive | |
| Configure printers to only accept print jobs from known print spoolers. CC ID 04812 | Configuration | Preventive | |
| Configure print spoolers to accept jobs from authorized users only. CC ID 04813 | Configuration | Preventive | |
| Prevent Multi-Function Devices from connecting to networks routing restricted data, unless authorized. CC ID 04815 | Configuration | Preventive | |
| Restrict access to remote file shares. CC ID 04817 | Configuration | Preventive | |
| Configure Multi-Function Devices to prevent non-printer administrators from altering the global configuration file. CC ID 04818 | Configuration | Preventive | |
| Configure the user's .forward file to mode 600. CC ID 04848 | Configuration | Preventive | |
| Configure the GID of accounts other than root and locked system accounts properly. CC ID 05448 | Configuration | Preventive | |
| Set the smbpasswd executable permissions properly. CC ID 05459 | Configuration | Preventive | |
| Grant or reject sudo privileges to the wheel group, as appropriate. CC ID 05539 | Configuration | Preventive | |
| Set the /var/log/pamlog log permissions properly. CC ID 05562 | Configuration | Preventive | |
| Restrict the audit log permissions. CC ID 05566 | Configuration | Preventive | |
| Use the pkgchk utility to force default settings and to verify the ownership, group ownership, and access permissions for installed packages. CC ID 05567 | Configuration | Preventive | |
| Configure role-based access control (RBAC) caching elements to organizational standards. CC ID 05568 | Configuration | Preventive | |
| Verify all device files are located in an appropriate directory. CC ID 05571 | Records Management | Preventive | |
| Configure the read-only option for all NFS exports. CC ID 05572 | Configuration | Preventive | |
| Configure access controls through /etc/login.access and access.conf for non-superusers. CC ID 05573 | Configuration | Preventive | |
| Enable or disable root login via Secure Shell, as appropriate. CC ID 05574 | Configuration | Preventive | |
| Verify the ftpusers file restricts access to certain accounts. CC ID 05575 | Configuration | Preventive | |
| Enable or disable SSH host-based authentication, as appropriate. CC ID 05576 | Configuration | Preventive | |
| Configure the environmental variable path properly. CC ID 05577 | Configuration | Preventive | |
| Configure local initialization files and global initialization files to allow or deny write access to the terminal, as appropriate. CC ID 05578 | Configuration | Preventive | |
| Verify user .shosts files exist or not, as appropriate. CC ID 05579 | Configuration | Preventive | |
| Set the default umask for the bash shell properly for all users. CC ID 05580 | Configuration | Preventive | |
| Set the default umask for the csh shell properly for all users. CC ID 05581 | Configuration | Preventive | |
| Configure the system umask properly. CC ID 05582 | Configuration | Preventive | |
| Verify console device ownership is restricted to root-only, as appropriate. CC ID 05583 | Configuration | Preventive | |
| Configure the "Access credential Manager as a trusted caller" User Right properly. CC ID 05584 | Configuration | Preventive | |
| Restrict the right of modifying an Object label. CC ID 05585 | Configuration | Preventive | |
| Configure the "User Account Control: Allow UIAccess applications to prompt for elevation" setting. CC ID 05586 | Configuration | Preventive | |
| Configure the "Do Not Allow New Client Connections" policy for Terminal Services properly. CC ID 05587 | Configuration | Preventive | |
| Configure the "Remote Control Settings" policy for Terminal Services properly. CC ID 05588 | Configuration | Preventive | |
| Configure the Cron directory permissions to organizational standards. CC ID 05997 | Configuration | Preventive | |
| Configure the cron.allow file with the user group permitted to use the cron facility, as appropriate. CC ID 06002 | Configuration | Preventive | |
| Configure the cron.deny file with the user set permitted to use the cron facility, as appropriate. CC ID 06003 | Configuration | Preventive | |
| Configure the Cron directories to be owned by an appropriate user and group. CC ID 06004 | Configuration | Preventive | |
| Configure the at.deny file with the user set permitted to use the at facility, as appropriate. CC ID 06006 | Configuration | Preventive | |
| Configure the /etc/cron.monthly file to be owned by an appropriate user or group. CC ID 06007 | Configuration | Preventive | |
| Configure /etc/cron.hourly to be owned by an appropriate user or group. CC ID 06011 | Configuration | Preventive | |
| Configure /etc/cron.daily to be owned by an appropriate user or group. CC ID 06012 | Configuration | Preventive | |
| Configure the home directory for the root user, as appropriate. CC ID 06017 | Configuration | Preventive | |
| Configure the home directory for each user account, as appropriate. CC ID 06018 | Configuration | Preventive | |
| Configure the home directory permissions for the Superuser account, as appropriate. CC ID 06020 | Configuration | Preventive | |
| Configure each user home directory to be owned by an appropriate user or group. CC ID 06021 | Configuration | Preventive | |
| Configure the world-write permissions for all files, as appropriate. CC ID 06026 | Configuration | Preventive | |
| Configure and assign the correct service permissions for the SNMP Service. CC ID 06041 | Configuration | Preventive | |
| Configure the service permissions for NetMeeting, as appropriate. CC ID 06045 | Configuration | Preventive | |
| Configure the "Allow log on through Remote Desktop Services" User Right properly. CC ID 06062 | Configuration | Preventive | |
| Configure the "Deny log on through Remote Desktop Services" User Right properly. CC ID 06063 | Configuration | Preventive | |
| Remove all members found in the Windows OS Power Users Group. CC ID 06573 | Configuration | Preventive | |
| Configure the "sudo" to organizational standards. CC ID 15325 | Configuration | Preventive | |
| Require users to use the 'sudo' command when accessing the root account. CC ID 06736 | Configuration | Preventive | |
| Configure the "log all su (switch user) activity" setting to organizational standards. CC ID 08965 | Configuration | Preventive | |
| Configure the "status" of the "apache" account to organizational standards. CC ID 09018 | Configuration | Preventive | |
| Configure the "apache" account group membership to organizational standards. CC ID 09033 | Configuration | Preventive | |
| Configure the "CustomLog" files permissions to organizational standards. CC ID 09051 | Configuration | Preventive | |
| Configure the "ErrorLog" files permissions to organizational standards. CC ID 09052 | Configuration | Preventive | |
| Configure the "default webpage" for "all readable apache web document directories" to organizational standards. CC ID 09071 | Configuration | Preventive | |
| Configure the "ScriptAlias" directories permissions to organizational standards. CC ID 09078 | Configuration | Preventive | |
| Configure the "ScriptAliasMatch" directories permissions to organizational standards. CC ID 09081 | Configuration | Preventive | |
| Configure the "DocumentRoot" directories permissions to organizational standards. CC ID 09084 | Configuration | Preventive | |
| Configure the "Alias" directories permissions to organizational standards. CC ID 09087 | Configuration | Preventive | |
| Configure the "ServerRoot" directories permissions to organizational standards. CC ID 09090 | Configuration | Preventive | |
| Configure the "Enable Logging" setting for the "master home directory" to organizational standards. CC ID 09156 | Configuration | Preventive | |
| Configure the "Read" permission for the "master home directory" to organizational standards. CC ID 09157 | Configuration | Preventive | |
| Configure the "Write" permission for the "master home directory" to organizational standards. CC ID 09158 | Configuration | Preventive | |
| Configure the "Script Source Access" permission for the "master home directory" to organizational standards. CC ID 09159 | Configuration | Preventive | |
| Configure the "Directory Browsing" permission for the "master home directory" to organizational standards. CC ID 09160 | Configuration | Preventive | |
| Configure the "Log Visits" permission for the "master home directory" to organizational standards. CC ID 09161 | Configuration | Preventive | |
| Configure the "Index this resource" permission for the "master home directory" to organizational standards. CC ID 09162 | Configuration | Preventive | |
| Configure the "Execute Permissions" permission for the "master home directory" to organizational standards. CC ID 09163 | Configuration | Preventive | |
| Configure the "Anonymous Access" permission for the "master home directory" to organizational standards. CC ID 09164 | Configuration | Preventive | |
| Configure the "Basic Authentication" setting for the "master home directory" to organizational standards. CC ID 09165 | Configuration | Preventive | |
| Configure the "Integrated Windows Authentication" setting for the "master home directory" to organizational standards. CC ID 09166 | Configuration | Preventive | |
| Configure the "Read" permission" for the "website home directory" to organizational standards. CC ID 09168 | Configuration | Preventive | |
| Configure the "Write" privilege for the "website home directory" to organizational standards. CC ID 09169 | Configuration | Preventive | |
| Configure the "Script Source Access" permission for the "website home directory" to organizational standards. CC ID 09170 | Configuration | Preventive | |
| Configure the "Directory Browsing" permission for the "website home directory" to organizational standards. CC ID 09171 | Configuration | Preventive | |
| Configure the "Log Visits" permission for the "website home directory" to organizational standards. CC ID 09172 | Configuration | Preventive | |
| Configure the "Index this resource" permission for the "website home directory" to organizational standards. CC ID 09173 | Configuration | Preventive | |
| Configure the "Execute Permissions" permission to organizational standards. CC ID 09174 | Configuration | Preventive | |
| Configure the "Anonymous Access" permission for the "website home directory" to organizational standards. CC ID 09175 | Configuration | Preventive | |
| Configure the "file auditing" setting for the "\%SystemRoot%System32Inetsrv" directory to organizational standards. CC ID 09198 | Configuration | Preventive | |
| Configure the "membership" of the "IUSR" account to organizational standards. CC ID 09213 | Configuration | Preventive | |
| Configure the "IUSR" account to organizational standards. CC ID 09214 | Configuration | Preventive | |
| Configure the "file auditing" setting for the "Inetpub" directory to organizational standards. CC ID 09225 | Configuration | Preventive | |
| Configure the "file auditing" setting for the "Web Root" directory to organizational standards. CC ID 09226 | Configuration | Preventive | |
| Configure the "file auditing" setting for the "Metaback" directory to organizational standards. CC ID 09227 | Configuration | Preventive | |
| Configure the "IWAM" account to organizational standards. CC ID 09228 | Configuration | Preventive | |
| Configure the "Application object owner" accounts to organizational standards. CC ID 09257 | Configuration | Preventive | |
| Configure the "system tables" permissions to organizational standards. CC ID 09260 | Configuration | Preventive | |
| Configure the "DDL" permissions to organizational standards. CC ID 09261 | Configuration | Preventive | |
| Configure the "WITH GRANT OPTION" permissions to organizational standards. CC ID 09262 | Configuration | Preventive | |
| Configure the "Object" permissions for the "PUBLIC or GUEST" account to organizational standards. CC ID 09263 | Configuration | Preventive | |
| Configure the "restore database data or other DBMS configurations, features or objects" permissions to organizational standards. CC ID 09267 | Configuration | Preventive | |
| Configure the "SQL Server Database Service" account to organizational standards. CC ID 09273 | Configuration | Preventive | |
| Configure the "SQL Server Agent" account to organizational standards. CC ID 09274 | Configuration | Preventive | |
| Configure the "SQL Server registry keys and sub-keys" permissions to organizational standards. CC ID 09276 | Configuration | Preventive | |
| Configure the "built-in sa" account to organizational standards. CC ID 09298 | Configuration | Preventive | |
| Configure the "audit access" setting for the "ErrorDumpDir" directory to organizational standards. CC ID 09299 | Configuration | Preventive | |
| Configure the "audit access" setting for the "DefaultLog " file to organizational standards. CC ID 09300 | Configuration | Preventive | |
| Configure the "audit access" setting for the "ErrorLog" File to organizational standards. CC ID 09301 | Configuration | Preventive | |
| Configure the "audit access" setting for the "SQLPath " directory to organizational standards. CC ID 09302 | Configuration | Preventive | |
| Configure the "audit access" setting for the " BackupDirectory " directory to organizational standards. CC ID 09303 | Configuration | Preventive | |
| Configure the "audit access" setting for the "FullTextDefaultPath " directory to organizational standards. CC ID 09304 | Configuration | Preventive | |
| Configure the "audit access" setting for the "WorkingDirectory " directory to organizational standards. CC ID 09305 | Configuration | Preventive | |
| Configure the "audit access" setting for the "SQLBinRoot " directory to organizational standards. CC ID 09306 | Configuration | Preventive | |
| Configure the "audit access" setting for the "SQLDataRoot " directory to organizational standards. CC ID 09307 | Configuration | Preventive | |
| Configure the "audit access" setting for the "SQLProgramDir " directory to organizational standards. CC ID 09308 | Configuration | Preventive | |
| Configure the "audit access" setting for the "DataDir " directory to organizational standards. CC ID 09309 | Configuration | Preventive | |
| Configure the "Analysis Services" account to organizational standards. CC ID 09318 | Configuration | Preventive | |
| Configure the "Integration Services" account to organizational standards. CC ID 09319 | Configuration | Preventive | |
| Configure the "Reporting Services" account to organizational standards. CC ID 09320 | Configuration | Preventive | |
| Configure the "Notification Services" account to organizational standards. CC ID 09321 | Configuration | Preventive | |
| Configure the "Full Text Search" account to organizational standards. CC ID 09322 | Configuration | Preventive | |
| Configure the "SQL Server Browser" account to organizational standards. CC ID 09323 | Configuration | Preventive | |
| Configure the "SQL Server Active Directory Helper" account to organizational standards. CC ID 09324 | Configuration | Preventive | |
| Configure the "SQL Writer" account to organizational standards. CC ID 09325 | Configuration | Preventive | |
| Configure the "SQL Server MSSearch" registry key permissions to organizational standards. CC ID 09327 | Configuration | Preventive | |
| Configure the "SQL Server Agent" registry key permissions to organizational standards. CC ID 09328 | Configuration | Preventive | |
| Configure the "SQL Server RS" registry key permissions to organizational standards. CC ID 09330 | Configuration | Preventive | |
| Configure the "Reporting Services Windows Integrated Security" accounts to organizational standards. CC ID 09347 | Configuration | Preventive | |
| Configure the "permissions" of the "SQL Server Agent proxy" accounts to organizational standards. CC ID 09352 | Configuration | Preventive | |
| Configure the "default webpage" for "all readable Tomcat Apache web document" directories to organizational standards. CC ID 09729 | Configuration | Preventive | |
| Configure the "account" setting for "Tomcat" to organizational standards. CC ID 09792 | Configuration | Preventive | |
| Configure the "specified codebase" permissions to organizational standards. CC ID 09796 | Configuration | Preventive | |
| Configure the "property read permission" for the "Tomcat web application JVM" to organizational standards. CC ID 09813 | Configuration | Preventive | |
| Configure the "property write permission" for the "Tomcat web application JVM" to organizational standards. CC ID 09814 | Configuration | Preventive | |
| Configure the "status of the "Tomcat" account to organizational standards. CC ID 09815 | Configuration | Preventive | |
| Configure the "user account" for "Oracle WebLogic Server" to organizational standards. CC ID 09823 | Configuration | Preventive | |
| Configure the "Keystores" permission in "directories" to organizational standards. CC ID 09901 | Configuration | Preventive | |
| Implement a reference monitor to implement the Access Control policies. CC ID 10096 | Configuration | Preventive | |
| Configure the "Add Printer wizard - Network scan page (Managed network)" setting to organizational standards. CC ID 10692 | Configuration | Preventive | |
| Configure the "Add Printer wizard - Network scan page (Unmanaged network)" setting to organizational standards. CC ID 10693 | Configuration | Preventive | |
| Configure the "All Removable Storage classes: Deny all access" setting to organizational standards. CC ID 10696 | Configuration | Preventive | |
| Configure the "All Removable Storage: Allow direct access in remote sessions" setting to organizational standards. CC ID 10697 | Configuration | Preventive | |
| Configure the "Allowrdp files from unknown publishers" setting to organizational standards. CC ID 10698 | Configuration | Preventive | |
| Configure the "Allowrdp files from valid publishers and user's defaultrdp settings" setting to organizational standards. CC ID 10699 | Configuration | Preventive | |
| Configure the "Allow admin to install from Remote Desktop Services session" setting to organizational standards. CC ID 10700 | Configuration | Preventive | |
| Configure the "Allow administrators to override Device Installation Restriction policies" setting to organizational standards. CC ID 10701 | Configuration | Preventive | |
| Configure the "Allow Applications to Prevent Automatic Sleep (On Battery)" setting to organizational standards. CC ID 10702 | Configuration | Preventive | |
| Configure the "Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services" setting to organizational standards. CC ID 10704 | Configuration | Preventive | |
| Configure the "Allow audio and video playback redirection" setting to organizational standards. CC ID 10705 | Configuration | Preventive | |
| Configure the "Allow audio recording redirection" setting to organizational standards. CC ID 10706 | Configuration | Preventive | |
| Configure the "Allow automatic configuration of listeners" setting to organizational standards. CC ID 10707 | Configuration | Preventive | |
| Configure the "Allow Automatic Sleep with Open Network Files (On Battery)" setting to organizational standards. CC ID 10708 | Configuration | Preventive | |
| Configure the "Allow Automatic Updates immediate installation" setting to organizational standards. CC ID 10710 | Configuration | Preventive | |
| Configure the "Allow BITS Peercaching" setting to organizational standards. CC ID 10711 | Configuration | Preventive | |
| Configure the "Allow certificates with no extended key usage certificate attribute" setting to organizational standards. CC ID 10712 | Configuration | Preventive | |
| Configure the "Allow Corporate redirection of Customer Experience Improvement uploads" setting to organizational standards. CC ID 10713 | Configuration | Preventive | |
| Configure the "Allow CredSSP authentication" setting for the "WinRM client" to organizational standards. CC ID 10714 | Configuration | Preventive | |
| Configure the "Allow Cross-Forest User Policy and Roaming User Profiles" setting to organizational standards. CC ID 10716 | Configuration | Preventive | |
| Configure the "Allow cryptography algorithms compatible with Windows NT 4.0" setting to organizational standards. CC ID 10717 | Configuration | Preventive | |
| Configure the "Allow Delegating Default Credentials" setting to organizational standards. CC ID 10718 | Configuration | Preventive | |
| Configure the "Allow Delegating Default Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10719 | Configuration | Preventive | |
| Configure the "Allow Delegating Fresh Credentials" setting to organizational standards. CC ID 10720 | Configuration | Preventive | |
| Configure the "Allow Delegating Fresh Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10721 | Configuration | Preventive | |
| Configure the "Allow Delegating Saved Credentials" setting to organizational standards. CC ID 10722 | Configuration | Preventive | |
| Configure the "Allow Delegating Saved Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10723 | Configuration | Preventive | |
| Configure the "Allow desktop composition for remote desktop sessions" setting to organizational standards. CC ID 10724 | Configuration | Preventive | |
| Configure the "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries" setting to organizational standards. CC ID 10725 | Configuration | Preventive | |
| Configure the "Allow domain users to log on using biometrics" setting to organizational standards. CC ID 10726 | Configuration | Preventive | |
| Configure the "Allow ECC certificates to be used for logon and authentication" setting to organizational standards. CC ID 10727 | Configuration | Preventive | |
| Configure the "Allow Enhanced Storage certificate provisioning" setting to organizational standards. CC ID 10728 | Configuration | Preventive | |
| Configure the "Allow installation of devices that match any of these device IDs" setting to organizational standards. CC ID 10729 | Configuration | Preventive | |
| Configure the "Allow installation of devices using drivers that match these device setup classes" setting to organizational standards. CC ID 10730 | Configuration | Preventive | |
| Configure the "Allow Integrated Unblock screen to be displayed at the time of logon" setting to organizational standards. CC ID 10731 | Configuration | Preventive | |
| Configure the "Allow local activation security check exemptions" setting to organizational standards. CC ID 10732 | Configuration | Preventive | |
| Configure the "Allow logon scripts when NetBIOS or WINS is disabled" setting to organizational standards. CC ID 10733 | Configuration | Preventive | |
| Configure the "Allow non-administrators to install drivers for these device setup classes" setting to organizational standards. CC ID 10734 | Configuration | Preventive | |
| Configure the "Allow non-administrators to receive update notifications" setting to organizational standards. CC ID 10735 | Configuration | Preventive | |
| Configure the "Allow only system backup" setting to organizational standards. CC ID 10736 | Configuration | Preventive | |
| Configure the "Allow only USB root hub connected Enhanced Storage devices" setting to organizational standards. CC ID 10737 | Configuration | Preventive | |
| Configure the "Allow or Disallow use of the Offline Files feature" setting to organizational standards. CC ID 10738 | Configuration | Preventive | |
| Configure the "Allow Print Spooler to accept client connections" setting to organizational standards. CC ID 10739 | Configuration | Preventive | |
| Configure the "Allow printers to be published" setting to organizational standards. CC ID 10740 | Configuration | Preventive | |
| Configure the "Allow pruning of published printers" setting to organizational standards. CC ID 10741 | Configuration | Preventive | |
| Configure the "Allow remote start of unlisted programs" setting to organizational standards. CC ID 10743 | Configuration | Preventive | |
| Configure the "Allow restore of system to default state" setting to organizational standards. CC ID 10744 | Configuration | Preventive | |
| Configure the "Allow signature keys valid for Logon" setting to organizational standards. CC ID 10745 | Configuration | Preventive | |
| Configure the "Allow signed updates from an intranet Microsoft update service location" setting to organizational standards. CC ID 10746 | Configuration | Preventive | |
| Configure the "Allow the Network Access Protection client to support the 802.1x Enforcement Client component" setting to organizational standards. CC ID 10747 | Configuration | Preventive | |
| Configure the "Allow time invalid certificates" setting to organizational standards. CC ID 10748 | Configuration | Preventive | |
| Configure the "Allow time zone redirection" setting to organizational standards. CC ID 10749 | Configuration | Preventive | |
| Configure the "Allow user name hint" setting to organizational standards. CC ID 10750 | Configuration | Preventive | |
| Configure the "Allow users to log on using biometrics" setting to organizational standards. CC ID 10751 | Configuration | Preventive | |
| Configure the "Always render print jobs on the server" setting to organizational standards. CC ID 10752 | Configuration | Preventive | |
| Configure the "Always use classic logon" setting to organizational standards. CC ID 10754 | Configuration | Preventive | |
| Configure the "Always use custom logon background" setting to organizational standards. CC ID 10755 | Configuration | Preventive | |
| Configure the "Apply the default user logon picture to all users" setting to organizational standards. CC ID 10757 | Configuration | Preventive | |
| Configure the "Assign a default domain for logon" setting to organizational standards. CC ID 10758 | Configuration | Preventive | |
| Configure the "CD and DVD: Deny execute access" setting to organizational standards. CC ID 10767 | Configuration | Preventive | |
| Configure the "CD and DVD: Deny read access" setting to organizational standards. CC ID 10768 | Configuration | Preventive | |
| Configure the "CD and DVD: Deny write access" setting to organizational standards. CC ID 10769 | Configuration | Preventive | |
| Configure the "Printers preference logging and tracing" setting to organizational standards. CC ID 10799 | Configuration | Preventive | |
| Configure the "Contact PDC on logon failure" setting to organizational standards. CC ID 10825 | Configuration | Preventive | |
| Configure the "Custom Classes: Deny read access" setting to organizational standards. CC ID 10835 | Configuration | Preventive | |
| Configure the "Custom Classes: Deny write access" setting to organizational standards. CC ID 10836 | Configuration | Preventive | |
| Configure the "Deny Delegating Default Credentials" setting to organizational standards. CC ID 10848 | Configuration | Preventive | |
| Configure the "Deny Delegating Fresh Credentials" setting to organizational standards. CC ID 10849 | Configuration | Preventive | |
| Configure the "Deny Delegating Saved Credentials" setting to organizational standards. CC ID 10850 | Configuration | Preventive | |
| Configure the "Disallow changing of geographic location" setting to organizational standards. CC ID 10870 | Configuration | Preventive | |
| Configure the "Disallow Interactive Users from generating Resultant Set of Policy data" setting to organizational standards. CC ID 10871 | Configuration | Preventive | |
| Configure the "Disallow Kerberos authentication" setting for the "WinRM client" to organizational standards. CC ID 10872 | Configuration | Preventive | |
| Configure the "Disallow locally attached storage as backup target" setting to organizational standards. CC ID 10874 | Configuration | Preventive | |
| Configure the "Disallow Negotiate authentication" setting for the "WinRM client" to organizational standards. CC ID 10875 | Configuration | Preventive | |
| Configure the "Disallow network as backup target" setting to organizational standards. CC ID 10877 | Configuration | Preventive | |
| Configure the "Disallow optical media as backup target" setting to organizational standards. CC ID 10878 | Configuration | Preventive | |
| Configure the "Disallow run-once backups" setting to organizational standards. CC ID 10879 | Configuration | Preventive | |
| Configure the "Disallow selection of Custom Locales" setting to organizational standards. CC ID 10880 | Configuration | Preventive | |
| Configure the "Disallow user override of locale settings" setting to organizational standards. CC ID 10881 | Configuration | Preventive | |
| Configure the "Display information about previous logons during user logon" setting to organizational standards. CC ID 10887 | Configuration | Preventive | |
| Configure the "Do not allow adding new targets via manual configuration" setting to organizational standards. CC ID 10891 | Configuration | Preventive | |
| Configure the "Do not allow additional session logins" setting to organizational standards. CC ID 10892 | Configuration | Preventive | |
| Configure the "Do not allow changes to initiator CHAP secret" setting to organizational standards. CC ID 10893 | Configuration | Preventive | |
| Configure the "Do not allow changes to initiator iqn name" setting to organizational standards. CC ID 10894 | Configuration | Preventive | |
| Configure the "Do not allow client printer redirection" setting to organizational standards. CC ID 10895 | Configuration | Preventive | |
| Configure the "Do not allow clipboard redirection" setting to organizational standards. CC ID 10896 | Configuration | Preventive | |
| Configure the "Do not allow color changes" setting to organizational standards. CC ID 10897 | Configuration | Preventive | |
| Configure the "Do not allow COM port redirection" setting to organizational standards. CC ID 10898 | Configuration | Preventive | |
| Configure the "Do not allow compression on all NTFS volumes" setting to organizational standards. CC ID 10899 | Configuration | Preventive | |
| Configure the "Do not allow connections without IPSec" setting to organizational standards. CC ID 10900 | Configuration | Preventive | |
| Configure the "Do not allow desktop composition" setting to organizational standards. CC ID 10901 | Configuration | Preventive | |
| Configure the "Do not allow encryption on all NTFS volumes" setting to organizational standards. CC ID 10902 | Configuration | Preventive | |
| Configure the "Do not allow Flip3D invocation" setting to organizational standards. CC ID 10903 | Configuration | Preventive | |
| Configure the "Do not allow font smoothing" setting to organizational standards. CC ID 10904 | Configuration | Preventive | |
| Configure the "Do not allow LPT port redirection" setting to organizational standards. CC ID 10905 | Configuration | Preventive | |
| Configure the "Do not allow manual configuration of discovered targets" setting to organizational standards. CC ID 10906 | Configuration | Preventive | |
| Configure the "Do not allow manual configuration of iSNS servers" setting to organizational standards. CC ID 10907 | Configuration | Preventive | |
| Configure the "Do not allow manual configuration of target portals" setting to organizational standards. CC ID 10908 | Configuration | Preventive | |
| Configure the "Do not allow non-Enhanced Storage removable devices" setting to organizational standards. CC ID 10909 | Configuration | Preventive | |
| Configure the "Do not allow password authentication of Enhanced Storage devices" setting to organizational standards. CC ID 10910 | Configuration | Preventive | |
| Configure the "Do not allow sessions without mutual CHAP" setting to organizational standards. CC ID 10912 | Configuration | Preventive | |
| Configure the "Do not allow sessions without one way CHAP" setting to organizational standards. CC ID 10913 | Configuration | Preventive | |
| Configure the "Do not allow smart card device redirection" setting to organizational standards. CC ID 10914 | Configuration | Preventive | |
| Configure the "Do not allow Snipping Tool to run" setting to organizational standards. CC ID 10915 | Configuration | Preventive | |
| Configure the "Do not allow Sound Recorder to run" setting to organizational standards. CC ID 10916 | Configuration | Preventive | |
| Configure the "Do not allow the BITS client to use Windows Branch Cache" setting to organizational standards. CC ID 10918 | Configuration | Preventive | |
| Configure the "Do not allow the computer to act as a BITS Peercaching client" setting to organizational standards. CC ID 10919 | Configuration | Preventive | |
| Configure the "Do not allow the computer to act as a BITS Peercaching server" setting to organizational standards. CC ID 10920 | Configuration | Preventive | |
| Configure the "Do not allow window animations" setting to organizational standards. CC ID 10921 | Configuration | Preventive | |
| Configure the "Do not allow Windows Media Center to run" setting to organizational standards. CC ID 10923 | Configuration | Preventive | |
| Configure the "Do not display Initial Configuration Tasks window automatically at logon" setting to organizational standards. CC ID 10927 | Configuration | Preventive | |
| Configure the "Do not display Manage Your Server page at logon" setting to organizational standards. CC ID 10928 | Configuration | Preventive | |
| Configure the "Do not display Server Manager automatically at logon" setting to organizational standards. CC ID 10929 | Configuration | Preventive | |
| Configure the "Do not set default client printer to be default printer in a session" setting to organizational standards. CC ID 10935 | Configuration | Preventive | |
| Configure the "Execute print drivers in isolated processes" setting to organizational standards. CC ID 10964 | Configuration | Preventive | |
| Configure the "Expected dial-up delay on logon" setting to organizational standards. CC ID 10965 | Configuration | Preventive | |
| Configure the "Extend Point and Print connection to search Windows Update" setting to organizational standards. CC ID 10966 | Configuration | Preventive | |
| Configure the "Filter duplicate logon certificates" setting to organizational standards. CC ID 10967 | Configuration | Preventive | |
| Configure the "Floppy Drives: Deny execute access" setting to organizational standards. CC ID 10969 | Configuration | Preventive | |
| Configure the "Floppy Drives: Deny read access" setting to organizational standards. CC ID 10970 | Configuration | Preventive | |
| Configure the "Floppy Drives: Deny write access" setting to organizational standards. CC ID 10971 | Configuration | Preventive | |
| Configure the "Limit the maximum number of files allowed in a BITS job" setting to organizational standards. CC ID 11020 | Configuration | Preventive | |
| Configure the "Netlogon share compatibility" setting to organizational standards. CC ID 11048 | Configuration | Preventive | |
| Configure the "Only allow local user profiles" setting to organizational standards. CC ID 11056 | Configuration | Preventive | |
| Configure the "Only use Package Point and print" setting to organizational standards. CC ID 11057 | Configuration | Preventive | |
| Configure the "Override print driver execution compatibility setting reported by print driver" setting to organizational standards. CC ID 11059 | Configuration | Preventive | |
| Configure the "Package Point and print - Approved servers" setting to organizational standards. CC ID 11061 | Configuration | Preventive | |
| Configure the "Pre-populate printer search location text" setting to organizational standards. CC ID 11065 | Configuration | Preventive | |
| Configure the "Printer browsing" setting to organizational standards. CC ID 11097 | Configuration | Preventive | |
| Configure the "Provide information about previous logons to client computers" setting to organizational standards. CC ID 11111 | Configuration | Preventive | |
| Configure the "Prune printers that are not automatically republished" setting to organizational standards. CC ID 11112 | Configuration | Preventive | |
| Configure the "Redirect only the default client printer" setting to organizational standards. CC ID 11116 | Configuration | Preventive | |
| Configure the "Removable Disks: Deny execute access" setting to organizational standards. CC ID 11123 | Configuration | Preventive | |
| Configure the "Removable Disks: Deny read access" setting to organizational standards. CC ID 11124 | Configuration | Preventive | |
| Configure the "Removable Disks: Deny write access" setting to organizational standards. CC ID 11125 | Configuration | Preventive | |
| Configure the "Run logon scripts synchronously" setting to organizational standards. CC ID 11151 | Configuration | Preventive | |
| Configure the "Run these programs at user logon" setting to organizational standards. CC ID 11155 | Configuration | Preventive | |
| Configure the "Selectively allow the evaluation of a symbolic link" setting to organizational standards. CC ID 11169 | Configuration | Preventive | |
| Configure the "Specify SHA1 thumbprints of certificates representing trustedrdp publishers" setting to organizational standards. CC ID 11215 | Configuration | Preventive | |
| Configure the "Tape Drives: Deny execute access" setting to organizational standards. CC ID 11233 | Configuration | Preventive | |
| Configure the "Tape Drives: Deny read access" setting to organizational standards. CC ID 11234 | Configuration | Preventive | |
| Configure the "Tape Drives: Deny write access" setting to organizational standards. CC ID 11235 | Configuration | Preventive | |
| Configure the "Timeout for hung logon sessions during shutdown" setting to organizational standards. CC ID 11245 | Configuration | Preventive | |
| Configure the "Troubleshooting: Allow users to access and run Troubleshooting Wizards" setting to organizational standards. CC ID 11247 | Configuration | Preventive | |
| Configure the "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)" setting to organizational standards. CC ID 11248 | Configuration | Preventive | |
| Configure the "Turn off the "Order Prints" picture task" setting to organizational standards. CC ID 11314 | Configuration | Preventive | |
| Configure the "Use Remote Desktop Easy Print printer driver first" setting to organizational standards. CC ID 11365 | Configuration | Preventive | |
| Establish and maintain specific directory installation rules and domain controller installation rules. CC ID 01734 | Establish/Maintain Documentation | Preventive | |
| Configure the "Domain controller: Allow server operators to schedule tasks" setting. CC ID 01735 | Configuration | Preventive | |
| Configure the "domain member: require strong (Windows 2000 or later) session key" setting. CC ID 01738 | Configuration | Preventive | |
| Configure the "Enforce user logon restrictions" setting. CC ID 04500 | Configuration | Preventive | |
| Configure the "Maximum lifetime for service ticket" setting. CC ID 04501 | Configuration | Preventive | |
| Configure the "Maximum lifetime for user ticket" setting. CC ID 04502 | Configuration | Preventive | |
| Configure the "Maximum lifetime for user ticket renewal" setting. CC ID 04503 | Configuration | Preventive | |
| Configure the "Maximum tolerance for computer clock synchronization" setting. CC ID 04504 | Configuration | Preventive | |
| Verify the Trusted Computing Base is installed, as appropriate. CC ID 05589 | Configuration | Preventive | |
| Establish, implement, and maintain appropriate shutdown procedures. CC ID 01778 | Establish/Maintain Documentation | Preventive | |
| Configure the "Shutdown: Allow system to be shut down without having to log on" setting. CC ID 01779 | Configuration | Preventive | |
| Configure the "Shutdown: Clear virtual memory pagefile" setting. CC ID 01780 | Configuration | Preventive | |
| Configure Multi-Function Devices to clear their hard drives in between jobs. CC ID 04816 | Configuration | Preventive | |
| Configure shared volumes to use the appropriate file system for the network protocols being operated (NT File System in Windows OS or Netware SS), and configure the security parameters. CC ID 01927 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\at.exe. CC ID 01929 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\attrib.exe. CC ID 01930 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\cacls.exe. CC ID 01931 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\debug.exe. CC ID 01932 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\drwatson.exe. CC ID 01933 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\drwtsn32.exe. CC ID 01934 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\edlin.exe. CC ID 01935 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\eventcreate.exe. CC ID 01936 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\eventtriggers.exe. CC ID 01937 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\ftp.exe. CC ID 01938 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\net.exe. CC ID 01939 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\net1.exe. CC ID 01940 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\netsh.exe. CC ID 01941 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\rcp.exe. CC ID 01942 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\reg.exe. CC ID 01943 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\regedit.exe. CC ID 01944 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\regedt32.exe. CC ID 01945 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\regsvr32.exe. CC ID 01946 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\rexec.exe. CC ID 01947 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\rsh.exe. CC ID 01948 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\runas.exe. CC ID 01949 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\sc.exe. CC ID 01950 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\subst.exe. CC ID 01951 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\telnet.exe. CC ID 01952 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\tftp.exe. CC ID 01953 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\tlntsvr.exe. CC ID 01954 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\. CC ID 01968 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\autoexec.bat. CC ID 01969 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\boot.ini. CC ID 01970 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\config.sys. CC ID 01971 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\io.sys. CC ID 01972 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\msdos.sys. CC ID 01973 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\ntbootdd.sys. CC ID 01974 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\ntdetect.com. CC ID 01975 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\ntldr. CC ID 01976 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings. CC ID 01977 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\Administrator. CC ID 01978 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users. CC ID 01979 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson. CC ID 01980 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Setting\Default User. CC ID 01981 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\System Volume Information. CC ID 01982 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Temp. CC ID 01983 | Configuration | Preventive | |
| Configure the file permissions for %ProgramFiles%. CC ID 01984 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Program Files\Resource Kit. CC ID 01985 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%. CC ID 01986 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\$NTServicePackUninstall$. CC ID 01987 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\CSC. CC ID 01988 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Debug. CC ID 01989 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Debug\UserMode. CC ID 01990 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Offline Web Pages. CC ID 01991 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Registration. CC ID 01992 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Repair. CC ID 01993 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\security. CC ID 01994 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32. CC ID 01995 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\Ntbackup.exe. CC ID 01996 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\secedit.exe. CC ID 01997 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\appmgmt. CC ID 01998 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\config. CC ID 01999 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\dllcache. CC ID 02000 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\DTCLog. CC ID 02001 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\GroupPolicy. CC ID 02002 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\ias. CC ID 02003 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\NTMSData. CC ID 02004 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\reinstallbackups. CC ID 02005 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\Setup. CC ID 02006 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\spool\printers. CC ID 02007 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Tasks. CC ID 02008 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Temp. CC ID 02009 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Program Files\Resource Pro Kit. CC ID 04301 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\arp.exe. CC ID 04304 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\nbstat.exe. CC ID 04305 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\netstat.exe. CC ID 04306 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\nslookup.exe. CC ID 04307 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\regini.exe. CC ID 04308 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\route.exe. CC ID 04310 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\systeminfo.exe. CC ID 04311 | Configuration | Preventive | |
| Disable DOSFAT.NSS. CC ID 04462 | Configuration | Preventive | |
| Enable user directory data encryption. CC ID 04467 | Configuration | Preventive | |
| Verify iPrint/NDPS are not on the system volume (sys). CC ID 04468 | Technical Security | Preventive | |
| Purge files immediately after deletion. CC ID 04469 | Technical Security | Preventive | |
| Remove the SYS:Mail directory. CC ID 04470 | Configuration | Preventive | |
| Configure the largest folder size (storage capacity) restrictions for user directories. CC ID 04471 | Configuration | Preventive | |
| Verify only necessary system files are located on the server's system volume (sys) or boot volume. CC ID 04472 | Testing | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config\AppEvent.evt. CC ID 04506 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config\SecEvent.evt. CC ID 04507 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config\SysEvent.evt. CC ID 04508 | Configuration | Preventive | |
| Configure the file permissions for %SystemDirectory%. CC ID 04532 | Configuration | Preventive | |
| Configure the file permissions appropriately for all shell executables. CC ID 05619 | Configuration | Preventive | |
| Configure the file permissions for the remote copy (rcp) binary properly. CC ID 05620 | Configuration | Preventive | |
| Configure the file permissions for the remote login (rlogin) binary properly. CC ID 05621 | Configuration | Preventive | |
| Configure the file permissions for the rlogind binary properly. CC ID 05622 | Configuration | Preventive | |
| Configure the file permissions for the remote shell (rsh) binary properly. CC ID 05623 | Configuration | Preventive | |
| Configure the file permissions for the rshd binary properly. CC ID 05624 | Configuration | Preventive | |
| Configure the file permissions for the tftp binary properly. CC ID 05625 | Configuration | Preventive | |
| Configure the file permissions for the tftpd binary properly. CC ID 05626 | Configuration | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson\drwts32.log properly. CC ID 05627 | Configuration | Preventive | |
| Configure the directory permissions for %SystemDrive%\My Download Files properly. CC ID 05628 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\Driver Cache\I386\Driver.cab properly. CC ID 05629 | Configuration | Preventive | |
| Configure the permissions for the %SystemRoot%\$NtUninstall* directories properly. CC ID 05630 | Configuration | Preventive | |
| Configure the directory permissions for %SystemDrive%\NTDS properly. CC ID 05631 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\SYSVOL properly. CC ID 05632 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\SYSVOL\domain\Policies properly. CC ID 05633 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\repl properly. CC ID 05634 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\repl\export properly. CC ID 05635 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\repl\import properly. CC ID 05636 | Configuration | Preventive | |
| Configure the directory permissions for %ALL% properly. CC ID 05637 | Configuration | Preventive | |
| Configure the directory permissions for %ALL%\Program Files\MQSeries properly. CC ID 05638 | Configuration | Preventive | |
| Configure the directory permissions for %ALL%\Program Files\MQSeries\qmggr properly. CC ID 05639 | Configuration | Preventive | |
| Configure the directory permissions for %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ACL properly. CC ID 05640 | Configuration | Preventive | |
| Configure the directory permissions for %SystemDrive%\WINNT\SECURITY\Database\SECEDIT.SDB ACL properly. CC ID 05641 | Configuration | Preventive | |
| Configure the directory permissions for %SystemDrive%\perflogs properly. CC ID 05642 | Configuration | Preventive | |
| Configure the directory permissions for %SystemDrive%\i386 properly. CC ID 05643 | Configuration | Preventive | |
| Configure the directory permissions for %ProgramFiles%\Common Files\SpeechEngines\TTS properly. CC ID 05644 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\_default.plf properly. CC ID 05645 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\addins properly. CC ID 05646 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\appPatch properly. CC ID 05647 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\clock.avi properly. CC ID 05648 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\Connection Wizard properly. CC ID 05649 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Driver Cache properly. CC ID 05650 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\explorer.scf properly. CC ID 05651 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\explorer.exe properly. CC ID 05652 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\Help properly. CC ID 05653 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\inf\unregmp2.exe properly. CC ID 05654 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\Java properly. CC ID 05655 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\mib.bin properly. CC ID 05656 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\msagent properly. CC ID 05657 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\msdfmap.ini properly. CC ID 05658 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\mui properly. CC ID 05659 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\security\templates properly. CC ID 05660 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\speech properly. CC ID 05661 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system.ini properly. CC ID 05662 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system\setup.inf properly. CC ID 05663 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system\stdole.tlb properly. CC ID 05664 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\twain_32 properly. CC ID 05665 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\CatRoot properly. CC ID 05666 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\configf\systemprofile properly. CC ID 05667 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\dhcp properly. CC ID 05668 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\drivers properly. CC ID 05669 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\Export properly. CC ID 05670 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\ipconfig.exe properly. CC ID 05671 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\LogFiles properly. CC ID 05672 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\mshta.exe properly. CC ID 05673 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\mui properly. CC ID 05674 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\ShellExt properly. CC ID 05675 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\wbem properly. CC ID 05676 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\mof properly. CC ID 05677 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\repository properly. CC ID 05678 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\logs properly. CC ID 05679 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile% properly. CC ID 05680 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data properly. CC ID 05681 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft properly. CC ID 05682 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys properly. CC ID 05683 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys properly. CC ID 05684 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Dr Watson properly. CC ID 05685 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log properly. CC ID 05686 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\HTML Help properly. CC ID 05687 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\MediaIndex properly. CC ID 05688 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Documents\desktop.ini properly. CC ID 05689 | Configuration | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\DRM properly. CC ID 05690 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\Debug\UserMode\userenv.log properly. CC ID 05691 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Installer properly. CC ID 05692 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\Prefetch properly. CC ID 05693 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\Registration\CRMLog properly. CC ID 05694 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\ciadv.msc properly. CC ID 05695 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Com\comexp.msc properly. CC ID 05696 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\compmgmt.msc properly. CC ID 05697 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config properly. CC ID 05698 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config\*.evt properly. CC ID 05699 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\devmgmt.msc properly. CC ID 05700 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\dfrg.msc properly. CC ID 05701 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\diskmgmt.msc properly. CC ID 05702 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\eventvwr.msc properly. CC ID 05703 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\fsmgmt.msc properly. CC ID 05704 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\gpedit.msc properly. CC ID 05705 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\lusrmgr.msg properly. CC ID 05706 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\MSDTC properly. CC ID 05707 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\ntmsoprq.msc properly. CC ID 05708 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\ntmsmgr.msc properly. CC ID 05709 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\perfmon.msc properly. CC ID 05710 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\RSoP.msc properly. CC ID 05711 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\secpol.msc properly. CC ID 05712 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\services.msc properly. CC ID 05713 | Configuration | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\wmimgmt.msc properly. CC ID 05714 | Configuration | Preventive | |
| Configure the directory permissions for %SystemRoot%\Web properly. CC ID 05715 | Configuration | Preventive | |
| Configure the BitLocker setting appropriately for fixed disk drives and removable disk drives. CC ID 06064 | Configuration | Preventive | |
| Configure the settings for fixed disk drives, removable disk drives, and operating system disk drives. CC ID 06065 | Configuration | Preventive | |
| Configure the BitLocker identifiers. CC ID 06066 | Configuration | Preventive | |
| Configure utility and device driver software in accordance with organizational standards. CC ID 12340 | Configuration | Preventive | |
| Review the use of utility and device driver software, as necessary. CC ID 13145 | Business Processes | Detective | |
| Restrict utility programs from interfering with Information Technology operations. CC ID 13087 | Configuration | Preventive | |
| Configure appropriate Partitioning schemes. CC ID 02162 | Configuration | Preventive | |
| Verify the /home file system, /export/home file system, and /var file system each has its own partition. CC ID 02163 | Configuration | Preventive | |
| Verify the root shell environment is located outside the /usr directory in a partitioned environment. CC ID 02158 | Configuration | Preventive | |
| Verify the primary filesystem partition uses an appropriate filesystem. CC ID 05716 | Configuration | Preventive | |
| Enable the OS/2 subsystem, as appropriate. CC ID 05717 | Configuration | Preventive | |
| Configure the "nodev" option for "/tmp" setting to organizational standards. CC ID 08725 | Establish/Maintain Documentation | Preventive | |
| Configure the "nodev" option for "/dev/shm" setting to organizational standards. CC ID 08726 | Establish/Maintain Documentation | Preventive | |
| Configure the "/tmp filesystem partition" setting to organizational standards. CC ID 08727 | Establish/Maintain Documentation | Preventive | |
| Configure the "var/log" filesystem to organizational standards. CC ID 08728 | Establish/Maintain Documentation | Preventive | |
| Configure the “var/log/audit” filesystem to organizational standards. CC ID 08729 | Establish/Maintain Documentation | Preventive | |
| Configure the "nosuid" setting on the "/tmp" directory to organizational standards. CC ID 08730 | Establish/Maintain Documentation | Preventive | |
| Configure the "noexec" setting on the "/tmp" directory to organizational standards. CC ID 08731 | Establish/Maintain Documentation | Preventive | |
| Configure the "nosuid" setting on the "/dev/shm" directory to organizational standards. CC ID 08732 | Establish/Maintain Documentation | Preventive | |
| Configure the "noexec" option for "/dev/shm" to organizational standards. CC ID 08733 | Establish/Maintain Documentation | Preventive | |
| Configure the "/var/tmp filesystem partition" setting to organizational standards. CC ID 08734 | Establish/Maintain Documentation | Preventive | |
| Configure the "nodev" option for "/run/shm" to organizational standards. CC ID 11376 | Configuration | Preventive | |
| Configure the "nosuid" option for "/run/shm" to organizational standards. CC ID 11377 | Configuration | Preventive | |
| Configure the "noexec" option for "/run/shm" to organizational standards. CC ID 11378 | Configuration | Preventive | |
| Configure attached printers and shared printers. CC ID 04499 | Configuration | Preventive | |
| Establish, implement, and maintain network parameter modification procedures. CC ID 01517 | Establish/Maintain Documentation | Preventive | |
| Configure the IPsec security association lifetime to organizational standards. CC ID 16508 | Configuration | Preventive | |
| Configure route filtering to organizational standards. CC ID 16359 | Configuration | Preventive | |
| Refrain from accepting routes from unauthorized parties. CC ID 16397 | Technical Security | Preventive | |
| Configure security gateways to organizational standards. CC ID 16352 | Configuration | Preventive | |
| Configure network elements to organizational standards. CC ID 16361 | Configuration | Preventive | |
| Configure devices having access to network elements to organizational standards. CC ID 16408 | Configuration | Preventive | |
| Configure routing tables to organizational standards. CC ID 15438 | Configuration | Preventive | |
| Configure "NetBT NodeType configuration" to organizational standards. CC ID 15383 | Configuration | Preventive | |
| Configure "Allow remote server management through WinRM" to organizational standards. CC ID 15364 | Configuration | Preventive | |
| Configure "Allow network connectivity during connected-standby (on battery)" to organizational standards. CC ID 15342 | Configuration | Preventive | |
| Configure BOOTP queries to be accepted or denied by the DHCP Server, as appropriate. CC ID 06040 | Configuration | Preventive | |
| Enable TCP wrappers. CC ID 01567 | Configuration | Preventive | |
| Configure TCP wrappers. CC ID 01566 | Configuration | Preventive | |
| Configure devices to block or avoid outbound connections. CC ID 04807 | Configuration | Preventive | |
| Configure devices to deny inbound connections. CC ID 04805 | Configuration | Preventive | |
| Review and restrict network addresses and network protocols. CC ID 01518 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Configuration | Preventive | |
| Establish, implement, and maintain a network addressing plan. CC ID 16399 | Establish/Maintain Documentation | Preventive | |
| Define the location requirements for network elements and network devices. CC ID 16379 | Process or Activity | Preventive | |
| Disable wireless access if it is not necessary. CC ID 12100 | Configuration | Preventive | |
| Configure wireless access to be restricted to authorized wireless networks. CC ID 12099 | Technical Security | Preventive | |
| Configure Network Address Translation to organizational standards. CC ID 16395 | Configuration | Preventive | |
| Enable Network Address Translation or Port Address Translation for internal networks on all network access and control points. CC ID 00545 | Configuration | Preventive | |
| Disable NIS Server Daemons unless NIS Server Daemons are absolutely necessary. CC ID 01457 | Configuration | Preventive | |
| Disable NIS Client Daemons unless NIS Client Daemons are absolutely necessary. CC ID 01458 | Configuration | Preventive | |
| Disable NIS+ daemons unless NIS+ daemons are absolutely necessary. CC ID 01459 | Configuration | Preventive | |
| Disable Kerberos server daemons unless Kerberos server daemons are absolutely necessary. CC ID 01461 | Configuration | Preventive | |
| Disable Kerberos client daemons unless Kerberos client daemons are absolutely necessary. CC ID 01462 | Configuration | Preventive | |
| Disable Kerberos-related daemons unless Kerberos-related daemons are absolutely necessary. CC ID 01463 | Configuration | Preventive | |
| Disable DHCP Server unless DHCP Server is absolutely necessary. CC ID 01482 | Configuration | Preventive | |
| Disable Domain Name Server unless Domain Name Server is absolutely necessary. CC ID 01483 | Configuration | Preventive | |
| Disable Simple Network Management Protocol unless it is absolutely necessary. CC ID 01491 | Configuration | Preventive | |
| Enable or disable tunneling, as necessary. CC ID 15235 | Configuration | Preventive | |
| Disable Internet Protocol version 6 unless it is absolutely necessary. CC ID 01493 | Configuration | Preventive | |
| Disable Simple Mail Transport Protocol unless it is absolutely necessary. CC ID 01825 | Configuration | Preventive | |
| Disable SNMP trap unless SNMP trap is absolutely necessary. CC ID 01828 | Configuration | Preventive | |
| Disable UNIX-to-UNIX Copy Program unless it is absolutely necessary. CC ID 02169 | Configuration | Preventive | |
| Disable the ugidd daemon unless the ugidd daemon is absolutely necessary. CC ID 02181 | Configuration | Preventive | |
| Disable IP Routing unless it is absolutely necessary. CC ID 02170 | Configuration | Preventive | |
| Disable Client Service for NetWare unless it is absolutely necessary. CC ID 04277 | Configuration | Preventive | |
| Disable HyperText Transfer Protocol Secure Socket Layer unless it is absolutely necessary. CC ID 04281 | Configuration | Preventive | |
| Disable network connections unless network connections are absolutely necessary. CC ID 04283 | Configuration | Preventive | |
| Disable Boot Protocol unless it is absolutely necessary. CC ID 04809 | Configuration | Preventive | |
| Disable Pre-boot eXecution Environment unless it is absolutely necessary. CC ID 04819 | Configuration | Preventive | |
| Disable Bluetooth unless Bluetooth is absolutely necessary. CC ID 04476 | Configuration | Preventive | |
| Disable Internetwork Packet Exchange/Sequenced Packet Exchange. CC ID 04800 | Configuration | Preventive | |
| Disable AppleTalk. CC ID 04799 | Configuration | Preventive | |
| Disable Network Basic Input/Output System. CC ID 01925 | Configuration | Preventive | |
| Assign or reserve static IP addresses in Dynamic Host Configuration Protocol. CC ID 04801 | Configuration | Preventive | |
| Disable wireless networking on Multi-Function Devices, unless absolutely necessary. CC ID 04821 | Configuration | Preventive | |
| Configure mountd to use a static port or a dynamic portmapper port, as appropriate. CC ID 06023 | Configuration | Preventive | |
| Configure the Avahi daemon to serve via Internet Protocol version 4, Internet Protocol version 6, as appropriate. CC ID 06024 | Configuration | Preventive | |
| Validate and check Simple Network Management Protocol using snmpwalk. CC ID 06941 | Configuration | Preventive | |
| Disable the XDMCP port. CC ID 01563 | Configuration | Preventive | |
| Prevent syslog from accepting messages from the network. CC ID 01562 | Configuration | Preventive | |
| Prevent X server from listening on port 6000/tcp. CC ID 01565 | Configuration | Preventive | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to accept the organizational vulnerability scanning host or vendor's originating IP address. CC ID 01645 | Configuration | Preventive | |
| Configure the "Network access: Allow anonymous SID/Name translation" setting to organizational standards. CC ID 01717 | Configuration | Preventive | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" setting. CC ID 01718 | Configuration | Preventive | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting. CC ID 01719 | Configuration | Preventive | |
| Enable Data Execution Protection for all applications. CC ID 01720 | Configuration | Preventive | |
| Enable digital encryption or digital signatures of secure channel data. CC ID 01736 | Configuration | Preventive | |
| Enable digital signatures of communications using the Server Message Block protocol. CC ID 01762 | Configuration | Preventive | |
| Configure the "Microsoft network client: Send unencrypted password to connect to third-party SMB servers" setting. CC ID 01764 | Configuration | Preventive | |
| Configure the amount of idle time required before disconnecting an idle session. CC ID 01763 | Configuration | Preventive | |
| Configure the "Allow reconnection from original client only" setting to organizational standards. CC ID 04515 | Configuration | Preventive | |
| Enable the disconnect clients setting (server) or force logoff setting (client) if the account's allotted logon period expire. CC ID 01765 | Configuration | Preventive | |
| Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" setting. CC ID 01766 | Configuration | Preventive | |
| Configure the "Network access: Let Everyone permissions apply to anonymous users" setting. CC ID 01767 | Configuration | Preventive | |
| Configure the "Network access: Named pipes that can be accessed anonymously" setting. CC ID 01768 | Configuration | Preventive | |
| Configure the "Network access: Remotely accessible registry paths" setting. CC ID 01769 | Configuration | Preventive | |
| Configure the "Network access: Sharing and security model for local accounts" setting. CC ID 01771 | Configuration | Preventive | |
| Configure the "Network security: Do not store LAN Manager hash value on next password change" setting. CC ID 01772 | Configuration | Preventive | |
| Configure the "Network security: LAN Manager authentication level" setting. CC ID 01773 | Configuration | Preventive | |
| Configure the "Network security: LDAP client signing requirements" setting. CC ID 01774 | Configuration | Preventive | |
| Configure Lightweight Directory Access Protocol connections for security. CC ID 04451 | Configuration | Preventive | |
| Configure the least session security for NT LM Security Support Provider based clients (including secure RPC) and servers settings. CC ID 01775 | Configuration | Preventive | |
| Enable the LDAP cache manager as necessary. CC ID 01460 | Configuration | Preventive | |
| Configure firewalls in accordance with organizational standards. CC ID 01926 | Configuration | Preventive | |
| Control inbound connections to the firewall. CC ID 04397 | Configuration | Preventive | |
| Control outbound connections to the firewall. CC ID 04398 | Configuration | Preventive | |
| Configure the "Windows Firewall: Do not allow exceptions" setting. CC ID 04318 | Configuration | Preventive | |
| Configure the firewall to define program exceptions as necessary. CC ID 04319 | Configuration | Preventive | |
| Configure the firewall to display notifications. CC ID 04399 | Configuration | Preventive | |
| Configure the firewall to allow Unicast responses. CC ID 04400 | Configuration | Preventive | |
| Configure the firewall to apply local connection security rules. CC ID 04402 | Configuration | Preventive | |
| Establish, implement, and maintain firewall rules in accordance with organizational standards. CC ID 16353 | Establish/Maintain Documentation | Preventive | |
| Review and approve the firewall rules, as necessary. CC ID 06745 | Configuration | Preventive | |
| Disable Internet Connection Sharing. CC ID 02035 | Configuration | Preventive | |
| Disable anonymous DDP. CC ID 02193 | Configuration | Preventive | |
| Configure the "Set client connection encryption level" setting. CC ID 04321 | Configuration | Preventive | |
| Configure the "Network access: Restrict anonymous access to named pipes and shares" setting to organizational standards. CC ID 04381 | Configuration | Preventive | |
| Configure the "Intranet Sites: Include all network paths (UNCs)" setting. CC ID 04414 | Configuration | Preventive | |
| Configure RConsoleJ in NetWare. CC ID 04460 | Configuration | Preventive | |
| Configure Secure Console in NetWare. CC ID 04461 | Configuration | Preventive | |
| Disable Universal Description, Discovery, and Integration. CC ID 04466 | Configuration | Preventive | |
| Enable encryption for connections that transfer restricted data over HyperText Transfer Protocol. CC ID 04473 | Configuration | Preventive | |
| Use HyperText Transfer Protocol Secure to protect authenticators or other restricted data or restricted information. CC ID 04474 | Configuration | Preventive | |
| Configure Windows Messenger to prevent access to the internet. CC ID 04518 | Configuration | Preventive | |
| Configure the "Always wait for the network at computer startup and logon" setting to organizational standards. CC ID 04519 | Configuration | Preventive | |
| Do not Configure anonymous File Transfer Protocol on computers located inside a defined security perimeter. CC ID 04527 | Configuration | Preventive | |
| Create an access control list on Network Access and Control Points to restrict access. CC ID 04810 | Configuration | Preventive | |
| Configure the Access Control List to restrict connections between untrusted networks and any system that holds restricted data or restricted information. CC ID 06077 | Configuration | Preventive | |
| Configure the Access Control List (ACL) so that internal network addresses cannot pass from the Internet into the Demilitarized Zone (DMZ). CC ID 06421 | Configuration | Preventive | |
| Configure the Access Control List so that outbound network traffic from protected subnets can only access IP Addresses inside the Demilitarized Zone. CC ID 06422 | Configuration | Preventive | |
| Configure Print Services to use port 9100 and/or port 515. CC ID 04811 | Configuration | Preventive | |
| Configure the SSH server in accordance with organizational standards. CC ID 04843 | Configuration | Preventive | |
| Configure permissions for SSH private host key files to organizational standards. CC ID 15331 | Configuration | Preventive | |
| Configure permissions for SSH public host key files to organizational standards. CC ID 15333 | Configuration | Preventive | |
| Disable Secure Shell version 1 and use Secure Shell version 2. CC ID 04465 | Configuration | Preventive | |
| Allow or deny inbound connections to the secure shell port, as appropriate. CC ID 05746 | Configuration | Preventive | |
| Enable or disable the emulation of the rsh command through the SSH server, as appropriate. CC ID 05747 | Configuration | Preventive | |
| Configure SSH X11 forwarding to organizational standards. CC ID 05748 | Configuration | Preventive | |
| Set the SSH authentication log retry limit. CC ID 05750 | Configuration | Preventive | |
| Configure SSH integration with .rhosts to organizational standards. CC ID 05751 | Configuration | Preventive | |
| Configure SSH integration with hosts.equiv to organizational standards. CC ID 05752 | Configuration | Preventive | |
| Enable or disable SSH Rhosts RSA Authentication, as appropriate. CC ID 05753 | Configuration | Preventive | |
| Use Secure Shell for remote logins and file transfers. CC ID 06562 | Configuration | Preventive | |
| Configure the "/etc/hosts.deny" file: Content to organizational standards. CC ID 09924 | Configuration | Preventive | |
| Configure the "hosts.deny" file permissions to organizational standards. CC ID 09925 | Configuration | Preventive | |
| Configure the "PermitEmptyPasswords" setting to organizational standards. CC ID 09926 | Configuration | Preventive | |
| Configure the "SSH IgnoreRhosts" setting to organizational standards. CC ID 09951 | Configuration | Preventive | |
| Configure the "allowed users and groups" setting for "SSH" to organizational standards. CC ID 09952 | Configuration | Preventive | |
| Configure Network Time Protocol. CC ID 04844 | Configuration | Preventive | |
| Configure multicasting. CC ID 04845 | Configuration | Preventive | |
| Set the apache2 server's ServerTokens value properly. CC ID 05720 | Configuration | Preventive | |
| Set the apache2 server's ServerSignature value properly. CC ID 05721 | Configuration | Preventive | |
| Configure "Configuration of wireless settings using Windows Connect Now" to organizational standards. CC ID 05722 | Configuration | Preventive | |
| Configure X11 forwarding via Secure Shell, as appropriate. CC ID 05723 | Configuration | Preventive | |
| Enable the NIS passwd daemon as necessary. CC ID 05725 | Configuration | Preventive | |
| Enable the NIS update daemon as necessary. CC ID 05726 | Configuration | Preventive | |
| Enable the NIS xfr daemon as necessary. CC ID 05727 | Configuration | Preventive | |
| Enable or disable strict destination multihoming, as appropriate. CC ID 05728 | Configuration | Preventive | |
| Enable or disable IPv4 strict multihoming, as appropriate. CC ID 05729 | Configuration | Preventive | |
| Enable the appropriate tunneling protocol for Internet Protocol version 6. CC ID 05730 | Configuration | Preventive | |
| Enable or disable the automatic loading of the IPv6 kernel module, as appropriate. CC ID 05731 | Configuration | Preventive | |
| Configure the router advertisements settings to organizational standards. CC ID 05732 | Configuration | Preventive | |
| Configure IPv6 privacy extensions properly. CC ID 05733 | Configuration | Preventive | |
| Set the default number of global unicast IPv6 addresses allowed per network interface properly. CC ID 05734 | Configuration | Preventive | |
| Set the default number of IPv6 router solicitations for network interfaces to send properly. CC ID 05735 | Configuration | Preventive | |
| Set the default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured network address properly. CC ID 05736 | Configuration | Preventive | |
| Enable or disable IPv6 strict multihoming, as appropriate. CC ID 05737 | Configuration | Preventive | |
| Enable or disable IP routing, as appropriate. CC ID 05738 | Configuration | Preventive | |
| Enable or disable reverse source routed packets, as appropriate. CC ID 05739 | Configuration | Preventive | |
| Restrict packet forwarding, as appropriate. CC ID 05740 | Configuration | Preventive | |
| Set unestablished TCP connection queues and established TCP connection queues properly. CC ID 05741 | Configuration | Preventive | |
| Enable or disable the LDAP dynamic updates feature, as appropriate. CC ID 05742 | Configuration | Preventive | |
| Configure the "Prohibit use of Internet Connection Firewall on your DNS domain network" setting properly. CC ID 05743 | Configuration | Preventive | |
| Enable or disable printing services through inetd, as appropriate. CC ID 05744 | Configuration | Preventive | |
| Enable or disable firewall access to printing services, as appropriate. CC ID 05745 | Configuration | Preventive | |
| Set the Secure Shell largest number for authentication retries. CC ID 05749 | Configuration | Preventive | |
| Configure the "Server SPN target name validation level" properly. CC ID 06067 | Configuration | Preventive | |
| Configure the "Allow Local System NULL session fallback" setting properly. CC ID 06068 | Configuration | Preventive | |
| Configure the "Restrict NTLM" settings properly. CC ID 06069 | Configuration | Preventive | |
| Configure the "Allow Local System to use computer identity for NTLM" setting properly. CC ID 06070 | Configuration | Preventive | |
| Configure the "Configure encryption types allowed for Kerberos" setting properly. CC ID 06071 | Configuration | Preventive | |
| Configure the "Allow PKU2U authentication requests to this computer to use online identities" setting properly. CC ID 06072 | Configuration | Preventive | |
| Configure wireless communication to be encrypted using strong cryptography. CC ID 06078 | Configuration | Preventive | |
| Reserve the use of VLAN1 to in-band management. CC ID 06413 | Configuration | Preventive | |
| Disallow Internet Protocol (IP) directed broadcasts. CC ID 06571 | Configuration | Preventive | |
| Configure the "source-routed packets" setting to organizational standards. CC ID 08977 | Configuration | Preventive | |
| Disable feedback on protocol format validation errors. CC ID 10646 | Configuration | Preventive | |
| Configure the "6to4 Relay Name" setting to organizational standards. CC ID 10688 | Configuration | Preventive | |
| Configure the "6to4 Relay Name Resolution Interval" setting to organizational standards. CC ID 10689 | Configuration | Preventive | |
| Configure the "6to4 State" setting to organizational standards. CC ID 10690 | Configuration | Preventive | |
| Configure the "Automated Site Coverage by the DC Locator DNS SRV Records" setting to organizational standards. CC ID 10759 | Configuration | Preventive | |
| Configure the "Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10764 | Configuration | Preventive | |
| Configure the "Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10765 | Configuration | Preventive | |
| Configure the "Best effort service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10766 | Configuration | Preventive | |
| Configure the "BranchCache for network files" setting to organizational standards. CC ID 10776 | Configuration | Preventive | |
| Configure the "Network Options preference logging and tracing" setting to organizational standards. CC ID 10796 | Configuration | Preventive | |
| Configure the "Network Shares preference logging and tracing" setting to organizational standards. CC ID 10797 | Configuration | Preventive | |
| Configure the "slow-link mode" setting to organizational standards. CC ID 10820 | Configuration | Preventive | |
| Configure the "Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10826 | Configuration | Preventive | |
| Configure the "Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10827 | Configuration | Preventive | |
| Configure the "Controlled load service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10828 | Configuration | Preventive | |
| Configure the "Corporate DNS Probe Host Address" setting to organizational standards. CC ID 10829 | Configuration | Preventive | |
| Configure the "Corporate DNS Probe Host Name" setting to organizational standards. CC ID 10830 | Configuration | Preventive | |
| Configure the "Corporate Site Prefix List" setting to organizational standards. CC ID 10831 | Configuration | Preventive | |
| Configure the "Corporate Website Probe URL" setting to organizational standards. CC ID 10832 | Configuration | Preventive | |
| Configure the "DC Locator DNS records not registered by the DCs" setting to organizational standards. CC ID 10838 | Configuration | Preventive | |
| Configure the "DNS Suffix Search List" setting to organizational standards. CC ID 10890 | Configuration | Preventive | |
| Configure the "Do not detect slow network connections" setting to organizational standards. CC ID 10926 | Configuration | Preventive | |
| Configure the "Do not show the "local access only" network icon" setting to organizational standards. CC ID 10936 | Configuration | Preventive | |
| Configure the "Dynamic Registration of the DC Locator DNS Records" setting to organizational standards. CC ID 10943 | Configuration | Preventive | |
| Configure the "Group Policy slow link detection" setting to organizational standards. CC ID 10982 | Configuration | Preventive | |
| Configure the "Guaranteed service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10983 | Configuration | Preventive | |
| Configure the "Guaranteed service type Layer-3 Differentiated Services Code Point for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10984 | Configuration | Preventive | |
| Configure the "Guaranteed service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10985 | Configuration | Preventive | |
| Configure the "Limit the maximum network bandwidth used for Peercaching" setting to organizational standards. CC ID 11017 | Configuration | Preventive | |
| Configure the "Location of the DCs hosting a domain with single label DNS name" setting to organizational standards. CC ID 11024 | Configuration | Preventive | |
| Configure the "Minimum Idle Connection Timeout for RPC/HTTP connections" setting to organizational standards. CC ID 11046 | Configuration | Preventive | |
| Configure the "Network control service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 11049 | Configuration | Preventive | |
| Configure the "Network control service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 11050 | Configuration | Preventive | |
| Configure the "Network control service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 11051 | Configuration | Preventive | |
| Configure the "Network Projector Port Setting" setting to organizational standards. CC ID 11052 | Configuration | Preventive | |
| Configure the "Override the More Gadgets link" setting to organizational standards. CC ID 11060 | Configuration | Preventive | |
| Configure the "Prevent backing up to network location" setting to organizational standards. CC ID 11070 | Configuration | Preventive | |
| Configure the "Primary DNS Suffix" setting to organizational standards. CC ID 11094 | Configuration | Preventive | |
| Configure the "Primary DNS Suffix Devolution" setting to organizational standards. CC ID 11095 | Configuration | Preventive | |
| Configure the "Priority Set in the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11099 | Configuration | Preventive | |
| Configure the "Prohibit installation and configuration of Network Bridge on your DNS domain network" setting to organizational standards. CC ID 11102 | Configuration | Preventive | |
| Configure the "Prompt user when a slow network connection is detected" setting to organizational standards. CC ID 11109 | Configuration | Preventive | |
| Configure the "Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 11113 | Configuration | Preventive | |
| Configure the "Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 11114 | Configuration | Preventive | |
| Configure the "Qualitative service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 11115 | Configuration | Preventive | |
| Configure the "Refresh Interval of the DC Locator DNS Records" setting to organizational standards. CC ID 11119 | Configuration | Preventive | |
| Configure the "Register DNS records with connection-specific DNS suffix" setting to organizational standards. CC ID 11120 | Configuration | Preventive | |
| Configure the "Require domain users to elevate when setting a network's location" setting to organizational standards. CC ID 11133 | Configuration | Preventive | |
| Configure the "Route all traffic through the internal network" setting to organizational standards. CC ID 11149 | Configuration | Preventive | |
| Configure the "Set a support web page link" setting to organizational standards. CC ID 11171 | Configuration | Preventive | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Link Local" to organizational standards. CC ID 11179 | Configuration | Preventive | |
| Configure the "Set the Seed Server" setting for "IPv6 Link Local" to organizational standards. CC ID 11190 | Configuration | Preventive | |
| Configure the "Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers" setting to organizational standards. CC ID 11197 | Configuration | Preventive | |
| Configure the "Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers" setting to organizational standards. CC ID 11198 | Configuration | Preventive | |
| Configure the "Sites Covered by the Application Directory Partition Locator DNS SRV Records" setting to organizational standards. CC ID 11202 | Configuration | Preventive | |
| Configure the "Sites Covered by the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11203 | Configuration | Preventive | |
| Configure the "Sites Covered by the GC Locator DNS SRV Records" setting to organizational standards. CC ID 11204 | Configuration | Preventive | |
| Configure the "Slow network connection timeout for user profiles" setting to organizational standards. CC ID 11205 | Configuration | Preventive | |
| Configure the "TTL Set in the DC Locator DNS Records" setting to organizational standards. CC ID 11252 | Configuration | Preventive | |
| Configure the "Turn off Connect to a Network Projector" setting to organizational standards. CC ID 11272 | Configuration | Preventive | |
| Configure the "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com" setting to organizational standards. CC ID 11283 | Configuration | Preventive | |
| Configure the "Turn off Microsoft Peer-to-Peer Networking Services" setting to organizational standards. CC ID 11289 | Configuration | Preventive | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Link Local" to organizational standards. CC ID 11291 | Configuration | Preventive | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Link Local" to organizational standards. CC ID 11299 | Configuration | Preventive | |
| Configure the "Turn off Registration if URL connection is referring to Microsoft.com" setting to organizational standards. CC ID 11305 | Configuration | Preventive | |
| Configure the "Turn off Windows Network Connectivity Status Indicator active tests" setting to organizational standards. CC ID 11328 | Configuration | Preventive | |
| Configure the "Weight Set in the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11371 | Configuration | Preventive | |
| Configure Automated Teller Machines in accordance with organizational standards. CC ID 12542 | Configuration | Preventive | |
| Enable or disable remote print browsing, as appropriate. CC ID 05718 | Configuration | Preventive | |
| Allow or deny remote print browsing Common Unix Printing System the ability to listen for incoming printer information, as appropriate. CC ID 05719 | Configuration | Preventive | |
| Configure the time server in accordance with organizational standards. CC ID 06426 | Configuration | Preventive | |
| Configure the time server to synchronize with specifically designated hosts. CC ID 06427 | Configuration | Preventive | |
| Restrict access to time server configuration to personnel with a business need. CC ID 06858 | Configuration | Preventive | |
| Keep current the time synchronization technology. CC ID 12548 | Technical Security | Preventive | |
| Verify the organization has Emergency Power Supplies available for the systems. CC ID 01912 | Systems Continuity | Preventive | |
| Verify enough emergency power is available for a graceful shutdown if the primary power system fails. CC ID 01913 | Systems Continuity | Preventive | |
| Verify emergency power continuity procedures are in place to transfer power to a secondary source if the primary power system fails. CC ID 01914 | Systems Continuity | Preventive | |
| Enable or disable the Uninterruptible Power Supply service, as appropriate. CC ID 06037 | Configuration | Preventive | |
| Configure Private Branch Exchanges in accordance with organizational standards. CC ID 02219 | Configuration | Preventive | |
| Enable Direct Inward System Access, only when necessary. CC ID 02220 | Configuration | Preventive | |
| Configure voicemail security inside each Private Branch Exchange. CC ID 02221 | Configuration | Preventive | |
| Configure Wireless Access Points in accordance with organizational standards. CC ID 12477 | Configuration | Preventive | |
| Enable MAC address filtering for Wireless Access Points. CC ID 04592 | Configuration | Preventive | |
| Disable Service Set Identifier broadcast. CC ID 04590 | Configuration | Preventive | |
| Configure Service Set Identifiers in accordance with organizational standards. CC ID 16447 | Configuration | Preventive | |
| Configure the Wireless Access Point transmit power setting to the lowest level possible. CC ID 04593 | Configuration | Preventive | |
| Use Wireless Local Area Network Network Interface Cards that turn off or disable Peer-To-Peer Wireless Local Area Network communications. CC ID 04594 | Testing | Detective | |
| Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 | Configuration | Preventive | |
| Verify wired network interface cards and Wireless Network Interface Cards are not simultaneously active for network devices other than a Wireless Access Point. CC ID 04596 | Testing | Detective | |
| Enable an authorized version of Wi-Fi Protected Access. CC ID 04832 | Configuration | Preventive | |
| Synchronize the Wireless Access Points' clocks. CC ID 04834 | Configuration | Preventive | |
| Disable unnecessary applications, ports, and protocols on Wireless Access Points. CC ID 04835 | Configuration | Preventive | |
| Enable or disable all BIOS wireless devices, as appropriate. CC ID 05754 | Configuration | Preventive | |
| Enable or disable all wireless interfaces, as necessary. CC ID 05755 | Configuration | Preventive | |
| Include or exclude device drivers for wireless devices from the kernel, as appropriate. CC ID 05756 | Configuration | Preventive | |
| Reset wireless access points, as necessary. CC ID 14317 | Process or Activity | Corrective | |
| Configure mobile device settings in accordance with organizational standards. CC ID 04600 | Configuration | Preventive | |
| Configure mobile devices to enable remote wipe. CC ID 12212 | Configuration | Preventive | |
| Configure prohibiting the circumvention of security controls on mobile devices. CC ID 12335 | Configuration | Preventive | |
| Configure Apple iOS to Organizational Standards. CC ID 09986 | Establish/Maintain Documentation | Preventive | |
| Configure the "VPN" setting to organizational standards. CC ID 09987 | Configuration | Preventive | |
| Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 09988 | Configuration | Preventive | |
| Configure the "With Authentication" setting to organizational standards. CC ID 09989 | Configuration | Preventive | |
| Configure the "Auto-Join" setting to organizational standards. CC ID 09990 | Configuration | Preventive | |
| Configure the "AirDrop Discoverability" setting to organizational standards. CC ID 09991 | Configuration | Preventive | |
| Configure the "Wi-Fi" setting to organizational standards. CC ID 09992 | Configuration | Preventive | |
| Configure the "Personal Hotspot" setting to organizational standards. CC ID 09994 | Configuration | Preventive | |
| Configure the "Notifications View" setting for "Access on Lock Screen" to organizational standards. CC ID 09995 | Configuration | Preventive | |
| Configure the "Find My iPhone" setting to organizational standards. CC ID 09996 | Configuration | Preventive | |
| Configure the "iPhone Unlock" setting to organizational standards. CC ID 09997 | Configuration | Preventive | |
| Configure the "Access on Lock Screen" setting to organizational standards. CC ID 09998 | Configuration | Preventive | |
| Configure the "Forget this Network" setting to organizational standards. CC ID 09999 | Configuration | Preventive | |
| Configure the "Ask to Join Networks" setting to organizational standards. CC ID 10000 | Configuration | Preventive | |
| Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 10001 | Configuration | Preventive | |
| Configure the "Credit Cards" setting to organizational standards. CC ID 10002 | Configuration | Preventive | |
| Configure the "Saved Credit Card Information" setting to organizational standards. CC ID 10003 | Configuration | Preventive | |
| Configure the "Do Not Track" setting to organizational standards. CC ID 10004 | Configuration | Preventive | |
| Configure the "With Authentication" setting to organizational standards. CC ID 10005 | Configuration | Preventive | |
| Configure the "Allow Move" setting to organizational standards. CC ID 10006 | Configuration | Preventive | |
| Configure the "Use Only in Mail" setting to organizational standards. CC ID 10007 | Configuration | Preventive | |
| Configure mobile devices to organizational standards. CC ID 04639 | Configuration | Preventive | |
| Configure mobile devices to separate organizational data from personal data. CC ID 16463 | Configuration | Preventive | |
| Configure the mobile device properties to organizational standards. CC ID 04640 | Configuration | Preventive | |
| Configure the mobile device menu items to organizational standards. CC ID 04641 | Configuration | Preventive | |
| Configure the BlackBerry handheld device driver settings. CC ID 04642 | Configuration | Preventive | |
| Verify only BlackBerry Enterprise Server e-mail software and e-mail hardware is being used. CC ID 04601 | Technical Security | Preventive | |
| Configure the BlackBerry Enterprise Server with either BlackBerry DMZ Solution or the BlackBerry firewall solution. CC ID 04602 | Configuration | Preventive | |
| Configure automatic master key generation on the BlackBerry Enterprise Server. CC ID 04608 | Configuration | Preventive | |
| Train BlackBerry handheld device users on the Bluetooth Smart Card Reader's proper usage. CC ID 04603 | Behavior | Preventive | |
| Verify metamessage software is not installed on BlackBerry handheld devices. CC ID 04604 | Technical Security | Preventive | |
| Configure e-mail messages to not display a signature line stating the message was sent from a Portable Electronic Device. CC ID 04605 | Configuration | Preventive | |
| Verify only the specific mobile device web browser software is installed. CC ID 04606 | Configuration | Preventive | |
| Update the software and master keys for mobile Personal Electronic Devices every 30 days. CC ID 04607 | Configuration | Preventive | |
| Enable content protection on mobile devices. CC ID 04609 | Configuration | Preventive | |
| Configure the application policy groups for each mobile Personal Electronic Device. CC ID 04610 | Configuration | Preventive | |
| Configure the BlackBerry Messenger policy group settings. CC ID 04611 | Configuration | Preventive | |
| Configure the Camera policy group settings. CC ID 04614 | Configuration | Preventive | |
| Configure the Bluetooth policy group settings. CC ID 04612 | Configuration | Preventive | |
| Configure the Bluetooth Smart Card Reader policy group settings. CC ID 04613 | Configuration | Preventive | |
| Configure the Browser policy group settings. CC ID 04615 | Configuration | Preventive | |
| Configure the Certificate Sync policy group settings. CC ID 04616 | Configuration | Preventive | |
| Configure the CMIME policy group settings. CC ID 04617 | Configuration | Preventive | |
| Configure the Common policy group settings. CC ID 04618 | Configuration | Preventive | |
| Configure the Desktop-only policy group settings. CC ID 04619 | Configuration | Preventive | |
| Configure the IOT Application policy group settings. CC ID 04620 | Configuration | Preventive | |
| Configure the Device-only policy group settings. CC ID 04621 | Configuration | Preventive | |
| Configure the Desktop policy group settings. CC ID 04622 | Configuration | Preventive | |
| Configure the Global items policy group settings. CC ID 04623 | Configuration | Preventive | |
| Configure the Location Based Services policy group settings. CC ID 04624 | Configuration | Preventive | |
| Configure the MDS policy group settings. CC ID 04625 | Configuration | Preventive | |
| Configure the On-Device Help policy group settings. CC ID 04626 | Configuration | Preventive | |
| Configure the Password policy group settings. CC ID 04627 | Configuration | Preventive | |
| Configure the PIM Sync policy group settings. CC ID 04628 | Configuration | Preventive | |
| Configure the Secure E-mail policy group settings. CC ID 04629 | Configuration | Preventive | |
| Configure the Memory Cleaner policy group settings. CC ID 04630 | Configuration | Preventive | |
| Configure the Security policy group settings. CC ID 04631 | Configuration | Preventive | |
| Configure the Service Exclusivity policy group settings. CC ID 04632 | Configuration | Preventive | |
| Configure the SIM Application Toolkit policy group settings. CC ID 04633 | Configuration | Preventive | |
| Configure the Smart Dialing policy group settings. CC ID 04634 | Configuration | Preventive | |
| Configure the S/MIME policy group settings. CC ID 04635 | Configuration | Preventive | |
| Configure the TCP policy group settings. CC ID 04636 | Configuration | Preventive | |
| Configure the WTLS (Application) policy group settings. CC ID 04638 | Configuration | Preventive | |
| Configure emergency and critical e-mail notifications so that they are digitally signed. CC ID 04841 | Configuration | Preventive | |
| Enable data-at-rest encryption on mobile devices. CC ID 04842 | Configuration | Preventive | |
| Disable the capability to automatically execute code on mobile devices absent user direction. CC ID 08705 | Configuration | Preventive | |
| Configure environmental sensors on mobile devices. CC ID 10667 | Configuration | Preventive | |
| Prohibit the remote activation of environmental sensors on mobile devices. CC ID 10666 | Configuration | Preventive | |
| Configure the mobile device to explicitly show when an environmental sensor is in use. CC ID 10668 | Configuration | Preventive | |
| Configure the environmental sensor to report collected data to designated personnel only. CC ID 10669 | Configuration | Preventive | |
| Configure Cisco-specific applications and service in accordance with organizational standards. CC ID 06557 | Configuration | Preventive | |
| Disable Cisco Discovery Protocol service unless the Cisco Discovery Protocol service is absolutely necessary. CC ID 06556 | Configuration | Preventive | |
| Disable configuration autoloading unless configuration autoloading is absolutely necessary. CC ID 06558 | Configuration | Preventive | |
| Disable exec on aux unless exec on aux is absolutely necessary. CC ID 06559 | Configuration | Preventive | |
| Define and configure the Cisco loopback interface. CC ID 06560 | Configuration | Preventive | |
| Configure custom Oracle-specific applications and services in accordance with organizational standards. CC ID 06565 | Configuration | Preventive | |
| Set the Oracle Listener password. CC ID 06566 | Configuration | Preventive | |
| Configure Oracle batch processes to not use passwords in parameters or variables. CC ID 06567 | Configuration | Preventive | |
| Configure the Global Positioning System settings as appropriate. CC ID 06888 | Configuration | Preventive | |
| Configure the Global Positioning System monitor carrier-to-noise density ratio to the range of 48-50 bbhrtz. CC ID 06889 | Configuration | Preventive | |
| Configure endpoint security tools in accordance with organizational standards. CC ID 07049 | Configuration | Preventive | |
| Secure endpoint security tool configuration settings from unauthorized change. CC ID 07050 | Configuration | Preventive | |
| Configure e-mail security settings in accordance with organizational standards. CC ID 07055 | Configuration | Preventive | |
| Configure e-mail to limit the number of recipients per message. CC ID 07056 | Configuration | Preventive | |
| Configure web server security settings in accordance with organizational standards. CC ID 07059 | Configuration | Preventive | |
| Configure the web server to hide the directory of files in a folder. CC ID 07060 | Configuration | Preventive | |
| Certify the system before releasing it into a production environment. CC ID 06419 | Configuration | Preventive | |
| Document the system's accreditation and residual risks. CC ID 06728 | Configuration | Preventive | |
| Establish, implement, and maintain virtualization configuration settings. CC ID 07110 | Configuration | Preventive | |
| Implement the security features of hypervisor to protect virtual machines. CC ID 12176 | Configuration | Preventive | |
| Execute code in confined virtual machine environments. CC ID 10648 | Configuration | Preventive | |
| Configure Microsoft Office to Organizational Standards. CC ID 07147 | Configuration | Preventive | |
| Set custom Microsoft Office security options in accordance with organizational standards. CC ID 05757 | Configuration | Preventive | |
| Configure the "Disable VBA for Office applications" setting properly. CC ID 05758 | Configuration | Preventive | |
| Configure the "ActiveX Control Initialization" setting to organizational standards. CC ID 05759 | Configuration | Preventive | |
| Configure the "Online content options" setting properly. CC ID 05760 | Configuration | Preventive | |
| Configure the "VBA Macro Warning Settings" setting properly. CC ID 05761 | Configuration | Preventive | |
| Configure the "Trust access to Visual Basic Project" setting properly. CC ID 05762 | Configuration | Preventive | |
| Configure the "Configure Add-In Trust Level" setting properly. CC ID 05763 | Configuration | Preventive | |
| Configure the "Minimum encryption settings" setting properly. CC ID 05764 | Configuration | Preventive | |
| Configure the "Do not check e-mail address against address of certificates being used" setting to organizational standards. CC ID 05765 | Configuration | Preventive | |
| Configure the "Send all signed messages as clear signed messages" setting properly. CC ID 05766 | Configuration | Preventive | |
| Configure the "Request an S/MIME receipt for all S/MIME signed messages" setting properly. CC ID 05767 | Configuration | Preventive | |
| Configure the "Do not display 'Publish to GAL' button" setting properly. CC ID 05768 | Configuration | Preventive | |
| Configure the "Signature Warning" setting properly. CC ID 05769 | Configuration | Preventive | |
| Configure the "Enable Cryptography Icons" setting properly. CC ID 05770 | Configuration | Preventive | |
| Configure the "Retrieving CRLs (Certificate Revocation Lists)" setting properly. CC ID 05771 | Configuration | Preventive | |
| Configure the "Warn before printing, saving, or sending a file that contains tracked changes or comments" setting properly. CC ID 05772 | Configuration | Preventive | |
| Configure the "Underline hyperlinks" setting properly. CC ID 05773 | Configuration | Preventive | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins" setting properly. CC ID 05774 | Configuration | Preventive | |
| Configure the "Disable all application add-ins" setting properly. CC ID 05775 | Configuration | Preventive | |
| Configure the "Required that application add-ins are signed by Trusted Publisher" setting properly. CC ID 05776 | Configuration | Preventive | |
| Configure the "Disable all trusted locations" setting properly. CC ID 05777 | Configuration | Preventive | |
| Configure the "Allow Trusted Locations not on the computer" setting properly. CC ID 05778 | Configuration | Preventive | |
| Configure the "Modal Trust Decision Only" setting properly. CC ID 05779 | Configuration | Preventive | |
| Configure the "Disable commands" setting properly. CC ID 05780 | Configuration | Preventive | |
| Configure the "Database Tools | Macro | Convert Macros to Visual Basic" setting to organizational standards. CC ID 05781 | Configuration | Preventive | |
| Configure the "Database Tools | Macro | Create Shortcut Menu from Macro" setting to organizational standards. CC ID 05782 | Configuration | Preventive | |
| Configure the "Disable shortcut keys" setting properly. CC ID 05783 | Configuration | Preventive | |
| Configure the "Default file format" setting properly. CC ID 05784 | Configuration | Preventive | |
| Configure the "Do not prompt to convert older databases" setting properly. CC ID 05785 | Configuration | Preventive | |
| Configure the "Internet and network paths as hyperlinks" setting properly. CC ID 05786 | Configuration | Preventive | |
| Configure the "Save files" setting properly. CC ID 05787 | Configuration | Preventive | |
| Configure the "Disable AutoRepublish" setting properly. CC ID 05788 | Configuration | Preventive | |
| Configure the "Autorepublish warning alert" setting properly. CC ID 05789 | Configuration | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks" setting properly. CC ID 05790 | Configuration | Preventive | |
| Configure the "Force file extension to match file type" setting properly. CC ID 05791 | Configuration | Preventive | |
| Configure the "Store macro in Personal Macro Workbook by default" setting properly. CC ID 05792 | Configuration | Preventive | |
| Configure the "Ignore other applications" setting properly. CC ID 05793 | Configuration | Preventive | |
| Configure the "Ask to update automatic links" setting properly. CC ID 05794 | Configuration | Preventive | |
| Configure the "Save any additional data necessary to maintain formulas" setting properly. CC ID 05795 | Configuration | Preventive | |
| Configure the "Load pictures from Web pages not created in Excel" setting properly. CC ID 05796 | Configuration | Preventive | |
| Configure the "Do not show data extraction options when opening corrupt workbooks" setting properly. CC ID 05797 | Configuration | Preventive | |
| Configure the "Assume structured storage format of workbook is intact when recovering data" setting to organizational standards. CC ID 05798 | Configuration | Preventive | |
| Configure the "Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME)" setting to organizational standards. CC ID 05799 | Configuration | Preventive | |
| Configure the "Connection File Locations" setting to organizational standards. CC ID 05800 | Configuration | Preventive | |
| Configure the "Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh)" setting to organizational standards. CC ID 05801 | Configuration | Preventive | |
| Configure the "Block opening of" setting properly. CC ID 05802 | Configuration | Preventive | |
| Configure the "Block saving of" setting properly. CC ID 05803 | Configuration | Preventive | |
| Configure the "Locally cache network file storages" setting to organizational standards. CC ID 05804 | Configuration | Preventive | |
| Configure the "Locally cache PivotTable reports" setting to organizational standards. CC ID 05805 | Configuration | Preventive | |
| Configure the "OLAP PivotTable User Defined Function (UDF) security setting" setting properly. CC ID 05806 | Configuration | Preventive | |
| Configure the "Recognize SmartTags" setting to organizational standards. CC ID 05807 | Configuration | Preventive | |
| Configure the "Offline Mode Status" setting properly. CC ID 05808 | Configuration | Preventive | |
| Configure the "Control behavior for Windows SharePoint Services gradual upgrade" setting properly. CC ID 05809 | Configuration | Preventive | |
| Configure the "Disable opening of solutions from the Internet security zone" setting properly. CC ID 05810 | Configuration | Preventive | |
| Configure the "Allow the use of ActiveX Custom Controls in InfoPath forms" setting properly. CC ID 05811 | Configuration | Preventive | |
| Configure the "Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1" setting to organizational standards. CC ID 05812 | Configuration | Preventive | |
| Configure the "Allow file types as attachments to forms" setting properly. CC ID 05813 | Configuration | Preventive | |
| Configure the "Block specific file types as attachments to forms" setting properly. CC ID 05814 | Configuration | Preventive | |
| Configure the "Prevent users from allowing unsafe file types to be attached to forms" setting properly. CC ID 05815 | Configuration | Preventive | |
| Configure the "Display a warning that a form is digitally signed" setting properly. CC ID 05816 | Configuration | Preventive | |
| Configure the "Control behavior when opening forms" setting properly. CC ID 05817 | Configuration | Preventive | |
| Configure the "Beaconing UI for forms" setting properly. CC ID 05818 | Configuration | Preventive | |
| Configure the "Disable sending form template with e-mail forms" setting properly. CC ID 05819 | Configuration | Preventive | |
| Configure the "Disable dynamic caching of the form template in InfoPath e-mail forms" setting properly. CC ID 05820 | Configuration | Preventive | |
| Configure the "Disable sending InfoPath 2003 Forms as e-mail forms" setting properly. CC ID 05821 | Configuration | Preventive | |
| Configure the "Disable e-mail forms" setting properly. CC ID 05822 | Configuration | Preventive | |
| Configure the "Disable InfoPath e-mail forms in Outlook" setting properly. CC ID 05823 | Configuration | Preventive | |
| Configure the "Information Rights Management" setting to organizational standards. CC ID 05824 | Configuration | Preventive | |
| Configure the "Custom code" setting properly. CC ID 05825 | Configuration | Preventive | |
| Configure the "E-mail forms beaconing UI" setting properly. CC ID 05826 | Configuration | Preventive | |
| Configure the "Disable user customization of Quick Access Toolbar via UI" setting properly. CC ID 05827 | Configuration | Preventive | |
| Configure the "Disable all user customization of Quick Access Toolar" setting properly. CC ID 05828 | Configuration | Preventive | |
| Configure the "Disable UI extending from documents and templates" setting properly. CC ID 05829 | Configuration | Preventive | |
| Configure the "Recognize smart tags in Excel" setting properly. CC ID 05830 | Configuration | Preventive | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office Online website" setting properly. CC ID 05831 | Configuration | Preventive | |
| Configure the "Disable template downloads from the client and from Office Online website" setting properly. CC ID 05832 | Configuration | Preventive | |
| Configure the "Disable access to updates, add-ins, and patches on the Office Online website" setting properly. CC ID 05833 | Configuration | Preventive | |
| Configure the "Prevent users from uploading document templates to the Office Online community" setting to organizational standards. CC ID 05834 | Configuration | Preventive | |
| Configure the "Disable training practice downloads from the Office Online website" setting properly. CC ID 05835 | Configuration | Preventive | |
| Configure the "Disable customer-submitted templates downloads from Office Online" setting properly. CC ID 05836 | Configuration | Preventive | |
| Configure the "Open Office documents as read/write while browsing" setting properly. CC ID 05837 | Configuration | Preventive | |
| Configure the "Rely on VML for displaying graphics in browsers" setting properly. CC ID 05838 | Configuration | Preventive | |
| Configure the "Allow PNG as an output format" setting properly. CC ID 05839 | Configuration | Preventive | |
| Configure the "Improve Proofing Tools" setting properly. CC ID 05840 | Configuration | Preventive | |
| Configure the "Disable Opt-in Wizard on first run" setting properly. CC ID 05841 | Configuration | Preventive | |
| Configure the "Microsoft Office Online" setting to organizational standards. CC ID 05842 | Configuration | Preventive | |
| Configure the "Disable Password Caching" setting properly. CC ID 05843 | Configuration | Preventive | |
| Configure the "Disable all Trust Bar notifications for security issues" setting properly. CC ID 05844 | Configuration | Preventive | |
| Configure the "Protect document metadata" setting properly. CC ID 05845 | Configuration | Preventive | |
| Configure the "Encryption type for password protected" setting properly. CC ID 05846 | Configuration | Preventive | |
| Configure the "Load controls in Forms3" setting properly. CC ID 05847 | Configuration | Preventive | |
| Configure the "Automation Security" setting properly. CC ID 05848 | Configuration | Preventive | |
| Configure the "Prevent Word and Excel from loading managed code extensions" setting properly. CC ID 05849 | Configuration | Preventive | |
| Configure the "Disable hyperlink warnings" setting properly. CC ID 05850 | Configuration | Preventive | |
| Configure the "Disable password to open UI" setting properly. CC ID 05851 | Configuration | Preventive | |
| Configure the "Download Office Controls" setting to organizational standards. CC ID 05852 | Configuration | Preventive | |
| Configure the "Disable All ActiveX" setting properly. CC ID 05853 | Configuration | Preventive | |
| Configure the "Allow mix of policy and user locations" setting properly. CC ID 05854 | Configuration | Preventive | |
| Configure the "Disable Smart Document's use of manifests" setting properly. CC ID 05855 | Configuration | Preventive | |
| Configure the "Completely disable the Smart Documents feature in Word and Excel" setting to organizational standards. CC ID 05856 | Configuration | Preventive | |
| Configure the "Disable Internet Fax feature" setting properly. CC ID 05857 | Configuration | Preventive | |
| Configure the "Prevent users from changing permissions on rights managed content" setting properly. CC ID 05858 | Configuration | Preventive | |
| Configure the "Allow users with earlier versions of Office to read with browsers." setting properly. CC ID 05859 | Configuration | Preventive | |
| Configure the "Always require users to connect to verify permission" setting properly. CC ID 05860 | Configuration | Preventive | |
| Configure the "Always expand groups in Office when restricting permission for documents" setting properly. CC ID 05861 | Configuration | Preventive | |
| Configure the "Never allow users to specify groups when restricting permission for documents" setting properly. CC ID 05862 | Configuration | Preventive | |
| Configure the "Disable Microsoft Passport service for content with restricted permission" setting properly. CC ID 05863 | Configuration | Preventive | |
| Configure the "Do not allow users to upgrade Information Rights Management configuration" setting to organizational standards. CC ID 05864 | Configuration | Preventive | |
| Configure the "Key Usage Filtering" setting properly. CC ID 05865 | Configuration | Preventive | |
| Configure the "EKU filtering" setting properly. CC ID 05866 | Configuration | Preventive | |
| Configure the "Legacy format signatures" setting properly. CC ID 05867 | Configuration | Preventive | |
| Configure the "Suppress Office Signing Providers" setting properly. CC ID 05868 | Configuration | Preventive | |
| Configure the "Suppress external signature services menu item" setting properly. CC ID 05869 | Configuration | Preventive | |
| Configure the "Disable Check For Solutions" setting properly. CC ID 05870 | Configuration | Preventive | |
| Configure the "Disable inclusion of document properties in PDF and XPS output" setting properly. CC ID 05871 | Configuration | Preventive | |
| Configure the "Disable Document Information Panel" setting properly. CC ID 05872 | Configuration | Preventive | |
| Configure the "Document information panel beaconing UI" setting properly. CC ID 05873 | Configuration | Preventive | |
| Configure the "Disable the Office client from polling the Office server for published links" setting properly. CC ID 05874 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats" setting properly. CC ID 05875 | Configuration | Preventive | |
| Configure the "Control Blogging" setting properly. CC ID 05876 | Configuration | Preventive | |
| Configure the "Enable Smart Resume" setting to organizational standards. CC ID 05877 | Configuration | Preventive | |
| Configure the "Do not upload media files" setting to organizational standards. CC ID 05878 | Configuration | Preventive | |
| Configure the "Disable hyperlinks to web templates in File | New and task panes" setting properly. CC ID 05879 | Configuration | Preventive | |
| Configure the "Prevent access to Web-based file storage" setting to organizational standards. CC ID 05880 | Configuration | Preventive | |
| Configure the "Do not allow attachment previewing in Outlook" setting properly. CC ID 05881 | Configuration | Preventive | |
| Configure the "Read e-mail as plain text" setting properly. CC ID 05882 | Configuration | Preventive | |
| Configure the "Read signed e-mail as plain text" setting properly. CC ID 05883 | Configuration | Preventive | |
| Configure the "Prevent publishing to Office Online" setting properly. CC ID 05884 | Configuration | Preventive | |
| Configure the "Prevent publishing to a DAV server" setting properly. CC ID 05885 | Configuration | Preventive | |
| Configure the "Restrict level of calendar details users can publish" setting properly. CC ID 05886 | Configuration | Preventive | |
| Configure the "Access to published calendars" setting properly. CC ID 05887 | Configuration | Preventive | |
| Configure the "Restrict upload method" setting properly. CC ID 05888 | Configuration | Preventive | |
| Configure the "Hide Junk Mail UI" setting properly. CC ID 05889 | Configuration | Preventive | |
| Configure the "Junk E-mail Protection Level" setting properly. CC ID 05890 | Configuration | Preventive | |
| Configure the "Trust E-mail from Contacts" setting properly. CC ID 05891 | Configuration | Preventive | |
| Configure the "Add e-mail recipients to users' Safe Senders Lists" setting properly. CC ID 05892 | Configuration | Preventive | |
| Configure the "Dial-up options" setting properly. CC ID 05893 | Configuration | Preventive | |
| Configure the "Do not allow creating, replying, or forwarding signatures for e-mail messages" setting properly. CC ID 05894 | Configuration | Preventive | |
| Configure the "Send copy of pictures with HTML messages instead of reference to Internet location" setting to organizational standards. CC ID 05895 | Configuration | Preventive | |
| Configure the "Outlook rich text options" setting properly. CC ID 05896 | Configuration | Preventive | |
| Configure the "Plain text options" setting properly. CC ID 05897 | Configuration | Preventive | |
| Configure the "Set message format" setting properly. CC ID 05898 | Configuration | Preventive | |
| Configure the "Make Outlook the default program for E-mail, Contacts, and Calendar" setting properly. CC ID 05899 | Configuration | Preventive | |
| Configure the "Do not allow folders in non-default stores to be set as folder home pages" setting properly. CC ID 05900 | Configuration | Preventive | |
| Configure the "Use Unicode format when dragging e-mail message to file system" setting properly. CC ID 05901 | Configuration | Preventive | |
| Configure the "Do not allow Outlook object model scripts to run" setting properly. CC ID 05902 | Configuration | Preventive | |
| Configure the "set maximum level of online status on a person name (do not allow | allow everywhere except to and cc field | allow everywhere)" setting properly. CC ID 05903 | Configuration | Preventive | |
| Configure the "Display online status on a person name" setting properly. CC ID 05904 | Configuration | Preventive | |
| Configure the "Turn off Enable the Person Names Smart Tag option" setting properly. CC ID 05905 | Configuration | Preventive | |
| Configure the "Outlook security mode" setting properly. CC ID 05906 | Configuration | Preventive | |
| Configure the "Display Level 1 attachments" setting properly. CC ID 05907 | Configuration | Preventive | |
| Configure the "Allow users to demote attachments to Level 2" setting properly. CC ID 05908 | Configuration | Preventive | |
| Configure the "Do not prompt about Level 1 attachments" setting properly. CC ID 05909 | Configuration | Preventive | |
| Configure the "Allow in-place activation of embedded OLE objects" setting to organizational standards. CC ID 05910 | Configuration | Preventive | |
| Configure the "Display OLE package objects" setting properly. CC ID 05911 | Configuration | Preventive | |
| Configure the "Add file extensions to block" setting properly. CC ID 05912 | Configuration | Preventive | |
| Configure the "Remove file extensions blocked" setting properly. CC ID 05913 | Configuration | Preventive | |
| Configure the "Allow scripts in one-off Outlook forms" setting properly. CC ID 05914 | Configuration | Preventive | |
| Configure the "Set Outlook object model custom actions execution prompt" setting properly. CC ID 05915 | Configuration | Preventive | |
| Configure the "Set control itemproperty pompt" setting properly. CC ID 05916 | Configuration | Preventive | |
| Configure the "Configure Outlook object model prompt" setting properly. CC ID 05917 | Configuration | Preventive | |
| Configure the "Required Certificate Authority" setting properly. CC ID 05918 | Configuration | Preventive | |
| Configure the "S/MIME interoperability with external clients:" setting properly. CC ID 05919 | Configuration | Preventive | |
| Configure the "Always use Rich Text formatting in S/MIME messages" setting to organizational standards. CC ID 05920 | Configuration | Preventive | |
| Configure the "S/MIME password settings" setting properly. CC ID 05921 | Configuration | Preventive | |
| Configure the "Message Formats" setting properly. CC ID 05922 | Configuration | Preventive | |
| Configure the "Do not provide Continue option on Encryption warning dialog boxes" setting properly for Microsoft Office 2007. CC ID 05923 | Configuration | Preventive | |
| Configure the "Run in FIPS compliant mode" setting properly. CC ID 05925 | Configuration | Preventive | |
| Configure the "URL for S/MIME certificates" setting properly. CC ID 05926 | Configuration | Preventive | |
| Configure the "Ensure all S/MIME signed messages have a label" setting properly. CC ID 05927 | Configuration | Preventive | |
| Configure the "S/MIME receipt requests" setting properly. CC ID 05954 | Configuration | Preventive | |
| Configure the "Fortezza certificate policies" setting properly. CC ID 05928 | Configuration | Preventive | |
| Configure the "Require SuiteB algorithms for S/MIME operations" setting properly. CC ID 05929 | Configuration | Preventive | |
| Configure the "Missing CRLs" setting properly. CC ID 05930 | Configuration | Preventive | |
| Configure the "Missing root certificates" setting properly. CC ID 05931 | Configuration | Preventive | |
| Configure the "Promote Level 2 errors as errors, not warnings" setting properly. CC ID 05932 | Configuration | Preventive | |
| Configure the "Attachment Secure Temporary Folder" setting properly. CC ID 05933 | Configuration | Preventive | |
| Configure the "Display pictures and external content in HTML e-mail" setting properly. CC ID 05934 | Configuration | Preventive | |
| Configure the "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" setting properly. CC ID 05935 | Configuration | Preventive | |
| Configure the "Do not permit download of content from safe zones" setting properly. CC ID 05936 | Configuration | Preventive | |
| Configure the "Block Trusted Zones" setting properly. CC ID 05937 | Configuration | Preventive | |
| Configure the "Include Internet in Safe Zones for Automatic Picture Download" setting properly. CC ID 05938 | Configuration | Preventive | |
| Configure the "Include Intranet in Safe Zones for Automatic Picture Download" setting properly. CC ID 05939 | Configuration | Preventive | |
| Configure the "security setting for macros (always warn | never warn, disable all | warn for signed, disable unsigned | no security check)" setting properly. CC ID 05940 | Configuration | Preventive | |
| Configure the "Enable links in e-mail messages" setting properly. CC ID 05941 | Configuration | Preventive | |
| Configure the "Apply macro security settings to macros, add-ins, and SmartTags" setting properly. CC ID 05942 | Configuration | Preventive | |
| Configure the "Automatically configure profile based on Active Directory Primary SMTP address" setting properly. CC ID 05943 | Configuration | Preventive | |
| Configure the "Do not allow users to change permissions on folders" setting properly. CC ID 05944 | Configuration | Preventive | |
| Configure the "Enable RPC encryption" setting properly. CC ID 05945 | Configuration | Preventive | |
| Configure the "Authentication with Exchange server" setting properly. CC ID 05946 | Configuration | Preventive | |
| Configure the "Synchronize Outlook RSS Feeds with Common Feed List" setting properly. CC ID 05947 | Configuration | Preventive | |
| Configure the "Turn off RSS feature" setting properly. CC ID 05948 | Configuration | Preventive | |
| Configure the "Automatically download enclosures" setting to organizational standards. CC ID 05949 | Configuration | Preventive | |
| Configure the "Download full text of articles as HTML attachments" setting properly. CC ID 05950 | Configuration | Preventive | |
| Configure the "Automatically download attachments" setting properly. CC ID 05951 | Configuration | Preventive | |
| Configure the "Do not include Internet Calendar integration in Outlook" setting properly. CC ID 05952 | Configuration | Preventive | |
| Configure the "Disable user entries to server list" setting properly. CC ID 05953 | Configuration | Preventive | |
| Configure the "Do not expand distribution lists" setting properly. CC ID 05955 | Configuration | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations" setting properly. CC ID 05956 | Configuration | Preventive | |
| Configure the "Run programs" setting properly. CC ID 05957 | Configuration | Preventive | |
| Configure the "Make hidden markup visible" setting properly. CC ID 05958 | Configuration | Preventive | |
| Configure the "Unblock automatic download of linked images" setting properly. CC ID 05959 | Configuration | Preventive | |
| Configure the "Disable Slide Update" setting to organizational standards. CC ID 05960 | Configuration | Preventive | |
| Configure the "Hidden text" setting properly. CC ID 05961 | Configuration | Preventive | |
| Configure the "Update automatic links at Open" setting properly. CC ID 05962 | Configuration | Preventive | |
| Configure the "Save smart tags in e-mail" setting to organizational standards. CC ID 05963 | Configuration | Preventive | |
| Configure the "Determine where to force encrypted macros to be scanned in Microsoft Word Open XML documents" setting properly. CC ID 05964 | Configuration | Preventive | |
| Configure the "InfoPath APTCA Assembly Whitelist" setting properly. CC ID 05965 | Configuration | Preventive | |
| Configure the "Windows Internet Explorer Feature Control Opt-In" setting properly. CC ID 05966 | Configuration | Preventive | |
| Configure the "Disable Package Repair" setting to organizational standards. CC ID 05967 | Configuration | Preventive | |
| Configure the "Disable user name and password" setting properly. CC ID 05968 | Configuration | Preventive | |
| Configure the "Bind to object" setting properly. CC ID 05969 | Configuration | Preventive | |
| Configure the "Saved from URL" setting properly. CC ID 05970 | Configuration | Preventive | |
| Configure the "Navigate URL" setting properly. CC ID 05971 | Configuration | Preventive | |
| Configure the "Block popups" setting properly. CC ID 05972 | Configuration | Preventive | |
| Configure the "Prevent users from customizing attachment security settings" setting properly. CC ID 05973 | Configuration | Preventive | |
| Configure the "Macro Security Level" setting properly. CC ID 05974 | Configuration | Preventive | |
| Configure the "Trust all installed add-ins and templates" setting properly. CC ID 05975 | Configuration | Preventive | |
| Configure the "Store random number to improve merge accuracy" setting properly. CC ID 05976 | Configuration | Preventive | |
| Configure the "Prevent Users from Changing Office Encryption Settings" setting properly. CC ID 05977 | Configuration | Preventive | |
| Configure Universal settings for Microsoft Office in accordance with organizational standards. CC ID 07211 | Configuration | Preventive | |
| Configure the "Disable VBA for Office applications" to organizational standards. CC ID 07212 | Configuration | Preventive | |
| Configure the "Navigate URL" to organizational standards. CC ID 07213 | Configuration | Preventive | |
| Configure the "Block popups" to organizational standards. CC ID 07214 | Configuration | Preventive | |
| Configure the "Bind to object" to organizational standards. CC ID 07215 | Configuration | Preventive | |
| Configure the "Disable Package Repair" to organizational standards. CC ID 07216 | Configuration | Preventive | |
| Configure the "Disable user name and password" to organizational standards. CC ID 07217 | Configuration | Preventive | |
| Configure the "Saved from URL" to organizational standards. CC ID 07218 | Configuration | Preventive | |
| Configure the "Allow mix of policy and user locations" to organizational standards. CC ID 07284 | Configuration | Preventive | |
| Configure the "ActiveX Control Initialization" to organizational standards. CC ID 07285 | Configuration | Preventive | |
| Configure the "Allow users with earlier versions of Office to read with browsers." to organizational standards CC ID 07287 | Configuration | Preventive | |
| Configure the "Always expand groups in Office when restricting permission for documents" to organizational standards. CC ID 07288 | Configuration | Preventive | |
| Configure the "Allow PNG as an output format" to organizational standards. CC ID 07289 | Configuration | Preventive | |
| Configure the "Automatically receive small updates to improve reliability" to organizational standards. CC ID 07290 | Configuration | Preventive | |
| Configure the "Always require users to connect to verify permission" to organizational standards. CC ID 07291 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter" to organizational standards. CC ID 07292 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter" to organizational standards. CC ID 07294 | Configuration | Preventive | |
| Configure the "Block updates from the Office Update Site from applying" to organizational standards. CC ID 07295 | Configuration | Preventive | |
| Configure the "Control Blogging" to organizational standards. CC ID 07296 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter" to organizational standards. CC ID 07297 | Configuration | Preventive | |
| Configure the "Disable All ActiveX" to organizational standards. CC ID 07298 | Configuration | Preventive | |
| Configure the "Disable all Trust Bar notifications for security issues" to organizational standards. CC ID 07299 | Configuration | Preventive | |
| Configure the "Disable access to updates, add-ins, and patches on the Office Online website" to organizational standards. CC ID 07300 | Configuration | Preventive | |
| Configure the "Disable Check For Solutions" to organizational standards. CC ID 07301 | Configuration | Preventive | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office Online website" to organizational standards. CC ID 07302 | Configuration | Preventive | |
| Configure the "Disable all user customization of Quick Access Toolbar" to organizational standards. CC ID 07303 | Configuration | Preventive | |
| Configure the "Disable Document Information Panel" to organizational standards. CC ID 07304 | Configuration | Preventive | |
| Configure the "Disable hyperlink warnings" to organizational standards. CC ID 07305 | Configuration | Preventive | |
| Configure the "Disable customer-submitted templates downloads from Office Online" to organizational standards. CC ID 07306 | Configuration | Preventive | |
| Configure the "Disable inclusion of document properties in PDF and XPS output" to organizational standards. CC ID 07307 | Configuration | Preventive | |
| Configure the "Disable Internet Fax feature" to organizational standards. CC ID 07308 | Configuration | Preventive | |
| Configure the "Disable hyperlinks to web templates in File | New and task panes" to organizational standards. CC ID 07309 | Configuration | Preventive | |
| Configure the "Disable password to open UI" to organizational standards. CC ID 07311 | Configuration | Preventive | |
| Configure the "Disable Microsoft Passport service for content with restricted permission" to organizational standards. CC ID 07312 | Configuration | Preventive | |
| Configure the "Disable Smart Document's use of manifests" to organizational standards. CC ID 07313 | Configuration | Preventive | |
| Configure the "Disable template downloads from the client and from Office Online website" to organizational standards. CC ID 07314 | Configuration | Preventive | |
| Configure the "Automation Security" to organizational standards. CC ID 07315 | Configuration | Preventive | |
| Configure the "Disable training practice downloads from the Office Online website" to organizational standards. CC ID 07316 | Configuration | Preventive | |
| Configure the "Disable Update Diagnostic" to organizational standards. CC ID 07317 | Configuration | Preventive | |
| Configure the "Disable UI extending from documents and templates" to organizational standards. CC ID 07318 | Configuration | Preventive | |
| Configure the "Disable Opt-in Wizard on first run" to organizational standards. CC ID 07319 | Configuration | Preventive | |
| Configure the "Document Information Panel Beaconing UI" to organizational standards. CC ID 07320 | Configuration | Preventive | |
| Configure the "EKU filtering" to organizational standards. CC ID 07321 | Configuration | Preventive | |
| Configure the "Encryption type for password protected Office 97-2003 files" to organizational standards. CC ID 07323 | Configuration | Preventive | |
| Configure the "Enable Customer Experience Improvement Program" to organizational standards. CC ID 07324 | Configuration | Preventive | |
| Configure the "Encryption type for password protected Office Open XML files" to organizational standards. CC ID 07325 | Configuration | Preventive | |
| Configure the "Key Usage Filtering" to organizational standards. CC ID 07326 | Configuration | Preventive | |
| Configure the "Improve Proofing Tools" to organizational standards. CC ID 07327 | Configuration | Preventive | |
| Configure the "Never allow users to specify groups when restricting permission for documents" to organizational standards. CC ID 07328 | Configuration | Preventive | |
| Configure the "Legacy format signatures" to organizational standards. CC ID 07329 | Configuration | Preventive | |
| Configure the "Load Controls in Forms3" to organizational standards. CC ID 07330 | Configuration | Preventive | |
| Configure the "Prevent users from changing permissions on rights managed content" to organizational standards. CC ID 07331 | Configuration | Preventive | |
| Configure the "Online content options" to organizational standards. CC ID 07332 | Configuration | Preventive | |
| Configure the "Disable user customization of Quick Access Toolbar via UI" to organizational standards. CC ID 07333 | Configuration | Preventive | |
| Configure the "Protect document metadata for password protected files" to organizational standards. CC ID 07334 | Configuration | Preventive | |
| Configure the "Prevents users from uploading document templates to the Office Online community." to organizational standards CC ID 07335 | Configuration | Preventive | |
| Configure the "Recognize smart tags in Excel" to organizational standards. CC ID 07336 | Configuration | Preventive | |
| Configure the "Rely on VML for displaying graphics in browsers" to organizational standards. CC ID 07337 | Configuration | Preventive | |
| Configure the "Protect document metadata for rights managed Office Open XML Files" to organizational standards. CC ID 07338 | Configuration | Preventive | |
| Configure the "Suppress Office Signing Providers" to organizational standards. CC ID 07339 | Configuration | Preventive | |
| Configure the "Suppress external signature services menu item" to organizational standards. CC ID 07340 | Configuration | Preventive | |
| Configure the "Disable the Office client from polling the Office server for published links" to organizational standards. CC ID 07361 | Configuration | Preventive | |
| Configure the "Open Office documents as read/write while browsing" to organizational standards. CC ID 07380 | Configuration | Preventive | |
| Configure the "Specify CNG salt length" to organizational standards. CC ID 07905 | Configuration | Preventive | |
| Configure the "Trusted Location #6" to organizational standards. CC ID 07919 | Configuration | Preventive | |
| Configure the "Trusted Location #9" to organizational standards. CC ID 07920 | Configuration | Preventive | |
| Configure the "Disable template downloads from the client and from Office.com" to organizational standards. CC ID 07942 | Configuration | Preventive | |
| Configure the "Disable customer-submitted templates downloads from Office.com" to organizational standards. CC ID 07949 | Configuration | Preventive | |
| Configure the "Trusted Location #15" to organizational standards. CC ID 07953 | Configuration | Preventive | |
| Configure the "Prevents users from uploading document templates to the Office.com Community." to organizational standards CC ID 08017 | Configuration | Preventive | |
| Configure the "Disable training practice downloads from Office.com" to organizational standards. CC ID 08027 | Configuration | Preventive | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office.com" to organizational standards. CC ID 08049 | Configuration | Preventive | |
| Configure the "Allow Trusted Locations on the network" to organizational standards. CC ID 08053 | Configuration | Preventive | |
| Configure the "Turn off all user customizations" to organizational standards. CC ID 08084 | Configuration | Preventive | |
| Configure the "Disable access to updates, add-ins, and patches on Office.com" to organizational standards. CC ID 08137 | Configuration | Preventive | |
| Configure Microsoft InfoPath settings for Microsoft Office in accordance with organizational standards. CC ID 07219 | Configuration | Preventive | |
| Configure the "InfoPath APTCA Assembly allowable list" to organizational standards. CC ID 07220 | Configuration | Preventive | |
| Configure the "InfoPath APTCA Assembly Allowable List Enforcement" to organizational standards. CC ID 07221 | Configuration | Preventive | |
| Configure the "Allow file types as attachments to forms" to organizational standards. CC ID 07260 | Configuration | Preventive | |
| Configure the "Beaconing UI for forms opened in InfoPath" to organizational standards. CC ID 07262 | Configuration | Preventive | |
| Configure the "Control behavior for Windows SharePoint Services gradual upgrade" to organizational standards. CC ID 07264 | Configuration | Preventive | |
| Configure the "Control behavior when opening forms in the Intranet security zone" to organizational standards. CC ID 07266 | Configuration | Preventive | |
| Configure the "Custom code" to organizational standards. CC ID 07267 | Configuration | Preventive | |
| Configure the "Beaconing UI for forms opened in InfoPath Editor ActiveX" to organizational standards. CC ID 07268 | Configuration | Preventive | |
| Configure the "Control behavior when opening InfoPath e-mail forms containing code or script" to organizational standards. CC ID 07269 | Configuration | Preventive | |
| Configure the "Disable dynamic caching of the form template in InfoPath e-mail forms" to organizational standards. CC ID 07270 | Configuration | Preventive | |
| Configure the "Disable e-mail forms from the Full Trust security zone" to organizational standards. CC ID 07271 | Configuration | Preventive | |
| Configure the "Control behavior when opening forms in the Trusted Site security zone" to organizational standards. CC ID 07272 | Configuration | Preventive | |
| Configure the "Control behavior when opening forms in the Internet security zone" to organizational standards. CC ID 07273 | Configuration | Preventive | |
| Configure the "Disable e-mail forms from the Intranet security zone" to organizational standards. CC ID 07274 | Configuration | Preventive | |
| Configure the "Block specific file types as attachments to forms" to organizational standards. CC ID 07276 | Configuration | Preventive | |
| Configure the "Disable e-mail forms from the Internet security zone" to organizational standards. CC ID 07277 | Configuration | Preventive | |
| Configure the "Disable fully trusted solutions full access to computer" to organizational standards. CC ID 07278 | Configuration | Preventive | |
| Configure the "Disable sending form template with e-mail forms" to organizational standards. CC ID 07279 | Configuration | Preventive | |
| Configure the "Disable InfoPath e-mail forms in Outlook" to organizational standards. CC ID 07280 | Configuration | Preventive | |
| Configure the "Email Forms Beaconing UI" to organizational standards. CC ID 07281 | Configuration | Preventive | |
| Configure the "Disable e-mail forms running in restricted security level" to organizational standards. CC ID 07282 | Configuration | Preventive | |
| Configure the "Disable sending InfoPath 2003 Forms as e-mail forms" to organizational standards. CC ID 07283 | Configuration | Preventive | |
| Configure the "Prevent users from allowing unsafe file types to be attached to forms" to organizational standards. CC ID 07286 | Configuration | Preventive | |
| Configure the "Information Rights Management" to organizational standards. CC ID 07293 | Configuration | Preventive | |
| Configure the "Disable opening of solutions from the Internet security zone" to organizational standards. CC ID 07310 | Configuration | Preventive | |
| Configure the "Offline Mode status" to organizational standards. CC ID 07322 | Configuration | Preventive | |
| Configure Microsoft Access settings for Microsoft Office in accordance with organizational standards. CC ID 07222 | Configuration | Preventive | |
| Configure the "Disable all application add-ins" to organizational standards. CC ID 07223 | Configuration | Preventive | |
| Configure the "Allow Trusted Locations not on the computer" to organizational standards. CC ID 07224 | Configuration | Preventive | |
| Configure the "Disable commands" to organizational standards. CC ID 07225 | Configuration | Preventive | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins" to organizational standards. CC ID 07226 | Configuration | Preventive | |
| Configure the "Disable all trusted locations" to organizational standards. CC ID 07227 | Configuration | Preventive | |
| Configure the "Disable shortcut keys" to organizational standards. CC ID 07228 | Configuration | Preventive | |
| Configure the "Do not prompt to convert older databases" to organizational standards. CC ID 07229 | Configuration | Preventive | |
| Configure the "Modal Trust Decision Only" to organizational standards. CC ID 07230 | Configuration | Preventive | |
| Configure the "Default file format" to organizational standards. CC ID 07231 | Configuration | Preventive | |
| Configure the "Require that application add-ins are signed by Trusted Publisher" to organizational standards. CC ID 07233 | Configuration | Preventive | |
| Configure the "VBA Macro Warning Settings" to organizational standards. CC ID 07234 | Configuration | Preventive | |
| Configure the "Underline hyperlinks" to organizational standards. CC ID 07235 | Configuration | Preventive | |
| Configure Microsoft Excel settings for Microsoft Office in accordance with organizational standards. CC ID 07232 | Configuration | Preventive | |
| Configure the "Block opening of Binary file types" to organizational standards. CC ID 07236 | Configuration | Preventive | |
| Configure the "AutoRepublish Warning Alert" to organizational standards. CC ID 07237 | Configuration | Preventive | |
| Configure the "Block opening of DIF and SYLK file types" to organizational standards. CC ID 07238 | Configuration | Preventive | |
| Configure the "Ask to update automatic links" to organizational standards. CC ID 07239 | Configuration | Preventive | |
| Configure the "Block opening of Open XML file types" to organizational standards. CC ID 07240 | Configuration | Preventive | |
| Configure the "Block opening of Xll file type" to organizational standards. CC ID 07241 | Configuration | Preventive | |
| Configure the "Block opening of Xml file types" to organizational standards. CC ID 07242 | Configuration | Preventive | |
| Configure the "Block opening of Text file types" to organizational standards. CC ID 07243 | Configuration | Preventive | |
| Configure the "Block saving of Binary file types" to organizational standards. CC ID 07244 | Configuration | Preventive | |
| Configure the "Block saving DIF and SYLK file types" to organizational standards. CC ID 07245 | Configuration | Preventive | |
| Configure the "Block opening of files created by pre-release versions of Excel 2007" to organizational standards. CC ID 07246 | Configuration | Preventive | |
| Configure the "Block saving of Text file types" to organizational standards. CC ID 07247 | Configuration | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks" to organizational standards. CC ID 07248 | Configuration | Preventive | |
| Configure the "Block opening of Html and Xmlss file types" to organizational standards. CC ID 07249 | Configuration | Preventive | |
| Configure the "Block opening of Binary 12 file types" to organizational standards. CC ID 07250 | Configuration | Preventive | |
| Configure the "Block saving of Open XML file types" to organizational standards. CC ID 07251 | Configuration | Preventive | |
| Configure the "Block saving of Binary12 file types" to organizational standards. CC ID 07252 | Configuration | Preventive | |
| Configure the "Disable AutoRepublish" to organizational standards. CC ID 07253 | Configuration | Preventive | |
| Configure the "Do not show data extraction options when opening corrupt workbooks" to organizational standards. CC ID 07254 | Configuration | Preventive | |
| Configure the "Internet and network paths as hyperlinks" to organizational standards. CC ID 07255 | Configuration | Preventive | |
| Configure the "Load pictures from Web pages not created in Excel" to organizational standards. CC ID 07256 | Configuration | Preventive | |
| Configure the "Save any additional data necessary to maintain formulas" to organizational standards. CC ID 07257 | Configuration | Preventive | |
| Configure the "Store macro in Personal Macro Workbook by default" to organizational standards. CC ID 07258 | Configuration | Preventive | |
| Configure the "Save Excel files as" to organizational standards. CC ID 07259 | Configuration | Preventive | |
| Configure the "Trust access to Visual Basic Project" to organizational standards. CC ID 07261 | Configuration | Preventive | |
| Configure the "Force file extension to match file type" to organizational standards. CC ID 07263 | Configuration | Preventive | |
| Configure the "Ignore other applications" to organizational standards. CC ID 07265 | Configuration | Preventive | |
| Configure the "Block saving of Html and Xmlss file types" to organizational standards. CC ID 07275 | Configuration | Preventive | |
| Configure the "Trusted Location #10" to organizational standards. CC ID 07927 | Configuration | Preventive | |
| Configure the "Configure CNG cipher chaining mode" to organizational standards. CC ID 07934 | Configuration | Preventive | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins and block them" to organizational standards. CC ID 07938 | Configuration | Preventive | |
| Configure the "Trusted Location #20" to organizational standards. CC ID 07947 | Configuration | Preventive | |
| Configure the "Trusted Location #18" to organizational standards. CC ID 07961 | Configuration | Preventive | |
| Configure the "Do not show AutoRepublish warning alert" to organizational standards. CC ID 07970 | Configuration | Preventive | |
| Configure the "Turn off Protected View for attachments opened from Outlook" to organizational standards. CC ID 07973 | Configuration | Preventive | |
| Configure the "Turn off Trusted Documents on the network" to organizational standards. CC ID 07980 | Configuration | Preventive | |
| Configure the "Trusted Location #11" to organizational standards. CC ID 08006 | Configuration | Preventive | |
| Configure the "Perform file validation on pivot caches" to organizational standards. CC ID 08022 | Configuration | Preventive | |
| Configure the "Scan encrypted macros in Excel Open XML workbooks" to organizational standards. CC ID 08102 | Configuration | Preventive | |
| Configure the "Open files on local Intranet UNC in Protected View" to organizational standards. CC ID 08110 | Configuration | Preventive | |
| Configure the "Microsoft Office query files" to organizational standards. CC ID 08205 | Configuration | Preventive | |
| Configure the "Excel 97-2003 workbooks and templates" to organizational standards. CC ID 08236 | Configuration | Preventive | |
| Configure the "Excel 95-97 workbooks and templates" to organizational standards. CC ID 08255 | Configuration | Preventive | |
| Configure the "XML files" to organizational standards. CC ID 08262 | Configuration | Preventive | |
| Configure the "Excel 3 worksheets" to organizational standards. CC ID 08270 | Configuration | Preventive | |
| Configure the "Dif and Sylk files" to organizational standards. CC ID 08284 | Configuration | Preventive | |
| Configure the "dBase III / IV files" to organizational standards. CC ID 08300 | Configuration | Preventive | |
| Configure the "Excel 2 macrosheets and add-in files" to organizational standards. CC ID 08303 | Configuration | Preventive | |
| Configure the "Excel 2007 and later binary workbooks" to organizational standards. CC ID 08305 | Configuration | Preventive | |
| Configure the "Microsoft Office Open XML converters for Excel" to organizational standards. CC ID 08308 | Configuration | Preventive | |
| Configure the "Web pages and Excel 2003 XML spreadsheets" to organizational standards. CC ID 08314 | Configuration | Preventive | |
| Configure the "Excel 4 workbooks" to organizational standards. CC ID 08315 | Configuration | Preventive | |
| Configure the "Excel 2007 and later workbooks and templates" to organizational standards. CC ID 08317 | Configuration | Preventive | |
| Configure the "Excel 95 workbooks" to organizational standards. CC ID 08319 | Configuration | Preventive | |
| Configure the "Other data source files" to organizational standards. CC ID 08321 | Configuration | Preventive | |
| Configure the "Excel 2007 and later macro-enabled workbooks and templates" to organizational standards. CC ID 08323 | Configuration | Preventive | |
| Configure the "Legacy converters for Excel" to organizational standards. CC ID 08325 | Configuration | Preventive | |
| Configure the "Excel 2 worksheets" to organizational standards. CC ID 08326 | Configuration | Preventive | |
| Configure the "Offline cube files" to organizational standards. CC ID 08327 | Configuration | Preventive | |
| Configure the "Excel 4 macrosheets and add-in files" to organizational standards. CC ID 08329 | Configuration | Preventive | |
| Configure the "Excel 2007 and later add-in files" to organizational standards. CC ID 08330 | Configuration | Preventive | |
| Configure the "Excel 3 macrosheets and add-in files" to organizational standards. CC ID 08332 | Configuration | Preventive | |
| Configure the "OpenDocument Spreadsheet files" to organizational standards. CC ID 08335 | Configuration | Preventive | |
| Configure the "Excel add-in files" to organizational standards. CC ID 08337 | Configuration | Preventive | |
| Configure the "Text files" to organizational standards. CC ID 08339 | Configuration | Preventive | |
| Configure the "Excel 97-2003 add-in files" to organizational standards. CC ID 08344 | Configuration | Preventive | |
| Configure the "Excel 4 worksheets" to organizational standards. CC ID 08345 | Configuration | Preventive | |
| Configure the "Microsoft Office data connection files" to organizational standards. CC ID 08346 | Configuration | Preventive | |
| Configure Microsoft Outlook settings for Microsoft Office in accordance with organizational standards. CC ID 07341 | Configuration | Preventive | |
| Configure the "Add file extensions to block as Level 1" to organizational standards. CC ID 07342 | Configuration | Preventive | |
| Configure the "Access to published calendars" to organizational standards. CC ID 07343 | Configuration | Preventive | |
| Configure the "Add e-mail recipients to users' Safe Senders Lists" to organizational standards. CC ID 07344 | Configuration | Preventive | |
| Configure the "Allow access to e-mail attachments" to organizational standards. CC ID 07345 | Configuration | Preventive | |
| Configure the "Allow Active X One Off Forms" to organizational standards. CC ID 07346 | Configuration | Preventive | |
| Configure the "Add file extensions to block as Level 2" to organizational standards. CC ID 07347 | Configuration | Preventive | |
| Configure the "Allow users to demote attachments to Level 2" to organizational standards. CC ID 07348 | Configuration | Preventive | |
| Configure the "Apply macro security settings to macros, add-ins, and SmartTags" to organizational standards. CC ID 07349 | Configuration | Preventive | |
| Configure the "Allow scripts in one-off Outlook forms" to organizational standards. CC ID 07350 | Configuration | Preventive | |
| Configure the "Authentication with Exchange Server" to organizational standards. CC ID 07351 | Configuration | Preventive | |
| Configure the "Attachment Secure Temporary Folder" to organizational standards. CC ID 07352 | Configuration | Preventive | |
| Configure the "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" to organizational standards. CC ID 07353 | Configuration | Preventive | |
| Configure the "Automatically configure profile based on Active Directory Primary SMTP address" to organizational standards. CC ID 07354 | Configuration | Preventive | |
| Configure the "Block Trusted Zones" to organizational standards. CC ID 07355 | Configuration | Preventive | |
| Configure the "Configure Add-In Trust Level" to organizational standards. CC ID 07356 | Configuration | Preventive | |
| Configure the "Automatically download attachments" to organizational standards. CC ID 07357 | Configuration | Preventive | |
| Configure the "Configure Outlook object model prompt When accessing the Formula property of a UserProperty object" to organizational standards. CC ID 07358 | Configuration | Preventive | |
| Configure the "Configure Outlook object model prompt when accessing address information via UserProperties.Find" to organizational standards. CC ID 07359 | Configuration | Preventive | |
| Configure the "Configure Outlook object model prompt when executing Save As" to organizational standards. CC ID 07360 | Configuration | Preventive | |
| Configure the "Configure Outlook object model prompt when responding to meeting and task requests" to organizational standards. CC ID 07362 | Configuration | Preventive | |
| Configure the "Dial-up options" to organizational standards. CC ID 07363 | Configuration | Preventive | |
| Configure the "Configure Outlook object model prompt when sending mail" to organizational standards. CC ID 07364 | Configuration | Preventive | |
| Configure the "Configure trusted add-ins" to organizational standards. CC ID 07365 | Configuration | Preventive | |
| Configure the "Disable user entries to server list" to organizational standards. CC ID 07366 | Configuration | Preventive | |
| Configure the "Disable Remember Password" to organizational standards. CC ID 07367 | Configuration | Preventive | |
| Configure the "Display Level 1 attachments" to organizational standards. CC ID 07368 | Configuration | Preventive | |
| Configure the "Configure Outlook object model prompt when reading address information" to organizational standards. CC ID 07369 | Configuration | Preventive | |
| Configure the "Do not allow attachment previewing in Outlook" to organizational standards. CC ID 07370 | Configuration | Preventive | |
| Configure the "Do not allow creating, replying, or forwarding signatures for e-mail messages" to organizational standards. CC ID 07371 | Configuration | Preventive | |
| Configure the "Configure Outlook object model prompt when accessing an address book" to organizational standards. CC ID 07372 | Configuration | Preventive | |
| Configure the "Do not allow folders in non-default stores to be set as folder home pages" to organizational standards. CC ID 07373 | Configuration | Preventive | |
| Configure the "Do not allow Outlook object model scripts to run for public folders" to organizational standards. CC ID 07374 | Configuration | Preventive | |
| Configure the "Do not allow Outlook object model scripts to run for shared folders" to organizational standards. CC ID 07375 | Configuration | Preventive | |
| Configure the "Do not automatically sign replies" to organizational standards. CC ID 07376 | Configuration | Preventive | |
| Configure the "Do not check e-mail address against address of certificates being used" to organizational standards. CC ID 07377 | Configuration | Preventive | |
| Configure the "Do not allow users to change permissions on folders" to organizational standards. CC ID 07378 | Configuration | Preventive | |
| Configure the "Do not expand distribution lists" to organizational standards. CC ID 07379 | Configuration | Preventive | |
| Configure the "Do not display 'Publish to GAL' button" to organizational standards. CC ID 07381 | Configuration | Preventive | |
| Configure the "Do not prompt about Level 1 attachments when closing an item" to organizational standards. CC ID 07382 | Configuration | Preventive | |
| Configure the "Do not permit download of content from safe zones" to organizational standards. CC ID 07383 | Configuration | Preventive | |
| Configure the "Download full text of articles as HTML attachments" to organizational standards. CC ID 07384 | Configuration | Preventive | |
| Configure the "Do not prompt about Level 1 attachments when sending an item" to organizational standards. CC ID 07385 | Configuration | Preventive | |
| Configure the "Do not provide Continue option on Encryption warning dialog boxes" to organizational standards. CC ID 07386 | Configuration | Preventive | |
| Configure the "Enable RPC encryption" to organizational standards. CC ID 07387 | Configuration | Preventive | |
| Configure the "Encrypt all e-mail messages" to organizational standards. CC ID 07388 | Configuration | Preventive | |
| Configure the "Enable links in e-mail messages" to organizational standards. CC ID 07389 | Configuration | Preventive | |
| Configure the "Display pictures and external content in HTML e-mail" to organizational standards. CC ID 07390 | Configuration | Preventive | |
| Configure the "Hide Junk Mail UI" to organizational standards. CC ID 07391 | Configuration | Preventive | |
| Configure the "Ensure all S/MIME signed messages have a label" to organizational standards. CC ID 07392 | Configuration | Preventive | |
| Configure the "Include Intranet in Safe Zones for Automatic Picture Download" to organizational standards. CC ID 07393 | Configuration | Preventive | |
| Configure the "Include Internet in Safe Zones for Automatic Picture Download" to organizational standards. CC ID 07394 | Configuration | Preventive | |
| Configure the "Message Formats" to organizational standards. CC ID 07395 | Configuration | Preventive | |
| Configure the "Junk E-mail protection level" to organizational standards. CC ID 07396 | Configuration | Preventive | |
| Configure the "Make Outlook the default program for E-mail, Contacts, and Calendar" to organizational standards. CC ID 07397 | Configuration | Preventive | |
| Configure the "Do not include Internet Calendar integration in Outlook" to organizational standards. CC ID 07398 | Configuration | Preventive | |
| Configure the "Missing CRLs" to organizational standards. CC ID 07399 | Configuration | Preventive | |
| Configure the "Display online status on a person name" to organizational standards. CC ID 07400 | Configuration | Preventive | |
| Configure the "Outlook Rich Text options" to organizational standards. CC ID 07401 | Configuration | Preventive | |
| Configure the "Outlook Security Mode" to organizational standards. CC ID 07402 | Configuration | Preventive | |
| Configure the "Plain text options" to organizational standards. CC ID 07403 | Configuration | Preventive | |
| Configure the "Prevent publishing to a DAV server" to organizational standards. CC ID 07404 | Configuration | Preventive | |
| Configure the "Prevent publishing to Office Online" to organizational standards. CC ID 07405 | Configuration | Preventive | |
| Configure the "Promote Level 2 errors as errors, not warnings" to organizational standards. CC ID 07406 | Configuration | Preventive | |
| Configure the "Prevent users from customizing attachment security settings" to organizational standards. CC ID 07407 | Configuration | Preventive | |
| Configure the "Prompt user to choose security settings if default settings fail" to organizational standards. CC ID 07408 | Configuration | Preventive | |
| Configure the "Remove file extensions blocked as Level 1" to organizational standards. CC ID 07409 | Configuration | Preventive | |
| Configure the "Remove file extensions blocked as Level 2" to organizational standards. CC ID 07410 | Configuration | Preventive | |
| Configure the "Read e-mail as plain text" to organizational standards. CC ID 07411 | Configuration | Preventive | |
| Configure the "Read signed e-mail as plain text" to organizational standards. CC ID 07412 | Configuration | Preventive | |
| Configure the "Request an S/MIME receipt for all S/MIME signed messages" to organizational standards. CC ID 07413 | Configuration | Preventive | |
| Configure the "Restrict level of calendar details users can publish" to organizational standards. CC ID 07414 | Configuration | Preventive | |
| Configure the "Require SuiteB algorithms for S/MIME operations" to organizational standards. CC ID 07415 | Configuration | Preventive | |
| Configure the "Minimum encryption settings" to organizational standards. CC ID 07416 | Configuration | Preventive | |
| Configure the "Retrieving CRLs (Certificate Revocation Lists)" to organizational standards. CC ID 07417 | Configuration | Preventive | |
| Configure the "Run in FIPS compliant mode" to organizational standards. CC ID 07418 | Configuration | Preventive | |
| Configure the "Missing root certificates" to organizational standards. CC ID 07419 | Configuration | Preventive | |
| Configure the "S/MIME password settings" to organizational standards. CC ID 07420 | Configuration | Preventive | |
| Configure the "S/MIME receipt requests" to organizational standards. CC ID 07421 | Configuration | Preventive | |
| Configure the "S/MIME interoperability with external clients:" to organizational standards. CC ID 07422 | Configuration | Preventive | |
| Configure the "Send all signed messages as clear signed messages" to organizational standards. CC ID 07423 | Configuration | Preventive | |
| Configure the "Security setting for macros" to organizational standards. CC ID 07424 | Configuration | Preventive | |
| Configure the "Set control ItemProperty prompt" to organizational standards. CC ID 07425 | Configuration | Preventive | |
| Configure the "Set maximum level of online status on a person name" to organizational standards. CC ID 07426 | Configuration | Preventive | |
| Configure the "Set message format" to organizational standards. CC ID 07427 | Configuration | Preventive | |
| Configure the "Sign all e-mail messages" to organizational standards. CC ID 07428 | Configuration | Preventive | |
| Configure the "Fortezza certificate policies" to organizational standards. CC ID 07429 | Configuration | Preventive | |
| Configure the "Synchronize Outlook RSS Feeds with Common Feed List" to organizational standards. CC ID 07430 | Configuration | Preventive | |
| Configure the "Trust E-mail from Contacts" to organizational standards. CC ID 07431 | Configuration | Preventive | |
| Configure the "Signature Warning" to organizational standards. CC ID 07432 | Configuration | Preventive | |
| Configure the "Turn off RSS feature" to organizational standards. CC ID 07466 | Configuration | Preventive | |
| Configure the "Restrict upload method" to organizational standards. CC ID 07473 | Configuration | Preventive | |
| Configure the "Required Certificate Authority" to organizational standards. CC ID 07493 | Configuration | Preventive | |
| Configure the "Turn off Enable the Person Names Smart Tag option" to organizational standards. CC ID 07499 | Configuration | Preventive | |
| Configure the "Use Unicode format when dragging e-mail message to file system" to organizational standards. CC ID 07506 | Configuration | Preventive | |
| Configure the "URL for S/MIME certificates" to organizational standards. CC ID 07520 | Configuration | Preventive | |
| Configure the "Set Outlook object model Custom Actions execution prompt" to organizational standards. CC ID 07539 | Configuration | Preventive | |
| Configure the "Prevent publishing to Office.com" to organizational standards. CC ID 08243 | Configuration | Preventive | |
| Configure the "Do not allow signatures for e-mail messages" to organizational standards. CC ID 08318 | Configuration | Preventive | |
| Configure Microsoft PowerPoint settings for Microsoft Office in accordance with organizational standards. CC ID 07433 | Configuration | Preventive | |
| Configure the "Block saving of GraphicFilters" to organizational standards. CC ID 07456 | Configuration | Preventive | |
| Configure the "Block opening of Converters" to organizational standards. CC ID 07458 | Configuration | Preventive | |
| Configure the "Save files in this format" to organizational standards. CC ID 07461 | Configuration | Preventive | |
| Configure the "Disable Slide Update" to organizational standards. CC ID 07464 | Configuration | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations" to organizational standards. CC ID 07467 | Configuration | Preventive | |
| Configure the "Block saving of Html file types" to organizational standards. CC ID 07474 | Configuration | Preventive | |
| Configure the "Block saving of Outlines" to organizational standards. CC ID 07485 | Configuration | Preventive | |
| Configure the "Block opening of Outlines" to organizational standards. CC ID 07490 | Configuration | Preventive | |
| Configure the "Make hidden markup visible" to organizational standards. CC ID 07511 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2007" to organizational standards. CC ID 07516 | Configuration | Preventive | |
| Configure the "Run Programs" to organizational standards. CC ID 07518 | Configuration | Preventive | |
| Configure the "Unblock automatic download of linked images" to organizational standards. CC ID 07519 | Configuration | Preventive | |
| Configure the "Block opening of Open Xml files types" to organizational standards. CC ID 07531 | Configuration | Preventive | |
| Configure the "Web Pages" to organizational standards. CC ID 07914 | Configuration | Preventive | |
| Configure the "Turn off trusted documents" to organizational standards. CC ID 07925 | Configuration | Preventive | |
| Configure the "Set CNG password spin count" to organizational standards. CC ID 07946 | Configuration | Preventive | |
| Configure the "Trusted Location #16" to organizational standards. CC ID 07956 | Configuration | Preventive | |
| Configure the "Outline files" to organizational standards. CC ID 07958 | Configuration | Preventive | |
| Configure the "Trusted Location #3" to organizational standards. CC ID 07966 | Configuration | Preventive | |
| Configure the "Scan encrypted macros in PowerPoint Open XML presentations" to organizational standards. CC ID 07967 | Configuration | Preventive | |
| Configure the "Trusted Location #4" to organizational standards. CC ID 07978 | Configuration | Preventive | |
| Configure the "Set maximum number of trusted documents" to organizational standards. CC ID 08005 | Configuration | Preventive | |
| Configure the "Legacy converters for PowerPoint" to organizational standards. CC ID 08009 | Configuration | Preventive | |
| Configure the "Set document behavior if file validation fails" to organizational standards. CC ID 08025 | Configuration | Preventive | |
| Configure the "Microsoft Office Open XML converters for PowerPoint" to organizational standards. CC ID 08030 | Configuration | Preventive | |
| Configure the "PowerPoint beta converters" to organizational standards. CC ID 08047 | Configuration | Preventive | |
| Configure the "OpenDocument Presentation files" to organizational standards. CC ID 08051 | Configuration | Preventive | |
| Configure the "Use new key on password change" to organizational standards. CC ID 08052 | Configuration | Preventive | |
| Configure the "Graphic Filters" to organizational standards. CC ID 08060 | Configuration | Preventive | |
| Configure the "PowerPoint 2007 and later presentations, shows, templates, themes and add-in files" to organizational standards. CC ID 08099 | Configuration | Preventive | |
| Configure the "PowerPoint 97-2003 presentations, shows, templates and add-in files" to organizational standards. CC ID 08106 | Configuration | Preventive | |
| Configure the "PowerPoint beta files" to organizational standards. CC ID 08121 | Configuration | Preventive | |
| Configure the "Set default file block behavior" to organizational standards. CC ID 08142 | Configuration | Preventive | |
| Configure Microsoft Word settings for Microsoft Office in accordance with organizational standards. CC ID 07438 | Configuration | Preventive | |
| Configure the "Block opening of files before version" to organizational standards. CC ID 07462 | Configuration | Preventive | |
| Configure the "Block open Converters" to organizational standards. CC ID 07468 | Configuration | Preventive | |
| Configure the "Update automatic links at Open" to organizational standards. CC ID 07483 | Configuration | Preventive | |
| Configure the "Warn before printing, saving or sending a file that contains tracked changes or comments" to organizational standards. CC ID 07494 | Configuration | Preventive | |
| Configure the "Block saving of RTF file types" to organizational standards. CC ID 07501 | Configuration | Preventive | |
| Configure the "Block saving of Converters" to organizational standards. CC ID 07504 | Configuration | Preventive | |
| Configure the "Block opening of Word 2003 XML file types" to organizational standards. CC ID 07507 | Configuration | Preventive | |
| Configure the "Block opening of RTF file types" to organizational standards. CC ID 07510 | Configuration | Preventive | |
| Configure the "Block opening of HTML file types" to organizational standards. CC ID 07512 | Configuration | Preventive | |
| Configure the "Hidden text" to organizational standards. CC ID 07513 | Configuration | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents" to organizational standards. CC ID 07533 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2007" to organizational standards. CC ID 07541 | Configuration | Preventive | |
| Configure the "Block opening of Internal file types" to organizational standards. CC ID 07552 | Configuration | Preventive | |
| Configure the "Block saving of Word 2003 XML file types" to organizational standards. CC ID 07567 | Configuration | Preventive | |
| Configure the "RTF files" to organizational standards. CC ID 07911 | Configuration | Preventive | |
| Configure the "Set maximum number of trust records to preserve" to organizational standards. CC ID 07912 | Configuration | Preventive | |
| Configure the "Specify CNG hash algorithm" to organizational standards. CC ID 07913 | Configuration | Preventive | |
| Configure the "VBA Macro Notification Settings" to organizational standards. CC ID 07926 | Configuration | Preventive | |
| Configure the "Trusted Location #2" to organizational standards. CC ID 07933 | Configuration | Preventive | |
| Configure the "Do not open files in unsafe locations in Protected View" to organizational standards. CC ID 07939 | Configuration | Preventive | |
| Configure the "Set parameters for CNG context" to organizational standards. CC ID 07948 | Configuration | Preventive | |
| Configure the "Store random number to improve merge accuracy" to organizational standards. CC ID 07972 | Configuration | Preventive | |
| Configure the "Trusted Location #19" to organizational standards. CC ID 07975 | Configuration | Preventive | |
| Configure the "Legacy converters for Word" to organizational standards. CC ID 07985 | Configuration | Preventive | |
| Configure the "Trusted Location #5" to organizational standards. CC ID 07987 | Configuration | Preventive | |
| Configure the "Word 6.0 binary documents and templates" to organizational standards. CC ID 07995 | Configuration | Preventive | |
| Configure the "Word 2000 binary documents and templates" to organizational standards. CC ID 08012 | Configuration | Preventive | |
| Configure the "Trusted Location #13" to organizational standards. CC ID 08013 | Configuration | Preventive | |
| Configure the "Trusted Location #17" to organizational standards. CC ID 08015 | Configuration | Preventive | |
| Configure the "Word 97 binary documents and templates" to organizational standards. CC ID 08024 | Configuration | Preventive | |
| Configure the "Do not open files from the Internet zone in Protected View" to organizational standards. CC ID 08029 | Configuration | Preventive | |
| Configure the "Turn off file validation" to organizational standards. CC ID 08048 | Configuration | Preventive | |
| Configure the "Office Open XML converters for Word" to organizational standards. CC ID 08055 | Configuration | Preventive | |
| Configure the "Word 95 binary documents and templates" to organizational standards. CC ID 08065 | Configuration | Preventive | |
| Configure the "Word beta converters" to organizational standards. CC ID 08080 | Configuration | Preventive | |
| Configure the "Word 2007 and later binary documents and templates" to organizational standards. CC ID 08082 | Configuration | Preventive | |
| Configure the "Word beta files" to organizational standards. CC ID 08092 | Configuration | Preventive | |
| Configure the "Word 2003 binary documents and templates" to organizational standards. CC ID 08093 | Configuration | Preventive | |
| Configure the "Word XP binary documents and templates" to organizational standards. CC ID 08095 | Configuration | Preventive | |
| Configure the "Word 2007 and later documents and templates" to organizational standards. CC ID 08097 | Configuration | Preventive | |
| Configure the "Word 2 and earlier binary documents and templates" to organizational standards. CC ID 08112 | Configuration | Preventive | |
| Configure the "Plain text files" to organizational standards. CC ID 08125 | Configuration | Preventive | |
| Configure the "Word 2003 and plain XML documents" to organizational standards. CC ID 08134 | Configuration | Preventive | |
| Configure the "OpenDocument Text files" to organizational standards. CC ID 08141 | Configuration | Preventive | |
| Configure the "Scan encrypted macros in Word Open XML documents" to organizational standards. CC ID 08147 | Configuration | Preventive | |
| Configure Microsoft OneNote settings for Microsoft Office in accordance with organizational standards. CC ID 07908 | Configuration | Preventive | |
| Configure the "Specify encryption compatibility" to organizational standards. CC ID 07909 | Configuration | Preventive | |
| Configure the "Specify CNG random number generator algorithm" to organizational standards. CC ID 07916 | Configuration | Preventive | |
| Configure the "Set CNG cipher algorithm" to organizational standards. CC ID 07944 | Configuration | Preventive | |
| Configure the "Set CNG cipher key length" to organizational standards. CC ID 07974 | Configuration | Preventive | |
| Configure User Interface settings for Microsoft Office in accordance with organizational standards. CC ID 07923 | Configuration | Preventive | |
| Configure Signing settings for Microsoft Office in accordance with organizational standards. CC ID 07929 | Configuration | Preventive | |
| Configure Email Form settings for Microsoft Office in accordance with organizational standards. CC ID 07930 | Configuration | Preventive | |
| Configure Security settings for Microsoft Office in accordance with organizational standards. CC ID 07932 | Configuration | Preventive | |
| Configure the "Trusted Location #8" to organizational standards. CC ID 07935 | Configuration | Preventive | |
| Configure the "Unsafe Location #12" to organizational standards. CC ID 07940 | Configuration | Preventive | |
| Configure the "Unsafe Location #20" to organizational standards. CC ID 07943 | Configuration | Preventive | |
| Configure the "Check the XAdES portions of a digital signature" to organizational standards. CC ID 07955 | Configuration | Preventive | |
| Configure the "Check OLE objects" to organizational standards. CC ID 07957 | Configuration | Preventive | |
| Configure the "Consistent Mime Handling" to organizational standards. CC ID 07959 | Configuration | Preventive | |
| Configure the "Protection From Zone Elevation" to organizational standards. CC ID 07964 | Configuration | Preventive | |
| Configure the "Trusted Location #14" to organizational standards. CC ID 07965 | Configuration | Preventive | |
| Configure the "Turn off Data Execution Prevention" to organizational standards. CC ID 07968 | Configuration | Preventive | |
| Configure the "Trusted Location #12" to organizational standards. CC ID 07976 | Configuration | Preventive | |
| Configure the "Set password hash format as ISO-compliant" to organizational standards. CC ID 07977 | Configuration | Preventive | |
| Configure the "Prompt to allow fatally corrupt files to open instead of blocking them" to organizational standards. CC ID 07982 | Configuration | Preventive | |
| Configure the "Encrypt document properties" to organizational standards. CC ID 07991 | Configuration | Preventive | |
| Configure the "Prevent Word and Excel from loading managed code extensions" to organizational standards. CC ID 07999 | Configuration | Preventive | |
| Configure the "Apply macro security settings to macros, add-ins and additional actions" to organizational standards. CC ID 08002 | Configuration | Preventive | |
| Configure the "Add-on Management" to organizational standards. CC ID 08007 | Configuration | Preventive | |
| Configure the "Trusted Location #7" to organizational standards. CC ID 08008 | Configuration | Preventive | |
| Configure the "Trusted Location #1" to organizational standards. CC ID 08016 | Configuration | Preventive | |
| Configure the "Unsafe Location #13" to organizational standards. CC ID 08023 | Configuration | Preventive | |
| Configure the "S/MIME receipt requests behavior" to organizational standards. CC ID 08026 | Configuration | Preventive | |
| Configure the "Do not include XAdES reference object in the manifest" to organizational standards. CC ID 08031 | Configuration | Preventive | |
| Configure the "Unsafe Location #11" to organizational standards. CC ID 08032 | Configuration | Preventive | |
| Configure the "Windows Internet Explorer Feature Control Opt-In" to organizational standards. CC ID 08033 | Configuration | Preventive | |
| Configure the "Allow hyperlinks in suspected phishing e-mail messages" to organizational standards. CC ID 08034 | Configuration | Preventive | |
| Configure the "Unsafe Location #5" to organizational standards. CC ID 08038 | Configuration | Preventive | |
| Configure the "Specify minimum XAdES level for digital signature generation" to organizational standards. CC ID 08040 | Configuration | Preventive | |
| Configure the "Check OWC data source providers" to organizational standards. CC ID 08041 | Configuration | Preventive | |
| Configure the "Unsafe Location #10" to organizational standards. CC ID 08044 | Configuration | Preventive | |
| Configure the "Set password rules domain timeout" to organizational standards. CC ID 08045 | Configuration | Preventive | |
| Configure the "Object Caching Protection" to organizational standards. CC ID 08046 | Configuration | Preventive | |
| Configure the "Unsafe Location #18" to organizational standards. CC ID 08056 | Configuration | Preventive | |
| Configure the "Unsafe Location #8" to organizational standards. CC ID 08057 | Configuration | Preventive | |
| Configure the "Unsafe Location #3" to organizational standards. CC ID 08059 | Configuration | Preventive | |
| Configure the "Unsafe Location #6" to organizational standards. CC ID 08063 | Configuration | Preventive | |
| Configure the "Replies or forwards to signed/encrypted messages are signed/encrypted" to organizational standards. CC ID 08064 | Configuration | Preventive | |
| Configure the "Set timestamp server timeout" to organizational standards. CC ID 08068 | Configuration | Preventive | |
| Configure the "Unsafe Location #16" to organizational standards. CC ID 08071 | Configuration | Preventive | |
| Configure the "Previous-version file formats" to organizational standards. CC ID 08072 | Configuration | Preventive | |
| Configure the "Turn off PDF encryption setting UI" to organizational standards. CC ID 08074 | Configuration | Preventive | |
| Configure the "Unsafe Location #2" to organizational standards. CC ID 08075 | Configuration | Preventive | |
| Configure the "Restrict File Download" to organizational standards. CC ID 08076 | Configuration | Preventive | |
| Configure the "Require OCSP at signature generation time" to organizational standards. CC ID 08077 | Configuration | Preventive | |
| Configure the "Disable Password Caching" to organizational standards. CC ID 08079 | Configuration | Preventive | |
| Configure the "Message when Outlook cannot find the digital ID to decode a message" to organizational standards. CC ID 08083 | Configuration | Preventive | |
| Configure the "Enable Cryptography Icons" to organizational standards. CC ID 08086 | Configuration | Preventive | |
| Configure the "Unsafe Location #14" to organizational standards. CC ID 08091 | Configuration | Preventive | |
| Configure the "Disable 'Remember password' for Internet e-mail accounts" to organizational standards. CC ID 08096 | Configuration | Preventive | |
| Configure the "Suppress hyperlink warnings" to organizational standards. CC ID 08100 | Configuration | Preventive | |
| Configure the "Use Protected View for attachments received from internal senders" to organizational standards. CC ID 08104 | Configuration | Preventive | |
| Configure the "Unsafe Location #9" to organizational standards. CC ID 08108 | Configuration | Preventive | |
| Configure the "Display OLE package objects" to organizational standards. CC ID 08109 | Configuration | Preventive | |
| Configure the "Configure time stamping hashing algorithm" to organizational standards. CC ID 08111 | Configuration | Preventive | |
| Configure the "Scripted Window Security Restrictions" to organizational standards. CC ID 08113 | Configuration | Preventive | |
| Configure the "Set password rules level" to organizational standards. CC ID 08117 | Configuration | Preventive | |
| Configure the "Information Bar" to organizational standards. CC ID 08118 | Configuration | Preventive | |
| Configure the "Mime Sniffing Safety Feature" to organizational standards. CC ID 08119 | Configuration | Preventive | |
| Configure the "Publisher Automation Security Level" to organizational standards. CC ID 08123 | Configuration | Preventive | |
| Configure the "Check Excel RTD servers" to organizational standards. CC ID 08127 | Configuration | Preventive | |
| Configure the "Path to shared Workgroup information file for secured MDB files" to organizational standards. CC ID 08128 | Configuration | Preventive | |
| Configure the "Check ActiveX objects" to organizational standards. CC ID 08131 | Configuration | Preventive | |
| Configure the "Unsafe Location #15" to organizational standards. CC ID 08132 | Configuration | Preventive | |
| Configure the "Unsafe Location #19" to organizational standards. CC ID 08135 | Configuration | Preventive | |
| Configure the "Always use TNEF formatting in S/MIME messages" to organizational standards. CC ID 08136 | Configuration | Preventive | |
| Configure the "Restrict ActiveX Install" to organizational standards. CC ID 08138 | Configuration | Preventive | |
| Configure the "Set signature verification level" to organizational standards. CC ID 08140 | Configuration | Preventive | |
| Configure the "Unsafe Location #17" to organizational standards. CC ID 08143 | Configuration | Preventive | |
| Configure the "Do not allow expired certificates when validating signatures" to organizational standards. CC ID 08144 | Configuration | Preventive | |
| Configure the "Unsafe Location #4" to organizational standards. CC ID 08145 | Configuration | Preventive | |
| Configure the "Requested XAdES level for signature generation" to organizational standards. CC ID 08146 | Configuration | Preventive | |
| Configure the "Specify timestamp server name" to organizational standards. CC ID 08148 | Configuration | Preventive | |
| Configure the "Unsafe Location #7" to organizational standards. CC ID 08149 | Configuration | Preventive | |
| Configure the "Select digital signature hashing algorithm" to organizational standards. CC ID 08150 | Configuration | Preventive | |
| Configure the "Local Machine Zone Lockdown Security" to organizational standards. CC ID 08151 | Configuration | Preventive | |
| Configure the "Graphics filter import" to organizational standards. CC ID 08152 | Configuration | Preventive | |
| Configure the "Unsafe Location #1" to organizational standards. CC ID 08153 | Configuration | Preventive | |
| Configure the "Security Level" to organizational standards. CC ID 08157 | Configuration | Preventive | |
| Configure the "Turn off error reporting for files that fail file validation" to organizational standards. CC ID 08159 | Configuration | Preventive | |
| Configure the "Block application add-ins loading" to organizational standards. CC ID 08160 | Configuration | Preventive | |
| Configure the "Allow the use of ActiveX Custom Controls in InfoPath forms" to organizational standards. CC ID 08171 | Configuration | Preventive | |
| Configure the "Control behavior for Microsoft SharePoint Foundation gradual upgrade" to organizational standards. CC ID 08181 | Configuration | Preventive | |
| Configure the "Block cross-domain data form retrieval" to organizational standards. CC ID 08238 | Configuration | Preventive | |
| Configure the "Display a warning that a form is digitally signed" to organizational standards. CC ID 08307 | Configuration | Preventive | |
| Configure the "Beaconing UI for forms opened in InfoPath Filler ActiveX" to organizational standards. CC ID 08333 | Configuration | Preventive | |
| Configure the "Disable opening forms with managed code from the Internet security zone" to organizational standards. CC ID 08340 | Configuration | Preventive | |
| Configure Restricted Permissions settings for Microsoft Office in accordance with organizational standards. CC ID 07937 | Configuration | Preventive | |
| Configure Account settings for Microsoft Office in accordance with organizational standards. CC ID 07951 | Configuration | Preventive | |
| Configure Add-In settings for Microsoft Office in accordance with organizational standards. CC ID 07962 | Configuration | Preventive | |
| Configure the "Do not allow on-demand activity synchronization" to organizational standards. CC ID 07963 | Configuration | Preventive | |
| Configure the "Do not show social network info-bars" to organizational standards. CC ID 07988 | Configuration | Preventive | |
| Configure the "Turn off Outlook Social Connector" to organizational standards. CC ID 07989 | Configuration | Preventive | |
| Configure the "Set GAL contact synchronization interval" to organizational standards. CC ID 08039 | Configuration | Preventive | |
| Configure the "Do not download photos from Active Directory" to organizational standards. CC ID 08043 | Configuration | Preventive | |
| Configure the "Specify activity feed synchronization interval" to organizational standards. CC ID 08058 | Configuration | Preventive | |
| Configure the "Block social network contact synchronization" to organizational standards. CC ID 08062 | Configuration | Preventive | |
| Configure the "Block network activity synchronization" to organizational standards. CC ID 08103 | Configuration | Preventive | |
| Configure the "Block specific social network providers" to organizational standards. CC ID 08114 | Configuration | Preventive | |
| Configure the "Specify list of social network providers to load" to organizational standards. CC ID 08122 | Configuration | Preventive | |
| Configure the "Block Global Address List synchronization" to organizational standards. CC ID 08139 | Configuration | Preventive | |
| Configure the "Prevent social network connectivity" to organizational standards. CC ID 08156 | Configuration | Preventive | |
| Configure File Format Converter settings for Microsoft Office in accordance with organizational standards. CC ID 07983 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Excel 2010 through the Compatibility Pack for Office 2010 and Excel 2010 Converter" to organizational standards. CC ID 07984 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter" to organizational standards. CC ID 08004 | Configuration | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2010 through the Compatibility Pack for Office 2010 and PowerPoint 2010 Converter" to organizational standards. CC ID 08124 | Configuration | Preventive | |
| Configure Microsoft Project settings for Microsoft Office in accordance with organizational standards. CC ID 08036 | Configuration | Preventive | |
| Configure the "Enable untrusted intranet zone access to Project server" to organizational standards. CC ID 08037 | Configuration | Preventive | |
| Configure Meeting Workspace settings for Microsoft Office in accordance with organizational standards. CC ID 08050 | Configuration | Preventive | |
| Configure Miscellaneous settings for Microsoft Office in accordance with organizational standards. CC ID 08054 | Configuration | Preventive | |
| Configure the "OLAP PivotTable User Defined Function (UDF) security setting" to organizational standards. CC ID 08133 | Configuration | Preventive | |
| Configure the "Do not expand Contact Groups" to organizational standards. CC ID 08343 | Configuration | Preventive | |
| Configure Data Backup and Recovery settings for Microsoft Office in accordance with organizational standards. CC ID 08098 | Configuration | Preventive | |
| Configure Privacy settings for Microsoft Office in accordance with organizational standards. CC ID 08101 | Configuration | Preventive | |
| Configure Server Settings settings for Microsoft Office in accordance with organizational standards. CC ID 08154 | Configuration | Preventive | |
| Configure the "Disable the Office client from polling the SharePoint Server for published links" to organizational standards. CC ID 08155 | Configuration | Preventive | |
| Configure Smart Documents settings for Microsoft Office in accordance with organizational standards. CC ID 08158 | Configuration | Preventive | |
| Configure Fax settings for Microsoft Office in accordance with organizational standards. CC ID 08310 | Configuration | Preventive | |
| Configure the "Date Format" setting to organizational standards. CC ID 09400 | Configuration | Preventive | |
| Configure the "Do not allow printing to Journal Note Writer" setting to organizational standards. CC ID 10911 | Configuration | Preventive | |
| Configure the "Do not allow Windows Journal to be run" setting to organizational standards. CC ID 10922 | Configuration | Preventive | |
| Configure Services settings to organizational standards. CC ID 07434 | Configuration | Preventive | |
| Configure Active Directory in accordance with organizational standards. CC ID 16434 | Configuration | Preventive | |
| Configure SID filtering in accordance with organizational standards. CC ID 16435 | Configuration | Preventive | |
| Configure AWS Config to organizational standards. CC ID 15440 | Configuration | Preventive | |
| Configure "Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service" to organizational standards. CC ID 15343 | Configuration | Preventive | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_X64" to organizational standards CC ID 07435 | Configuration | Preventive | |
| Configure the "namespace" to organizational standards. CC ID 14654 | Configuration | Preventive | |
| Configure the "Smart Card" to organizational standards. CC ID 07436 | Configuration | Preventive | |
| Configure the "File Server Storage Reports Manager" to organizational standards. CC ID 07437 | Configuration | Preventive | |
| Configure the "IP Helper" to organizational standards. CC ID 07439 | Configuration | Preventive | |
| Configure the "ipc" argument to organizational standards. CC ID 14524 | Configuration | Preventive | |
| Configure the "AD RMS Logging Service" to organizational standards. CC ID 07440 | Configuration | Preventive | |
| Configure the "Windows Time" to organizational standards. CC ID 07441 | Configuration | Preventive | |
| Configure the "Protected Storage" to organizational standards. CC ID 07442 | Configuration | Preventive | |
| Configure the "Windows License Monitoring Service" to organizational standards. CC ID 07443 | Configuration | Preventive | |
| Configure the "Portable Device Enumerator Service" to organizational standards. CC ID 07444 | Configuration | Preventive | |
| Configure the "Software Licensing" to organizational standards. CC ID 07445 | Configuration | Preventive | |
| Configure the "Offline Files" to organizational standards. CC ID 07446 | Configuration | Preventive | |
| Configure the "Peer Networking Identity Manager" to organizational standards. CC ID 07447 | Configuration | Preventive | |
| Configure the "Human Interface Device Access" to organizational standards. CC ID 07448 | Configuration | Preventive | |
| Configure the "Link-Layer Topology Discovery Mapper" to organizational standards. CC ID 07449 | Configuration | Preventive | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_I64" to organizational standards CC ID 07450 | Configuration | Preventive | |
| Configure the "Windows Firewall" to organizational standards. CC ID 07451 | Configuration | Preventive | |
| Configure the "networkpolicy" to organizational standards. CC ID 14655 | Configuration | Preventive | |
| Configure the "Net.Tcp Port Sharing Service" to organizational standards. CC ID 07452 | Configuration | Preventive | |
| Configure the "pid" argument to organizational standards. CC ID 14532 | Configuration | Preventive | |
| Configure the "Secondary Logon" to organizational standards. CC ID 07453 | Configuration | Preventive | |
| Configure the "Remote Access Connection Manager" to organizational standards. CC ID 07454 | Configuration | Preventive | |
| Configure the "Function Discovery Provider Host" to organizational standards. CC ID 07455 | Configuration | Preventive | |
| Configure the "Windows Process Activation Service" to organizational standards. CC ID 07457 | Configuration | Preventive | |
| Configure the "Task Scheduler" to organizational standards. CC ID 07459 | Configuration | Preventive | |
| Configure the "Intersite Messaging" to organizational standards. CC ID 07460 | Configuration | Preventive | |
| Configure the "Special Administration Console Helper" to organizational standards. CC ID 07463 | Configuration | Preventive | |
| Configure the "Security Accounts Manager" to organizational standards. CC ID 07465 | Configuration | Preventive | |
| Configure the "Kerberos Key Distribution Center" to organizational standards. CC ID 07469 | Configuration | Preventive | |
| Configure the "COM+ System Application" to organizational standards. CC ID 07470 | Configuration | Preventive | |
| Configure the "RPC Endpoint Mapper" to organizational standards. CC ID 07471 | Configuration | Preventive | |
| Configure the "UPnP Device Host" to organizational standards. CC ID 07472 | Configuration | Preventive | |
| Configure the "DHCP Client" to organizational standards. CC ID 07475 | Configuration | Preventive | |
| Configure the "Extensible Authentication Protocol" to organizational standards. CC ID 07476 | Configuration | Preventive | |
| Configure the "SNMP Service" to organizational standards. CC ID 07477 | Configuration | Preventive | |
| Configure the "Message Queuing Down Level Clients" to organizational standards. CC ID 07478 | Configuration | Preventive | |
| Configure the "TPM Base Services" to organizational standards. CC ID 07479 | Configuration | Preventive | |
| Configure the "Windows Deployment Services server" to organizational standards. CC ID 07480 | Configuration | Preventive | |
| Configure the "Microsoft iSNS Server" to organizational standards. CC ID 07481 | Configuration | Preventive | |
| Configure the "Multimedia Class Scheduler" to organizational standards. CC ID 07482 | Configuration | Preventive | |
| Configure the "uts" argument to organizational standards. CC ID 14526 | Configuration | Preventive | |
| Configure the "Performance Counter DLL Host" to organizational standards. CC ID 07484 | Configuration | Preventive | |
| Configure the "pids-limit" argument to organizational standards. CC ID 14537 | Configuration | Preventive | |
| Configure the "Windows Search" to organizational standards. CC ID 07486 | Configuration | Preventive | |
| Configure the "DFS Replication" to organizational standards. CC ID 07487 | Configuration | Preventive | |
| Configure the "Superfetch" to organizational standards. CC ID 07488 | Configuration | Preventive | |
| Configure the "Power" to organizational standards. CC ID 07489 | Configuration | Preventive | |
| Configure the "Remote Access Quarantine Agent" to organizational standards. CC ID 07491 | Configuration | Preventive | |
| Configure the "Windows Audio" to organizational standards. CC ID 07492 | Configuration | Preventive | |
| Configure the "Windows Event Log" to organizational standards. CC ID 07495 | Configuration | Preventive | |
| Configure the "Performance Logs & Alerts" to organizational standards. CC ID 07496 | Configuration | Preventive | |
| Configure the "File Replication" to organizational standards. CC ID 07497 | Configuration | Preventive | |
| Configure the "Encrypting File System (EFS)" to organizational standards. CC ID 07498 | Configuration | Preventive | |
| Configure the "userns" argument to organizational standards. CC ID 14530 | Configuration | Preventive | |
| Configure the "Quality Windows Audio Video Experience" to organizational standards. CC ID 07500 | Configuration | Preventive | |
| Configure the "TCP/IP NetBIOS Helper" to organizational standards. CC ID 07502 | Configuration | Preventive | |
| Configure the "Windows System Resource Manager" to organizational standards. CC ID 07503 | Configuration | Preventive | |
| Configure the "Interactive Services Detection" to organizational standards. CC ID 07505 | Configuration | Preventive | |
| Configure the "Software Protection" to organizational standards. CC ID 07508 | Configuration | Preventive | |
| Configure the "ASP .NET State Service" to organizational standards CC ID 07509 | Configuration | Preventive | |
| Configure the "Distributed Transaction Coordinator" to organizational standards. CC ID 07514 | Configuration | Preventive | |
| Configure the "Telnet" to organizational standards. CC ID 07515 | Configuration | Preventive | |
| Configure the "Hyper-V Image Management Service" to organizational standards. CC ID 07517 | Configuration | Preventive | |
| Configure the "Server" to organizational standards. CC ID 07521 | Configuration | Preventive | |
| Configure the "Group Policy Client" to organizational standards. CC ID 07522 | Configuration | Preventive | |
| Configure the "Desktop Window Manager Session Manager" to organizational standards. CC ID 07523 | Configuration | Preventive | |
| Configure the "Windows Management Instrumentation" to organizational standards. CC ID 07524 | Configuration | Preventive | |
| Configure the "World Wide Web Publishing Service" to organizational standards. CC ID 07525 | Configuration | Preventive | |
| Configure the "Function Discovery Resource Publication" to organizational standards. CC ID 07526 | Configuration | Preventive | |
| Configure the "Simple Mail Transport Protocol (SMTP)" to organizational standards. CC ID 07527 | Configuration | Preventive | |
| Configure the "Resultant Set of Policy Provider" to organizational standards. CC ID 07528 | Configuration | Preventive | |
| Configure the "WMI Performance Adapter" to organizational standards. CC ID 07529 | Configuration | Preventive | |
| Configure the "Disk Defragmenter" to organizational standards. CC ID 07530 | Configuration | Preventive | |
| Configure the "IIS Admin Service" to organizational standards. CC ID 07532 | Configuration | Preventive | |
| Configure the "Volume Shadow Copy" to organizational standards. CC ID 07534 | Configuration | Preventive | |
| Configure the "Network Location Awareness" to organizational standards. CC ID 07535 | Configuration | Preventive | |
| Configure the "Windows Presentation Foundation Font Cache 3.0.0.0" to organizational standards. CC ID 07536 | Configuration | Preventive | |
| Configure the "WinHTTP Web Proxy Auto-Discovery Service" to organizational standards. CC ID 07537 | Configuration | Preventive | |
| Configure the "Network List Service" to organizational standards. CC ID 07538 | Configuration | Preventive | |
| Configure the "Application Experience" to organizational standards. CC ID 07540 | Configuration | Preventive | |
| Configure the "Active Directory Web Services" to organizational standards. CC ID 07542 | Configuration | Preventive | |
| Configure the "SSDP Discovery" to organizational standards. CC ID 07543 | Configuration | Preventive | |
| Configure the "TCP/IP Print Server" to organizational standards. CC ID 07544 | Configuration | Preventive | |
| Configure "Netlogon" to organizational standards. CC ID 07545 | Configuration | Preventive | |
| Configure the "Windows Error Reporting Service" to organizational standards. CC ID 07546 | Configuration | Preventive | |
| Configure the "IKE and AuthIP IPsec Keying Modules" to organizational standards. CC ID 07547 | Configuration | Preventive | |
| Configure the "DFS Namespace" to organizational standards. CC ID 07548 | Configuration | Preventive | |
| Configure the "SQL Server VSS Writer" to organizational standards. CC ID 07549 | Configuration | Preventive | |
| Configure the "Network Policy Server" to organizational standards. CC ID 07550 | Configuration | Preventive | |
| Configure the "Windows Driver Foundation - User-mode Driver Framework" to organizational standards. CC ID 07551 | Configuration | Preventive | |
| Configure the "Server For NIS" to organizational standards. CC ID 07553 | Configuration | Preventive | |
| Configure the "User Profile Service" to organizational standards. CC ID 07554 | Configuration | Preventive | |
| Configure the "SNMP Trap" to organizational standards. CC ID 07555 | Configuration | Preventive | |
| Configure the "Net.Tcp Listener Adapter" to organizational standards. CC ID 07556 | Configuration | Preventive | |
| Configure the "Network Access Protection Agent" to organizational standards. CC ID 07557 | Configuration | Preventive | |
| Configure the "Remote Access Auto Connection Manager" to organizational standards. CC ID 07558 | Configuration | Preventive | |
| Configure the "Server for NFS" to organizational standards. CC ID 07559 | Configuration | Preventive | |
| Configure the "Credential Manager" to organizational standards. CC ID 07560 | Configuration | Preventive | |
| Configure the "Workstation" to organizational standards. CC ID 07561 | Configuration | Preventive | |
| Configure the "PNRP Machine Name Publication Service" to organizational standards. CC ID 07562 | Configuration | Preventive | |
| Configure the "Print Spooler" to organizational standards. CC ID 07563 | Configuration | Preventive | |
| Configure the "Windows Internet Name Service (WINS)" to organizational standards. CC ID 07564 | Configuration | Preventive | |
| Configure the "Net.Msmq Listener Adapter" to organizational standards. CC ID 07565 | Configuration | Preventive | |
| Configure the "COM+ Event System" to organizational standards. CC ID 07566 | Configuration | Preventive | |
| Configure the "Windows Update" to organizational standards. CC ID 07568 | Configuration | Preventive | |
| Configure the "Windows Installer" to organizational standards. CC ID 07569 | Configuration | Preventive | |
| Configure the "Windows Color System" to organizational standards. CC ID 07570 | Configuration | Preventive | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_X86" to organizational standards CC ID 07571 | Configuration | Preventive | |
| Configure the "Block Level Backup Engine Service" to organizational standards. CC ID 07572 | Configuration | Preventive | |
| Configure the "Windows CardSpace" to organizational standards. CC ID 07573 | Configuration | Preventive | |
| Configure the "webclient" to organizational standards. CC ID 07574 | Configuration | Preventive | |
| Configure the "Diagnostic Service Host" to organizational standards. CC ID 07575 | Configuration | Preventive | |
| Configure the "Active Directory Certificate Services" to organizational standards. CC ID 07576 | Configuration | Preventive | |
| Configure the "File Server Resource Manager" to organizational standards. CC ID 07577 | Configuration | Preventive | |
| Configure the "Secure Socket Tunneling Protocol Service" to organizational standards. CC ID 07578 | Configuration | Preventive | |
| Configure the "Cluster Service" to organizational standards. CC ID 07579 | Configuration | Preventive | |
| Configure the "Application Management" to organizational standards. CC ID 07580 | Configuration | Preventive | |
| Configure the "Remote Procedure Call (RPC) Locator" to organizational standards. CC ID 07581 | Configuration | Preventive | |
| Configure the "Thread Ordering Server" to organizational standards. CC ID 07582 | Configuration | Preventive | |
| Configure the "FTP Publishing Service" to organizational standards. CC ID 07583 | Configuration | Preventive | |
| Configure the "System Event Notification Service" to organizational standards. CC ID 07584 | Configuration | Preventive | |
| Configure the "Remote Procedure Call (RPC)" to organizational standards. CC ID 07585 | Configuration | Preventive | |
| Configure the "Net.Pipe Listener Adapter" to organizational standards. CC ID 07586 | Configuration | Preventive | |
| Configure the "Remote Desktop Licensing" to organizational standards. CC ID 07587 | Configuration | Preventive | |
| Configure the "Message Queuing Triggers" to organizational standards. CC ID 07588 | Configuration | Preventive | |
| Configure the "Windows Modules Installer" to organizational standards. CC ID 07589 | Configuration | Preventive | |
| Configure the "Application Layer Gateway Service" to organizational standards. CC ID 07590 | Configuration | Preventive | |
| Configure the "DNS Server" to organizational standards. CC ID 07591 | Configuration | Preventive | |
| Configure the "Web Management Service" to organizational standards. CC ID 07592 | Configuration | Preventive | |
| Configure the "Windows Remote Management (WS-Management)" to organizational standards. CC ID 07593 | Configuration | Preventive | |
| Configure the "Remote Desktop Gateway" to organizational standards. CC ID 07594 | Configuration | Preventive | |
| Configure the "Network Connections" to organizational standards. CC ID 07595 | Configuration | Preventive | |
| Configure the "Background Intelligent Transfer Service" to organizational standards. CC ID 07596 | Configuration | Preventive | |
| Configure the "Remote Desktop Session Broker" to organizational standards. CC ID 07597 | Configuration | Preventive | |
| Configure the "Removable Storage" to organizational standards. CC ID 07598 | Configuration | Preventive | |
| Configure the "KtmRm for Distributed Transaction Coordinator" to organizational standards. CC ID 07614 | Configuration | Preventive | |
| Configure the "Microsoft Software Shadow Copy Provider" to organizational standards. CC ID 07615 | Configuration | Preventive | |
| Configure the "Remote Desktop Services" to organizational standards. CC ID 07616 | Configuration | Preventive | |
| Configure the "Peer Name Resolution Protocol" to organizational standards. CC ID 07617 | Configuration | Preventive | |
| Configure the "Online Responder Service" to organizational standards. CC ID 07618 | Configuration | Preventive | |
| Configure the "Message Queuing" to organizational standards. CC ID 07619 | Configuration | Preventive | |
| Configure the "Telephony" to organizational standards. CC ID 07620 | Configuration | Preventive | |
| Configure the "Plug and Play" to organizational standards. CC ID 07624 | Configuration | Preventive | |
| Configure the "DHCP Server" to organizational standards. CC ID 07627 | Configuration | Preventive | |
| Configure the "Remote Registry" to organizational standards. CC ID 07628 | Configuration | Preventive | |
| Configure the "Cryptographic Services" to organizational standards. CC ID 07630 | Configuration | Preventive | |
| Configure the "Remote Desktop Configuration" to organizational standards. CC ID 07631 | Configuration | Preventive | |
| Configure the "CNG Key Isolation" to organizational standards. CC ID 07634 | Configuration | Preventive | |
| Configure the "Active Directory Domain Services" to organizational standards. CC ID 07636 | Configuration | Preventive | |
| Configure the "Hyper-V Networking Management Service" to organizational standards. CC ID 07637 | Configuration | Preventive | |
| Configure the "Problem Reports and Solutions Control Panel Support" to organizational standards. CC ID 07640 | Configuration | Preventive | |
| Configure the "Certificate Propagation" to organizational standards. CC ID 07641 | Configuration | Preventive | |
| Configure the "Health Key and Certificate Management" to organizational standards. CC ID 07644 | Configuration | Preventive | |
| Configure the "DNS Client" to organizational standards. CC ID 07645 | Configuration | Preventive | |
| Configure the "Shell Hardware Detection" to organizational standards. CC ID 07647 | Configuration | Preventive | |
| Configure the "DCOM Server Process Launcher" to organizational standards. CC ID 07649 | Configuration | Preventive | |
| Configure the "Distributed Link Tracking Client" to organizational standards. CC ID 07651 | Configuration | Preventive | |
| Configure the "IPsec Policy Agent" to organizational standards. CC ID 07654 | Configuration | Preventive | |
| Configure the "Application Information" to organizational standards. CC ID 07656 | Configuration | Preventive | |
| Configure the "Windows Audio Endpoint Builder" to organizational standards. CC ID 07661 | Configuration | Preventive | |
| Configure the "SL UI Notification Service" to organizational standards. CC ID 07665 | Configuration | Preventive | |
| Configure the "Hyper-V Virtual Machine Management Service" to organizational standards. CC ID 07668 | Configuration | Preventive | |
| Configure the "Windows Internal Database (MICROSOFT**SSEE)" to organizational standards. CC ID 07670 | Configuration | Preventive | |
| Configure the "Themes" to organizational standards. CC ID 07672 | Configuration | Preventive | |
| Configure the "Base Filtering Engine" to organizational standards. CC ID 07673 | Configuration | Preventive | |
| Configure the "Simple TCP/IP Services" to organizational standards. CC ID 07674 | Configuration | Preventive | |
| Configure Transmission Control Protocol/Internet Protocol (TCP/IP) to organizational standards. CC ID 16358 | Configuration | Preventive | |
| Configure the "Fax" to organizational standards. CC ID 07675 | Configuration | Preventive | |
| Configure the "Diagnostic System Host" to organizational standards. CC ID 07686 | Configuration | Preventive | |
| Configure the "Routing and Remote Access" to organizational standards. CC ID 07692 | Configuration | Preventive | |
| Configure the "Microsoft Fibre Channel Platform Registration Service" to organizational standards. CC ID 07696 | Configuration | Preventive | |
| Configure the "Windows Event Collector" to organizational standards. CC ID 07700 | Configuration | Preventive | |
| Configure the "Internet Connection Sharing (ICS)" to organizational standards. CC ID 07702 | Configuration | Preventive | |
| Configure the "IAS Jet Database Access" to organizational standards. CC ID 07709 | Configuration | Preventive | |
| Configure the "Wired AutoConfig" to organizational standards. CC ID 07725 | Configuration | Preventive | |
| Configure the "Remote Desktop UserMode Port Redirector" to organizational standards. CC ID 07727 | Configuration | Preventive | |
| Configure the "Application Identity" to organizational standards. CC ID 07731 | Configuration | Preventive | |
| Configure the "Network Store Interface Service" to organizational standards. CC ID 07740 | Configuration | Preventive | |
| Configure the "PnP-X IP Bus Enumerator" to organizational standards. CC ID 07761 | Configuration | Preventive | |
| Configure the "Diagnostic Policy Service" to organizational standards. CC ID 07766 | Configuration | Preventive | |
| Configure the "Virtual Disk" to organizational standards. CC ID 07767 | Configuration | Preventive | |
| Configure the "AD FS Web Agent Authentication Service" to organizational standards. CC ID 07768 | Configuration | Preventive | |
| Configure the "Microsoft iSCSI Initiator Service" to organizational standards. CC ID 07780 | Configuration | Preventive | |
| Configure the "Computer Browser" to organizational standards. CC ID 07794 | Configuration | Preventive | |
| Configure the "Smart Card Removal Policy" to organizational standards. CC ID 07795 | Configuration | Preventive | |
| Configure the "Windows Font Cache Service" to organizational standards. CC ID 07797 | Configuration | Preventive | |
| Configure the "Application Host Helper Service" to organizational standards. CC ID 07855 | Configuration | Preventive | |
| Configure the "Remote Desktop Help Session Manager" to organizational standards. CC ID 08163 | Configuration | Preventive | |
| Configure the "Network DDE" to organizational standards. CC ID 08164 | Configuration | Preventive | |
| Configure the "Upload Manager" to organizational standards. CC ID 08165 | Configuration | Preventive | |
| Configure the "Event Log" to organizational standards. CC ID 08166 | Configuration | Preventive | |
| Configure the "Client for NFS" to organizational standards. CC ID 08168 | Configuration | Preventive | |
| Configure the "Fax Service" to organizational standards. CC ID 08172 | Configuration | Preventive | |
| Configure the "Virtual Disk Service" to organizational standards. CC ID 08174 | Configuration | Preventive | |
| Configure the "Uninterruptable Power Supply" to organizational standards. CC ID 08175 | Configuration | Preventive | |
| Configure the "Network DDE DSDM" to organizational standards. CC ID 08176 | Configuration | Preventive | |
| Configure the "Portable Media Serial Number Service" to organizational standards. CC ID 08177 | Configuration | Preventive | |
| Configure the "Windows Management Instrumentation Driver Extensions" to organizational standards. CC ID 08179 | Configuration | Preventive | |
| Configure the "License Logging" to organizational standards. CC ID 08180 | Configuration | Preventive | |
| Configure the "Windows Image Acquisition (WIA)" to organizational standards. CC ID 08183 | Configuration | Preventive | |
| Configure the "Terminal Server Licensing" to organizational standards. CC ID 08185 | Configuration | Preventive | |
| Configure the "Virtual Machine Additions Shared Folder Service" to organizational standards. CC ID 08189 | Configuration | Preventive | |
| Configure the "Net Logon" to organizational standards. CC ID 08191 | Configuration | Preventive | |
| Configure the "HTTP SSL" to organizational standards. CC ID 08194 | Configuration | Preventive | |
| Configure the "Alerter" to organizational standards. CC ID 08196 | Configuration | Preventive | |
| Configure the "User Name Mapping" to organizational standards. CC ID 08203 | Configuration | Preventive | |
| Configure the "Error Reporting Service" to organizational standards. CC ID 08206 | Configuration | Preventive | |
| Configure the "Windows User Mode Driver Framework" to organizational standards. CC ID 08207 | Configuration | Preventive | |
| Configure the "NetMeeting Remote Desktop Sharing" to organizational standards. CC ID 08209 | Configuration | Preventive | |
| Configure the "Terminal Services UserMode Port Redirector" to organizational standards. CC ID 08212 | Configuration | Preventive | |
| Configure the "File Replication Service" to organizational standards. CC ID 08213 | Configuration | Preventive | |
| Configure the "NT LM Security Support Provider" to organizational standards. CC ID 08223 | Configuration | Preventive | |
| Configure the "Messenger" to organizational standards. CC ID 08227 | Configuration | Preventive | |
| Configure the "Logical Disk Manager" to organizational standards. CC ID 08230 | Configuration | Preventive | |
| Configure the "Network Location Awareness (NLA)" to organizational standards. CC ID 08231 | Configuration | Preventive | |
| Configure the "Certificate Services" to organizational standards. CC ID 08232 | Configuration | Preventive | |
| Configure the "IPSEC Services" to organizational standards. CC ID 08233 | Configuration | Preventive | |
| Configure the "Terminal Services Gateway" to organizational standards. CC ID 08235 | Configuration | Preventive | |
| Configure the "Clipbook" to organizational standards. CC ID 08237 | Configuration | Preventive | |
| Configure the "Indexing Service" to organizational standards. CC ID 08239 | Configuration | Preventive | |
| Configure the "File Server for Macintosh" to organizational standards. CC ID 08242 | Configuration | Preventive | |
| Configure the "Virtual Machine Additions Service Application" to organizational standards. CC ID 08245 | Configuration | Preventive | |
| Configure the "Network Provisioning Service" to organizational standards. CC ID 08250 | Configuration | Preventive | |
| Configure the "Terminal Services" to organizational standards. CC ID 08252 | Configuration | Preventive | |
| Configure the "Windows Firewall/Internet Connection Sharing (ICS)" to organizational standards. CC ID 08254 | Configuration | Preventive | |
| Configure the ".NET Runtime Optimization Service v2.0.50727_x86" to organizational standards CC ID 08256 | Configuration | Preventive | |
| Configure the "Terminal Services Session Directory" to organizational standards. CC ID 08261 | Configuration | Preventive | |
| Configure the "Application Experience Lookup Service" to organizational standards. CC ID 08267 | Configuration | Preventive | |
| Configure the "Distributed File System" to organizational standards. CC ID 08268 | Configuration | Preventive | |
| Configure the "Help and Support" to organizational standards. CC ID 08271 | Configuration | Preventive | |
| Configure the "Automatic Updates" to organizational standards. CC ID 08273 | Configuration | Preventive | |
| Configure the "Distributed Link Tracking Server" to organizational standards. CC ID 08276 | Configuration | Preventive | |
| Configure the "IMAPI CD-Burning Service" to organizational standards. CC ID 08277 | Configuration | Preventive | |
| Configure the "Terminal Services Configuration" to organizational standards. CC ID 08287 | Configuration | Preventive | |
| Configure the "Logical Disk Manager Administrative Service" to organizational standards. CC ID 08290 | Configuration | Preventive | |
| Configure the "Wireless Configuration" to organizational standards. CC ID 08292 | Configuration | Preventive | |
| Configure the "System Event Notification" to organizational standards. CC ID 08306 | Configuration | Preventive | |
| Configure the "Internet Authentication Service" to organizational standards. CC ID 08313 | Configuration | Preventive | |
| Configure the "Terminal Services Licensing" to organizational standards. CC ID 08320 | Configuration | Preventive | |
| Configure the "Microsoft Exchange ADAM" to organizational standards. CC ID 08349 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Server Extension for Windows Server Backup" to organizational standards. CC ID 08351 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Search Indexer" to organizational standards. CC ID 08355 | Configuration | Preventive | |
| Configure the "Remote Desktop Connection Broker" to organizational standards. CC ID 08356 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Service Host" to organizational standards. CC ID 08358 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Transport" to organizational standards. CC ID 08359 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Transport Log Search" to organizational standards. CC ID 08364 | Configuration | Preventive | |
| Configure the "Hyper-V Time Synchronization Service" to organizational standards. CC ID 08365 | Configuration | Preventive | |
| Configure the "DS Role Server" to organizational standards. CC ID 08366 | Configuration | Preventive | |
| Configure the "RemoteApp and Desktop Connection Management" to organizational standards. CC ID 08367 | Configuration | Preventive | |
| Configure the "Hyper-V Guest Shutdown Service" to organizational standards. CC ID 08368 | Configuration | Preventive | |
| Configure the "Optimize drives" to organizational standards. CC ID 08369 | Configuration | Preventive | |
| Configure the "Remote Desktop Management" to organizational standards. CC ID 08371 | Configuration | Preventive | |
| Configure the "Background Tasks Infrastructure Service" to organizational standards. CC ID 08373 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Forms-Based Authentication service" to organizational standards. CC ID 08375 | Configuration | Preventive | |
| Configure the "Microsoft Exchange POP3" to organizational standards. CC ID 08376 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Information Store" to organizational standards. CC ID 08377 | Configuration | Preventive | |
| Configure the "LPD Service" to organizational standards. CC ID 08378 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Mailbox Assistants" to organizational standards. CC ID 08379 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Monitoring" to organizational standards. CC ID 08380 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Unified Messaging" to organizational standards. CC ID 08381 | Configuration | Preventive | |
| Configure the "Microsoft Search (Exchange)" to organizational standards. CC ID 08384 | Configuration | Preventive | |
| Configure the "Windows All-User Install Agent" to organizational standards. CC ID 08386 | Configuration | Preventive | |
| Configure the "Microsoft Exchange EdgeSync Service" to organizational standards. CC ID 08388 | Configuration | Preventive | |
| Configure the "Microsoft FTP Service" to organizational standards. CC ID 08389 | Configuration | Preventive | |
| Configure the "Device Install Service" to organizational standards. CC ID 08390 | Configuration | Preventive | |
| Configure the "Device Association Service" to organizational standards. CC ID 08393 | Configuration | Preventive | |
| Configure the "Hyper-V Heartbeat Service" to organizational standards. CC ID 08400 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Speech Engine Service" to organizational standards. CC ID 08402 | Configuration | Preventive | |
| Configure the "Hyper-V Data Exchange Service" to organizational standards. CC ID 08403 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Mail Submission Service" to organizational standards. CC ID 08408 | Configuration | Preventive | |
| Configure the "Windows Presentation Foundation Font Cache 4.0.0.0" to organizational standards. CC ID 08409 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Replication Service" to organizational standards. CC ID 08414 | Configuration | Preventive | |
| Configure the "Windows Internal Database" to organizational standards. CC ID 08416 | Configuration | Preventive | |
| Configure the "Device Setup Manager" to organizational standards. CC ID 08417 | Configuration | Preventive | |
| Configure the "User Access Logging Service" to organizational standards. CC ID 08418 | Configuration | Preventive | |
| Configure the "Windows Internal Database VSS Writer" to organizational standards. CC ID 08423 | Configuration | Preventive | |
| Configure the "Remote Desktop Services UserMode Port Redirector" to organizational standards. CC ID 08424 | Configuration | Preventive | |
| Configure the "Remote Access Management service" to organizational standards. CC ID 08425 | Configuration | Preventive | |
| Configure the "Data Deduplication Volume Shadow Copy Service" to organizational standards. CC ID 08428 | Configuration | Preventive | |
| Configure the "Hyper-V Remote Desktop Virtualization Service" to organizational standards. CC ID 08440 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Anti-spam Update" to organizational standards. CC ID 08442 | Configuration | Preventive | |
| Configure the "Microsoft Exchange System Attendant" to organizational standards. CC ID 08448 | Configuration | Preventive | |
| Configure the "Microsoft Exchange File Distribution" to organizational standards. CC ID 08449 | Configuration | Preventive | |
| Configure the "Printer Extensions and Notifications" to organizational standards. CC ID 08451 | Configuration | Preventive | |
| Configure the "Microsoft Key Distribution Service" to organizational standards. CC ID 08452 | Configuration | Preventive | |
| Configure the "Microsoft File Server Shadow Copy Agent Service" to organizational standards. CC ID 08455 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Address Book" to organizational standards. CC ID 08458 | Configuration | Preventive | |
| Configure the "Data Deduplication Service" to organizational standards. CC ID 08459 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Active Directory Topology" to organizational standards. CC ID 08465 | Configuration | Preventive | |
| Configure the "Windows Store Service (WSService)" to organizational standards. CC ID 08467 | Configuration | Preventive | |
| Configure the "Local Session Manager" to organizational standards. CC ID 08468 | Configuration | Preventive | |
| Configure the "Microsoft iSCSI Software Target" to organizational standards. CC ID 08470 | Configuration | Preventive | |
| Configure the "Network Connectivity Assistant" to organizational standards. CC ID 08474 | Configuration | Preventive | |
| Configure the "Microsoft Exchange IMAP4" to organizational standards. CC ID 08479 | Configuration | Preventive | |
| Configure the "Distributed Scan Server service" to organizational standards. CC ID 08482 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Protected Service Host" to organizational standards. CC ID 08488 | Configuration | Preventive | |
| Configure the "KDC Proxy Server service (KPS)" to organizational standards. CC ID 08497 | Configuration | Preventive | |
| Configure the "Microsoft Exchange RPC Client Access" to organizational standards. CC ID 08500 | Configuration | Preventive | |
| Configure the "Hyper-V Volume Shadow Copy Requestor" to organizational standards. CC ID 08512 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Credential Service (Exchange 2010)" to organizational standards. CC ID 08514 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Throttling" to organizational standards. CC ID 08525 | Configuration | Preventive | |
| Configure the "Spot Verifier" to organizational standards. CC ID 08538 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Mailbox Replication" to organizational standards. CC ID 08539 | Configuration | Preventive | |
| Configure the "Terminal Services Session Broker" to organizational standards. CC ID 08586 | Configuration | Preventive | |
| Configure the "Microsoft Exchange Credential Service (Exchange 2007)" to organizational standards. CC ID 08590 | Configuration | Preventive | |
| Configure the "Network News Transport Protocol (NNTP) service" setting to organizational standards. CC ID 10221 | Configuration | Preventive | |
| Configure the "Telephony service" setting to organizational standards. CC ID 10223 | Configuration | Preventive | |
| Configure the "ATI hotkey poller service" setting to organizational standards. CC ID 10237 | Configuration | Preventive | |
| Configure the "IP Version 6 Helper service" setting to organizational standards. CC ID 10239 | Configuration | Preventive | |
| Configure the "Client Service for Netware service" setting to organizational standards. CC ID 10240 | Configuration | Preventive | |
| Configure the "Utility Manager service" setting to organizational standards. CC ID 10241 | Configuration | Preventive | |
| Configure the "Remote Administration Service service" setting to organizational standards. CC ID 10242 | Configuration | Preventive | |
| Configure the "Microsoft POP3 Service service" setting to organizational standards. CC ID 10243 | Configuration | Preventive | |
| Configure the "Windows System Resource Manager (WSRM) service" setting to organizational standards. CC ID 10244 | Configuration | Preventive | |
| Configure the "Services for Unix Trivial FTP Daemon (TFTP) service" setting to organizational standards. CC ID 10245 | Configuration | Preventive | |
| Configure the "Services for Unix Server for PCNFS service" setting to organizational standards. CC ID 10246 | Configuration | Preventive | |
| Configure the "Print Server for Macintosh service" setting to organizational standards. CC ID 10249 | Configuration | Preventive | |
| Configure the "Remote Installation Services service" setting to organizational standards. CC ID 10250 | Configuration | Preventive | |
| Configure the "Remote Server Manager service" setting to organizational standards. CC ID 10251 | Configuration | Preventive | |
| Configure the "Remote Server Monitor service" setting to organizational standards. CC ID 10252 | Configuration | Preventive | |
| Configure the "Remote Storage Notification service" setting to organizational standards. CC ID 10253 | Configuration | Preventive | |
| Configure the "Remote Storage Server service" setting to organizational standards. CC ID 10254 | Configuration | Preventive | |
| Configure the "Windows Media Services service" setting to organizational standards. CC ID 10255 | Configuration | Preventive | |
| Configure the "Web Element Manager service" setting to organizational standards. CC ID 10256 | Configuration | Preventive | |
| Configure the "Infrared Monitor service service" setting to organizational standards. CC ID 10257 | Configuration | Preventive | |
| Configure the "QoS Admission Control (RSVP) service" setting to organizational standards. CC ID 10258 | Configuration | Preventive | |
| Configure the "Allow CredSSP authentication" setting for the "WinRM service" to organizational standards. CC ID 10715 | Configuration | Preventive | |
| Configure the "Disallow Kerberos authentication" setting for the "WinRM service" to organizational standards. CC ID 10873 | Configuration | Preventive | |
| Configure the "Disallow Negotiate authentication" setting for the "WinRM service" to organizational standards. CC ID 10876 | Configuration | Preventive | |
| Configure the "Turn off Federation Service" setting to organizational standards. CC ID 11278 | Configuration | Preventive | |
| Configure the "Turn off Internet File Association service" setting to organizational standards. CC ID 11284 | Configuration | Preventive | |
| Configure the "Turn on Smart Card Plug and Play service" setting to organizational standards. CC ID 11351 | Configuration | Preventive | |
| Configure the "rsyncd service" setting to organizational standards. CC ID 11382 | Configuration | Preventive | |
| Configure network protection settings to organizational standards. CC ID 07601 | Configuration | Preventive | |
| Configure the "CNI" plugin to organizational standards. CC ID 14659 | Configuration | Preventive | |
| Configure the "data-path-addr" argument to organizational standards. CC ID 14546 | Configuration | Preventive | |
| Configure the "advertise-addr" argument to organizational standards. CC ID 14544 | Configuration | Preventive | |
| Configure the "nftables" to organizational standards. CC ID 15320 | Configuration | Preventive | |
| Configure the "iptables" to organizational standards. CC ID 14463 | Configuration | Preventive | |
| Configure the "ip6tables" settings to organizational standards. CC ID 15322 | Configuration | Preventive | |
| Configure the "insecure registries" to organizational standards. CC ID 14455 | Configuration | Preventive | |
| Configure the "MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" to organizational standards. CC ID 07602 | Configuration | Preventive | |
| Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" to organizational standards. CC ID 07648 | Configuration | Preventive | |
| Configure the "net-host" argument to organizational standards. CC ID 14529 | Configuration | Preventive | |
| Configure the "firewalld" to organizational standards. CC ID 15321 | Configuration | Preventive | |
| Configure the "network bridge" to organizational standards. CC ID 14501 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Firewall state" to organizational standards. CC ID 07667 | Configuration | Preventive | |
| Configure the "MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)" to organizational standards. CC ID 07680 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Outbound connections" to organizational standards. CC ID 07695 | Configuration | Preventive | |
| Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." to organizational standards CC ID 07703 | Configuration | Preventive | |
| Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" to organizational standards. CC ID 07733 | Configuration | Preventive | |
| Configure the "publish" argument to organizational standards. CC ID 14500 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Inbound connections" to organizational standards. CC ID 07747 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Apply local firewall rules" to organizational standards. CC ID 07777 | Configuration | Preventive | |
| Configure the "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" to organizational standards. CC ID 07801 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Firewall state" to organizational standards. CC ID 07803 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Apply local connection security rules" to organizational standards. CC ID 07805 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Apply local firewall rules" to organizational standards. CC ID 07833 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Display a notification" to organizational standards. CC ID 07836 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Outbound connections" to organizational standards. CC ID 07839 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Apply local firewall rules" to organizational standards. CC ID 07850 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Inbound connections" to organizational standards. CC ID 07851 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Outbound connections" to organizational standards. CC ID 07858 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Firewall state" to organizational standards. CC ID 07861 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Display a notification" to organizational standards. CC ID 07868 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Inbound connections" to organizational standards. CC ID 07872 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Allow unicast response" to organizational standards. CC ID 07873 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Allow unicast response" to organizational standards. CC ID 07885 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Apply local connection security rules" to organizational standards. CC ID 07890 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Allow unicast response" to organizational standards. CC ID 07893 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Apply local connection security rules" to organizational standards. CC ID 07896 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Display a notification" to organizational standards. CC ID 07902 | Configuration | Preventive | |
| Configure the "Windows Firewall: Protect all network connections" to organizational standards. CC ID 08161 | Configuration | Preventive | |
| Configure the "Windows Firewall: Allow inbound UPnP framework exceptions" to organizational standards. CC ID 08170 | Configuration | Preventive | |
| Configure the "Windows Firewall: Allow local program exceptions" to organizational standards. CC ID 08173 | Configuration | Preventive | |
| Configure the "Windows Firewall: Do not allow exceptions" to organizational standards. CC ID 08184 | Configuration | Preventive | |
| Configure the "MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended)" to organizational standards. CC ID 08208 | Configuration | Preventive | |
| Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" to organizational standards. CC ID 08210 | Configuration | Preventive | |
| Configure the "Windows Firewall: Allow local port exceptions" to organizational standards. CC ID 08214 | Configuration | Preventive | |
| Configure the "Windows Firewall: Define inbound port exceptions" to organizational standards. CC ID 08215 | Configuration | Preventive | |
| Configure the "Windows Firewall: Prohibit unicast response to multicast or broadcast requests" to organizational standards. CC ID 08217 | Configuration | Preventive | |
| Configure the "Windows Firewall: Prohibit notifications" to organizational standards. CC ID 08249 | Configuration | Preventive | |
| Configure the "Windows Firewall: Allow inbound file and printer sharing exception" to organizational standards. CC ID 08275 | Configuration | Preventive | |
| Configure the "MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" to organizational standards. CC ID 08279 | Configuration | Preventive | |
| Configure the "Windows Firewall: Define inbound program exceptions" to organizational standards. CC ID 08282 | Configuration | Preventive | |
| Configure the "Windows Firewall: Allow ICMP exceptions" to organizational standards. CC ID 08289 | Configuration | Preventive | |
| Configure the "Windows Firewall: Allow inbound Remote Desktop exceptions" to organizational standards. CC ID 08295 | Configuration | Preventive | |
| Configure the "Allow unencrypted traffic" to organizational standards. CC ID 08383 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Logging: Log successful connections" to organizational standards. CC ID 08466 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Logging: Size limit (KB)" to organizational standards. CC ID 08494 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Logging: Log successful connections" to organizational standards. CC ID 08544 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Logging: Name" to organizational standards. CC ID 08595 | Configuration | Preventive | |
| Configure Account settings in accordance with organizational standards. CC ID 07603 | Configuration | Preventive | |
| Configure the "Account lockout threshold" to organizational standards. CC ID 07604 | Configuration | Preventive | |
| Configure the "Account lockout duration" to organizational standards. CC ID 07771 | Configuration | Preventive | |
| Configure the "Reset account lockout counter after" to organizational standards. CC ID 07853 | Configuration | Preventive | |
| Configure system integrity settings to organizational standards. CC ID 07605 | Configuration | Preventive | |
| Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" to organizational standards. CC ID 07606 | Configuration | Preventive | |
| Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" to organizational standards. CC ID 07642 | Configuration | Preventive | |
| Configure the "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" to organizational standards. CC ID 07681 | Configuration | Preventive | |
| Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" to organizational standards. CC ID 07690 | Configuration | Preventive | |
| Configure the "User Account Control: Only elevate executables that are signed and validated" to organizational standards. CC ID 07723 | Configuration | Preventive | |
| Configure the "User Account Control: Run all administrators in Admin Approval Mode" to organizational standards. CC ID 07726 | Configuration | Preventive | |
| Configure the "Interactive logon: Do not require CTRL+ALT+DEL" to organizational standards. CC ID 07775 | Configuration | Preventive | |
| Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" to organizational standards. CC ID 07800 | Configuration | Preventive | |
| Configure the "User Account Control: Detect application installations and prompt for elevation" to organizational standards. CC ID 07815 | Configuration | Preventive | |
| Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" to organizational standards. CC ID 07834 | Configuration | Preventive | |
| Configure the "User Account Control: Behavior of the elevation prompt for standard users" to organizational standards. CC ID 07874 | Configuration | Preventive | |
| Configure the "Do not process the legacy run list" to organizational standards. CC ID 08167 | Configuration | Preventive | |
| Configure the "Configure Automatic Updates" to organizational standards. CC ID 08192 | Configuration | Preventive | |
| Configure the "Reschedule Automatic Updates scheduled installations" to organizational standards. CC ID 08195 | Configuration | Preventive | |
| Configure the "No auto-restart with logged on users for scheduled automatic updates installations" to organizational standards. CC ID 08216 | Configuration | Preventive | |
| Configure the "Specify intranet Microsoft update service location" to organizational standards. CC ID 08224 | Configuration | Preventive | |
| Configure the "Devices: Unsigned driver installation behavior" to organizational standards. CC ID 08225 | Configuration | Preventive | |
| Configure the "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" to organizational standards. CC ID 08281 | Configuration | Preventive | |
| Configure the "Allow unmanaged devices" to organizational standards. CC ID 08391 | Configuration | Preventive | |
| Configure the "Allow all trusted apps to install" to organizational standards. CC ID 08392 | Configuration | Preventive | |
| Configure the "Turn on script execution" to organizational standards. CC ID 08411 | Configuration | Preventive | |
| Configure the "Configure registry policy processing" to organizational standards. CC ID 08426 | Configuration | Preventive | |
| Configure the "Specify the search server for device driver updates" to organizational standards. CC ID 08481 | Configuration | Preventive | |
| Configure the "Configure Windows SmartScreen" to organizational standards. CC ID 08485 | Configuration | Preventive | |
| Configure the "Detect compatibility issues for applications and drivers" to organizational standards. CC ID 08489 | Configuration | Preventive | |
| Configure the "Turn off Automatic Download of updates" to organizational standards. CC ID 08498 | Configuration | Preventive | |
| Configure the "Allow deployment operations in special profiles" to organizational standards. CC ID 08529 | Configuration | Preventive | |
| Configure the "Turn off Data Execution Prevention for Explorer" to organizational standards. CC ID 08531 | Configuration | Preventive | |
| Configure the "Specify settings for optional component installation and component repair" to organizational standards. CC ID 08550 | Configuration | Preventive | |
| Configure the "Refresh interval" to organizational standards. CC ID 08559 | Configuration | Preventive | |
| Configure the "Boot-Start Driver Initialization Policy" to organizational standards. CC ID 08571 | Configuration | Preventive | |
| Configure the "Turn off the Store application" to organizational standards. CC ID 08596 | Configuration | Preventive | |
| Configure the "Periodic Execution of File Integrity" setting to organizational standards. CC ID 09935 | Configuration | Preventive | |
| Prohibit the use of binary code or machine code from sources with limited or no warranty absent the source code. CC ID 10681 | Configuration | Preventive | |
| Do not allow processes to execute absent supervision. CC ID 10683 | Configuration | Preventive | |
| Configure the "Disk Quota policy processing" setting to organizational standards. CC ID 10884 | Configuration | Preventive | |
| Configure the "EFS recovery policy processing" setting to organizational standards. CC ID 10945 | Configuration | Preventive | |
| Configure the "Enable disk quotas" setting to organizational standards. CC ID 10947 | Configuration | Preventive | |
| Configure the "Folder Redirection policy processing" setting to organizational standards. CC ID 10972 | Configuration | Preventive | |
| Configure the "Group Policy refresh interval for computers" setting to organizational standards. CC ID 10980 | Configuration | Preventive | |
| Configure the "Group Policy refresh interval for domain controllers" setting to organizational standards. CC ID 10981 | Configuration | Preventive | |
| Configure the "Internet Explorer Maintenance policy processing" setting to organizational standards. CC ID 10998 | Configuration | Preventive | |
| Configure the "IP Security policy processing" setting to organizational standards. CC ID 10999 | Configuration | Preventive | |
| Configure the "Leave Windows Installer and Group Policy Software Installation Data" setting to organizational standards. CC ID 11004 | Configuration | Preventive | |
| Configure the "Maximum wait time for Group Policy scripts" setting to organizational standards. CC ID 11042 | Configuration | Preventive | |
| Configure the "Scripts policy processing" setting to organizational standards. CC ID 11159 | Configuration | Preventive | |
| Configure the "Security policy processing" setting to organizational standards. CC ID 11160 | Configuration | Preventive | |
| Configure the "Software Installation policy processing" setting to organizational standards. CC ID 11206 | Configuration | Preventive | |
| Configure the "Startup policy processing wait time" setting to organizational standards. CC ID 11229 | Configuration | Preventive | |
| Configure the "Turn off Local Group Policy objects processing" setting to organizational standards. CC ID 11286 | Configuration | Preventive | |
| Configure the "User Group Policy loopback processing mode" setting to organizational standards. CC ID 11367 | Configuration | Preventive | |
| Configure the "Wired policy processing" setting to organizational standards. CC ID 11373 | Configuration | Preventive | |
| Configure the "Wireless policy processing" setting to organizational standards. CC ID 11374 | Configuration | Preventive | |
| Configure Protocol Configuration settings to organizational standards. CC ID 07607 | Configuration | Preventive | |
| Configure the "MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds" to organizational standards. CC ID 07608 | Configuration | Preventive | |
| Configure the "Microsoft network client: Send unencrypted password to third-party SMB servers" to organizational standards. CC ID 07623 | Configuration | Preventive | |
| Configure the "Network access: Remotely accessible registry paths and sub-paths" to organizational standards. CC ID 07632 | Configuration | Preventive | |
| Configure the "Microsoft network server: Digitally sign communications (if client agrees)" to organizational standards. CC ID 07643 | Configuration | Preventive | |
| Configure the "Network access: Let Everyone permissions apply to anonymous users" to organizational standards. CC ID 07646 | Configuration | Preventive | |
| Configure the "Network security: Allow LocalSystem NULL session fallback" to organizational standards. CC ID 07650 | Configuration | Preventive | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" to organizational standards. CC ID 07682 | Configuration | Preventive | |
| Configure the "Network access: Do not allow storage of passwords and credentials for network authentication" to organizational standards. CC ID 07694 | Configuration | Preventive | |
| Configure the "Network security: LAN Manager authentication level" to organizational standards. CC ID 07704 | Configuration | Preventive | |
| Configure the "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" to organizational standards. CC ID 07705 | Configuration | Preventive | |
| Configure the "Network access: Sharing and security model for local accounts" to organizational standards. CC ID 07712 | Configuration | Preventive | |
| Configure the "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to organizational standards. CC ID 07719 | Configuration | Preventive | |
| Configure the "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" to organizational standards. CC ID 07721 | Configuration | Preventive | |
| Configure the "Domain member: Digitally encrypt secure channel data (when possible)" to organizational standards. CC ID 07728 | Configuration | Preventive | |
| Configure the "Network security: Do not store LAN Manager hash value on next password change" to organizational standards. CC ID 07732 | Configuration | Preventive | |
| Configure the "Domain member: Require strong (Windows 2000 or later) session key" to organizational standards. CC ID 07741 | Configuration | Preventive | |
| Configure the "Network access: Shares that can be accessed anonymously" to organizational standards. CC ID 07748 | Configuration | Preventive | |
| Configure the "Network access: Allow anonymous SID/Name translation" to organizational standards. CC ID 07749 | Configuration | Preventive | |
| Configure the "Microsoft network client: Digitally sign communications (if server agrees)" to organizational standards. CC ID 07750 | Configuration | Preventive | |
| Configure the "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" to organizational standards. CC ID 07754 | Configuration | Preventive | |
| Configure the "Microsoft network client: Digitally sign communications (always)" to organizational standards. CC ID 07759 | Configuration | Preventive | |
| Configure the "Network security: LDAP client signing requirements" to organizational standards. CC ID 07760 | Configuration | Preventive | |
| Configure the "MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" to organizational standards. CC ID 07772 | Configuration | Preventive | |
| Configure the "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" to organizational standards. CC ID 07773 | Configuration | Preventive | |
| Configure the "Network access: Restrict anonymous access to Named Pipes and Shares" to organizational standards. CC ID 07798 | Configuration | Preventive | |
| Configure the "Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication" to organizational standards. CC ID 07837 | Configuration | Preventive | |
| Configure the "Domain controller: LDAP server signing requirements" to organizational standards. CC ID 07857 | Configuration | Preventive | |
| Configure the "Network access: Remotely accessible registry paths" to organizational standards. CC ID 07863 | Configuration | Preventive | |
| Configure the "Set client connection encryption level" to organizational standards. CC ID 07881 | Configuration | Preventive | |
| Configure the "Windows Firewall: Allow inbound remote administration exception" to organizational standards. CC ID 08182 | Configuration | Preventive | |
| Configure the "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" to organizational standards. CC ID 08198 | Configuration | Preventive | |
| Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" to organizational standards CC ID 08200 | Configuration | Preventive | |
| Configure the "Turn off Internet download for Web publishing and online ordering wizards" to organizational standards. CC ID 08259 | Configuration | Preventive | |
| Configure the "Maximum tolerance for computer clock synchronization" to organizational standards. CC ID 08260 | Configuration | Preventive | |
| Configure the "Maximum lifetime for user ticket" to organizational standards. CC ID 08299 | Configuration | Preventive | |
| Configure the "Maximum lifetime for service ticket" to organizational standards. CC ID 08301 | Configuration | Preventive | |
| Configure the "Set IP Stateless Autoconfiguration Limits State" to organizational standards. CC ID 08348 | Configuration | Preventive | |
| Configure the "Prohibit connection to non-domain networks when connected to domain authenticated network" to organizational standards. CC ID 08420 | Configuration | Preventive | |
| Configure the "Restrict Unauthenticated RPC clients" to organizational standards. CC ID 08437 | Configuration | Preventive | |
| Configure the "Enable RPC Endpoint Mapper Client Authentication" to organizational standards. CC ID 08526 | Configuration | Preventive | |
| Configure the "Minimize the number of simultaneous connections to the Internet or a Windows Domain" to organizational standards. CC ID 08603 | Configuration | Preventive | |
| Configure Logging settings in accordance with organizational standards. CC ID 07611 | Configuration | Preventive | |
| Configure "CloudTrail" to organizational standards. CC ID 15443 | Configuration | Preventive | |
| Configure "CloudTrail log file validation" to organizational standards. CC ID 15437 | Configuration | Preventive | |
| Configure "VPC flow logging" to organizational standards. CC ID 15436 | Configuration | Preventive | |
| Configure "object-level logging" to organizational standards. CC ID 15433 | Configuration | Preventive | |
| Configure "Turn on PowerShell Transcription" to organizational standards. CC ID 15415 | Configuration | Preventive | |
| Configure "Turn on PowerShell Script Block Logging" to organizational standards. CC ID 15413 | Configuration | Preventive | |
| Configure "Audit PNP Activity" to organizational standards. CC ID 15393 | Configuration | Preventive | |
| Configure "Include command line in process creation events" to organizational standards. CC ID 15358 | Configuration | Preventive | |
| Configure "Audit Group Membership" to organizational standards. CC ID 15341 | Configuration | Preventive | |
| Configure the "audit_backlog_limit" setting to organizational standards. CC ID 15324 | Configuration | Preventive | |
| Configure the "/etc/docker/daemon.json" files and directories auditing to organizational standards. CC ID 14467 | Configuration | Detective | |
| Configure the "systemd-journald" to organizational standards. CC ID 15326 | Configuration | Preventive | |
| Configure the "/etc/docker" files and directories auditing to organizational standards. CC ID 14459 | Configuration | Detective | |
| Configure the "docker.socket" files and directories auditing to organizational standards. CC ID 14458 | Configuration | Detective | |
| Configure the "docker.service" files and directories auditing to organizational standards. CC ID 14454 | Configuration | Detective | |
| Configure the "/var/lib/docker" files and directories auditing to organizational standards. CC ID 14453 | Configuration | Detective | |
| Configure the "/usr/sbin/runc" files and directories auditing to organizational standards. CC ID 14452 | Configuration | Detective | |
| Configure the "/usr/bin/containerd" files and directories auditing to organizational standards. CC ID 14451 | Configuration | Detective | |
| Configure the "/etc/default/docker" files and directories auditing to organizational standards. CC ID 14450 | Configuration | Detective | |
| Configure the "/etc/sysconfig/docker" files and directories auditing to organizational standards. CC ID 14449 | Configuration | Detective | |
| Provide the reference database used to verify input data in the logging capability. CC ID 15018 | Log Management | Preventive | |
| Configure the "Audit Policy: Object Access: SAM" to organizational standards. CC ID 07612 | Configuration | Preventive | |
| Configure the storage parameters for all logs. CC ID 06330 | Configuration | Preventive | |
| Configure sufficient log storage capacity and prevent the capacity from being exceeded. CC ID 01425 | Configuration | Preventive | |
| Configure the log retention method. CC ID 01715 | Configuration | Preventive | |
| Configure the log retention size. CC ID 01716 | Configuration | Preventive | |
| Configure syslogd to send logs to a Remote LogHost. CC ID 01526 | Configuration | Preventive | |
| Configure the security parameters for all logs. CC ID 01712 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Management: User Account Management" to organizational standards. CC ID 07613 | Configuration | Preventive | |
| Configure the log so that it cannot be disabled. CC ID 00595 | Configuration | Preventive | |
| Configure the event log size capacity limits for the application log, the security log, and the system log. CC ID 01713 | Configuration | Preventive | |
| Configure the application log, the security log, and the system log to restrict guest access. CC ID 01714 | Configuration | Preventive | |
| Configure the log to capture audit log initialization, along with auditable event selection. CC ID 00649 | Log Management | Detective | |
| Configure the "mss: (warninglevel) percentage threshold for the security event log at which the system will generate a warning" setting. CC ID 04275 | Configuration | Preventive | |
| Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 | Configuration | Preventive | |
| Configure the "Audit Policy: System: System Integrity" to organizational standards. CC ID 07652 | Configuration | Preventive | |
| Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890 | Log Management | Detective | |
| Configure the log to capture the information referent when personal data is being accessed. CC ID 11968 | Log Management | Detective | |
| Configure the log to capture the user's identification. CC ID 01334 | Configuration | Preventive | |
| Configure the log to capture a date and time stamp. CC ID 01336 | Configuration | Preventive | |
| Configure the log to capture each auditable event's origination. CC ID 01338 | Log Management | Detective | |
| Configure the log to uniquely identify each asset. CC ID 01339 | Configuration | Preventive | |
| Configure the log to capture remote access information. CC ID 05596 | Configuration | Detective | |
| Configure the log to capture the type of each event. CC ID 06423 | Configuration | Preventive | |
| Configure the log to capture each event's success or failure indication. CC ID 06424 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: File Share" to organizational standards. CC ID 07655 | Configuration | Preventive | |
| Configure all logs to capture auditable events or actionable events. CC ID 06332 | Configuration | Preventive | |
| Configure the log to capture the amount of data uploaded and downloaded. CC ID 16494 | Log Management | Preventive | |
| Configure the log to capture startups and shutdowns. CC ID 16491 | Log Management | Preventive | |
| Configure the log to capture user queries and searches. CC ID 16479 | Log Management | Preventive | |
| Configure the log to capture Internet Protocol addresses. CC ID 16495 | Log Management | Preventive | |
| Configure the log to capture error messages. CC ID 16477 | Log Management | Preventive | |
| Configure the log to capture system failures. CC ID 16475 | Log Management | Preventive | |
| Configure the log to capture account lockouts. CC ID 16470 | Configuration | Preventive | |
| Configure the log to capture execution events. CC ID 16469 | Configuration | Preventive | |
| Configure the log to capture AWS Organizations changes. CC ID 15445 | Configuration | Preventive | |
| Configure the log to capture Identity and Access Management policy changes. CC ID 15442 | Configuration | Preventive | |
| Configure the log to capture management console sign-in without multi-factor authentication. CC ID 15441 | Configuration | Preventive | |
| Configure the log to capture route table changes. CC ID 15439 | Configuration | Preventive | |
| Configure the log to capture virtual private cloud changes. CC ID 15435 | Configuration | Preventive | |
| Configure the log to capture changes to encryption keys. CC ID 15432 | Configuration | Preventive | |
| Configure the log to capture unauthorized API calls. CC ID 15429 | Configuration | Preventive | |
| Configure the log to capture changes to network gateways. CC ID 15421 | Configuration | Preventive | |
| Configure the log to capture all malicious code that has been discovered, quarantined, and/or eradicated. CC ID 00577 | Log Management | Detective | |
| Configure the log to capture all spoofed addresses. CC ID 01313 | Configuration | Preventive | |
| Configure the "logging level" to organizational standards. CC ID 14456 | Configuration | Detective | |
| Capture successful operating system access and successful software access. CC ID 00527 | Log Management | Detective | |
| Configure the log to capture hardware and software access attempts. CC ID 01220 | Log Management | Detective | |
| Configure the log to capture all URL requests. CC ID 12138 | Technical Security | Detective | |
| Configure inetd tracing. CC ID 01523 | Configuration | Preventive | |
| Configure the system to capture messages sent to the syslog AUTH facility. CC ID 01525 | Configuration | Preventive | |
| Configure the log to capture logons, logouts, logon attempts, and logout attempts. CC ID 01915 | Log Management | Detective | |
| Configure Cron logging. CC ID 01528 | Configuration | Preventive | |
| Configure the kernel level auditing setting. CC ID 01530 | Configuration | Preventive | |
| Configure the "audit successful file system mounts" setting to organizational standards. CC ID 09923 | Configuration | Preventive | |
| Configure system accounting/system events. CC ID 01529 | Configuration | Preventive | |
| Configure the privilege use auditing setting. CC ID 01699 | Configuration | Preventive | |
| Configure the log to record the Denial of Access that results from an excessive number of unsuccessful logon attempts. CC ID 01919 | Configuration | Preventive | |
| Configure the Audit Process Tracking setting. CC ID 01700 | Configuration | Preventive | |
| Configure the log to capture access to restricted data or restricted information. CC ID 00644 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Log Management | Detective | |
| Configure the EEPROM security-mode accesses and EEPROM log-failed accesses. CC ID 01575 | Configuration | Preventive | |
| Configure the log to capture user identifier, address, port blocking or blacklisting. CC ID 01918 | Configuration | Preventive | |
| Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 | Log Management | Detective | |
| Configure the log to capture identification and authentication mechanism use. CC ID 00648 | Log Management | Detective | |
| Configure the log to capture all access to the audit trail. CC ID 00646 | Log Management | Detective | |
| Configure the log to capture Object access to key directories or key files. CC ID 01697 | Log Management | Detective | |
| Configure the log to capture both access and access attempts to security-relevant objects and security-relevant directories. CC ID 01916 | Log Management | Detective | |
| Configure the log to capture system level object creation and deletion. CC ID 00650 | Log Management | Detective | |
| Enable directory service access events, as appropriate. CC ID 05616 | Configuration | Preventive | |
| Configure the log to capture failed transactions. CC ID 06334 | Configuration | Preventive | |
| Configure the log to capture successful transactions. CC ID 06335 | Configuration | Preventive | |
| Audit non attributable events (na class). CC ID 05604 | Configuration | Preventive | |
| Configure the log to capture configuration changes. CC ID 06881 | Configuration | Preventive | |
| Log, monitor, and review all changes to time settings on critical systems. CC ID 11608 | Configuration | Preventive | |
| Configure the log to capture changes to User privileges, audit policies, and trust policies by enabling audit policy changes. CC ID 01698 | Log Management | Detective | |
| Configure the log to capture user account additions, modifications, and deletions. CC ID 16482 | Log Management | Preventive | |
| Configure the log to capture all changes to certificates. CC ID 05595 | Configuration | Preventive | |
| Configure the log to capture user authenticator changes. CC ID 01917 | Log Management | Detective | |
| Configure the "inetd logging" setting to organizational standards. CC ID 08970 | Configuration | Preventive | |
| Configure the "audit sudoers" setting to organizational standards. CC ID 09950 | Configuration | Preventive | |
| Configure the event log settings for specific Operating System functions. CC ID 06337 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Registry" to organizational standards. CC ID 07658 | Configuration | Preventive | |
| Configure the "Audit: Audit the use of Backup and Restore privilege" setting. CC ID 01724 | Configuration | Preventive | |
| Configure the "Audit: Shut down the system immediately if unable to log security audits" setting. CC ID 01725 | Configuration | Preventive | |
| Configure "Audit account management" to organizational standards. CC ID 02039 | Configuration | Preventive | |
| Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later)" setting. CC ID 04387 | Configuration | Preventive | |
| Configure console logging. CC ID 04454 | Configuration | Preventive | |
| Configure boot error logging. CC ID 04455 | Configuration | Preventive | |
| Disable the "Audit password" setting in NetWare. CC ID 04456 | Configuration | Preventive | |
| Configure the "Disable Logging" setting. CC ID 05590 | Configuration | Preventive | |
| Enable BIN mode auditing. CC ID 05591 | Configuration | Preventive | |
| Enable or disable the BSM auditing setting, as appropriate. CC ID 05592 | Configuration | Preventive | |
| Enable or disable NFS server logging, as appropriate. CC ID 05593 | Log Management | Detective | |
| Log Pluggable Authentication Modules access at an appropriate level. CC ID 05599 | Log Management | Detective | |
| Set the X server audit level appropriately. CC ID 05600 | Configuration | Preventive | |
| Enable or disable the logging of "martian" packets (impossible addresses), as appropriate. CC ID 05601 | Log Management | Detective | |
| Enable or disable dhcpd logging, as appropriate. CC ID 05602 | Log Management | Detective | |
| Enable or disable attempted stack exploit logging, as appropriate. CC ID 05614 | Log Management | Detective | |
| Enable or disable the debug logging option, as appropriate. CC ID 05617 | Log Management | Detective | |
| Configure the "Turn on session logging" properly. CC ID 05618 | Configuration | Preventive | |
| Configure Sendmail with the appropriate logging levels. CC ID 06028 | Configuration | Preventive | |
| Enable or disable auditing in the runcontrol scripts, as appropriate. CC ID 06029 | Configuration | Preventive | |
| Enable or disable auditing for user accounts, as appropriate. CC ID 06030 | Configuration | Preventive | |
| Enable or disable auditing at boot time, as appropriate. CC ID 06031 | Configuration | Preventive | |
| Enable or disable the logging of vsftpd transactions, as appropriate. CC ID 06032 | Log Management | Detective | |
| Enable or disable the auditing of chgrp usage, as appropriate. CC ID 06033 | Configuration | Preventive | |
| Enable or disable the auditing of mkgroup usage, as appropriate. CC ID 06034 | Configuration | Preventive | |
| Enable or disable the auditing of rmgroup usage, as appropriate. CC ID 06035 | Configuration | Preventive | |
| Enable or disable the auditing of the exit function, as appropriate. CC ID 06036 | Configuration | Preventive | |
| Generate an alert when an audit log failure occurs. CC ID 06737 | Configuration | Preventive | |
| Configure additional log settings. CC ID 06333 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Logoff" to organizational standards. CC ID 07662 | Configuration | Preventive | |
| Configure additional logging for the FTP daemon. CC ID 01524 | Configuration | Preventive | |
| Configure the log to send alerts for each auditable events success or failure. CC ID 01337 | Log Management | Preventive | |
| Configure additional log file parameters appropriately. CC ID 06338 | Configuration | Preventive | |
| Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" to organizational standards. CC ID 07664 | Configuration | Preventive | |
| Create the /var/adm/loginlog file. CC ID 01527 | Configuration | Preventive | |
| Verify the audit config file contains only accounts that should be present. CC ID 05594 | Configuration | Preventive | |
| Specify the PRI audit file properly. CC ID 05597 | Configuration | Preventive | |
| Specify the SEC audit file properly. CC ID 05598 | Configuration | Preventive | |
| Verify auditing is logged to an appropriate directory. CC ID 05603 | Log Management | Detective | |
| Verify the user audit file contains the appropriate never-audit flags. CC ID 05605 | Configuration | Preventive | |
| Enable or disable the /var/log/authlog log, as appropriate. CC ID 05606 | Log Management | Detective | |
| Enable or disable the /var/log/syslog log, as appropriate. CC ID 05607 | Log Management | Detective | |
| Enable or disable the /var/adm/messages log, as appropriate. CC ID 05608 | Log Management | Detective | |
| Enable or disable the /var/adm/sulog log, as appropriate. CC ID 05609 | Log Management | Detective | |
| Enable or disable the /var/adm/utmp(x) log, as appropriate. CC ID 05610 | Log Management | Detective | |
| Enable or disable the /var/adm/wtmp(x) log, as appropriate. CC ID 05611 | Log Management | Detective | |
| Enable or disable the /var/adm/sshlog log, as appropriate. CC ID 05612 | Log Management | Detective | |
| Enable or disable the /var/log/pamlog log, as appropriate. CC ID 05613 | Log Management | Detective | |
| Perform filesystem logging and filesystem journaling. CC ID 05615 | Log Management | Detective | |
| Configure the "Audit Policy: Object Access: File System" to organizational standards. CC ID 07666 | Configuration | Preventive | |
| Configure the "Background upload of a roaming user profile's registry file while user is logged on" setting to organizational standards. CC ID 10761 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Logon" to organizational standards. CC ID 07669 | Configuration | Preventive | |
| Configure the "Backup log automatically when full" setting for the "setup log" to organizational standards. CC ID 10762 | Configuration | Preventive | |
| Configure the "Applications preference logging and tracing" setting to organizational standards. CC ID 10774 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Logon: Kerberos Authentication Service" to organizational standards. CC ID 07679 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Extended Mode" to organizational standards. CC ID 07683 | Configuration | Preventive | |
| Configure the "Data Sources preference logging and tracing" setting to organizational standards. CC ID 10779 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Handle Manipulation" to organizational standards. CC ID 07684 | Configuration | Preventive | |
| Configure the "Devices preference logging and tracing" setting to organizational standards. CC ID 10782 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Detailed File Share" to organizational standards. CC ID 07687 | Configuration | Preventive | |
| Configure the "Drive Maps preference logging and tracing" setting to organizational standards. CC ID 10783 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Network Policy Server" to organizational standards. CC ID 07701 | Configuration | Preventive | |
| Configure the "Environment preference logging and tracing" setting to organizational standards. CC ID 10784 | Configuration | Preventive | |
| Configure the "Files preference logging and tracing" setting to organizational standards. CC ID 10785 | Configuration | Preventive | |
| Configure the "Audit Policy: Detailed Tracking: Process Creation" to organizational standards. CC ID 07707 | Configuration | Preventive | |
| Configure the "Audit Policy: System: IPsec Driver" to organizational standards. CC ID 07708 | Configuration | Preventive | |
| Configure the "Folder Options preference logging and tracing" setting to organizational standards. CC ID 10786 | Configuration | Preventive | |
| Configure the "Folders preference logging and tracing" setting to organizational standards. CC ID 10787 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Account Lockout" to organizational standards. CC ID 07713 | Configuration | Preventive | |
| Configure the "Ini Files preference logging and tracing" setting to organizational standards. CC ID 10788 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Kernel Object" to organizational standards. CC ID 07720 | Configuration | Preventive | |
| Configure the "Internet Settings preference logging and tracing" setting to organizational standards. CC ID 10789 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Other Object Access Events" to organizational standards. CC ID 07724 | Configuration | Preventive | |
| Configure the "Audit Policy: DS Access: Directory Service Replication" to organizational standards. CC ID 07734 | Configuration | Preventive | |
| Configure the "Local Users and Groups preference logging and tracing" setting to organizational standards. CC ID 10793 | Configuration | Preventive | |
| Configure the "Audit Policy: Policy Change: Audit Policy Change" to organizational standards. CC ID 07735 | Configuration | Preventive | |
| Configure the "Regional Options preference logging and tracing" setting to organizational standards. CC ID 10802 | Configuration | Preventive | |
| Configure the "Audit Policy: DS Access: Directory Service Changes" to organizational standards. CC ID 07736 | Configuration | Preventive | |
| Configure the "Registry preference logging and tracing" setting to organizational standards. CC ID 10803 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Certification Services" to organizational standards. CC ID 07742 | Configuration | Preventive | |
| Configure the "Scheduled Tasks preference logging and tracing" setting to organizational standards. CC ID 10815 | Configuration | Preventive | |
| Configure the "Maximum Log Size (KB)" to organizational standards. CC ID 07744 | Configuration | Preventive | |
| Configure the "Services preference logging and tracing" setting to organizational standards. CC ID 10818 | Configuration | Preventive | |
| Configure the "Audit Policy: Detailed Tracking: DPAPI Activity" to organizational standards. CC ID 07746 | Configuration | Preventive | |
| Configure the "Shortcuts preference logging and tracing" setting to organizational standards. CC ID 10819 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Management: Other Account Management Events" to organizational standards. CC ID 07751 | Configuration | Preventive | |
| Configure the "Start Menu preference logging and tracing" setting to organizational standards. CC ID 10821 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Management: Computer Account Management" to organizational standards. CC ID 07752 | Configuration | Preventive | |
| Configure the "Delete data from devices running Microsoft firmware when a user logs off from the computer." setting to organizational standards. CC ID 10846 | Configuration | Preventive | |
| Configure the "Disable logging via package settings" setting to organizational standards. CC ID 10864 | Configuration | Preventive | |
| Configure the "Audit Policy: Privilege Use: Non Sensitive Privilege Use" to organizational standards. CC ID 07756 | Configuration | Preventive | |
| Configure the "Do not forcefully unload the users registry at user logoff" setting to organizational standards. CC ID 10930 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Application Generated" to organizational standards. CC ID 07757 | Configuration | Preventive | |
| Configure the "Audit Policy: DS Access: Detailed Directory Service Replication" to organizational standards. CC ID 07764 | Configuration | Preventive | |
| Configure the "Do not log users on with temporary profiles" setting to organizational standards. CC ID 10931 | Configuration | Preventive | |
| Configure the "Log Access" setting for the "application log" to organizational standards. CC ID 11026 | Configuration | Preventive | |
| Configure the "Audit Policy: Privilege Use: Other Privilege Use Events" to organizational standards. CC ID 07776 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Logon: Kerberos Service Ticket Operations" to organizational standards. CC ID 07786 | Configuration | Preventive | |
| Configure the "Log Access" setting for the "setup log" to organizational standards. CC ID 11027 | Configuration | Preventive | |
| Configure the "Audit Policy: DS Access: Directory Service Access" to organizational standards. CC ID 07790 | Configuration | Preventive | |
| Configure the "Log Access" setting for the "system log" to organizational standards. CC ID 11028 | Configuration | Preventive | |
| Configure the "Retain old events" to organizational standards. CC ID 07791 | Configuration | Preventive | |
| Configure the "Log directory pruning retry events" setting to organizational standards. CC ID 11029 | Configuration | Preventive | |
| Configure the "Audit: Audit the use of Backup and Restore privilege" to organizational standards. CC ID 07792 | Configuration | Preventive | |
| Configure the "Log event when quota limit exceeded" setting to organizational standards. CC ID 11030 | Configuration | Preventive | |
| Configure the "Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change" to organizational standards. CC ID 07793 | Configuration | Preventive | |
| Configure the "Log File Path" setting for the "application log" to organizational standards. CC ID 11033 | Configuration | Preventive | |
| Configure the "Audit Policy: Policy Change: Other Policy Change Events" to organizational standards. CC ID 07810 | Configuration | Preventive | |
| Configure the "Log File Path" setting for the "setup log" to organizational standards. CC ID 11034 | Configuration | Preventive | |
| Configure the "Audit: Shut down system immediately if unable to log security audits" to organizational standards. CC ID 07812 | Configuration | Preventive | |
| Configure the "Log File Path" setting for the "system log" to organizational standards. CC ID 11035 | Configuration | Preventive | |
| Configure the "Audit Policy: System: Other System Events" to organizational standards. CC ID 07817 | Configuration | Preventive | |
| Configure the "Logging" setting to organizational standards. CC ID 11036 | Configuration | Preventive | |
| Configure the "Remove "Disconnect" option from Shut Down dialog" setting to organizational standards. CC ID 11126 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Management: Application Group Management" to organizational standards. CC ID 07819 | Configuration | Preventive | |
| Configure the "Remove browse dialog box for new source" setting to organizational standards. CC ID 11127 | Configuration | Preventive | |
| Configure the "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" to organizational standards. CC ID 07820 | Configuration | Preventive | |
| Configure the "Restricts the UI language Windows uses for all logged users" setting to organizational standards. CC ID 11147 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Logon: Other Account Logon Events" to organizational standards. CC ID 07825 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Management: Distribution Group Management" to organizational standards. CC ID 07828 | Configuration | Preventive | |
| Configure the "Set roaming profile path for all users logging onto this computer" setting to organizational standards. CC ID 11182 | Configuration | Preventive | |
| Configure the "Set the Time interval in minutes for logging accounting data" setting to organizational standards. CC ID 11193 | Configuration | Preventive | |
| Configure the "Audit: Audit the access of global system objects" to organizational standards. CC ID 07831 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Special Logon" to organizational standards. CC ID 07835 | Configuration | Preventive | |
| Configure the "Turn off Resultant Set of Policy logging" setting to organizational standards. CC ID 11307 | Configuration | Preventive | |
| Configure the "Audit Policy: Detailed Tracking: RPC Events" to organizational standards. CC ID 07840 | Configuration | Preventive | |
| Configure the "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" setting to organizational standards. CC ID 11343 | Configuration | Preventive | |
| Configure the "Audit Policy: Policy Change: Authentication Policy Change" to organizational standards. CC ID 07846 | Configuration | Preventive | |
| Configure the "Turn on extensive logging for Password Synchronization" setting to organizational standards. CC ID 11344 | Configuration | Preventive | |
| Configure the "Audit Policy: Detailed Tracking: Process Termination" to organizational standards. CC ID 07849 | Configuration | Preventive | |
| Configure the "Turn on logging" setting to organizational standards. CC ID 11345 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Quick Mode" to organizational standards. CC ID 07852 | Configuration | Preventive | |
| Configure the "Turn on session logging" setting to organizational standards. CC ID 11350 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Filtering Platform Packet Drop" to organizational standards. CC ID 07856 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Filtering Platform Connection" to organizational standards. CC ID 07864 | Configuration | Preventive | |
| Configure the "Audit Policy: Policy Change: Authorization Policy Change" to organizational standards. CC ID 07875 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Management: Security Group Management" to organizational standards. CC ID 07880 | Configuration | Preventive | |
| Configure the "Audit Policy: Privilege Use: Sensitive Privilege Use" to organizational standards. CC ID 07887 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Main Mode" to organizational standards. CC ID 07888 | Configuration | Preventive | |
| Configure the "Audit Policy: Account Logon: Credential Validation" to organizational standards. CC ID 07892 | Configuration | Preventive | |
| Configure the "Audit Policy: Policy Change: Filtering Platform Policy Change" to organizational standards. CC ID 07895 | Configuration | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Other Logon/Logoff Events" to organizational standards. CC ID 07899 | Configuration | Preventive | |
| Configure the "Audit Policy: System: Security State Change" to organizational standards. CC ID 07903 | Configuration | Preventive | |
| Configure the "Audit Policy: System: Security System Extension" to organizational standards. CC ID 07904 | Configuration | Preventive | |
| Configure the "Audit account logon events" to organizational standards. CC ID 08188 | Configuration | Preventive | |
| Configure the "Retention method for security log" to organizational standards. CC ID 08197 | Configuration | Preventive | |
| Configure the "Retention method for system log" to organizational standards. CC ID 08211 | Configuration | Preventive | |
| Configure the "Audit logon events" to organizational standards. CC ID 08221 | Configuration | Preventive | |
| Configure the "Retention method for application log" to organizational standards. CC ID 08226 | Configuration | Preventive | |
| Configure the "Retain security log" to organizational standards. CC ID 08241 | Configuration | Preventive | |
| Configure the "Audit system events" to organizational standards. CC ID 08244 | Configuration | Preventive | |
| Configure the "Retain application log" to organizational standards. CC ID 08246 | Configuration | Preventive | |
| Configure the "Prevent local guests group from accessing application log" to organizational standards. CC ID 08248 | Configuration | Preventive | |
| Configure the "Maximum security log size" to organizational standards. CC ID 08251 | Configuration | Preventive | |
| Configure the "Retain system log" to organizational standards. CC ID 08258 | Configuration | Preventive | |
| Configure the "Audit privilege use" to organizational standards. CC ID 08266 | Configuration | Preventive | |
| Configure the "Audit policy change" to organizational standards. CC ID 08272 | Configuration | Preventive | |
| Configure the "Audit object access" to organizational standards. CC ID 08278 | Configuration | Preventive | |
| Configure the "Audit process tracking" to organizational standards. CC ID 08283 | Configuration | Preventive | |
| Configure the "Maximum system log size" to organizational standards. CC ID 08286 | Configuration | Preventive | |
| Configure the "Maximum application log size" to organizational standards. CC ID 08296 | Configuration | Preventive | |
| Configure the "Prevent local guests group from accessing security log" to organizational standards. CC ID 08297 | Configuration | Preventive | |
| Configure the "Audit directory service access" to organizational standards. CC ID 08304 | Configuration | Preventive | |
| Configure the "Audit account management" to organizational standards. CC ID 08316 | Configuration | Preventive | |
| Configure the "Prevent local guests group from accessing system log" to organizational standards. CC ID 08336 | Configuration | Preventive | |
| Configure the "Specify the maximum log file size (KB)" to organizational standards. CC ID 08352 | Configuration | Preventive | |
| Configure the "Message tracking logging - Mailbox" to organizational standards. CC ID 08360 | Configuration | Preventive | |
| Configure the "Turn on Connectivity logging" to organizational standards. CC ID 08398 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Logging: Size limit (KB)" to organizational standards. CC ID 08405 | Configuration | Preventive | |
| Configure the "Control Event Log behavior when the log file reaches its maximum size" to organizational standards. CC ID 08444 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Logging: Log dropped packets" to organizational standards. CC ID 08445 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Logging: Log dropped packets" to organizational standards. CC ID 08454 | Configuration | Preventive | |
| Configure the "Configure Protocol logging" to organizational standards. CC ID 08463 | Configuration | Preventive | |
| Configure the "Message tracking logging - Transport" to organizational standards. CC ID 08477 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Logging: Log dropped packets" to organizational standards. CC ID 08501 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Removable Storage" to organizational standards. CC ID 08504 | Configuration | Preventive | |
| Configure the "Windows Firewall: Domain: Logging: Name" to organizational standards. CC ID 08543 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Logging: Log successful connections" to organizational standards. CC ID 08545 | Configuration | Preventive | |
| Configure the "Audit Policy: Object Access: Central Access Policy Staging" to organizational standards. CC ID 08558 | Configuration | Preventive | |
| Configure the "Windows Firewall: Public: Logging: Name" to organizational standards. CC ID 08565 | Configuration | Preventive | |
| Configure the "Windows Firewall: Private: Logging: Size limit (KB)" to organizational standards. CC ID 08606 | Configuration | Preventive | |
| Configure the "kernel arguments" setting for "auditing early in the boot process" to organizational standards. CC ID 08749 | Establish/Maintain Documentation | Preventive | |
| Configure the "record date and time modification events" setting for "auditing" to organizational standards. CC ID 08750 | Establish/Maintain Documentation | Preventive | |
| Configure the "record user/group information modification events" setting for "auditing" to organizational standards. CC ID 08751 | Establish/Maintain Documentation | Preventive | |
| Configure the "record changes to the system network environment" setting for "auditing" to organizational standards. CC ID 08752 | Establish/Maintain Documentation | Preventive | |
| Configure the "record changes to the system's mandatory access controls" setting for "auditing" to organizational standards. CC ID 08753 | Establish/Maintain Documentation | Preventive | |
| Configure the "record logon and logout events" setting for "auditing" to organizational standards. CC ID 08754 | Establish/Maintain Documentation | Preventive | |
| Configure the "record process and session initiation events" setting for "auditing" to organizational standards. CC ID 08755 | Establish/Maintain Documentation | Preventive | |
| Configure the "record changes to discretionary access control permissions" setting for "auditing" to organizational standards. CC ID 08756 | Establish/Maintain Documentation | Preventive | |
| Configure the "record unauthorized attempts to access files" setting for "auditing" to organizational standards. CC ID 08757 | Establish/Maintain Documentation | Preventive | |
| Configure the "record use of privileged commands" setting for "auditing" to organizational standards. CC ID 08758 | Establish/Maintain Documentation | Preventive | |
| Configure the "record data export to media events" setting for "auditing" to organizational standards. CC ID 08759 | Establish/Maintain Documentation | Preventive | |
| Configure the "record file and program deletion events" setting for "auditing" to organizational standards. CC ID 08760 | Establish/Maintain Documentation | Preventive | |
| Configure the "record administrator and security personnel action events" setting for "auditing" to organizational standards. CC ID 08761 | Establish/Maintain Documentation | Preventive | |
| Configure the "record kernel module loading and unloading events" setting for "auditing" to organizational standards. CC ID 08762 | Establish/Maintain Documentation | Preventive | |
| Configure the "Ensure auditd configuration is immutable" setting for "auditing" to organizational standards. CC ID 08763 | Establish/Maintain Documentation | Preventive | |
| Configure the "audit file ownership changes" setting to organizational standards. CC ID 08966 | Audits and Risk Management | Preventive | |
| Configure the "audit change user functions" setting to organizational standards. CC ID 08982 | Configuration | Preventive | |
| Configure the "audit the use of chmod command" setting to organizational standards. CC ID 08983 | Configuration | Preventive | |
| Configure the "audit the chown command" setting to organizational standards. CC ID 08984 | Configuration | Preventive | |
| Configure the "Collect Session Initiation Information" setting to organizational standards. CC ID 09948 | Configuration | Preventive | |
| Configure the "Collect Discretionary Access Control Permission Modification Events" setting to organizational standards. CC ID 09949 | Configuration | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Fault Tolerant Heap" to organizational standards. CC ID 10808 | Configuration | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Boot Performance Diagnostics" to organizational standards. CC ID 10809 | Configuration | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Memory Leak Diagnosis" to organizational standards. CC ID 10810 | Configuration | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Resource Exhaustion Detection and Resolution" to organizational standards. CC ID 10811 | Configuration | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Shutdown Performance Diagnostics" to organizational standards. CC ID 10812 | Configuration | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Standby/Resume Performance Diagnostics" to organizational standards. CC ID 10813 | Configuration | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows System Responsiveness Diagnostics" to organizational standards. CC ID 10814 | Configuration | Preventive | |
| Configure the "Default quota limit and warning level" setting to organizational standards. CC ID 10840 | Configuration | Preventive | |
| Configure the "Detect application failures caused by deprecated COM objects" setting to organizational standards. CC ID 10851 | Configuration | Preventive | |
| Configure the "Detect application failures caused by deprecated Windows DLLs" setting to organizational standards. CC ID 10852 | Configuration | Preventive | |
| Configure the "Detect application install failures" setting to organizational standards. CC ID 10853 | Configuration | Preventive | |
| Configure the "Detect application installers that need to be run as administrator" setting to organizational standards. CC ID 10854 | Configuration | Preventive | |
| Configure the "Detect applications unable to launch installers under UAC" setting to organizational standards. CC ID 10855 | Configuration | Preventive | |
| Configure the "Diagnostics: Configure scenario execution level" setting to organizational standards. CC ID 10856 | Configuration | Preventive | |
| Configure the "Disk Diagnostic: Configure execution level" setting to organizational standards. CC ID 10883 | Configuration | Preventive | |
| Configure the "Log event when quota warning level exceeded" setting to organizational standards. CC ID 11031 | Configuration | Preventive | |
| Configure the "Log File Debug Output Level" setting to organizational standards. CC ID 11032 | Configuration | Preventive | |
| Configure the "Microsoft Support Diagnostic Tool: Configure execution level" setting to organizational standards. CC ID 11043 | Configuration | Preventive | |
| Configure the "Primary DNS Suffix Devolution Level" setting to organizational standards. CC ID 11096 | Configuration | Preventive | |
| Configure the "Require user authentication for remote connections by using Network Level Authentication" setting to organizational standards. CC ID 11138 | Configuration | Preventive | |
| Configure the "Specify channel binding token hardening level" setting to organizational standards. CC ID 11209 | Configuration | Preventive | |
| Configure the "Update Security Level" setting to organizational standards. CC ID 11357 | Configuration | Preventive | |
| Configure the "Update Top Level Domain Zones" setting to organizational standards. CC ID 11358 | Configuration | Preventive | |
| Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621 | Configuration | Preventive | |
| Configure Kerberos pre-authentication to organizational standards. CC ID 16480 | Configuration | Preventive | |
| Configure time-based user access restrictions in accordance with organizational standards. CC ID 16436 | Configuration | Preventive | |
| Configure "MFA Delete" to organizational standards. CC ID 15430 | Configuration | Preventive | |
| Configure Identity and Access Management policies to organizational standards. CC ID 15422 | Configuration | Preventive | |
| Configure the Identity and Access Management Access analyzer to organizational standards. CC ID 15420 | Configuration | Preventive | |
| Configure "Support device authentication using certificate" to organizational standards. CC ID 15410 | Configuration | Preventive | |
| Install LAPS AdmPwd GPO Extension, as necessary. CC ID 15409 | Configuration | Preventive | |
| Configure "Require pin for pairing" to organizational standards. CC ID 15395 | Configuration | Preventive | |
| Configure "Do not allow password expiration time longer than required by policy" to organizational standards. CC ID 15390 | Configuration | Preventive | |
| Configure "Enable Local Admin Password Management" to organizational standards. CC ID 15387 | Configuration | Preventive | |
| Configure "Allow Microsoft accounts to be optional" to organizational standards. CC ID 15368 | Configuration | Preventive | |
| Configure "Turn off picture password sign-in" to organizational standards. CC ID 15347 | Configuration | Preventive | |
| Configure "Enable insecure guest logons" to organizational standards. CC ID 15344 | Configuration | Preventive | |
| Configure the "cert-expiry" argument to organizational standards. CC ID 14541 | Configuration | Preventive | |
| Configure "client certificate authentication" to organizational standards. CC ID 14608 | Configuration | Preventive | |
| Configure the "client certificate bundles" to organizational standards. CC ID 14518 | Configuration | Preventive | |
| Configure the "external-server-cert" argument to organizational standards. CC ID 14522 | Configuration | Preventive | |
| Configure the "Network Security: Restrict NTLM: Incoming NTLM traffic" to organizational standards. CC ID 07622 | Configuration | Preventive | |
| Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" to organizational standards. CC ID 07638 | Configuration | Preventive | |
| Configure the "Interactive logon: Require Domain Controller authentication to unlock workstation" to organizational standards. CC ID 07639 | Configuration | Preventive | |
| Configure the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" to organizational standards. CC ID 07663 | Configuration | Preventive | |
| Configure the "Maximum password age" to organizational standards. CC ID 07688 | Configuration | Preventive | |
| Configure the "Network Security: Restrict NTLM: Add server exceptions in this domain" to organizational standards. CC ID 07693 | Configuration | Preventive | |
| Configure "Accounts: Limit local account use of blank passwords to console logon only" to organizational standards. CC ID 07697 | Configuration | Preventive | |
| Configure the "Minimum password length" to organizational standards. CC ID 07711 | Configuration | Preventive | |
| Configure the "Microsoft network server: Server SPN target name validation level" to organizational standards. CC ID 07714 | Configuration | Preventive | |
| Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" to organizational standards. CC ID 07730 | Configuration | Preventive | |
| Configure the "Domain member: Maximum machine account password age" to organizational standards. CC ID 07737 | Configuration | Preventive | |
| Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 | Configuration | Preventive | |
| Configure the "Service Account Tokens" to organizational standards. CC ID 14646 | Configuration | Preventive | |
| Configure the "Interactive logon: Require smart card" to organizational standards. CC ID 07753 | Configuration | Preventive | |
| Configure the "System cryptography: Force strong key protection for user keys stored on the computer" to organizational standards. CC ID 07763 | Configuration | Preventive | |
| Configure the "rotate" argument to organizational standards. CC ID 14548 | Configuration | Preventive | |
| Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" to organizational standards. CC ID 07769 | Configuration | Preventive | |
| Configure the "Domain controller: Refuse machine account password changes" to organizational standards. CC ID 07827 | Configuration | Preventive | |
| Configure the "Store passwords using reversible encryption" to organizational standards. CC ID 07829 | Configuration | Preventive | |
| Configure the "Network security: Allow Local System to use computer identity for NTLM" to organizational standards. CC ID 07830 | Configuration | Preventive | |
| Configure the "Interactive logon: Prompt user to change password before expiration" to organizational standards. CC ID 07844 | Configuration | Preventive | |
| Configure the "Network Security: Restrict NTLM: NTLM authentication in this domain" to organizational standards. CC ID 07859 | Configuration | Preventive | |
| Configure the "Enforce password history" to organizational standards. CC ID 07877 | Configuration | Preventive | |
| Configure the "Domain member: Disable machine account password changes" to organizational standards. CC ID 07883 | Configuration | Preventive | |
| Configure the "Interactive logon: Smart card removal behavior" to organizational standards. CC ID 07884 | Configuration | Preventive | |
| Configure the "Logon options" to organizational standards. CC ID 07917 | Configuration | Preventive | |
| Configure the "Prevent ignoring certificate errors" to organizational standards. CC ID 07924 | Configuration | Preventive | |
| Configure the "Turn off Encryption Support" to organizational standards. CC ID 08028 | Configuration | Preventive | |
| Configure the "Disable changing certificate settings" to organizational standards. CC ID 08042 | Configuration | Preventive | |
| Configure the "Check for server certificate revocation" to organizational standards. CC ID 08120 | Configuration | Preventive | |
| Configure the "Do not allow passwords to be saved" to organizational standards. CC ID 08178 | Configuration | Preventive | |
| Configure the "RPC Endpoint Mapper Client Authentication" to organizational standards. CC ID 08202 | Configuration | Preventive | |
| Configure the "Restrictions for Unauthenticated RPC clients" to organizational standards. CC ID 08240 | Configuration | Preventive | |
| Configure the "Maximum lifetime for user ticket renewal" to organizational standards. CC ID 08257 | Configuration | Preventive | |
| Configure the "System objects: Default owner for objects created by members of the Administrators group" to organizational standards. CC ID 08269 | Configuration | Preventive | |
| Configure the "Enforce user logon restrictions" to organizational standards. CC ID 08274 | Configuration | Preventive | |
| Configure the "Require a Password When a Computer Wakes (Plugged In)" to organizational standards. CC ID 08404 | Configuration | Preventive | |
| Configure the "Configure login authentication for POP3" to organizational standards. CC ID 08413 | Configuration | Preventive | |
| Configure the "Turn on PIN sign-in" to organizational standards. CC ID 08415 | Configuration | Preventive | |
| Configure the "Interactive logon: Machine account lockout threshold" to organizational standards. CC ID 08419 | Configuration | Preventive | |
| Configure the "Allow the use of biometrics" to organizational standards. CC ID 08435 | Configuration | Preventive | |
| Configure the "Configure login authentication for IMAP4" to organizational standards. CC ID 08443 | Configuration | Preventive | |
| Configure the "Allow simple passwords" to organizational standards. CC ID 08476 | Configuration | Preventive | |
| Configure the "Require a Password When a Computer Wakes (On Battery)" to organizational standards. CC ID 08487 | Configuration | Preventive | |
| Configure the "Require password" to organizational standards. CC ID 08511 | Configuration | Preventive | |
| Configure the "Time without user input before password must be re-entered" to organizational standards. CC ID 08518 | Configuration | Preventive | |
| Configure the "Allow basic authentication" to organizational standards. CC ID 08522 | Configuration | Preventive | |
| Configure the "External send connector authentication: Domain Security" to organizational standards. CC ID 08527 | Configuration | Preventive | |
| Configure the "External send connector authentication: Ignore Start TLS" to organizational standards. CC ID 08530 | Configuration | Preventive | |
| Configure the "Turn on Basic feed authentication over HTTP" to organizational standards. CC ID 08548 | Configuration | Preventive | |
| Configure the "Number of attempts allowed" to organizational standards. CC ID 08569 | Configuration | Preventive | |
| Configure the "Password Expiration" to organizational standards. CC ID 08576 | Configuration | Preventive | |
| Configure the "External send connector authentication: DNS Routing" to organizational standards. CC ID 08579 | Configuration | Preventive | |
| Configure the "Require alphanumeric password" to organizational standards. CC ID 08582 | Configuration | Preventive | |
| Configure the "Allow access to voicemail without requiring a PIN" to organizational standards. CC ID 08585 | Configuration | Preventive | |
| Configure the "Require Client Certificates" to organizational standards. CC ID 08597 | Configuration | Preventive | |
| Configure the "Disallow Digest authentication" to organizational standards. CC ID 08602 | Configuration | Preventive | |
| Configure the "Accounts: Block Microsoft accounts" to organizational standards. CC ID 08613 | Configuration | Preventive | |
| Configure Encryption settings in accordance with organizational standards. CC ID 07625 | Configuration | Preventive | |
| Configure "Elastic Block Store volume encryption" to organizational standards. CC ID 15434 | Configuration | Preventive | |
| Configure "Encryption Oracle Remediation" to organizational standards. CC ID 15366 | Configuration | Preventive | |
| Configure the "encryption provider" to organizational standards. CC ID 14591 | Configuration | Preventive | |
| Configure the "Microsoft network server: Digitally sign communications (always)" to organizational standards. CC ID 07626 | Configuration | Preventive | |
| Configure the "Domain member: Digitally encrypt or sign secure channel data (always)" to organizational standards. CC ID 07657 | Configuration | Preventive | |
| Configure the "Domain member: Digitally sign secure channel data (when possible)" to organizational standards. CC ID 07678 | Configuration | Preventive | |
| Configure the "Network Security: Configure encryption types allowed for Kerberos" to organizational standards. CC ID 07799 | Configuration | Preventive | |
| Configure the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" to organizational standards. CC ID 07822 | Configuration | Preventive | |
| Configure the "Configure use of smart cards on fixed data drives" to organizational standards. CC ID 08361 | Configuration | Preventive | |
| Configure the "Enforce drive encryption type on removable data drives" to organizational standards. CC ID 08363 | Configuration | Preventive | |
| Configure the "Configure TPM platform validation profile for BIOS-based firmware configurations" to organizational standards. CC ID 08370 | Configuration | Preventive | |
| Configure the "Configure use of passwords for removable data drives" to organizational standards. CC ID 08394 | Configuration | Preventive | |
| Configure the "Configure use of hardware-based encryption for removable data drives" to organizational standards. CC ID 08401 | Configuration | Preventive | |
| Configure the "Require additional authentication at startup" to organizational standards. CC ID 08422 | Configuration | Preventive | |
| Configure the "Deny write access to fixed drives not protected by BitLocker" to organizational standards. CC ID 08429 | Configuration | Preventive | |
| Configure the "Configure startup mode" to organizational standards. CC ID 08430 | Configuration | Preventive | |
| Configure the "Require client MAPI encryption" to organizational standards. CC ID 08446 | Configuration | Preventive | |
| Configure the "Configure dial plan security" to organizational standards. CC ID 08453 | Configuration | Preventive | |
| Configure the "Allow access to BitLocker-protected removable data drives from earlier versions of Windows" to organizational standards. CC ID 08457 | Configuration | Preventive | |
| Configure the "Enforce drive encryption type on fixed data drives" to organizational standards. CC ID 08460 | Configuration | Preventive | |
| Configure the "Allow Secure Boot for integrity validation" to organizational standards. CC ID 08461 | Configuration | Preventive | |
| Configure the "Configure use of passwords for operating system drives" to organizational standards. CC ID 08478 | Configuration | Preventive | |
| Configure the "Choose how BitLocker-protected removable drives can be recovered" to organizational standards. CC ID 08484 | Configuration | Preventive | |
| Configure the "Validate smart card certificate usage rule compliance" to organizational standards. CC ID 08492 | Configuration | Preventive | |
| Configure the "Allow enhanced PINs for startup" to organizational standards. CC ID 08495 | Configuration | Preventive | |
| Configure the "Choose how BitLocker-protected operating system drives can be recovered" to organizational standards. CC ID 08499 | Configuration | Preventive | |
| Configure the "Allow access to BitLocker-protected fixed data drives from earlier versions of Windows" to organizational standards. CC ID 08505 | Configuration | Preventive | |
| Configure the "Choose how BitLocker-protected fixed drives can be recovered" to organizational standards. CC ID 08509 | Configuration | Preventive | |
| Configure the "Configure use of passwords for fixed data drives" to organizational standards. CC ID 08513 | Configuration | Preventive | |
| Configure the "Choose drive encryption method and cipher strength" to organizational standards. CC ID 08537 | Configuration | Preventive | |
| Configure the "Choose default folder for recovery password" to organizational standards. CC ID 08541 | Configuration | Preventive | |
| Configure the "Prevent memory overwrite on restart" to organizational standards. CC ID 08542 | Configuration | Preventive | |
| Configure the "Deny write access to removable drives not protected by BitLocker" to organizational standards. CC ID 08549 | Configuration | Preventive | |
| Configure the "opt encrypted" flag to organizational standards. CC ID 14534 | Configuration | Preventive | |
| Configure the "Provide the unique identifiers for your organization" to organizational standards. CC ID 08552 | Configuration | Preventive | |
| Configure the "Enable use of BitLocker authentication requiring preboot keyboard input on slates" to organizational standards. CC ID 08556 | Configuration | Preventive | |
| Configure the "Require encryption on device" to organizational standards. CC ID 08563 | Configuration | Preventive | |
| Configure the "Enable S/MIME for OWA 2007" to organizational standards. CC ID 08564 | Configuration | Preventive | |
| Configure the "Control use of BitLocker on removable drives" to organizational standards. CC ID 08566 | Configuration | Preventive | |
| Configure the "Configure use of hardware-based encryption for fixed data drives" to organizational standards. CC ID 08568 | Configuration | Preventive | |
| Configure the "Configure use of smart cards on removable data drives" to organizational standards. CC ID 08570 | Configuration | Preventive | |
| Configure the "Enforce drive encryption type on operating system drives" to organizational standards. CC ID 08573 | Configuration | Preventive | |
| Configure the "Disallow standard users from changing the PIN or password" to organizational standards. CC ID 08574 | Configuration | Preventive | |
| Configure the "Use enhanced Boot Configuration Data validation profile" to organizational standards. CC ID 08578 | Configuration | Preventive | |
| Configure the "Allow network unlock at startup" to organizational standards. CC ID 08588 | Configuration | Preventive | |
| Configure the "Enable S/MIME for OWA 2010" to organizational standards. CC ID 08592 | Configuration | Preventive | |
| Configure the "Configure minimum PIN length for startup" to organizational standards. CC ID 08594 | Configuration | Preventive | |
| Configure the "Configure TPM platform validation profile" to organizational standards. CC ID 08598 | Configuration | Preventive | |
| Configure the "Configure use of hardware-based encryption for operating system drives" to organizational standards. CC ID 08601 | Configuration | Preventive | |
| Configure the "Reset platform validation data after BitLocker recovery" to organizational standards. CC ID 08607 | Configuration | Preventive | |
| Configure the "Configure TPM platform validation profile for native UEFI firmware configurations" to organizational standards. CC ID 08614 | Configuration | Preventive | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives" setting to organizational standards. CC ID 10039 | Configuration | Preventive | |
| Configure the "Save BitLocker recovery information to AD DS for fixed data drives" setting to organizational standards. CC ID 10040 | Configuration | Preventive | |
| Configure the "Omit recovery options from the BitLocker setup wizard" setting to organizational standards. CC ID 10041 | Configuration | Preventive | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for operating system drives" setting to organizational standards. CC ID 10042 | Configuration | Preventive | |
| Configure the "Save BitLocker recovery information to AD DS for operating system drives" setting to organizational standards. CC ID 10043 | Configuration | Preventive | |
| Configure the "Allow BitLocker without a compatible TPM" setting to organizational standards. CC ID 10044 | Configuration | Preventive | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for removable data drives" setting to organizational standards. CC ID 10045 | Configuration | Preventive | |
| Configure the "Save BitLocker recovery information to AD DS for removable data drives" setting to organizational standards. CC ID 10046 | Configuration | Preventive | |
| Configure File Retention, Impact Level, and Classification Settings settings in accordance with organizational standards. CC ID 07715 | Configuration | Preventive | |
| Configure the "Classification of files based on Discoverability" to organizational standards. CC ID 07716 | Configuration | Preventive | |
| Configure the "Classification of files based on Intellectual Property" to organizational standards. CC ID 07765 | Configuration | Preventive | |
| Configure the "Classification of files based on Confidentiality" to organizational standards. CC ID 07782 | Configuration | Preventive | |
| Configure the "Classification of files based on PHI" to organizational standards. CC ID 07785 | Configuration | Preventive | |
| Configure the "Classification of files based on Impact Level" to organizational standards. CC ID 07789 | Configuration | Preventive | |
| Configure the "Classification of files based on Retention" to organizational standards. CC ID 07860 | Configuration | Preventive | |
| Configure the "Classification of files based on PII" to organizational standards. CC ID 07865 | Configuration | Preventive | |
| Configure System settings in accordance with organizational standards. CC ID 07806 | Configuration | Preventive | |
| Configure the "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)" to organizational standards CC ID 07807 | Configuration | Preventive | |
| Configure the "Accounts: Rename guest account" to organizational standards. CC ID 07816 | Configuration | Preventive | |
| Configure the "Accounts: Rename administrator account" to organizational standards. CC ID 07843 | Configuration | Preventive | |
| Configure the "Accounts: Guest account status" to organizational standards. CC ID 07971 | Configuration | Preventive | |
| Configure the "Accounts: Administrator account status" to organizational standards. CC ID 07996 | Configuration | Preventive | |
| Configure the "Prompt for password on resume from hibernate / suspend" to organizational standards. CC ID 08342 | Configuration | Preventive | |
| Configure Virus and Malware Protection settings in accordance with organizational standards. CC ID 07906 | Configuration | Preventive | |
| Configure "Turn on behavior monitoring" to organizational standards. CC ID 15407 | Configuration | Preventive | |
| Configure "Turn off real-time protection" to organizational standards. CC ID 15406 | Configuration | Preventive | |
| Configure "Scan all downloaded files and attachments" to organizational standards. CC ID 15404 | Configuration | Preventive | |
| Configure "Scan removable drives" to organizational standards. CC ID 15401 | Configuration | Preventive | |
| Configure "Configure Attack Surface Reduction rules: Set the state for each ASR rule" to organizational standards. CC ID 15392 | Configuration | Preventive | |
| Configure "Join Microsoft MAPS" to organizational standards. CC ID 15384 | Configuration | Preventive | |
| Configure "Configure detection for potentially unwanted applications" to organizational standards. CC ID 15375 | Configuration | Preventive | |
| Configure "Turn off Microsoft Defender AntiVirus" to organizational standards. CC ID 15371 | Configuration | Preventive | |
| Configure "Enable file hash computation feature" to organizational standards. CC ID 15340 | Configuration | Preventive | |
| Configure the "Internet Explorer Processes" to organizational standards. CC ID 07907 | Configuration | Preventive | |
| Configure the "Turn on the auto-complete feature for user names and passwords on forms" to organizational standards. CC ID 07941 | Configuration | Preventive | |
| Configure the "Automatic prompting for file downloads" to organizational standards. CC ID 07950 | Configuration | Preventive | |
| Configure the "Use SmartScreen Filter" to organizational standards. CC ID 07952 | Configuration | Preventive | |
| Configure the "Run ActiveX controls and plugins" to organizational standards. CC ID 07954 | Configuration | Preventive | |
| Configure the "Java permissions" to organizational standards. CC ID 07969 | Configuration | Preventive | |
| Configure the "Use Pop-up Blocker" to organizational standards. CC ID 07990 | Configuration | Preventive | |
| Configure the "Prevent Bypassing SmartScreen Filter Warnings" to organizational standards. CC ID 07994 | Configuration | Preventive | |
| Configure the "Allow cut, copy or paste operations from the clipboard via script" to organizational standards. CC ID 07997 | Configuration | Preventive | |
| Configure the "Allow software to run or install even if the signature is invalid" to organizational standards. CC ID 08019 | Configuration | Preventive | |
| Configure the "Do not allow users to enable or disable add-ons" to organizational standards. CC ID 08035 | Configuration | Preventive | |
| Configure the "Disable AutoComplete for forms" to organizational standards. CC ID 08066 | Configuration | Preventive | |
| Configure the "Download unsigned ActiveX controls" to organizational standards. CC ID 08073 | Configuration | Preventive | |
| Configure the "Scripting of Java applets" to organizational standards. CC ID 08105 | Configuration | Preventive | |
| Configure the "Allow only approved domains to use ActiveX controls without prompt" to organizational standards. CC ID 08374 | Configuration | Preventive | |
| Configure the "Prevent per-user installation of ActiveX controls" to organizational standards. CC ID 08382 | Configuration | Preventive | |
| Configure the "Turn on Cross-Site Scripting Filter" to organizational standards. CC ID 08395 | Configuration | Preventive | |
| Configure the "Turn on certificate address mismatch warning" to organizational standards. CC ID 08410 | Configuration | Preventive | |
| Configure the "Show security warning for potentially unsafe files" to organizational standards. CC ID 08412 | Configuration | Preventive | |
| Configure the "Turn on Protected Mode" to organizational standards. CC ID 08471 | Configuration | Preventive | |
| Configure the "Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled" to organizational standards. CC ID 08510 | Configuration | Preventive | |
| Configure the "Check for signatures on downloaded programs" to organizational standards. CC ID 08584 | Configuration | Preventive | |
| Configure the "Specify use of ActiveX Installer Service for installation of ActiveX controls" to organizational standards. CC ID 08587 | Configuration | Preventive | |
| Configure the "Prevent changing the URL for checking updates to Internet Explorer and Internet Tools" to organizational standards. CC ID 08589 | Configuration | Preventive | |
| Configure the "Enable MIME Sniffing" to organizational standards. CC ID 08591 | Configuration | Preventive | |
| Configure "Prevent downloading of enclosures" to organizational standards. CC ID 08612 | Configuration | Preventive | |
| Configure User Notification settings in accordance with organizational standards. CC ID 08201 | Configuration | Preventive | |
| Configure the "Display Error Notification" to organizational standards. CC ID 08280 | Configuration | Preventive | |
| Configure the "Customize Warning Messages" to organizational standards. CC ID 08599 | Configuration | Preventive | |
| Configure Windows Components settings in accordance with organizational standards. CC ID 08263 | Configuration | Preventive | |
| Configure the "Notify antivirus programs when opening attachments" to organizational standards. CC ID 08264 | Configuration | Preventive | |
| Configure the "Do not preserve zone information in file attachments" to organizational standards. CC ID 08309 | Configuration | Preventive | |
| Configure the "Remove CD Burning features" to organizational standards. CC ID 08324 | Configuration | Preventive | |
| Configure the "Remove Security tab" to organizational standards. CC ID 08328 | Configuration | Preventive | |
| Configure the "Hide mechanisms to remove zone information" to organizational standards. CC ID 08338 | Configuration | Preventive | |
| Configure the "Prevent Codec Download" to organizational standards. CC ID 08554 | Configuration | Preventive | |
| Configure File System settings in accordance with organizational standards. CC ID 08294 | Configuration | Preventive | |
| Configure Control Panel settings in accordance with organizational standards. CC ID 08311 | Configuration | Preventive | |
| Configure the "Screen saver timeout" to organizational standards. CC ID 08312 | Configuration | Preventive | |
| Configure the "Enable screen saver" to organizational standards. CC ID 08322 | Configuration | Preventive | |
| Configure the "Force specific screen saver" to organizational standards. CC ID 08334 | Configuration | Preventive | |
| Configure the "Password protect the screen saver" to organizational standards. CC ID 08341 | Configuration | Preventive | |
| Configure the "Prevent changing screen saver" to organizational standards. CC ID 08560 | Configuration | Preventive | |
| Configure Capacity and Performance Management settings in accordance with organizational standards. CC ID 08353 | Configuration | Preventive | |
| Configure the "Maximum receive size - organization level" to organizational standards. CC ID 08354 | Configuration | Preventive | |
| Configure the "Maximum send size - connector level" to organizational standards. CC ID 08399 | Configuration | Preventive | |
| Configure the "Maximum number of recipients - organization level" to organizational standards. CC ID 08431 | Configuration | Preventive | |
| Configure the "Enable Sender ID agent" to organizational standards. CC ID 08450 | Configuration | Preventive | |
| Configure the "Maximum receive size - connector level" to organizational standards. CC ID 08480 | Configuration | Preventive | |
| Configure the "Maximum send size - organization level" to organizational standards. CC ID 08483 | Configuration | Preventive | |
| Configure the "Mount database at startup" to organizational standards. CC ID 08493 | Configuration | Preventive | |
| Configure the "Enable Sender reputation" to organizational standards. CC ID 08503 | Configuration | Preventive | |
| Configure the "Mailbox quotas: Issue warning at" to organizational standards. CC ID 08508 | Configuration | Preventive | |
| Configure the "Mailbox quotas: Prohibit send and receive at" to organizational standards. CC ID 08532 | Configuration | Preventive | |
| Configure the "Mailbox quotas: Prohibit send at" to organizational standards. CC ID 08610 | Configuration | Preventive | |
| Configure Personal Information Handling settings in accordance with organizational standards. CC ID 08396 | Configuration | Preventive | |
| Configure the "Enable OOF messages to remote domains" to organizational standards. CC ID 08397 | Configuration | Preventive | |
| Configure the "Enable automatic forwards to remote domains" to organizational standards. CC ID 08462 | Configuration | Preventive | |
| Configure the "Enable non-delivery reports to remote domains" to organizational standards. CC ID 08506 | Configuration | Preventive | |
| Configure Data Backup and Recovery settings in accordance with organizational standards. CC ID 08406 | Configuration | Preventive | |
| Configure the "Retain deleted items for the specified number of days" to organizational standards. CC ID 08407 | Configuration | Preventive | |
| Configure the "Do not permanently delete items until the database has been backed up" to organizational standards. CC ID 08490 | Configuration | Preventive | |
| Configure the "Keep deleted mailboxes for the specified number of days" to organizational standards. CC ID 08600 | Configuration | Preventive | |
| Configure Nonrepudiation Configuration settings in accordance with organizational standards. CC ID 08432 | Configuration | Preventive | |
| Configure the "Configure Sender Filtering" to organizational standards. CC ID 08433 | Configuration | Preventive | |
| Configure the "Turn on Administrator Audit Logging" to organizational standards. CC ID 08528 | Configuration | Preventive | |
| Configure Device Installation settings in accordance with organizational standards. CC ID 08438 | Configuration | Preventive | |
| Configure the "Prevent installation of devices using drivers that match these device setup classes" to organizational standards. CC ID 08439 | Configuration | Preventive | |
| Configure the "device installation time-out" setting to organizational standards. CC ID 10781 | Configuration | Preventive | |
| Configure the "list of Enhanced Storage devices usable on your computer" setting to organizational standards. CC ID 10791 | Configuration | Preventive | |
| Configure the "Display a custom message title when device installation is prevented by a policy setting" setting to organizational standards. CC ID 10885 | Configuration | Preventive | |
| Configure the "Do not send a Windows error report when a generic driver is installed on a device" setting to organizational standards. CC ID 10933 | Configuration | Preventive | |
| Configure the "Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point" setting to organizational standards. CC ID 11072 | Configuration | Preventive | |
| Configure the "Prevent device metadata retrieval from the Internet" setting to organizational standards. CC ID 11073 | Configuration | Preventive | |
| Configure the "Prevent installation of devices not described by other policy settings" setting to organizational standards. CC ID 11078 | Configuration | Preventive | |
| Configure the "Prevent installation of devices that match any of these device IDs" setting to organizational standards. CC ID 11079 | Configuration | Preventive | |
| Configure the "Prevent installation of removable devices" setting to organizational standards. CC ID 11080 | Configuration | Preventive | |
| Configure the "Prevent Windows from sending an error report when a device driver requests additional software during installation" setting to organizational standards. CC ID 11093 | Configuration | Preventive | |
| Configure the "Require a PIN to access data on devices running Microsoft firmware" setting to organizational standards. CC ID 11132 | Configuration | Preventive | |
| Configure the "Specify search order for device driver source locations" setting to organizational standards. CC ID 11214 | Configuration | Preventive | |
| Configure the "Turn off "Found New Hardware" balloons during device installation" setting to organizational standards. CC ID 11253 | Configuration | Preventive | |
| Configure the "Turn off Autoplay for non-volume devices" setting to organizational standards. CC ID 11268 | Configuration | Preventive | |
| Configure the "Turn off Windows Update device driver search prompt" setting to organizational standards. CC ID 11332 | Configuration | Preventive | |
| Configure Security settings in accordance with organizational standards. CC ID 08469 | Configuration | Preventive | |
| Configure the "Enable automatic replies to remote domains" to organizational standards. CC ID 08534 | Configuration | Preventive | |
| Configure Power Management settings in accordance with organizational standards. CC ID 08515 | Configuration | Preventive | |
| Configure the "Allow Standby States (S1-S3) When Sleeping (Plugged In)" to organizational standards. CC ID 08516 | Configuration | Preventive | |
| Configure the "Allow Standby States (S1-S3) When Sleeping (On Battery)" to organizational standards. CC ID 08581 | Configuration | Preventive | |
| Configure the "Allow Applications to Prevent Automatic Sleep (Plugged In)" setting to organizational standards. CC ID 10703 | Configuration | Preventive | |
| Configure the "Allow Automatic Sleep with Open Network Files (Plugged In)" setting to organizational standards. CC ID 10709 | Configuration | Preventive | |
| Configure the "Allow remote access to the Plug and Play interface" setting to organizational standards. CC ID 10742 | Configuration | Preventive | |
| Configure the "Power Options preference logging and tracing" setting to organizational standards. CC ID 10798 | Configuration | Preventive | |
| Configure the "Critical Battery Notification Action" setting to organizational standards. CC ID 10833 | Configuration | Preventive | |
| Configure the "Critical Battery Notification Level" setting to organizational standards. CC ID 10834 | Configuration | Preventive | |
| Configure the "Do not allow supported Plug and Play device redirection" setting to organizational standards. CC ID 10917 | Configuration | Preventive | |
| Configure the "Do not turn off system power after a Windows system shutdown has occurred." setting to organizational standards. CC ID 10937 | Configuration | Preventive | |
| Configure the "Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates" setting to organizational standards. CC ID 10954 | Configuration | Preventive | |
| Configure the "Low Battery Notification Action" setting to organizational standards. CC ID 11037 | Configuration | Preventive | |
| Configure the "Low Battery Notification Level" setting to organizational standards. CC ID 11038 | Configuration | Preventive | |
| Configure the "Reduce Display Brightness (On Battery)" setting to organizational standards. CC ID 11117 | Configuration | Preventive | |
| Configure the "Reduce Display Brightness (Plugged In)" setting to organizational standards. CC ID 11118 | Configuration | Preventive | |
| Configure the "Reserve Battery Notification Level" setting to organizational standards. CC ID 11139 | Configuration | Preventive | |
| Configure Powershell to organizational standards. CC ID 15233 | Configuration | Preventive | |
| Configure the "Run Windows PowerShell scripts first at computer startup, shutdown" setting to organizational standards. CC ID 11156 | Configuration | Preventive | |
| Configure the "Run Windows PowerShell scripts first at user logon, logoff" setting to organizational standards. CC ID 11157 | Configuration | Preventive | |
| Configure the "Select an Active Power Plan" setting to organizational standards. CC ID 11161 | Configuration | Preventive | |
| Configure the "Select the Lid Switch Action (On Battery)" setting to organizational standards. CC ID 11162 | Configuration | Preventive | |
| Configure the "Select the Lid Switch Action (Plugged In)" setting to organizational standards. CC ID 11163 | Configuration | Preventive | |
| Configure the "Select the Power Button Action (On Battery)" setting to organizational standards. CC ID 11165 | Configuration | Preventive | |
| Configure the "Select the Power Button Action (Plugged In)" setting to organizational standards. CC ID 11166 | Configuration | Preventive | |
| Configure the "Select the Sleep Button Action (On Battery)" setting to organizational standards. CC ID 11167 | Configuration | Preventive | |
| Configure the "Select the Sleep Button Action (Plugged In)" setting to organizational standards. CC ID 11168 | Configuration | Preventive | |
| Configure the "Specify a Custom Active Power Plan" setting to organizational standards. CC ID 11207 | Configuration | Preventive | |
| Configure the "Specify the Display Dim Brightness (On Battery)" setting to organizational standards. CC ID 11217 | Configuration | Preventive | |
| Configure the "Specify the Display Dim Brightness (Plugged In)" setting to organizational standards. CC ID 11218 | Configuration | Preventive | |
| Configure the "Specify the System Hibernate Timeout (On Battery)" setting to organizational standards. CC ID 11219 | Configuration | Preventive | |
| Configure the "Specify the System Hibernate Timeout (Plugged In)" setting to organizational standards. CC ID 11220 | Configuration | Preventive | |
| Configure the "Specify the System Sleep Timeout (On Battery)" setting to organizational standards. CC ID 11221 | Configuration | Preventive | |
| Configure the "Specify the System Sleep Timeout (Plugged In)" setting to organizational standards. CC ID 11222 | Configuration | Preventive | |
| Configure the "Specify the Unattended Sleep Timeout (On Battery)" setting to organizational standards. CC ID 11223 | Configuration | Preventive | |
| Configure the "Specify the Unattended Sleep Timeout (Plugged In)" setting to organizational standards. CC ID 11224 | Configuration | Preventive | |
| Configure the "Turn Off Adaptive Display Timeout (On Battery)" setting to organizational standards. CC ID 11259 | Configuration | Preventive | |
| Configure the "Turn Off Adaptive Display Timeout (Plugged In)" setting to organizational standards. CC ID 11260 | Configuration | Preventive | |
| Configure the "Turn Off Cache Power Mode" setting to organizational standards. CC ID 11270 | Configuration | Preventive | |
| Configure the "Turn Off Hybrid Sleep (On Battery)" setting to organizational standards. CC ID 11281 | Configuration | Preventive | |
| Configure the "Turn Off Hybrid Sleep (Plugged In)" setting to organizational standards. CC ID 11282 | Configuration | Preventive | |
| Configure the "Turn Off Low Battery User Notification" setting to organizational standards. CC ID 11288 | Configuration | Preventive | |
| Configure the "Turn Off the Hard Disk (On Battery)" setting to organizational standards. CC ID 11318 | Configuration | Preventive | |
| Configure the "Turn Off the Hard Disk (Plugged In)" setting to organizational standards. CC ID 11319 | Configuration | Preventive | |
| Configure the "Turn On Desktop Background Slideshow (On Battery)" setting to organizational standards. CC ID 11340 | Configuration | Preventive | |
| Configure the "Turn On Desktop Background Slideshow (Plugged In)" setting to organizational standards. CC ID 11341 | Configuration | Preventive | |
| Configure the "Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery)" setting to organizational standards. CC ID 11353 | Configuration | Preventive | |
| Configure the "Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In)" setting to organizational standards. CC ID 11354 | Configuration | Preventive | |
| Configure Patch Management settings in accordance with organizational standards. CC ID 08519 | Configuration | Preventive | |
| Configure "Select when Preview Builds and Feature Updates are received" to organizational standards. CC ID 15399 | Configuration | Preventive | |
| Configure "Select when Quality Updates are received" to organizational standards. CC ID 15355 | Configuration | Preventive | |
| Configure the "Check for missing Windows Updates" to organizational standards. CC ID 08520 | Configuration | Preventive | |
| Configure Start Menu and Task Bar settings in accordance with organizational standards. CC ID 08615 | Configuration | Preventive | |
| Configure the "Turn off toast notifications on the lock screen" to organizational standards. CC ID 08616 | Configuration | Preventive | |
| Configure "Turn off notifications network usage" to organizational standards. CC ID 15337 | Configuration | Preventive | |
| Configure the proxy server to organizational standards. CC ID 12115 | Configuration | Preventive | |
| Configure the proxy server to log Transmission Control Protocol sessions. CC ID 12123 | Configuration | Preventive | |
| Configure Red Hat Enterprise Linux to Organizational Standards. CC ID 08713 | Establish/Maintain Documentation | Preventive | |
| Configure the "GPG Key for package manager" setting to organizational standards. CC ID 08764 | Establish/Maintain Documentation | Preventive | |
| Configure the "Support for cramfs filesystems" setting to organizational standards. CC ID 08765 | Establish/Maintain Documentation | Preventive | |
| Configure the "Support for freevxfs filesystems" setting to organizational standards. CC ID 08766 | Establish/Maintain Documentation | Preventive | |
| Configure the "Support for hfs filesystems" setting to organizational standards. CC ID 08767 | Establish/Maintain Documentation | Preventive | |
| Configure the "Support for hfsplus filesystems" setting to organizational standards. CC ID 08768 | Establish/Maintain Documentation | Preventive | |
| Configure the "Support for jffs2 filesystems" setting to organizational standards. CC ID 08769 | Establish/Maintain Documentation | Preventive | |
| Configure the "Support for squashfs filesystems" setting to organizational standards. CC ID 08770 | Establish/Maintain Documentation | Preventive | |
| Configure the "Support for udf filesystems" setting to organizational standards. CC ID 08771 | Establish/Maintain Documentation | Preventive | |
| Configure the "NIS file inclusions" setting for the"/etc/group" file to organizational standards. CC ID 08772 | Establish/Maintain Documentation | Preventive | |
| Configure the "NIS file inclusions" setting for the"/etc/shadow" file to organizational standards. CC ID 08773 | Establish/Maintain Documentation | Preventive | |
| Configure the "setuid" attribute for "all files" to organizational standards. CC ID 08774 | Establish/Maintain Documentation | Preventive | |
| Configure the "setgid" attribute for "all files" to organizational standards. CC ID 08775 | Establish/Maintain Documentation | Preventive | |
| Configure the "gnome desktop screensaver" setting for "all users" to organizational standards. CC ID 08776 | Establish/Maintain Documentation | Preventive | |
| Configure the "screen blanking function of the gnome desktop screensaver" as a "mandatory setting" for "all users" to organizational standards. CC ID 08777 | Establish/Maintain Documentation | Preventive | |
| Configure the "device files with the unlabeled SELinux type" setting for "system includes" to organizational standards. CC ID 08778 | Establish/Maintain Documentation | Preventive | |
| Configure the "system should act as a network sniffer" setting to organizational standards. CC ID 08779 | Establish/Maintain Documentation | Preventive | |
| Configure the "default policy" setting for "iptables INPUT table" to organizational standards. CC ID 08780 | Establish/Maintain Documentation | Preventive | |
| Configure the "DCCP" setting to organizational standards. CC ID 08781 | Establish/Maintain Documentation | Preventive | |
| Configure the Stream Control Transmission Protocol setting to organizational standards. CC ID 08782 | Establish/Maintain Documentation | Preventive | |
| Configure the "RDS" setting to organizational standards. CC ID 08783 | Establish/Maintain Documentation | Preventive | |
| Configure the "TIPC" setting to organizational standards. CC ID 08784 | Establish/Maintain Documentation | Preventive | |
| Configure the "Bluetooth kernel modules" setting to organizational standards. CC ID 08785 | Establish/Maintain Documentation | Preventive | |
| Configure the "Zeroconf networking" setting to organizational standards. CC ID 08786 | Establish/Maintain Documentation | Preventive | |
| Configure the "at daemon" setting to organizational standards. CC ID 08787 | Establish/Maintain Documentation | Preventive | |
| Configure the "SSH 'keep alive' message count" setting to organizational standards. CC ID 08788 | Establish/Maintain Documentation | Preventive | |
| Configure the "set environment options for SSH" setting to organizational standards. CC ID 08789 | Establish/Maintain Documentation | Preventive | |
| Configure the Secure Shell setting to organizational standards. CC ID 08790 | Establish/Maintain Documentation | Preventive | |
| Configure the "sendmail" setting to organizational standards. CC ID 08791 | Establish/Maintain Documentation | Preventive | |
| Configure the "Postfix network listening" setting to organizational standards. CC ID 08792 | Establish/Maintain Documentation | Preventive | |
| Configure the "require LDAP servers to use TLS for SSL communications" setting for "LDAP client" to organizational standards. CC ID 08793 | Establish/Maintain Documentation | Preventive | |
| Configure the "Client SMB packet signing" setting for "smbclient" to organizational standards. CC ID 08794 | Establish/Maintain Documentation | Preventive | |
| Configure the "Client SMB packet signing" setting for "mount.cifs" to organizational standards. CC ID 08795 | Establish/Maintain Documentation | Preventive | |
| Configure the "'wheel' group" setting to organizational standards. CC ID 08796 | Establish/Maintain Documentation | Preventive | |
| Configure the "Access to the root account via su should be restricted to the wheel group" setting to organizational standards. CC ID 08797 | Establish/Maintain Documentation | Preventive | |
| Configure the "retry value" setting to organizational standards. CC ID 08798 | Establish/Maintain Documentation | Preventive | |
| Configure the "rsyslog service" setting to organizational standards. CC ID 08799 | Establish/Maintain Documentation | Preventive | |
| Configure the "send to a remote log host" setting for "Rsyslog logs" to organizational standards. CC ID 08800 | Establish/Maintain Documentation | Preventive | |
| Configure the "accept remote messages" setting for "Rsyslog" to organizational standards. CC ID 08801 | Establish/Maintain Documentation | Preventive | |
| Configure the "irda service" setting to organizational standards. CC ID 08802 | Establish/Maintain Documentation | Preventive | |
| Configure the "avahi service" firewall setting to organizational standards. CC ID 08803 | Establish/Maintain Documentation | Preventive | |
| Configure the "rawdevices service" setting to organizational standards. CC ID 08804 | Establish/Maintain Documentation | Preventive | |
| Configure the "login_defs" variable in "libuser.conf" for "libuser library" to organizational standards. CC ID 08805 | Establish/Maintain Documentation | Preventive | |
| Configure the "User accounts may or may not be inactivated a specified number of days after account expiration" setting to organizational standards. CC ID 08806 | Establish/Maintain Documentation | Preventive | |
| Configure the "duplicate UIDs" setting to organizational standards. CC ID 09930 | Configuration | Preventive | |
| Configure the "duplicate GIDs" setting to organizational standards. CC ID 09931 | Configuration | Preventive | |
| Configure the "duplicate group names" setting to organizational standards. CC ID 09932 | Configuration | Preventive | |
| Configure the "Connection to the Red Hat Network RPM Repositories" setting to organizational standards. CC ID 09933 | Configuration | Preventive | |
| Configure the "Obtain Software Package Updates with yum" setting to organizational standards. CC ID 09934 | Configuration | Preventive | |
| Configure the "Check for Unconfined Daemons" setting to organizational standards. CC ID 09936 | Configuration | Preventive | |
| Configure the "/etc/hosts.allow" file to organizational standards. CC ID 09944 | Configuration | Preventive | |
| Configure the "disable system when on audit log is full" setting to organizational standards. CC ID 09945 | Configuration | Preventive | |
| Configure the "max_log_file" setting to organizational standards. CC ID 15323 | Configuration | Preventive | |
| Configure the "max_log_file_action" setting to organizational standards. CC ID 09946 | Configuration | Preventive | |
| Configure the "audit processes that start prior to auditd" setting to organizational standards. CC ID 09947 | Configuration | Preventive | |
| Configure the "Password Creation Requirement" settings for "pam_cracklib" to organizational standards. CC ID 09953 | Configuration | Preventive | |
| Configure the "System Accounts" setting to organizational standards. CC ID 09954 | Configuration | Preventive | |
| Configure the "Verify That Reserved UIDs Are Assigned to System Accounts" setting to organizational standards. CC ID 09955 | Configuration | Preventive | |
| Configure the "Check for Duplicate User Names" setting to organizational standards. CC ID 09956 | Configuration | Preventive | |
| Configure the "User .forward" files to organizational standards. CC ID 09957 | Configuration | Preventive | |
| Configure Polycom HDX to Organizational Standards. CC ID 08986 | Configuration | Preventive | |
| Configure the "echo cancellation" setting to organizational standards. CC ID 09359 | Configuration | Preventive | |
| Configure the "keyboard noise reduction" setting to organizational standards. CC ID 09360 | Configuration | Preventive | |
| Configure the "live music mode" setting to organizational standards. CC ID 09361 | Configuration | Preventive | |
| Configure the "VCR audio out always on" setting to organizational standards. CC ID 09362 | Configuration | Preventive | |
| Configure the "user alert tone" setting to organizational standards. CC ID 09363 | Configuration | Preventive | |
| Configure the "incoming call ring tone" setting to organizational standards. CC ID 09364 | Configuration | Preventive | |
| Configure the "keypad audio confirmation" setting to organizational standards. CC ID 09365 | Configuration | Preventive | |
| Configure the "allow Microsoft Exchange calendar integration" setting to organizational standards. CC ID 09366 | Configuration | Preventive | |
| Configure the "Microsoft Exchange calendar domain" setting to organizational standards. CC ID 09367 | Configuration | Preventive | |
| Configure the "Microsoft Exchange calendar password" setting to organizational standards. CC ID 09368 | Configuration | Preventive | |
| Configure the "mailbox to be monitored by Microsoft Exchange calendar service" setting to organizational standards. CC ID 09369 | Configuration | Preventive | |
| Configure the "Microsoft Exchange calendar server address" setting to organizational standards. CC ID 09370 | Configuration | Preventive | |
| Configure the "allow Microsoft Exchange calendar service to display private meetings" setting to organizational standards. CC ID 09371 | Configuration | Preventive | |
| Configure the "number of minutes before the meeting to display a reminder" setting to organizational standards. CC ID 09372 | Configuration | Preventive | |
| Configure the "play a sound along with the text reminder when the system is not in a call" setting to organizational standards. CC ID 09373 | Configuration | Preventive | |
| Configure the "backlight compensation" setting to organizational standards. CC ID 09374 | Configuration | Preventive | |
| Configure the "camera pan direction" setting to organizational standards. CC ID 09375 | Configuration | Preventive | |
| Configure the "camera presets" setting to organizational standards. CC ID 09376 | Configuration | Preventive | |
| Configure the "camera video input type" setting to organizational standards. CC ID 09377 | Configuration | Preventive | |
| Configure the "camera input aspect ratio" setting to organizational standards. CC ID 09378 | Configuration | Preventive | |
| Configure the "camera input name" setting to organizational standards. CC ID 09379 | Configuration | Preventive | |
| Configure the "camera input video quality type" setting to organizational standards. CC ID 09380 | Configuration | Preventive | |
| Configure the "primary camera" setting to organizational standards. CC ID 09381 | Configuration | Preventive | |
| Configure the "camera quality preference" setting to organizational standards. CC ID 09382 | Configuration | Preventive | |
| Configure the "camera power frequency" setting to organizational standards. CC ID 09383 | Configuration | Preventive | |
| Configure the "allow camera tracking" setting to organizational standards. CC ID 09384 | Configuration | Preventive | |
| Configure the "foreground source for Polycom people on content" setting to organizational standards. CC ID 09385 | Configuration | Preventive | |
| Configure the "background source for Polycom people on content" setting to organizational standards. CC ID 09386 | Configuration | Preventive | |
| Configure the "country name for the system" setting to organizational standards. CC ID 09387 | Configuration | Preventive | |
| Configure the "language for the system local GUI" setting to organizational standards. CC ID 09388 | Configuration | Preventive | |
| Configure the "NTP" setting to organizational standards. CC ID 09389 | Configuration | Preventive | |
| Configure the "primary NTP server" setting to organizational standards. CC ID 09390 | Configuration | Preventive | |
| Configure the "secondary NTP server" setting to organizational standards. CC ID 09391 | Configuration | Preventive | |
| Configure the "system day" setting to organizational standards. CC ID 09392 | Configuration | Preventive | |
| Configure the "system month" setting to organizational standards. CC ID 09393 | Configuration | Preventive | |
| Configure the "system year" setting to organizational standards. CC ID 09394 | Configuration | Preventive | |
| Configure the "system hour" setting to organizational standards. CC ID 09395 | Configuration | Preventive | |
| Configure the "system minutes" setting to organizational standards. CC ID 09396 | Configuration | Preventive | |
| Configure the "system AM or PM" setting to organizational standards. CC ID 09397 | Configuration | Preventive | |
| Configure the "system time zone" setting to organizational standards. CC ID 09398 | Configuration | Preventive | |
| Configure the "automatically adjust for daylight savings time" setting to organizational standards. CC ID 09399 | Configuration | Preventive | |
| Configure the "time format" setting to organizational standards. CC ID 09401 | Configuration | Preventive | |
| Configure the "LDAP authentication type" setting to organizational standards. CC ID 09402 | Configuration | Preventive | |
| Configure the "LDAP SSL encryption state" setting to organizational standards. CC ID 09403 | Configuration | Preventive | |
| Configure the "LDAP base DN" setting to organizational standards. CC ID 09404 | Configuration | Preventive | |
| Configure the "LDAP NTLM domain" setting to organizational standards. CC ID 09405 | Configuration | Preventive | |
| Configure the "LDAP bind DN" setting to organizational standards. CC ID 09406 | Configuration | Preventive | |
| Configure the "LDAP password" setting to organizational standards. CC ID 09407 | Configuration | Preventive | |
| Configure the "LDAP server address" setting to organizational standards. CC ID 09408 | Configuration | Preventive | |
| Configure the "LDAP server port" setting to organizational standards. CC ID 09409 | Configuration | Preventive | |
| Configure the "LDAP user name" setting to organizational standards. CC ID 09410 | Configuration | Preventive | |
| Configure the "allow access to a Polycom Global Directory Server" setting to organizational standards. CC ID 09411 | Configuration | Preventive | |
| Configure the "server address of a Polycom Global Directory Server" setting to organizational standards. CC ID 09412 | Configuration | Preventive | |
| Configure the "maximum international call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09413 | Configuration | Preventive | |
| Configure the "maximum internet call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09414 | Configuration | Preventive | |
| Configure the "maximum ISDN transmit call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09415 | Configuration | Preventive | |
| Configure the "display the system address in a Polycom Global Directory Server" setting to organizational standards. CC ID 09416 | Configuration | Preventive | |
| Configure the "retrieval and display of contacts from a Microsoft Lync (Office Communications/OCS) Server" setting to organizational standards. CC ID 09417 | Configuration | Preventive | |
| Configure the "prompt the user to add a local address book entry for a far site upon call disconnection" setting to organizational standards. CC ID 09418 | Configuration | Preventive | |
| Configure the "prompt the user before allowing a local address book entry to be deleted" setting to organizational standards. CC ID 09419 | Configuration | Preventive | |
| Configure the "preview of local address book entries" setting to organizational standards. CC ID 09420 | Configuration | Preventive | |
| Configure the "content video adjustment" setting to organizational standards. CC ID 09421 | Configuration | Preventive | |
| Configure the "people video adjustment" setting to organizational standards. CC ID 09422 | Configuration | Preventive | |
| Configure the "display type" setting to organizational standards. CC ID 09423 | Configuration | Preventive | |
| Configure the "display aspect ratio" setting to organizational standards. CC ID 09424 | Configuration | Preventive | |
| Configure the "display resolution" setting to organizational standards. CC ID 09425 | Configuration | Preventive | |
| Configure the "splash screen on the content monitor" setting to organizational standards. CC ID 09426 | Configuration | Preventive | |
| Configure the "VCR/DVD record source" setting to organizational standards. CC ID 09427 | Configuration | Preventive | |
| Configure the "screen saver text" setting to organizational standards. CC ID 09428 | Configuration | Preventive | |
| Configure the "picture in picture (PIP) placement" setting to organizational standards. CC ID 09429 | Configuration | Preventive | |
| Configure the "how to display the time in a call" setting to organizational standards. CC ID 09430 | Configuration | Preventive | |
| Configure the "far site name display time in a call" setting to organizational standards. CC ID 09431 | Configuration | Preventive | |
| Configure the "allow display of the system name on the home screen" setting to organizational standards. CC ID 09432 | Configuration | Preventive | |
| Configure the "allow display of the system date time on the home screen" setting to organizational standards. CC ID 09433 | Configuration | Preventive | |
| Configure the "allow display of the system IPv4 address on the home screen" setting to organizational standards. CC ID 09434 | Configuration | Preventive | |
| Configure the "allow display of the system H.323 extension (E.164) on the home screen" setting to organizational standards CC ID 09435 | Configuration | Preventive | |
| Configure the "allow display of the system do not disturb control on the home screen" setting to organizational standards. CC ID 09436 | Configuration | Preventive | |
| Configure the "allow display of the system SIP address on the home screen" setting to organizational standards. CC ID 09437 | Configuration | Preventive | |
| Configure the "allow display of the system call quality menu on the home screen" setting to organizational standards. CC ID 09438 | Configuration | Preventive | |
| Configure the "output upon screen saver activation for monitor 1" setting to organizational standards. CC ID 09439 | Configuration | Preventive | |
| Configure the "output upon screen saver activation for monitor 2" setting to organizational standards. CC ID 09440 | Configuration | Preventive | |
| Configure the "QoS type" setting to organizational standards. CC ID 09441 | Configuration | Preventive | |
| Configure the "value for DiffServ for video" setting to organizational standards. CC ID 09442 | Configuration | Preventive | |
| Configure the "value for DiffServ for audio" setting to organizational standards. CC ID 09443 | Configuration | Preventive | |
| Configure the "value for DiffServ for fecc" setting to organizational standards. CC ID 09444 | Configuration | Preventive | |
| Configure the "value for IP Precedence for video" setting to organizational standards. CC ID 09445 | Configuration | Preventive | |
| Configure the "value for IP Precedence for audio" setting to organizational standards. CC ID 09446 | Configuration | Preventive | |
| Configure the "value for IP Precedence for fecc" setting to organizational standards. CC ID 09447 | Configuration | Preventive | |
| Configure the "SIP transport protocol" setting to organizational standards. CC ID 09448 | Configuration | Preventive | |
| Configure the "SIP registrar server" setting to organizational standards. CC ID 09449 | Configuration | Preventive | |
| Configure the "SIP proxy server" setting to organizational standards. CC ID 09450 | Configuration | Preventive | |
| Configure the "SIP password" setting to organizational standards. CC ID 09451 | Configuration | Preventive | |
| Configure the "allow EAP/802.1X" setting to organizational standards. CC ID 09452 | Configuration | Preventive | |
| Configure the "allow 802.1p/Q" setting to organizational standards. CC ID 09453 | Configuration | Preventive | |
| Configure the "fixed ports" setting to organizational standards. CC ID 09454 | Configuration | Preventive | |
| Configure the "Transmission Control Protocol ports" setting to organizational standards. CC ID 09455 | Configuration | Preventive | |
| Configure the "UDP ports" setting to organizational standards. CC ID 09456 | Configuration | Preventive | |
| Configure the "system hostname" setting to organizational standards. CC ID 09457 | Configuration | Preventive | |
| Configure the "H.323" setting to organizational standards CC ID 09458 | Configuration | Preventive | |
| Configure the "allow display of the H.323 extension (E.164) on the local GUI" setting to organizational standards CC ID 09459 | Configuration | Preventive | |
| Configure the "H.323 extension (E.164)" setting to organizational standards CC ID 09460 | Configuration | Preventive | |
| Configure the "maximum IP call speed to place calls" setting to organizational standards. CC ID 09461 | Configuration | Preventive | |
| Configure the "maximum IP call speed to receive calls" setting to organizational standards. CC ID 09462 | Configuration | Preventive | |
| Configure the "use Polycom PathNavigator" setting to organizational standards. CC ID 09463 | Configuration | Preventive | |
| Configure the "gatekeeper" setting to organizational standards. CC ID 09464 | Configuration | Preventive | |
| Configure the "gatekeeper authentication" setting to organizational standards. CC ID 09465 | Configuration | Preventive | |
| Configure the "gatekeeper authentication user name" setting to organizational standards. CC ID 09466 | Configuration | Preventive | |
| Configure the "gatekeeper authentication password" setting to organizational standards. CC ID 09467 | Configuration | Preventive | |
| Configure the "primary gatekeeper address" setting to organizational standards. CC ID 09468 | Configuration | Preventive | |
| Configure the "IP gateway" setting to organizational standards. CC ID 09469 | Configuration | Preventive | |
| Configure the "ISDN gateway" setting to organizational standards. CC ID 09470 | Configuration | Preventive | |
| Configure the "gateway country code" setting to organizational standards. CC ID 09471 | Configuration | Preventive | |
| Configure the "gateway area code" setting to organizational standards. CC ID 09472 | Configuration | Preventive | |
| Configure the "gateway number" setting to organizational standards. CC ID 09473 | Configuration | Preventive | |
| Configure the "gateway extension number" setting to organizational standards. CC ID 09474 | Configuration | Preventive | |
| Configure the "gateway dial prefix" setting to organizational standards. CC ID 09475 | Configuration | Preventive | |
| Configure the "gateway dial suffix" setting to organizational standards. CC ID 09476 | Configuration | Preventive | |
| Configure the "gateway number type" setting to organizational standards. CC ID 09477 | Configuration | Preventive | |
| Configure the "number of digits in the DID gateway number (if set to number+extension)" setting to organizational standards. CC ID 09478 | Configuration | Preventive | |
| Configure the "gateway dial speed" setting to organizational standards. CC ID 09479 | Configuration | Preventive | |
| Configure the "MTU mode assignment type" setting to organizational standards. CC ID 09480 | Configuration | Preventive | |
| Configure the "MTU size manually" setting to organizational standards. CC ID 09481 | Configuration | Preventive | |
| Configure the "Polycom Video Error Concealment (PVEC)" setting to organizational standards. CC ID 09482 | Configuration | Preventive | |
| Configure the "RSVP" setting to organizational standards. CC ID 09483 | Configuration | Preventive | |
| Configure the "dynamic bandwidth" setting to organizational standards. CC ID 09484 | Configuration | Preventive | |
| Configure the "maximum transmit bandwidth" setting to organizational standards. CC ID 09485 | Configuration | Preventive | |
| Configure the "maximum receive bandwidth" setting to organizational standards. CC ID 09486 | Configuration | Preventive | |
| Configure the "NAT configuration type" setting to organizational standards. CC ID 09487 | Configuration | Preventive | |
| Configure the "NAT public WAN address" setting to organizational standards. CC ID 09488 | Configuration | Preventive | |
| Configure the "NAT to be H.323 compatible" setting to organizational standards CC ID 09489 | Configuration | Preventive | |
| Configure the "which NAT address to be displayed in the Polycom Global Directory Server" setting to organizational standards. CC ID 09490 | Configuration | Preventive | |
| Configure the "ISDN interface" setting to organizational standards. CC ID 09491 | Configuration | Preventive | |
| Configure the "ISDN BRI switch type" setting to organizational standards. CC ID 09492 | Configuration | Preventive | |
| Configure the "all ISDN BRI lines" setting to organizational standards. CC ID 09493 | Configuration | Preventive | |
| Configure the "ISDN BRI line 1" setting to organizational standards. CC ID 09494 | Configuration | Preventive | |
| Configure the "ISDN BRI line 2" setting to organizational standards. CC ID 09495 | Configuration | Preventive | |
| Configure the "ISDN BRI line 3" setting to organizational standards. CC ID 09496 | Configuration | Preventive | |
| Configure the "ISDN BRI line 4" setting to organizational standards. CC ID 09497 | Configuration | Preventive | |
| Configure the "ISDN BRI country code" setting to organizational standards. CC ID 09498 | Configuration | Preventive | |
| Configure the "ISDN BRI area code" setting to organizational standards. CC ID 09499 | Configuration | Preventive | |
| Configure the "ISDN BRI number 1a" setting to organizational standards. CC ID 09500 | Configuration | Preventive | |
| Configure the "ISDN BRI number 1b" setting to organizational standards. CC ID 09501 | Configuration | Preventive | |
| Configure the "ISDN BRI number 2a" setting to organizational standards. CC ID 09502 | Configuration | Preventive | |
| Configure the "ISDN BRI number 2b" setting to organizational standards. CC ID 09503 | Configuration | Preventive | |
| Configure the "ISDN BRI number 3a" setting to organizational standards. CC ID 09504 | Configuration | Preventive | |
| Configure the "ISDN BRI number 3b" setting to organizational standards. CC ID 09505 | Configuration | Preventive | |
| Configure the "ISDN BRI number 4a" setting to organizational standards. CC ID 09506 | Configuration | Preventive | |
| Configure the "ISDN BRI number 4b" setting to organizational standards. CC ID 09507 | Configuration | Preventive | |
| Configure the "auto BRI setting that allows SPID numbers to be assigned in NI1 or NI2" setting to organizational standards. CC ID 09508 | Configuration | Preventive | |
| Configure the "ISDN BRI SPID number 1a" setting to organizational standards. CC ID 09509 | Configuration | Preventive | |
| Configure the "ISDN BRI SPID number 1b" setting to organizational standards. CC ID 09510 | Configuration | Preventive | |
| Configure the "ISDN BRI SPID number 2a" setting to organizational standards. CC ID 09511 | Configuration | Preventive | |
| Configure the "ISDN BRI SPID number 2b" setting to organizational standards. CC ID 09512 | Configuration | Preventive | |
| Configure the "ISDN BRI SPID number 3a" setting to organizational standards. CC ID 09513 | Configuration | Preventive | |
| Configure the "ISDN BRI SPID number 3b" setting to organizational standards. CC ID 09514 | Configuration | Preventive | |
| Configure the "ISDN BRI SPID number 4a" setting to organizational standards. CC ID 09515 | Configuration | Preventive | |
| Configure the "ISDN BRI SPID number 4b" setting to organizational standards. CC ID 09516 | Configuration | Preventive | |
| Configure the "ISDN PRI switch type" setting to organizational standards. CC ID 09517 | Configuration | Preventive | |
| Configure the "ISDN PRI call by call value" setting to organizational standards. CC ID 09518 | Configuration | Preventive | |
| Configure the "each ISDN PRI channels" setting to organizational standards. CC ID 09519 | Configuration | Preventive | |
| Configure the "ISDN PRI T1 CSU mode type" setting to organizational standards. CC ID 09520 | Configuration | Preventive | |
| Configure the "number of ISDN PRI channels allowed to be dialed in parallel" setting to organizational standards. CC ID 09521 | Configuration | Preventive | |
| Configure the "ISDN PRI international prefix" setting to organizational standards. CC ID 09522 | Configuration | Preventive | |
| Configure the "ISDN PRI T1 line buildout for internal CSUs" setting to organizational standards. CC ID 09523 | Configuration | Preventive | |
| Configure the "ISDN PRI T1 line buildout for external CSUs" setting to organizational standards. CC ID 09524 | Configuration | Preventive | |
| Configure the "ISDN PRI line signal" setting to organizational standards. CC ID 09525 | Configuration | Preventive | |
| Configure the "ISDN PRI numbering plan" setting to organizational standards. CC ID 09526 | Configuration | Preventive | |
| Configure the "ISDN PRI outside line number" setting to organizational standards. CC ID 09527 | Configuration | Preventive | |
| Configure the "ISDN PRI number" setting to organizational standards. CC ID 09528 | Configuration | Preventive | |
| Configure the "V.35" setting to organizational standards CC ID 09529 | Configuration | Preventive | |
| Configure the "V.35 number for port 1" setting to organizational standards CC ID 09530 | Configuration | Preventive | |
| Configure the "V.35 number for port 2" setting to organizational standards CC ID 09531 | Configuration | Preventive | |
| Configure the "V.35 prefix" setting to organizational standards CC ID 09532 | Configuration | Preventive | |
| Configure the "V.35 suffix" setting to organizational standards CC ID 09533 | Configuration | Preventive | |
| Configure the "V.35 CTS" setting to organizational standards CC ID 09534 | Configuration | Preventive | |
| Configure the "V.35 DCD filter" setting to organizational standards CC ID 09535 | Configuration | Preventive | |
| Configure the "V.35 DCD" setting to organizational standards CC ID 09536 | Configuration | Preventive | |
| Configure the "V.35 DSR answer" setting to organizational standards CC ID 09537 | Configuration | Preventive | |
| Configure the "V.35 DSR" setting to organizational standards CC ID 09538 | Configuration | Preventive | |
| Configure the "V.35 DTR" setting to organizational standards CC ID 09539 | Configuration | Preventive | |
| Configure the "V.35 RT" setting to organizational standards CC ID 09540 | Configuration | Preventive | |
| Configure the "V.35 RTS" setting to organizational standards CC ID 09541 | Configuration | Preventive | |
| Configure the "V.35 ST" setting to organizational standards CC ID 09542 | Configuration | Preventive | |
| Configure the "V.35 broadcast mode" setting to organizational standards CC ID 09543 | Configuration | Preventive | |
| Configure the "RS-366 dialing" setting to organizational standards. CC ID 09544 | Configuration | Preventive | |
| Configure the "V.35 protocol used " setting to organizational standards CC ID 09545 | Configuration | Preventive | |
| Configure the "V.35 profile used " setting to organizational standards CC ID 09546 | Configuration | Preventive | |
| Configure the "V.35 H.331 audio mode" setting to organizational standards CC ID 09547 | Configuration | Preventive | |
| Configure the "V.35 H.331 dual stream" setting to organizational standards CC ID 09548 | Configuration | Preventive | |
| Configure the "V.35 H.331 frame rate" setting to organizational standards CC ID 09549 | Configuration | Preventive | |
| Configure the "V.35 H.331 video format" setting to organizational standards CC ID 09550 | Configuration | Preventive | |
| Configure the "V.35 H.331 video protocol" setting to organizational standards CC ID 09551 | Configuration | Preventive | |
| Configure the "IPv4 address assignment method" setting to organizational standards. CC ID 09552 | Configuration | Preventive | |
| Configure the "IPv4 address" setting to organizational standards. CC ID 09553 | Configuration | Preventive | |
| Configure the "default gateway" setting to organizational standards. CC ID 09554 | Configuration | Preventive | |
| Configure the "IPv4 subnet mask" setting to organizational standards. CC ID 09555 | Configuration | Preventive | |
| Configure IPv6 extension headers to organizational standards. CC ID 16398 | Configuration | Preventive | |
| Configure the "IPv6 address assignment method" setting to organizational standards. CC ID 09556 | Configuration | Preventive | |
| Configure the "IPv6 link-local address" setting to organizational standards. CC ID 09557 | Configuration | Preventive | |
| Configure the "IPv6 site-local address" setting to organizational standards. CC ID 09558 | Configuration | Preventive | |
| Configure the "IPv6 global address" setting to organizational standards. CC ID 09559 | Configuration | Preventive | |
| Configure the "default gateway" setting for "IPv6" to organizational standards. CC ID 09560 | Configuration | Preventive | |
| Configure the "system domain name" setting to organizational standards. CC ID 09561 | Configuration | Preventive | |
| Configure the "primary DNS server address" setting to organizational standards. CC ID 09562 | Configuration | Preventive | |
| Configure the "secondary DNS server address" setting to organizational standards. CC ID 09563 | Configuration | Preventive | |
| Configure the "third DNS server address" setting to organizational standards. CC ID 09564 | Configuration | Preventive | |
| Configure the "fourth DNS server address" setting to organizational standards. CC ID 09565 | Configuration | Preventive | |
| Configure the "system LAN speed" setting to organizational standards. CC ID 09566 | Configuration | Preventive | |
| Configure the "system duplex mode" setting to organizational standards. CC ID 09567 | Configuration | Preventive | |
| Configure the "system to ignore redirect messages" setting to organizational standards. CC ID 09568 | Configuration | Preventive | |
| Configure the "system ICMP transmission rate limit (in milliseconds)" setting to organizational standards. CC ID 09569 | Configuration | Preventive | |
| Configure the "generate destination unreachable messages" setting to organizational standards. CC ID 09570 | Configuration | Preventive | |
| Configure the "respond to broadcast and multicast echo requests" setting to organizational standards. CC ID 09571 | Configuration | Preventive | |
| Configure the "IPv6 DAD transmit count" setting to organizational standards. CC ID 09572 | Configuration | Preventive | |
| Configure the "phone number of the room where the system is located" setting to organizational standards. CC ID 09573 | Configuration | Preventive | |
| Configure the "GMS tech support contact name" setting to organizational standards. CC ID 09574 | Configuration | Preventive | |
| Configure the "GMS tech support contact email" setting to organizational standards. CC ID 09575 | Configuration | Preventive | |
| Configure the "GMS tech support contact phone number" setting to organizational standards. CC ID 09576 | Configuration | Preventive | |
| Configure the "GMS tech support contact fax number" setting to organizational standards. CC ID 09577 | Configuration | Preventive | |
| Configure the "GMS tech support contact city" setting to organizational standards. CC ID 09578 | Configuration | Preventive | |
| Configure the "GMS tech support contact state" setting to organizational standards. CC ID 09579 | Configuration | Preventive | |
| Configure the "GMS tech support contact country" setting to organizational standards. CC ID 09580 | Configuration | Preventive | |
| Configure the "security profile" setting to organizational standards. CC ID 09581 | Configuration | Preventive | |
| Configure the "allow PC LAN port access" setting to organizational standards. CC ID 09582 | Configuration | Preventive | |
| Configure the "require certificate validation for web server" setting to organizational standards. CC ID 09583 | Configuration | Preventive | |
| Configure the "require certificate validation for peer client applications" setting to organizational standards. CC ID 09584 | Configuration | Preventive | |
| Configure the "maximum peer certificate chain depth" setting to organizational standards. CC ID 09585 | Configuration | Preventive | |
| Configure the "certificate revocation method" setting to organizational standards. CC ID 09586 | Configuration | Preventive | |
| Configure the "allow incomplete revocation checks" setting to organizational standards. CC ID 09587 | Configuration | Preventive | |
| Configure the "the global responder specified in the certificate" setting to organizational standards. CC ID 09588 | Configuration | Preventive | |
| Configure the "require login for system access" setting to organizational standards. CC ID 09589 | Configuration | Preventive | |
| Configure the "allow the local password to be used for remote access" setting to organizational standards. CC ID 09590 | Configuration | Preventive | |
| Configure the "allow remote access via web" setting to organizational standards. CC ID 09591 | Configuration | Preventive | |
| Configure the "web access port number" setting to organizational standards. CC ID 09592 | Configuration | Preventive | |
| Configure the "require whitelist" setting to organizational standards. CC ID 09593 | Configuration | Preventive | |
| Configure the "allow remote access via telnet" setting to organizational standards. CC ID 09594 | Configuration | Preventive | |
| Configure the "allow remote access via SNMP" setting to organizational standards. CC ID 09595 | Configuration | Preventive | |
| Configure the "allow video display on the web" setting to organizational standards. CC ID 09596 | Configuration | Preventive | |
| Configure the "require display of a security banner upon login" setting to organizational standards. CC ID 09597 | Configuration | Preventive | |
| Configure the "custom text for the local security banner" setting to organizational standards. CC ID 09598 | Configuration | Preventive | |
| Configure the "custom text for the web security banner" setting to organizational standards. CC ID 09599 | Configuration | Preventive | |
| Configure the "allow a non-admin user to make changes to the local system address book" setting to organizational standards. CC ID 09600 | Configuration | Preventive | |
| Configure the "allow a non-admin user to make changes to the camera presets" setting to organizational standards. CC ID 09601 | Configuration | Preventive | |
| Configure the "allow mixed protocol (IP and ISDN) multipoint calls" setting to organizational standards. CC ID 09602 | Configuration | Preventive | |
| Configure the "require Active Directory authentication" setting to organizational standards. CC ID 09603 | Configuration | Preventive | |
| Configure the "Active Directory server address" setting to organizational standards. CC ID 09604 | Configuration | Preventive | |
| Configure the "Active Directory admin group" setting to organizational standards. CC ID 09605 | Configuration | Preventive | |
| Configure the "Active Directory user group" setting to organizational standards. CC ID 09606 | Configuration | Preventive | |
| Configure the "require admin password for remote login" setting to organizational standards. CC ID 09607 | Configuration | Preventive | |
| Configure the "RS-232 serial port access mode" setting to organizational standards. CC ID 09608 | Configuration | Preventive | |
| Configure the "RS-232 serial port baud rate" setting to organizational standards. CC ID 09609 | Configuration | Preventive | |
| Configure the "require AES encryption" setting to organizational standards. CC ID 09610 | Configuration | Preventive | |
| Configure the "SIP" setting to organizational standards. CC ID 09611 | Configuration | Preventive | |
| Configure the "allow recent call list to be accessible" setting to organizational standards. CC ID 09612 | Configuration | Preventive | |
| Configure the "allow the last number dialed to be accessible" setting to organizational standards. CC ID 09613 | Configuration | Preventive | |
| Configure the "allow far end control of the near camera" setting to organizational standards. CC ID 09614 | Configuration | Preventive | |
| Configure the "allow a call detail report to be created and maintained" setting to organizational standards. CC ID 09615 | Configuration | Preventive | |
| Configure the "Availability Control (Do Not Disturb) for all calls" setting to organizational standards. CC ID 09616 | Configuration | Preventive | |
| Configure the "Do Not Disturb only for point to point calls" setting to organizational standards. CC ID 09617 | Configuration | Preventive | |
| Configure the "Do Not Disturb only for multipoint calls" setting to organizational standards. CC ID 09618 | Configuration | Preventive | |
| Configure the "require the admin account to be locked after a certain number of failed login attempts" setting to organizational standards. CC ID 09619 | Configuration | Preventive | |
| Configure the "admin account lock duration (in minutes)" setting to organizational standards. CC ID 09620 | Configuration | Preventive | |
| Configure the "require the user account to be locked after a certain number of unsuccessful logon attempts" setting to organizational standards. CC ID 09621 | Configuration | Preventive | |
| Configure the "user account lock duration (in minutes)" setting to organizational standards. CC ID 09622 | Configuration | Preventive | |
| Configure the "idle session timeout (in minutes)" setting to organizational standards. CC ID 09623 | Configuration | Preventive | |
| Configure the "monitoring of inactive web sessions " setting to organizational standards. CC ID 09624 | Configuration | Preventive | |
| Configure the "list of all sessions (local, web and serial) visible on the local or web GUI" setting to organizational standards. CC ID 09625 | Configuration | Preventive | |
| Configure the "maximum number of concurrent active web sessions" setting to organizational standards. CC ID 09626 | Configuration | Preventive | |
| Configure the "number of failed login attempts on the web interface and serial port (port lockout) after which the interface will be locked" setting to organizational standards. CC ID 09627 | Configuration | Preventive | |
| Configure the "web interface and serial port (port lockout) lock duration should (in minutes) be configured" setting to organizational standards. CC ID 09628 | Configuration | Preventive | |
| Configure the "local (room) admin password" setting to organizational standards. CC ID 09629 | Configuration | Preventive | |
| Configure the "remote access admin password" setting to organizational standards. CC ID 09630 | Configuration | Preventive | |
| Configure the "local (room) user password" setting to organizational standards. CC ID 09631 | Configuration | Preventive | |
| Configure the "meeting password" setting to organizational standards. CC ID 09632 | Configuration | Preventive | |
| Configure the "MCU password" setting to organizational standards. CC ID 09633 | Configuration | Preventive | |
| Configure the "minimum length required for a local (room) admin password" setting to organizational standards. CC ID 09634 | Configuration | Preventive | |
| Configure the "require that the local (room) admin password contain lower case characters" setting to organizational standards. CC ID 09635 | Configuration | Preventive | |
| Configure the "require that the local (room) admin password contain upper case characters" setting to organizational standards. CC ID 09636 | Configuration | Preventive | |
| Configure the "require that the local (room) admin password contain numbers" setting to organizational standards. CC ID 09637 | Configuration | Preventive | |
| Configure the "require that the local (room) admin password contain special characters" setting to organizational standards. CC ID 09638 | Configuration | Preventive | |
| Configure the "reject a certain number of previous local (room) admin passwords when creating a new password" setting to organizational standards. CC ID 09639 | Configuration | Preventive | |
| Configure the "minimum age for the local (room) admin password before it can be changed" setting to organizational standards. CC ID 09640 | Configuration | Preventive | |
| Configure the "maximum age for the local (room) admin password after which it must be changed" setting to organizational standards. CC ID 09641 | Configuration | Preventive | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the local (room) admin password is about to expire" setting to organizational standards. CC ID 09642 | Configuration | Preventive | |
| Configure the "minimum number of characters that must be changed when creating a new local (room) admin password" setting to organizational standards. CC ID 09643 | Configuration | Preventive | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new local (room) admin password" setting to organizational standards. CC ID 09644 | Configuration | Preventive | |
| Configure the "the local (room) admin password can contain the admin account name or the reverse of the account name" setting to organizational standards. CC ID 09645 | Configuration | Preventive | |
| Configure the "minimum length required for a remote admin password" setting to organizational standards. CC ID 09646 | Configuration | Preventive | |
| Configure the "require that the remote admin password contain lower case characters" setting to organizational standards. CC ID 09647 | Configuration | Preventive | |
| Configure the "require that the remote admin password contain upper case characters" setting to organizational standards. CC ID 09648 | Configuration | Preventive | |
| Configure the "require that the remote admin password contain numbers" setting to organizational standards. CC ID 09649 | Configuration | Preventive | |
| Configure the "require that the remote admin password contain special characters" setting to organizational standards. CC ID 09650 | Configuration | Preventive | |
| Configure the "reject a certain number of previous remote admin passwords when creating a new password" setting to organizational standards. CC ID 09651 | Configuration | Preventive | |
| Configure the "minimum age for the remote admin password before it can be changed" setting to organizational standards. CC ID 09652 | Configuration | Preventive | |
| Configure the "maximum age for the remote admin password after which it must be changed" setting to organizational standards. CC ID 09653 | Configuration | Preventive | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the remote admin password is about to expire" setting to organizational standards. CC ID 09654 | Configuration | Preventive | |
| Configure the "minimum number of characters that must be changed when creating a new remote admin password" setting to organizational standards. CC ID 09655 | Configuration | Preventive | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new remote admin password" setting to organizational standards. CC ID 09656 | Configuration | Preventive | |
| Configure the "remote admin password can contain the admin account name or the reverse of the account name" setting to organizational standards. CC ID 09657 | Configuration | Preventive | |
| Configure the "minimum length required for a local (room) user password" setting to organizational standards. CC ID 09658 | Configuration | Preventive | |
| Configure the "require that the local (room) user password contain lower case characters" setting to organizational standards. CC ID 09659 | Configuration | Preventive | |
| Configure the "require that the local (room) user password contain upper case characters" setting to organizational standards. CC ID 09660 | Configuration | Preventive | |
| Configure the "require that the local (room) user password contain numbers" setting to organizational standards. CC ID 09661 | Configuration | Preventive | |
| Configure the "require that the local (room) user password contain special characters" setting to organizational standards. CC ID 09662 | Configuration | Preventive | |
| Configure the "reject a certain number of previous local (room) user passwords when creating a new password" setting to organizational standards. CC ID 09663 | Configuration | Preventive | |
| Configure the "minimum age for the local (room) user password before it can be changed" setting to organizational standards. CC ID 09664 | Configuration | Preventive | |
| Configure the "maximum age for the local (room) user password after which it must be changed" setting to organizational standards. CC ID 09665 | Configuration | Preventive | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the local (room) user password is about to expire" setting to organizational standards. CC ID 09666 | Configuration | Preventive | |
| Configure the "minimum number of characters that must be changed when creating a new local (room) user password" setting to organizational standards. CC ID 09667 | Configuration | Preventive | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new local (room) user password" setting to organizational standards. CC ID 09668 | Configuration | Preventive | |
| Configure the "the local (room) user password can contain the user account name or the reverse of the account name" setting to organizational standards. CC ID 09669 | Configuration | Preventive | |
| Configure the "minimum length required for a meeting password" setting to organizational standards. CC ID 09670 | Configuration | Preventive | |
| Configure the "require that the meeting password contain lower case characters" setting to organizational standards. CC ID 09671 | Configuration | Preventive | |
| Configure the "require that the meeting password contain upper case characters" setting to organizational standards. CC ID 09672 | Configuration | Preventive | |
| Configure the "require that the meeting password contain numbers" setting to organizational standards. CC ID 09673 | Configuration | Preventive | |
| Configure the "require that the meeting password contain special characters" setting to organizational standards. CC ID 09674 | Configuration | Preventive | |
| Configure the "reject a certain number of previous meeting passwords when creating a new meeting password" setting to organizational standards. CC ID 09675 | Configuration | Preventive | |
| Configure the "minimum age for the meeting password before it can be changed" setting to organizational standards. CC ID 09676 | Configuration | Preventive | |
| Configure the "maximum age for the meeting password after which it must be changed" setting to organizational standards. CC ID 09677 | Configuration | Preventive | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the meeting password is about to expire" setting to organizational standards. CC ID 09678 | Configuration | Preventive | |
| Configure the "minimum number of characters that must be changed when creating a new meeting password" setting to organizational standards. CC ID 09679 | Configuration | Preventive | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new meeting password" setting to organizational standards. CC ID 09680 | Configuration | Preventive | |
| Configure the "allow access to security related settings by non-admin users" setting to organizational standards. CC ID 09681 | Configuration | Preventive | |
| Configure the "NTLM version" setting to organizational standards. CC ID 09682 | Configuration | Preventive | |
| Configure the "folder name to be used when downloading log files" setting to organizational standards. CC ID 09683 | Configuration | Preventive | |
| Configure the "percent filled threshold above which a warning will be provided if log files exceed it" setting to organizational standards. CC ID 09684 | Configuration | Preventive | |
| Configure the "frequency of transferring logs to a storage device then deleting the logs from the system" setting to organizational standards. CC ID 09685 | Configuration | Preventive | |
| Configure the "show content immediately upon connecting a computer to the system" setting to organizational standards. CC ID 09686 | Configuration | Preventive | |
| Configure the "require an account number to dial a call" setting to organizational standards. CC ID 09687 | Configuration | Preventive | |
| Configure the "require validation of an account number before allowing a call to be dialed" setting to organizational standards. CC ID 09688 | Configuration | Preventive | |
| Configure the "maximum time that a call can be connected" setting to organizational standards. CC ID 09689 | Configuration | Preventive | |
| Configure the "mute a call that is auto answered" setting to organizational standards. CC ID 09690 | Configuration | Preventive | |
| Configure the "H.460 firewall traversal" setting to organizational standards CC ID 09691 | Configuration | Preventive | |
| Configure the "POTS" setting to organizational standards. CC ID 09692 | Configuration | Preventive | |
| Configure the "POTS area code manually" setting to organizational standards. CC ID 09693 | Configuration | Preventive | |
| Configure the "POTS number manually" setting to organizational standards. CC ID 09694 | Configuration | Preventive | |
| Configure the "allow a Polycom Touch Control panel to pair with the system" setting to organizational standards. CC ID 09695 | Configuration | Preventive | |
| Configure the "screen saver wait time" setting to organizational standards. CC ID 09696 | Configuration | Preventive | |
| Configure the "video call dial order" setting to organizational standards. CC ID 09697 | Configuration | Preventive | |
| Configure the "voice call dial order" setting to organizational standards. CC ID 09698 | Configuration | Preventive | |
| Configure the "diagnostic (basic) mode" setting to organizational standards. CC ID 09699 | Configuration | Preventive | |
| Configure the "dual monitor emulation" setting to organizational standards. CC ID 09700 | Configuration | Preventive | |
| Configure the "H.239" setting to organizational standards CC ID 09701 | Configuration | Preventive | |
| Configure the "VGA quality preference" setting to organizational standards. CC ID 09702 | Configuration | Preventive | |
| Configure the "power button on the IR remote control" setting to organizational standards. CC ID 09703 | Configuration | Preventive | |
| Configure the "numeric keypad function on the IR remote control" setting to organizational standards. CC ID 09704 | Configuration | Preventive | |
| Configure the "allow use of a non-Polycom IR remote control" setting to organizational standards. CC ID 09705 | Configuration | Preventive | |
| Configure the "channel ID for the IR remote control" setting to organizational standards. CC ID 09706 | Configuration | Preventive | |
| Configure the "transcoding" setting to organizational standards. CC ID 09707 | Configuration | Preventive | |
| Configure the "allow the system to dial any calls" setting to organizational standards. CC ID 09708 | Configuration | Preventive | |
| Configure the "preferred dialing method" setting to organizational standards. CC ID 09709 | Configuration | Preventive | |
| Configure the "domain of the provisioning server" setting to organizational standards. CC ID 09710 | Configuration | Preventive | |
| Configure the "user name to connect to the provisioning server" setting to organizational standards. CC ID 09711 | Configuration | Preventive | |
| Configure the "password to connect to the provisioning server" setting to organizational standards. CC ID 09712 | Configuration | Preventive | |
| Configure the "server address of the provisioning server" setting to organizational standards. CC ID 09713 | Configuration | Preventive | |
| Configure the "SNMP admin name" setting to organizational standards. CC ID 09714 | Configuration | Preventive | |
| Configure the "SNMP community name" setting to organizational standards. CC ID 09715 | Configuration | Preventive | |
| Configure the "SNMP console address" setting to organizational standards. CC ID 09716 | Configuration | Preventive | |
| Configure the "SNMP location" setting to organizational standards. CC ID 09717 | Configuration | Preventive | |
| Configure the "SNMP system description" setting to organizational standards. CC ID 09718 | Configuration | Preventive | |
| Configure the "SNMP trap version" setting to organizational standards. CC ID 09719 | Configuration | Preventive | |
| Configure Apache and Tomcat to Organizational Standards. CC ID 08987 | Configuration | Preventive | |
| Configure the "demo CGI printenv.pl" setting to organizational standards. CC ID 08993 | Configuration | Preventive | |
| Configure the "testcgi" setting to organizational standards. CC ID 08994 | Configuration | Preventive | |
| Configure the "FollowSymLinks" setting for the "DocumentRoot" to organizational standards. CC ID 08995 | Configuration | Preventive | |
| Configure the "IncludesNOEXEC" setting for the "DocumentRoot" to organizational standards. CC ID 08996 | Configuration | Preventive | |
| Configure the "Indexes" setting for the "DocumentRoot" to organizational standards. CC ID 08997 | Configuration | Preventive | |
| Configure the "Allow" setting for the "OS root" to organizational standards. CC ID 08998 | Configuration | Preventive | |
| Configure the "Allow" setting to organizational standards. CC ID 08999 | Configuration | Preventive | |
| Configure the "KeepAlive" setting to organizational standards. CC ID 09000 | Configuration | Preventive | |
| Configure the "KeepAliveTimeout" setting to organizational standards. CC ID 09001 | Configuration | Preventive | |
| Configure the "LimitRequestBody" setting to organizational standards. CC ID 09002 | Configuration | Preventive | |
| Configure the "LimitRequestFields" setting to organizational standards. CC ID 09003 | Configuration | Preventive | |
| Configure the "LimitRequestFieldSizeBody" setting to organizational standards. CC ID 09004 | Configuration | Preventive | |
| Configure the "LimitRequestline" setting to organizational standards. CC ID 09005 | Configuration | Preventive | |
| Configure the "loglevel" setting to organizational standards. CC ID 09006 | Configuration | Preventive | |
| Configure the "MaxClients" setting to organizational standards. CC ID 09007 | Configuration | Preventive | |
| Configure the "ServerTokens" setting to organizational standards. CC ID 09008 | Configuration | Preventive | |
| Configure the "Timeout" setting to organizational standards. CC ID 09009 | Configuration | Preventive | |
| Configure the "apache access log file" setting to organizational standards. CC ID 09010 | Configuration | Preventive | |
| Configure the "AllowOverride" for "OS root" to organizational standards. CC ID 09011 | Configuration | Preventive | |
| Configure the "AllowOverride" setting for "web site root directories" to organizational standards. CC ID 09012 | Configuration | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 400 errors" to organizational standards. CC ID 09013 | Configuration | Preventive | |
| Configure the "Group" setting to organizational standards. CC ID 09014 | Configuration | Preventive | |
| Configure the "runtime rewriting engine" setting to organizational standards. CC ID 09015 | Configuration | Preventive | |
| Configure the "ServerSignature" setting to organizational standards. CC ID 09016 | Configuration | Preventive | |
| Configure the "apache system logging" setting to organizational standards. CC ID 09017 | Configuration | Preventive | |
| Configure the "User" setting to organizational standards. CC ID 09019 | Configuration | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 401 errors" to organizational standards. CC ID 09020 | Configuration | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 403 errors" to organizational standards. CC ID 09021 | Configuration | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 404 errors" to organizational standards. CC ID 09022 | Configuration | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 405 errors" to organizational standards. CC ID 09023 | Configuration | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 500 errors" to organizational standards. CC ID 09024 | Configuration | Preventive | |
| Configure the "Deny" setting for the "OS root" to organizational standards. CC ID 09025 | Configuration | Preventive | |
| Configure the "Deny" setting to organizational standards. CC ID 09026 | Configuration | Preventive | |
| Configure the "error log file" setting to organizational standards. CC ID 09040 | Configuration | Preventive | |
| Configure the "Includes" setting for the "DocumentRoot" to organizational standards. CC ID 09046 | Configuration | Preventive | |
| Configure the "MultiViews" setting for the "DocumentRoot" to organizational standards. CC ID 09047 | Configuration | Preventive | |
| Configure the "Order" setting for the "OS root" to organizational standards. CC ID 09048 | Configuration | Preventive | |
| Configure the "permitted HTTP request methods" setting to organizational standards. CC ID 09049 | Configuration | Preventive | |
| Configure the "httpd.conf" file to organizational standards. CC ID 09050 | Configuration | Preventive | |
| Configure the "htpasswd" file to organizational standards. CC ID 09053 | Configuration | Preventive | |
| Configure the "Server Administrator email address" setting to organizational standards. CC ID 09054 | Configuration | Preventive | |
| Configure the "StartServers" setting to organizational standards. CC ID 09060 | Configuration | Preventive | |
| Configure the "MinSpareServers" setting to organizational standards. CC ID 09061 | Configuration | Preventive | |
| Configure the "MaxSpareServers" setting to organizational standards. CC ID 09062 | Configuration | Preventive | |
| Configure the "ExecCGI" setting for the "DocumentRoot" to organizational standards. CC ID 09063 | Configuration | Preventive | |
| Configure the "Order" setting for "all DocumentRoots" to organizational standards. CC ID 09064 | Configuration | Preventive | |
| Configure the "Order" setting to organizational standards. CC ID 09065 | Configuration | Preventive | |
| Configure the "action directive" setting to organizational standards. CC ID 09066 | Configuration | Preventive | |
| Configure the "AddHandler directive" setting to organizational standards. CC ID 09067 | Configuration | Preventive | |
| Configure the "Anonymous sharing of Apache's web content directories with nfs" setting to organizational standards. CC ID 09068 | Configuration | Preventive | |
| Configure the "Anonymous sharing of Apache's web content directories with smb" setting to organizational standards. CC ID 09069 | Configuration | Preventive | |
| Configure the "MaxKeepAliveRequests" setting to organizational standards. CC ID 09070 | Configuration | Preventive | |
| Configure the "log_config_module" setting to organizational standards. CC ID 09072 | Configuration | Preventive | |
| Configure the "disallow paths and files" setting for "robots.txt" to organizational standards. CC ID 09105 | Configuration | Preventive | |
| Configure the "ssl_module" setting to organizational standards. CC ID 09106 | Configuration | Preventive | |
| Configure the "SSLProtocol" setting to organizational standards. CC ID 09107 | Configuration | Preventive | |
| Configure the "SSLEngine" setting to organizational standards. CC ID 09108 | Configuration | Preventive | |
| Configure the "apache online manual" setting to organizational standards. CC ID 09109 | Configuration | Preventive | |
| Configure the "FollowSymLinks" setting for "all options directives" to organizational standards. CC ID 09110 | Configuration | Preventive | |
| Configure the "Includes" setting for "all options directives" to organizational standards. CC ID 09111 | Configuration | Preventive | |
| Configure the "IncludesNoExec" setting for "all options directives" to organizational standards. CC ID 09112 | Configuration | Preventive | |
| Configure the "MultiViews" setting for "all options directives" to organizational standards. CC ID 09113 | Configuration | Preventive | |
| Configure the "Indexes" setting for "all options directives" to organizational standards. CC ID 09114 | Configuration | Preventive | |
| Configure the "dav_module" setting to organizational standards. CC ID 09115 | Configuration | Preventive | |
| Configure the "dav_fs_module" setting to organizational standards. CC ID 09116 | Configuration | Preventive | |
| Configure the "info_module" setting to organizational standards. CC ID 09117 | Configuration | Preventive | |
| Configure the "status_module" setting to organizational standards. CC ID 09118 | Configuration | Preventive | |
| Configure the "proxy_module" setting to organizational standards. CC ID 09119 | Configuration | Preventive | |
| Configure the "proxy_ftp_module" setting to organizational standards. CC ID 09120 | Configuration | Preventive | |
| Configure the "proxy_http_module" setting to organizational standards. CC ID 09121 | Configuration | Preventive | |
| Configure the "proxy_connect_module" setting to organizational standards. CC ID 09122 | Configuration | Preventive | |
| Configure the "ExecCGI" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09130 | Configuration | Preventive | |
| Configure the "FollowSymLinks" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09131 | Configuration | Preventive | |
| Configure the "Includes" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09132 | Configuration | Preventive | |
| Configure the "IncludesNoExec" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09133 | Configuration | Preventive | |
| Configure the "Indexes" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09134 | Configuration | Preventive | |
| Configure the "MultiViews" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09135 | Configuration | Preventive | |
| Configure the "SymLinksIfOwnerMatch" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09136 | Configuration | Preventive | |
| Configure the "TraceEnable" setting to organizational standards. CC ID 09137 | Configuration | Preventive | |
| Configure the "listening IP address" setting to organizational standards. CC ID 09138 | Configuration | Preventive | |
| Configure the "listening port" setting to organizational standards. CC ID 09139 | Configuration | Preventive | |
| Configure the "ScriptAlias" setting to organizational standards. CC ID 09140 | Configuration | Preventive | |
| Configure the "automatic directory indexing" setting to organizational standards. CC ID 09141 | Configuration | Preventive | |
| Configure the "Anonymous sharing of Apache's web content directories" setting to organizational standards. CC ID 09142 | Configuration | Preventive | |
| Configure the "apache web server" setting to organizational standards. CC ID 09147 | Configuration | Preventive | |
| Configure the "dav_lock_module" setting to organizational standards. CC ID 09150 | Configuration | Preventive | |
| Configure the "proxy_ajp_module" setting to organizational standards. CC ID 09151 | Configuration | Preventive | |
| Configure the "proxy_balancer_module" setting to organizational standards. CC ID 09152 | Configuration | Preventive | |
| Configure the "CGI scripts for Apache Tomcat" setting to organizational standards. CC ID 09720 | Configuration | Preventive | |
| Configure the "Access to Apache Tomcat's interactive scripts" setting to organizational standards. CC ID 09721 | Configuration | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.bak" files to organizational standards CC ID 09722 | Configuration | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.old" files to organizational standards CC ID 09723 | Configuration | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.temp" files to organizational standards CC ID 09724 | Configuration | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.tmp" files to organizational standards CC ID 09725 | Configuration | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.backup" files to organizational standards CC ID 09726 | Configuration | Preventive | |
| Configure the "Tomcat Apache's backup CGI copy of*.*" files to organizational standards CC ID 09727 | Configuration | Preventive | |
| Configure the "maxProcessors attribute" setting to organizational standards. CC ID 09728 | Configuration | Preventive | |
| Configure the "access log valve" setting for the "tomcat Engine container" to organizational standards. CC ID 09730 | Configuration | Preventive | |
| Configure the "access log valve" setting for the "tomcat Host container" to organizational standards. CC ID 09731 | Configuration | Preventive | |
| Configure the "access log valve" setting for the "tomcat Context container" to organizational standards. CC ID 09732 | Configuration | Preventive | |
| Configure the "disallow paths and files" setting for the "tomcat site robots.txt" file to organizational standards. CC ID 09745 | Configuration | Preventive | |
| Configure the "tomcat SSLProtocol atribute" setting to organizational standards. CC ID 09746 | Configuration | Preventive | |
| Configure the "tomcat Connector SSLEngine attribute" setting to organizational standards. CC ID 09747 | Configuration | Preventive | |
| Configure the "tomcat Listener SSLEngine attribute" setting to organizational standards. CC ID 09748 | Configuration | Preventive | |
| Configure the "tomcat server attribute" setting to organizational standards. CC ID 09749 | Configuration | Preventive | |
| Configure the "account running the tomcat service" setting to organizational standards. CC ID 09750 | Configuration | Preventive | |
| Configure the "tomcat server documentation" setting to organizational standards. CC ID 09751 | Configuration | Preventive | |
| Configure the "tomcat js examples" setting to organizational standards. CC ID 09752 | Configuration | Preventive | |
| Configure the "tomcat servlet examples" setting to organizational standards. CC ID 09753 | Configuration | Preventive | |
| Configure the "tomcat webdav" folder to organizational standards. CC ID 09754 | Configuration | Preventive | |
| Configure the "tomcat examples" folder to organizational standards. CC ID 09755 | Configuration | Preventive | |
| Configure the "tomcat balancer" folder to organizational standards. CC ID 09756 | Configuration | Preventive | |
| Configure the "tomcat pattern attribute" setting to organizational standards. CC ID 09757 | Configuration | Preventive | |
| Configure the "Java Security Manager (JSM)" setting to organizational standards. CC ID 09758 | Configuration | Preventive | |
| Configure the "run with the Java Security Manager upon startup" setting to organizational standards. CC ID 09759 | Configuration | Preventive | |
| Configure the "shutdown port number" for the "tomcat server" to organizational standards. CC ID 09760 | Configuration | Preventive | |
| Configure the "Tomcat Legacy JK AJP 1.3 connector" setting to organizational standards. CC ID 09761 | Configuration | Preventive | |
| Configure the "port number" setting for the "Tomcat Legacy JK AJP 1.3 connector" to organizational standards. CC ID 09762 | Configuration | Preventive | |
| Configure the "Tomcat Legacy HTTP/1.1 connector" setting to organizational standards. CC ID 09763 | Configuration | Preventive | |
| Configure the "port number" for the "Tomcat Legacy HTTP/1.1 connector" to organizational standards. CC ID 09764 | Configuration | Preventive | |
| Configure the "Tomcat login authentication method" setting to organizational standards. CC ID 09765 | Configuration | Preventive | |
| Configure the "security roles" for the "Tomcat manager app" to organizational standards. CC ID 09766 | Configuration | Preventive | |
| Configure the "security roles" setting for the "tomcat admin app" to organizational standards. CC ID 09767 | Configuration | Preventive | |
| Configure the "deny access to the Tomcat Admin app" setting to organizational standards. CC ID 09768 | Configuration | Preventive | |
| Configure the "allow access to the Tomcat Admin app" setting to organizational standards. CC ID 09769 | Configuration | Preventive | |
| Configure the "deny access to the Tomcat manager app" setting to organizational standards. CC ID 09770 | Configuration | Preventive | |
| Configure the "allow access to the Tomcat manager app" setting to organizational standards. CC ID 09771 | Configuration | Preventive | |
| Configure the "password digest algorithm" setting for "JDBCRealm (database) connections" to organizational standards. CC ID 09779 | Configuration | Preventive | |
| Configure the "JDBCRealm (database) password digest algorithm" setting to organizational standards. CC ID 09780 | Configuration | Preventive | |
| Configure the "password digest algorithm" setting for "JNDIRealm (LDAP) connections" to organizational standards. CC ID 09781 | Configuration | Preventive | |
| Configure the "JNDIRealm (LDAP) password digest" setting to organizational standards. CC ID 09782 | Configuration | Preventive | |
| Configure the "Tomcat HTTP/1.1 connector" setting to organizational standards. CC ID 09783 | Configuration | Preventive | |
| Configure the "port number" setting for the "Tomcat HTTP/1.1 connector" to organizational standards. CC ID 09784 | Configuration | Preventive | |
| Configure the "secure attribute" for the "Tomcat HTTP/1.1 connectors" to organizational standards. CC ID 09785 | Configuration | Preventive | |
| Configure the "Tomcat Legacy JK/JK2 AJP 1.3 connector" setting to organizational standards. CC ID 09786 | Configuration | Preventive | |
| Configure the "port number" setting for the "JK/JK2 AJP 1.3 connector" to organizational standards. CC ID 09787 | Configuration | Preventive | |
| Configure the "Tomcat WARP connector" setting to organizational standards. CC ID 09788 | Configuration | Preventive | |
| Configure the "port number" setting for the "WARP connector" to organizational standards. CC ID 09789 | Configuration | Preventive | |
| Configure the "location of the log files directory" setting for the "Logger element" to organizational standards. CC ID 09790 | Configuration | Preventive | |
| Configure the "example server.xml" file to organizational standards. CC ID 09791 | Configuration | Preventive | |
| Configure the "file prefix" setting for the "Logger element" to organizational standards. CC ID 09794 | Configuration | Preventive | |
| Configure the "verbosity" setting for the "Logger element" to organizational standards. CC ID 09795 | Configuration | Preventive | |
| Configure the "Tomcat server port number" setting to organizational standards. CC ID 09797 | Configuration | Preventive | |
| Configure the "secure attribute" for the "Tomcat JK/JK2 AJP 1.3 connectors" to organizational standards. CC ID 09803 | Configuration | Preventive | |
| Configure the "JULI container level logging" setting to organizational standards. CC ID 09804 | Configuration | Preventive | |
| Configure the "JULI FileHandler threshold level " setting to organizational standards. CC ID 09805 | Configuration | Preventive | |
| Configure the "JULI FileHandler save directory " setting to organizational standards. CC ID 09806 | Configuration | Preventive | |
| Configure the "JULI FileHandlerlog file name prefix " setting to organizational standards. CC ID 09807 | Configuration | Preventive | |
| Configure the "grant of all permissions to Tomcat web applications" setting to organizational standards. CC ID 09808 | Configuration | Preventive | |
| Configure the "example" files to organizational standards. CC ID 09809 | Configuration | Preventive | |
| Configure the "WebDAV app" setting to organizational standards. CC ID 09810 | Configuration | Preventive | |
| Configure the "Tomcat-docs" setting to organizational standards. CC ID 09811 | Configuration | Preventive | |
| Configure the "Balancer app" setting to organizational standards. CC ID 09812 | Configuration | Preventive | |
| Configure the "save directory for log files" setting to organizational standards. CC ID 09816 | Configuration | Preventive | |
| Configure the "verify passwords in tomcat-users.xml are stored using an authorized digest" setting to organizational standards. CC ID 09817 | Configuration | Preventive | |
| Configure IIS to Organizational Standards. CC ID 08988 | Configuration | Preventive | |
| Configure the "IIS Web Root folder path" setting to organizational standards. CC ID 09153 | Configuration | Preventive | |
| Configure the "IIS Web Root" directory to organizational standards. CC ID 09154 | Configuration | Preventive | |
| Configure the "use the appropriate network interface" setting to organizational standards. CC ID 09155 | Configuration | Preventive | |
| Configure the "Enable Logging" setting to organizational standards. CC ID 09167 | Configuration | Preventive | |
| Configure the "Integrated Windows Authentication" setting to organizational standards. CC ID 09176 | Configuration | Preventive | |
| Configure the "Special Characters In Shells" setting for the "WWW service" to organizational standards. CC ID 09177 | Configuration | Preventive | |
| Configure the "IIS WWW service SSL error logging" setting to organizational standards. CC ID 09178 | Configuration | Preventive | |
| Configure the "RDSServer.DataFactory object" setting to organizational standards. CC ID 09179 | Configuration | Preventive | |
| Configure the "AdvancedDataFactory object" setting to organizational standards. CC ID 09180 | Configuration | Preventive | |
| Configure the "VbBusObj.VbBusObjCls object" setting to organizational standards. CC ID 09181 | Configuration | Preventive | |
| Configure the ".printer extension mapping" setting to organizational standards CC ID 09182 | Configuration | Preventive | |
| Configure the ".htw extension mapping" setting to organizational standards CC ID 09183 | Configuration | Preventive | |
| Configure the ".ida extension mapping" setting to organizational standards CC ID 09184 | Configuration | Preventive | |
| Configure the ".idq extension mapping" setting to organizational standards CC ID 09185 | Configuration | Preventive | |
| Configure the ".idc extension mapping" setting to organizational standards CC ID 09186 | Configuration | Preventive | |
| Configure the ".shtm extension mapping" setting to organizational standards CC ID 09187 | Configuration | Preventive | |
| Configure the ".stm extension mapping" setting to organizational standards CC ID 09188 | Configuration | Preventive | |
| Configure the ".shtml extension mapping" setting to organizational standards CC ID 09189 | Configuration | Preventive | |
| Configure the "Relative path traversal" setting to organizational standards. CC ID 09190 | Configuration | Preventive | |
| Configure the "HTTP protocol logging" setting to organizational standards. CC ID 09199 | Configuration | Preventive | |
| Configure the "Date logging" setting to organizational standards. CC ID 09200 | Configuration | Preventive | |
| Configure the "Time logging" setting to organizational standards. CC ID 09201 | Configuration | Preventive | |
| Configure the "Client IP Address logging" setting to organizational standards. CC ID 09202 | Configuration | Preventive | |
| Configure the "User name logging" setting to organizational standards. CC ID 09203 | Configuration | Preventive | |
| Configure the "User agent logging" setting to organizational standards. CC ID 09204 | Configuration | Preventive | |
| Configure the "Method logging" setting to organizational standards. CC ID 09205 | Configuration | Preventive | |
| Configure the "URI stem logging" setting to organizational standards. CC ID 09206 | Configuration | Preventive | |
| Configure the "URL query logging" setting to organizational standards. CC ID 09207 | Configuration | Preventive | |
| Configure the "Server IP address logging" setting to organizational standards. CC ID 09208 | Configuration | Preventive | |
| Configure the "Server port logging" setting to organizational standards. CC ID 09209 | Configuration | Preventive | |
| Configure the "Protocol status logging" setting to organizational standards. CC ID 09210 | Configuration | Preventive | |
| Configure the "Win32 status logging" setting to organizational standards. CC ID 09211 | Configuration | Preventive | |
| Configure the "HTTP Log folder path" setting to organizational standards. CC ID 09212 | Configuration | Preventive | |
| Configure the "Web-based password reset IIS application mappings (.htr)" setting to organizational standards CC ID 09215 | Configuration | Preventive | |
| Configure the "IIS Sample files" setting to organizational standards. CC ID 09216 | Configuration | Preventive | |
| Configure the "sample Data Access files" setting to organizational standards. CC ID 09217 | Configuration | Preventive | |
| Configure the "IIS Help files" setting to organizational standards. CC ID 09218 | Configuration | Preventive | |
| Configure the "Remote Account password changes" setting to organizational standards. CC ID 09219 | Configuration | Preventive | |
| Configure the "execution context of the IIS CGI processes" setting to organizational standards. CC ID 09220 | Configuration | Preventive | |
| Configure the "Server Side Includes command shell" setting to organizational standards. CC ID 09229 | Configuration | Preventive | |
| Configure the "IIS sample Web Printing files" setting to organizational standards. CC ID 09230 | Configuration | Preventive | |
| Configure the "AllowRestrictedChars" setting to organizational standards. CC ID 09231 | Configuration | Preventive | |
| Configure the "EnableNonUTF8" setting to organizational standards. CC ID 09232 | Configuration | Preventive | |
| Configure the "FavorUTF8" setting to organizational standards. CC ID 09233 | Configuration | Preventive | |
| Configure the "maximum possible size of request headers" setting to organizational standards. CC ID 09234 | Configuration | Preventive | |
| Configure the "maximum possible combined size of request line and headers" setting to organizational standards. CC ID 09235 | Configuration | Preventive | |
| Configure the "maximum number of characters in a URL path setting" setting to organizational standards. CC ID 09236 | Configuration | Preventive | |
| Configure the "maximum number of URL path segments" setting to organizational standards. CC ID 09237 | Configuration | Preventive | |
| Configure the "allowance of %U notation in request URLs" setting to organizational standards. CC ID 09238 | Configuration | Preventive | |
| Configure the "maximum response size that can be cached in the kernel" setting to organizational standards. CC ID 09239 | Configuration | Preventive | |
| Configure the "maximum size of the entire request body" setting to organizational standards. CC ID 09240 | Configuration | Preventive | |
| Configure the "URLScan ISAPI filters" setting to organizational standards. CC ID 09241 | Configuration | Preventive | |
| Configure the "HTTP SSL (HTTPFilter) service" setting to organizational standards. CC ID 09242 | Configuration | Preventive | |
| Configure the "identity" setting for the "IIS Application Pools service" to organizational standards. CC ID 09243 | Configuration | Preventive | |
| Configure the "worker process isolation" setting to organizational standards. CC ID 09244 | Configuration | Preventive | |
| Configure the "Recycle worker process (in minutes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09245 | Configuration | Preventive | |
| Configure the "Recycle worker process (number of requests)" setting for the "IIS Application Pool" to organizational standards. CC ID 09246 | Configuration | Preventive | |
| Configure the "Maximum virtual memory (in megabytes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09247 | Configuration | Preventive | |
| Configure the "Maximum used memory (in megabytes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09248 | Configuration | Preventive | |
| Configure the "Shutdown worker processes after being idle (time in minutes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09249 | Configuration | Preventive | |
| Configure the "Limit the kernel request queue (number of requests)" setting for the "IIS Application Pool" to organizational standards. CC ID 09250 | Configuration | Preventive | |
| Configure the "Enable pinging" setting for the "IIS Application Pool" to organizational standards. CC ID 09251 | Configuration | Preventive | |
| Configure the "Ping worker process every (frequency in seconds)" setting for the "IIS Application Pool" to organizational standards. CC ID 09252 | Configuration | Preventive | |
| Configure the "Enable rapid-fail protection" setting for the "IIS Application Pool" to organizational standards. CC ID 09253 | Configuration | Preventive | |
| Configure the "Enable rapid-fail protection - Failures" setting for the "IIS Application Pool" to organizational standards. CC ID 09254 | Configuration | Preventive | |
| Configure the "Enable rapid-fail protection - Time Period" setting for the "IIS Application Pool" to organizational standards. CC ID 09255 | Configuration | Preventive | |
| Configure the "auditing" setting for the "MetaBase.xml" file to organizational standards. CC ID 09256 | Configuration | Preventive | |
| Configure Microsoft SQL Server to Organizational Standards. CC ID 08989 | Configuration | Preventive | |
| Configure the "allowing DDL statements to modify the application schema" permissions for the "Database application" to organizational standards. CC ID 09258 | Configuration | Preventive | |
| Configure the "encrypt custom and GOTS application source code" setting to organizational standards. CC ID 09259 | Configuration | Preventive | |
| Configure the "Access to DBMS software files and directories" setting to organizational standards. CC ID 09264 | Configuration | Preventive | |
| Configure the "Default demonstration and sample database objects and applications" setting to organizational standards. CC ID 09265 | Configuration | Preventive | |
| Configure the "auditing parameters" for "database auditing" to organizational standards. CC ID 09266 | Configuration | Preventive | |
| Configure the "DBMS login account password complexity requirements" setting to organizational standards. CC ID 09268 | Configuration | Preventive | |
| Configure the "Passwords for DBMS default accounts" setting to organizational standards. CC ID 09269 | Configuration | Preventive | |
| Configure the "Remote DBMS administration" setting to organizational standards. CC ID 09270 | Configuration | Preventive | |
| Configure the "C2 Audit records" setting to organizational standards. CC ID 09271 | Configuration | Preventive | |
| Configure the "SQL Mail XPs" setting to organizational standards. CC ID 09272 | Configuration | Preventive | |
| Configure the "SQL Server Service" setting to organizational standards. CC ID 09275 | Configuration | Preventive | |
| Configure the "Access extended stored procedure xp_cmdshell" setting to organizational standards. CC ID 09277 | Configuration | Preventive | |
| Configure the "xp_cmdshell" setting to organizational standards. CC ID 09278 | Configuration | Preventive | |
| Configure the "OLE Automation extended stored procedures" setting to organizational standards. CC ID 09279 | Configuration | Preventive | |
| Configure the "Access to registry extended stored procedures" setting to organizational standards. CC ID 09280 | Configuration | Preventive | |
| Configure the "Remote access" setting to organizational standards. CC ID 09281 | Configuration | Preventive | |
| Configure "Set time limit for active but idle Remote Desktop Services sessions" to organizational standards. CC ID 15382 | Configuration | Preventive | |
| Configure the "Always show desktop on connection" setting to organizational standards. CC ID 10753 | Configuration | Preventive | |
| Configure the "Automatic reconnection" setting to organizational standards. CC ID 10760 | Configuration | Preventive | |
| Configure the "keep-alive connection interval" setting to organizational standards. CC ID 10790 | Configuration | Preventive | |
| Configure the "RD Connection Broker farm name" setting to organizational standards. CC ID 10800 | Configuration | Preventive | |
| Configure the "RD Connection Broker server name" setting to organizational standards. CC ID 10801 | Configuration | Preventive | |
| Configure the "server authentication for client" setting for "Remote Desktop Connection Client" to organizational standards. CC ID 10817 | Configuration | Preventive | |
| Configure the "Do not use Remote Desktop Session Host server IP address when virtual IP address is not available" setting to organizational standards. CC ID 10938 | Configuration | Preventive | |
| Configure the "Enforce Removal of Remote Desktop Wallpaper" setting to organizational standards. CC ID 10957 | Configuration | Preventive | |
| Configure the "Hide previous versions list for remote files" setting to organizational standards. CC ID 10990 | Configuration | Preventive | |
| Configure the "Join RD Connection Broker" setting to organizational standards. CC ID 11003 | Configuration | Preventive | |
| Configure the "Limit number of connections" setting to organizational standards. CC ID 11011 | Configuration | Preventive | |
| Configure the "Optimize visual experience for Remote Desktop Services sessions" setting to organizational standards. CC ID 11058 | Configuration | Preventive | |
| Configure the "Prevent restoring remote previous versions" setting to organizational standards. CC ID 11089 | Configuration | Preventive | |
| Configure the "Require strict target SPN match on remote procedure calls" setting to organizational standards. CC ID 11136 | Configuration | Preventive | |
| Configure the "Require use of specific security layer for remote (RDP) connections" setting to organizational standards. CC ID 11137 | Configuration | Preventive | |
| Configure the "Restrict Remote Desktop Services users to a single Remote Desktop Services session" setting to organizational standards. CC ID 11142 | Configuration | Preventive | |
| Configure the "Select the network adapter to be used for Remote Desktop IP Virtualization" setting to organizational standards. CC ID 11164 | Configuration | Preventive | |
| Configure the "Set maximum wait time for the network if a user has a roaming user profile or remote home directory" setting to organizational standards. CC ID 11175 | Configuration | Preventive | |
| Configure the "Set path for Remote Desktop Services Roaming User Profile" setting to organizational standards. CC ID 11176 | Configuration | Preventive | |
| Configure the "Set Remote Desktop Services User Home Directory" setting to organizational standards. CC ID 11181 | Configuration | Preventive | |
| Configure the "Set rules for remote control of Remote Desktop Services user sessions" setting to organizational standards. CC ID 11183 | Configuration | Preventive | |
| Configure the "Set the Remote Desktop licensing mode" setting to organizational standards. CC ID 11188 | Configuration | Preventive | |
| Configure the "Set time limit for active Remote Desktop Services sessions" setting to organizational standards. CC ID 11194 | Configuration | Preventive | |
| Configure the "Set time limit for logoff of RemoteApp sessions" setting to organizational standards. CC ID 11195 | Configuration | Preventive | |
| Configure the "Specify maximum number of remote shells per user" setting to organizational standards. CC ID 11213 | Configuration | Preventive | |
| Configure the "Start a program on connection" setting to organizational standards. CC ID 11228 | Configuration | Preventive | |
| Configure the "Turn off desktop gadgets" setting to organizational standards. CC ID 11275 | Configuration | Preventive | |
| Configure the "Turn off legacy remote shutdown interface" setting to organizational standards. CC ID 11285 | Configuration | Preventive | |
| Configure the "Turn Off user-installed desktop gadgets" setting to organizational standards. CC ID 11322 | Configuration | Preventive | |
| Configure the "Turn on Remote Desktop IP Virtualization" setting to organizational standards. CC ID 11348 | Configuration | Preventive | |
| Configure the "Use RD Connection Broker load balancing" setting to organizational standards. CC ID 11364 | Configuration | Preventive | |
| Configure the "Use the specified Remote Desktop license servers" setting to organizational standards. CC ID 11366 | Configuration | Preventive | |
| Configure the "Wait for remote user profile" setting to organizational standards. CC ID 11370 | Configuration | Preventive | |
| Configure the "SQL Server authentication" setting to organizational standards. CC ID 09282 | Configuration | Preventive | |
| Configure the "Access to CmdExec and ActiveScripting jobs" setting to organizational standards. CC ID 09283 | Configuration | Preventive | |
| Configure the "Error log retention" setting to organizational standards. CC ID 09284 | Configuration | Preventive | |
| Configure the "Trace rollover" setting to organizational standards. CC ID 09285 | Configuration | Preventive | |
| Configure the "Named Pipes network protocol" setting to organizational standards. CC ID 09286 | Configuration | Preventive | |
| Configure the "SQL Server event forwarding" setting to organizational standards. CC ID 09287 | Configuration | Preventive | |
| Configure the "Access to manage the database master key" setting to organizational standards. CC ID 09288 | Configuration | Preventive | |
| Configure the "Encryption of the asymmetric keys" setting to organizational standards. CC ID 09290 | Configuration | Preventive | |
| Configure the "audit unauthorized access to the asymmetric keys" setting to organizational standards. CC ID 09291 | Configuration | Preventive | |
| Configure the "Database Master key encryption password" setting to organizational standards. CC ID 09292 | Configuration | Preventive | |
| Configure the "encrypt Database Master Key" setting to organizational standards. CC ID 09293 | Configuration | Preventive | |
| Configure the "store the database master key password" setting to organizational standards. CC ID 09294 | Configuration | Preventive | |
| Configure the "protect symmetric keys" setting to organizational standards. CC ID 09295 | Configuration | Preventive | |
| Configure the "clear residual data from memory, data objects or files, or other storage locations" setting to organizational standards. CC ID 09296 | Configuration | Preventive | |
| Configure the "DBMS account passwords expiration" setting to organizational standards. CC ID 09297 | Configuration | Preventive | |
| Configure the "audit attempts to bypass access controls" setting to organizational standards. CC ID 09310 | Configuration | Preventive | |
| Configure the "default audit trace" setting to organizational standards. CC ID 09311 | Configuration | Preventive | |
| Configure the "Audit records contents" setting to organizational standards. CC ID 09312 | Configuration | Preventive | |
| Configure the "port" setting for "Sql Server Analysis Services" to organizational standards. CC ID 09313 | Configuration | Preventive | |
| Configure the "port" setting for the "DBMS" to organizational standards. CC ID 09314 | Configuration | Preventive | |
| Configure the "Fixed server roll membership" setting to organizational standards. CC ID 09315 | Configuration | Preventive | |
| Configure the "Database Mail XPs" setting to organizational standards. CC ID 09316 | Configuration | Preventive | |
| Configure the "SQL Server Agent Email" setting to organizational standards. CC ID 09317 | Configuration | Preventive | |
| Configure the "scan for startup procs" setting to organizational standards. CC ID 09331 | Configuration | Preventive | |
| Configure the "Access to SQL Server Agent CmdExec" setting to organizational standards. CC ID 09332 | Configuration | Preventive | |
| Configure the "Access to ActiveScripting jobs" setting to organizational standards. CC ID 09333 | Configuration | Preventive | |
| Configure the "SQL Server Agent proxies" setting to organizational standards. CC ID 09334 | Configuration | Preventive | |
| Configure the "Replication snapshot folders" setting to organizational standards. CC ID 09335 | Configuration | Preventive | |
| Configure the "Ad hoc data mining queries configuration" setting to organizational standards. CC ID 09336 | Configuration | Preventive | |
| Configure the "Analysis Services Anonymous Connections" setting to organizational standards. CC ID 09337 | Configuration | Preventive | |
| Configure the "Analysis Services Links to Objects" setting to organizational standards. CC ID 09338 | Configuration | Preventive | |
| Configure the "Analysis Services Links From Objects" setting to organizational standards. CC ID 09339 | Configuration | Preventive | |
| Configure the "Analysis Services user-defined COM functions" setting to organizational standards. CC ID 09340 | Configuration | Preventive | |
| Configure the "Analysis Services Required Protection Levels" setting to organizational standards. CC ID 09341 | Configuration | Preventive | |
| Configure the "Analysis Services Security Package List" setting to organizational standards. CC ID 09342 | Configuration | Preventive | |
| Configure the "Analysis Services server role" setting to organizational standards. CC ID 09343 | Configuration | Preventive | |
| Configure the "Analysis Services database roles" setting to organizational standards. CC ID 09344 | Configuration | Preventive | |
| Configure the "Reporting Services Web service requests and HTTP" setting to organizational standards. CC ID 09345 | Configuration | Preventive | |
| Configure the "Reporting Services scheduled events and report delivery" setting to organizational standards. CC ID 09346 | Configuration | Preventive | |
| Configure the "Command Language Runtime objects" setting to organizational standards. CC ID 09348 | Configuration | Preventive | |
| Configure the "XML Web Services endpoints" setting to organizational standards. CC ID 09349 | Configuration | Preventive | |
| Configure the "db_owner role members" setting to organizational standards. CC ID 09350 | Configuration | Preventive | |
| Configure the "Web Assistant procedures configuration" setting to organizational standards. CC ID 09351 | Configuration | Preventive | |
| Configure the "Disallow adhoc access" setting for "linked servers" to organizational standards. CC ID 09353 | Configuration | Preventive | |
| Configure the "Ad Hoc distributed queries" setting to organizational standards. CC ID 09354 | Configuration | Preventive | |
| Configure the "Access to Analysis Services data sources" setting to organizational standards. CC ID 09355 | Configuration | Preventive | |
| Configure the "Database TRUSTWORTHY status" setting to organizational standards. CC ID 09356 | Configuration | Preventive | |
| Configure the "Agent XPs" setting to organizational standards. CC ID 09357 | Configuration | Preventive | |
| Configure the "SMO and DMO XPs" setting to organizational standards. CC ID 09358 | Configuration | Preventive | |
| Configure Oracle WebLogic Server to Organizational Standards. CC ID 08990 | Configuration | Preventive | |
| Configure the "Complete Message Timeout" setting to organizational standards. CC ID 09818 | Configuration | Preventive | |
| Configure the "FIPS- compliant cryptographic module" setting to organizational standards. CC ID 09819 | Configuration | Preventive | |
| Configure the "Allow Unencrypted Null Cipher" setting to organizational standards. CC ID 09820 | Configuration | Preventive | |
| Configure the "Maximum Message Size" setting to organizational standards. CC ID 09821 | Configuration | Preventive | |
| Configure the "Security Interoperability Mode" setting to organizational standards. CC ID 09822 | Configuration | Preventive | |
| Configure the "Severity field" setting to organizational standards. CC ID 09824 | Configuration | Preventive | |
| Configure the "servlet.HttpServletResponse" setting for "Active Context Handler" to organizational standards. CC ID 09825 | Configuration | Preventive | |
| Configure the "wli.Message" setting for "Active Context Handler" to organizational standards. CC ID 09826 | Configuration | Preventive | |
| Configure the "channel.Port" setting for "Active Context Handler" to organizational standards. CC ID 09827 | Configuration | Preventive | |
| Configure the "channel.PublicPort" setting for "Active Context Handler" to organizational standards. CC ID 09828 | Configuration | Preventive | |
| Configure the "channel.RemotePort" setting for "Active Context Handler" to organizational standards. CC ID 09829 | Configuration | Preventive | |
| Configure the "channel.Protocol" setting for "Active Context Handler" to organizational standards. CC ID 09830 | Configuration | Preventive | |
| Configure the "channel.Address" setting for "Active Context Handler" to organizational standards. CC ID 09831 | Configuration | Preventive | |
| Configure the "channel.PublicAddress" setting for "Active Context Handler" to organizational standards. CC ID 09832 | Configuration | Preventive | |
| Configure the "channel.RemoteAddress" setting for "Active Context Handler" to organizational standards. CC ID 09833 | Configuration | Preventive | |
| Configure the "channel.ChannelName" setting for "Active Context Handler" to organizational standards. CC ID 09834 | Configuration | Preventive | |
| Configure the "channel.Secure" setting for "Active Context Handler" to organizational standards. CC ID 09835 | Configuration | Preventive | |
| Configure the "ejb20.Parameter" setting for "Active Context Handler" to organizational standards CC ID 09836 | Configuration | Preventive | |
| Configure the "wsee.SOAPmessage" setting for "Active Context Handler" to organizational standards. CC ID 09837 | Configuration | Preventive | |
| Configure the "entitlement.EAuxilaryID" setting for "Active Context Handler" to organizational standards. CC ID 09838 | Configuration | Preventive | |
| Configure the "security.ChainPrevalidatedBySSL" setting for "Active Context Handler" to organizational standards. CC ID 09839 | Configuration | Preventive | |
| Configure the "xml.SecurityToken" setting for "Active Context Handler" to organizational standards. CC ID 09840 | Configuration | Preventive | |
| Configure the "webservice.Integrity" setting for "Active Context Handler" to organizational standards. CC ID 09841 | Configuration | Preventive | |
| Configure the "saml.SSLClientCertificateChain" setting for "Active Context Handler" to organizational standards. CC ID 09842 | Configuration | Preventive | |
| Configure the "saml.MessageSignerCerficate" setting for "Active Context Handler" to organizational standards. CC ID 09843 | Configuration | Preventive | |
| Configure the "saml.subject.ConfirmationMethod" setting for "Active Context Handler" to organizational standards. CC ID 09844 | Configuration | Preventive | |
| Configure the "saml.subject.dom.KeyInfo" setting for "Active Context Handler" to organizational standards. CC ID 09845 | Configuration | Preventive | |
| Configure the "jmx.ObjectName" setting for "Active Context Handler" to organizational standards. CC ID 09846 | Configuration | Preventive | |
| Configure the "jmx.ShortName" setting for "Active Context Handler" to organizational standards. CC ID 09847 | Configuration | Preventive | |
| Configure the "jmx.Parameters" setting for "Active Context Handler" to organizational standards. CC ID 09848 | Configuration | Preventive | |
| Configure the "jmx.Signature" setting for "Active Context Handler" to organizational standards. CC ID 09849 | Configuration | Preventive | |
| Configure the "jmx.AuditProtectedArgInfo" setting for "Active Context Handler" to organizational standards. CC ID 09850 | Configuration | Preventive | |
| Configure the "jmx.OldAttributeValue" setting for "Active Context Handler" to organizational standards. CC ID 09851 | Configuration | Preventive | |
| Configure the "Reject if Password Contains the User Name" setting to organizational standards. CC ID 09852 | Configuration | Preventive | |
| Configure the "Reject if Password Contains the User Name Reversed" setting to organizational standards. CC ID 09853 | Configuration | Preventive | |
| Configure the "maximum instances of any character field" setting to organizational standards. CC ID 09854 | Configuration | Preventive | |
| Configure the "maximum consecutive characters field" setting to organizational standards. CC ID 09855 | Configuration | Preventive | |
| Configure the "minimum number of alphabetic characters field" setting to organizational standards. CC ID 09856 | Configuration | Preventive | |
| Configure the "minimum number of numeric characters field" setting to organizational standards. CC ID 09857 | Configuration | Preventive | |
| Configure the "minimum number of non-alphanumeric characters field" setting to organizational standards. CC ID 09858 | Configuration | Preventive | |
| Configure the "Lockout Threshold" setting in the "Security Realm" to organizational standards. CC ID 09861 | Configuration | Preventive | |
| Configure the "Lockout Duration" setting in the "Security Realm" to organizational standards. CC ID 09862 | Configuration | Preventive | |
| Configure the "Lockout Reset Duration" setting in the "Security Realm" to organizational standards. CC ID 09863 | Configuration | Preventive | |
| Configure the "Require Unanimous Permit" setting to organizational standards. CC ID 09864 | Configuration | Preventive | |
| Configure the "Host Name Verification" setting on the "Administration Server" to organizational standards. CC ID 09865 | Configuration | Preventive | |
| Configure the "Minimum Number of Non-Alphabetic Characters" setting to organizational standards. CC ID 09866 | Configuration | Preventive | |
| Configure the "SSL Enabled" setting for "LDAP Server connections" to organizational standards. CC ID 09867 | Configuration | Preventive | |
| Configure the "Host Name Verification" setting to organizational standards. CC ID 09868 | Configuration | Preventive | |
| Configure the "Domain Credentials" setting to organizational standards. CC ID 09869 | Configuration | Preventive | |
| Configure the "Configuration Archive Enabled" setting to organizational standards. CC ID 09870 | Configuration | Preventive | |
| Configure the "Archive Configuration Count" setting to organizational standards. CC ID 09871 | Configuration | Preventive | |
| Configure the "Default Administrator field" setting to organizational standards. CC ID 09872 | Configuration | Preventive | |
| Configure the "SSL Listen Port" setting to organizational standards. CC ID 09873 | Configuration | Preventive | |
| Configure the "Administration Console Session Timeout field" setting to organizational standards. CC ID 09874 | Configuration | Preventive | |
| Configure the "Production Mode" setting to organizational standards. CC ID 09875 | Configuration | Preventive | |
| Configure the "WebLogic Auditing provider" setting to organizational standards. CC ID 09876 | Configuration | Preventive | |
| Configure the "Invocation Timeout Seconds" setting to organizational standards. CC ID 09877 | Configuration | Preventive | |
| Configure the "Anonymous Admin Lookup Enabled" setting to organizational standards. CC ID 09878 | Configuration | Preventive | |
| Configure the "Web App Files Case Insensitive" setting to organizational standards. CC ID 09879 | Configuration | Preventive | |
| Configure the "Enable Administration Port" setting to organizational standards. CC ID 09880 | Configuration | Preventive | |
| Configure the "SSL Rejection Logging Enabled" setting to organizational standards. CC ID 09881 | Configuration | Preventive | |
| Configure the "Export Key Lifespan" setting to organizational standards. CC ID 09882 | Configuration | Preventive | |
| Configure the "Client Cert Proxy Enabled" setting for the "Administration Server" to organizational standards. CC ID 09883 | Configuration | Preventive | |
| Configure the "Client Cert Proxy Enabled" setting for the "managed server" to organizational standards. CC ID 09884 | Configuration | Preventive | |
| Configure the "Frontend Host" setting to organizational standards. CC ID 09885 | Configuration | Preventive | |
| Configure the "Check Roles and Policies" setting to organizational standards. CC ID 09886 | Configuration | Preventive | |
| Configure the "Security Model Default" setting to organizational standards. CC ID 09887 | Configuration | Preventive | |
| Configure the "When Deploying Web Applications or EJBS" setting to organizational standards. CC ID 09888 | Configuration | Preventive | |
| Configure the "Configuration Audit Type field" setting to organizational standards. CC ID 09889 | Configuration | Preventive | |
| Configure the "EditMBeanServerEnabled" setting for the "Administration Server" to organizational standards. CC ID 09890 | Configuration | Preventive | |
| Configure the "two-way SSL" setting to organizational standards. CC ID 09891 | Configuration | Preventive | |
| Configure the "Embedded LDAP Timeout" setting to organizational standards. CC ID 09892 | Configuration | Preventive | |
| Configure the "Anonymous Bind Allowed" setting to organizational standards. CC ID 09893 | Configuration | Preventive | |
| Configure the "Post Timeout field" setting to organizational standards. CC ID 09894 | Configuration | Preventive | |
| Configure the "HTTP Duration" setting to organizational standards. CC ID 09895 | Configuration | Preventive | |
| Configure the "HTTPS Duration" setting to organizational standards. CC ID 09896 | Configuration | Preventive | |
| Configure the "HTTP Maximum Message Size" setting to organizational standards. CC ID 09897 | Configuration | Preventive | |
| Configure the "Connection Filter" setting for the "managed server" to organizational standards. CC ID 09898 | Configuration | Preventive | |
| Configure the "connection filter" setting to organizational standards. CC ID 09899 | Configuration | Preventive | |
| Configure the "Client Cert Proxy Enabled" setting to organizational standards. CC ID 09904 | Configuration | Preventive | |
| Configure the "Auth Cookie Enabled" setting to organizational standards. CC ID 09905 | Configuration | Preventive | |
| Configure the "Maximum Open Sockets" setting on the "Administration server" to organizational standards. CC ID 09906 | Configuration | Preventive | |
| Configure the "Complete Message Timeout" setting for "each custom channel" to organizational standards. CC ID 09908 | Configuration | Preventive | |
| Configure the "Idle Connection Timeout" setting for "each custom channel" to organizational standards. CC ID 09909 | Configuration | Preventive | |
| Configure the "Maximum Message Size" setting for "each custom channel" to organizational standards. CC ID 09910 | Configuration | Preventive | |
| Configure the "Node Manager Listen Address" setting to organizational standards. CC ID 09911 | Configuration | Preventive | |
| Configure the "Node Manager Type" setting to organizational standards. CC ID 09912 | Configuration | Preventive | |
| Configure the "Policy Selection Preference" setting to organizational standards. CC ID 09913 | Configuration | Preventive | |
| Configure the "Maximum Open Sockets" setting for "all Managed Servers" to organizational standards. CC ID 09914 | Configuration | Preventive | |
| Configure the "Enforce Constraints" setting for "digital certificates" to organizational standards. CC ID 09915 | Configuration | Preventive | |
| Configure the "Keystores field" setting to organizational standards. CC ID 09916 | Configuration | Preventive | |
| Configure the "HTTP Access Log File" setting to organizational standards. CC ID 09917 | Configuration | Preventive | |
| Configure the "Custom Hostname Verifier field" setting to organizational standards. CC ID 09918 | Configuration | Preventive | |
| Configure the "SSL port enabled" setting to organizational standards. CC ID 09919 | Configuration | Preventive | |
| Configure the "Listen Port Enabled" setting to organizational standards. CC ID 09920 | Configuration | Preventive | |
| Configure security and protection software according to Organizational Standards. CC ID 11917 | Configuration | Preventive | |
| Configure security and protection software to automatically run at startup. CC ID 12443 | Configuration | Preventive | |
| Configure security and protection software to check for up-to-date signature files. CC ID 00576 | Testing | Detective | |
| Configure security and protection software to enable automatic updates. CC ID 11945 | Configuration | Preventive | |
| Configure security and protection software to check e-mail messages. CC ID 00578 | Testing | Preventive | |
| Configure security and protection software to check e-mail attachments. CC ID 11860 | Configuration | Preventive | |
| Configure security and protection software to check for phishing attacks. CC ID 04569 | Technical Security | Detective | |
| Configure Windows Defender Remote Credential Guard to organizational standards. CC ID 16515 | Configuration | Preventive | |
| Configure Windows Defender Credential Guard to organizational standards. CC ID 16514 | Configuration | Preventive | |
| Configure dedicated systems used for system management according to organizational standards. CC ID 12132 | Configuration | Preventive | |
| Configure dedicated systems used for system management to prohibit them from composing documents. CC ID 12161 | Configuration | Preventive | |
| Configure dedicated systems used for system management so they are prohibited from accessing e-mail. CC ID 12160 | Configuration | Preventive | |
| Configure Application Programming Interfaces in accordance with organizational standards. CC ID 12170 | Configuration | Preventive | |
| Configure Application Programming Interfaces to enforce authentication. CC ID 12172 | Configuration | Preventive | |
| Configure Application Programming Interfaces to employ strong cryptography. CC ID 12171 | Configuration | Preventive | |
| Configure the Domain Name System in accordance with organizational standards. CC ID 12202 | Configuration | Preventive | |
| Configure the Domain Name System query logging to organizational standards. CC ID 12210 | Configuration | Preventive | |
| Configure the secure name/address resolution service (recursive or caching resolver). CC ID 01625 | Configuration | Preventive | |
| Configure the secure name/address resolution service (authoritative source). CC ID 01624 | Configuration | Preventive | |
| Configure payment systems in accordance with organizational standards. CC ID 12217 | Configuration | Preventive | |
| Configure payment systems to disable storing transactions when offline. CC ID 12220 | Configuration | Preventive | |
| Configure payment systems to disable authorizing transactions when offline. CC ID 12219 | Configuration | Preventive | |
| Configure payment applications to become disabled when suspicious activity is detected. CC ID 12221 | Configuration | Corrective | |
| Configure File Integrity Monitoring Software to Organizational Standards. CC ID 11923 | Configuration | Preventive | |
| Configure the file integrity monitoring software to perform critical file comparisons, as necessary. CC ID 11924 | Configuration | Preventive | |
| Configure Bluetooth settings according to organizational standards. CC ID 12422 | Configuration | Preventive | |
| Unpair Bluetooth devices when the pairing is no longer required. CC ID 15232 | Configuration | Preventive | |
| Use authorized versions of Bluetooth to pair Bluetooth devices. CC ID 15231 | Configuration | Preventive | |
| Refrain from using unit keys on Bluetooth devices. CC ID 12541 | Configuration | Preventive | |
| Configure link keys to be based on combination keys in Bluetooth devices. CC ID 12539 | Configuration | Preventive | |
| Refrain from using the "Just Works" model of Secure Simple Pairing in Bluetooth settings. CC ID 12538 | Configuration | Preventive | |
| Disable all Bluetooth profiles other than the Serial Port Profile. CC ID 12536 | Configuration | Preventive | |
| Lock Bluetooth profiles to prevent them being altered by end users. CC ID 12535 | Configuration | Preventive | |
| Configure Bluetooth to refrain from allowing multiple profiles of Bluetooth stacks. CC ID 12433 | Configuration | Preventive | |
| Remove backup files after initializing and hardening is complete. CC ID 01602 | Configuration | Preventive | |
| Perform vulnerability testing before final installation. CC ID 00884 | Testing | Detective | |
| Reboot the system after initial systems hardening is complete and before certification. CC ID 01603 | Systems Design, Build, and Implementation | Preventive | |
| Configure systems to protect against unauthorized data mining. CC ID 10095 | Configuration | Preventive | |
| Implement safeguards to prevent unauthorized code execution. CC ID 10686 | Configuration | Preventive | |
| Configure network switches to organizational standards. CC ID 12120 | Configuration | Preventive | |
| Enable Virtual Local Area Networks on network switches, as necessary. CC ID 12129 | Configuration | Preventive | |
Systems design, build, and implementation | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Systems design, build, and implementation CC ID 00989 | IT Impact Zone | IT Impact Zone | |
| Initiate the System Development Life Cycle development phase or System Development Life Cycle build phase. CC ID 06267 | Systems Design, Build, and Implementation | Preventive | |
| Perform Quality Management on all newly developed or modified systems. CC ID 01100 | Testing | Detective | |
| Establish, implement, and maintain system testing procedures. CC ID 11744 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Establish/Maintain Documentation | Preventive | |
| Restrict production data from being used in the test environment. CC ID 01103 | Testing | Detective | |
| Protect test data in the development environment. CC ID 12014 | Technical Security | Preventive | |
| Control the test data used in the development environment. CC ID 12013 | Systems Design, Build, and Implementation | Preventive | |
| Select the test data carefully. CC ID 12011 | Systems Design, Build, and Implementation | Preventive | |
| Test all software changes before promoting the system to a production environment. CC ID 01106 | Testing | Detective | |
| Test security functionality during the development process. CC ID 12015 | Testing | Preventive | |
| Include system performance in the scope of system testing. CC ID 12624 | Process or Activity | Preventive | |
| Include security controls in the scope of system testing. CC ID 12623 | Process or Activity | Preventive | |
| Include business logic in the scope of system testing. CC ID 12622 | Process or Activity | Preventive | |
| Review and test custom code to identify potential coding vulnerabilities. CC ID 01316 | Testing | Detective | |
| Review and test source code. CC ID 01086 | Testing | Detective | |
| Assign the review of custom code changes to individuals other than the code author. CC ID 06291 | Establish Roles | Preventive | |
| Evaluate and document all known code anomalies and code deficiencies. CC ID 06611 | Establish/Maintain Documentation | Preventive | |
| Correct code anomalies and code deficiencies in custom code and retest before release. CC ID 06292 | Testing | Corrective | |
| Approve all custom code test results before code is released. CC ID 06293 | Testing | Detective | |
| Disseminate and communicate the system testing procedures to interested personnel and affected parties. CC ID 15471 | Communicate | Preventive | |
| Establish, implement, and maintain poor quality material removal procedures. CC ID 06214 | Establish/Maintain Documentation | Preventive | |
Technical security | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Technical security CC ID 00508 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain an access control program. CC ID 11702 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Establish/Maintain Documentation | Preventive | |
| Include instructions to change authenticators as often as necessary in the access control program. CC ID 11931 | Establish/Maintain Documentation | Preventive | |
| Include guidance for how users should protect their authentication credentials in the access control program. CC ID 11929 | Establish/Maintain Documentation | Preventive | |
| Include guidance on selecting authentication credentials in the access control program. CC ID 11928 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain access control policies. CC ID 00512 | Establish/Maintain Documentation | Preventive | |
| Include compliance requirements in the access control policy. CC ID 14006 | Establish/Maintain Documentation | Preventive | |
| Include coordination amongst entities in the access control policy. CC ID 14005 | Establish/Maintain Documentation | Preventive | |
| Include management commitment in the access control policy. CC ID 14004 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the access control policy. CC ID 14003 | Establish/Maintain Documentation | Preventive | |
| Include the scope in the access control policy. CC ID 14002 | Establish/Maintain Documentation | Preventive | |
| Include the purpose in the access control policy. CC ID 14001 | Establish/Maintain Documentation | Preventive | |
| Document the business need justification for user accounts. CC ID 15490 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an instant messaging and chat system usage policy. CC ID 11815 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the access control policies to all interested personnel and affected parties. CC ID 10061 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an access rights management plan. CC ID 00513 | Establish/Maintain Documentation | Preventive | |
| Implement safeguards to protect access credentials from unauthorized access. CC ID 16433 | Technical Security | Preventive | |
| Inventory all user accounts. CC ID 13732 | Establish/Maintain Documentation | Preventive | |
| Identify information system users. CC ID 12081 | Technical Security | Detective | |
| Review user accounts. CC ID 00525 | Technical Security | Detective | |
| Match user accounts to authorized parties. CC ID 12126 | Configuration | Detective | |
| Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 | Technical Security | Detective | |
| Establish and maintain contact information for user accounts, as necessary. CC ID 15418 | Data and Information Management | Preventive | |
| Review shared accounts. CC ID 11840 | Technical Security | Detective | |
| Control access rights to organizational assets. CC ID 00004 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software {logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Technical Security | Preventive | |
| Configure access control lists in accordance with organizational standards. CC ID 16465 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Configuration | Preventive | |
| Add all devices requiring access control to the Access Control List. CC ID 06264 | Establish/Maintain Documentation | Preventive | |
| Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835 | Technical Security | Preventive | |
| Disallow application IDs from running as privileged users. CC ID 10050 | Configuration | Detective | |
| Define roles for information systems. CC ID 12454 | Human Resources Management | Preventive | |
| Define access needs for each role assigned to an information system. CC ID 12455 | Human Resources Management | Preventive | |
| Define access needs for each system component of an information system. CC ID 12456 | Technical Security | Preventive | |
| Define the level of privilege required for each system component of an information system. CC ID 12457 | Technical Security | Preventive | |
| Establish access rights based on least privilege. CC ID 01411 | Technical Security | Preventive | |
| Assign user permissions based on job responsibilities. CC ID 00538 | Technical Security | Preventive | |
| Assign user privileges after they have management sign off. CC ID 00542 | Technical Security | Preventive | |
| Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767 | Configuration | Preventive | |
| Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 | Technical Security | Preventive | |
| Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822 | Configuration | Preventive | |
| Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818 | Communicate | Corrective | |
| Disallow unlocking user accounts absent system administrator approval. CC ID 01413 | Technical Security | Preventive | |
| Establish, implement, and maintain session lock capabilities. CC ID 01417 | Configuration | Preventive | |
| Limit concurrent sessions according to account type. CC ID 01416 | Configuration | Preventive | |
| Establish session authenticity through Transport Layer Security. CC ID 01627 | Technical Security | Preventive | |
| Configure the "tlsverify" argument to organizational standards. CC ID 14460 | Configuration | Preventive | |
| Configure the "tlscacert" argument to organizational standards. CC ID 14521 | Configuration | Preventive | |
| Configure the "tlscert" argument to organizational standards. CC ID 14520 | Configuration | Preventive | |
| Configure the "tlskey" argument to organizational standards. CC ID 14519 | Configuration | Preventive | |
| Enable access control for objects and users on each system. CC ID 04553 [The entity implements logical access security control software, infrastructures, authentication mechanisms and related architectures and security configuration controls over protected information assets to protect them from security incidents and events that might result in unauthorized access, alteration, destruction or disclosure of that information, and to meet the entity's privacy objectives. S7.1 Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Configuration | Preventive | |
| Include all system components in the access control system. CC ID 11939 | Technical Security | Preventive | |
| Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301 | Process or Activity | Preventive | |
| Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850 | Technical Security | Preventive | |
| Enable attribute-based access control for objects and users on information systems. CC ID 16351 | Technical Security | Preventive | |
| Enable role-based access control for objects and users on information systems. CC ID 12458 | Technical Security | Preventive | |
| Include the objects and users subject to access control in the security policy. CC ID 11836 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Establish/Maintain Documentation | Preventive | |
| Assign Information System access authorizations if implementing segregation of duties. CC ID 06323 | Establish Roles | Preventive | |
| Enforce access restrictions for change control. CC ID 01428 | Technical Security | Preventive | |
| Enforce access restrictions for restricted data. CC ID 01921 | Data and Information Management | Preventive | |
| Permit a limited set of user actions absent identification and authentication. CC ID 04849 | Technical Security | Preventive | |
| Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455 | Testing | Detective | |
| Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262 | Technical Security | Preventive | |
| Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 | Establish/Maintain Documentation | Preventive | |
| Accept and sign the system use agreement before data or system access is enabled. CC ID 06501 | Establish/Maintain Documentation | Preventive | |
| Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 | Technical Security | Preventive | |
| Display previous logon information in the logon banner. CC ID 01415 | Configuration | Preventive | |
| Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771 | Establish/Maintain Documentation | Preventive | |
| Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964 | Technical Security | Preventive | |
| Control user privileges. CC ID 11665 | Technical Security | Preventive | |
| Review all user privileges, as necessary. CC ID 06784 [Persons, infrastructure, network devices and software are identified and authenticated, and their access privileges are validated prior to granting access to information assets, whether locally or remotely. S7.1 Identifies and authenticates users] | Technical Security | Preventive | |
| Revoke asset access when a personnel status change occurs or an individual is terminated. CC ID 00516 [Processes are in place to remove physical access to facilities and system resources when an individual no longer requires access. S7.2 Removes physical access] | Behavior | Corrective | |
| Encrypt files and move them to a secure file server when a user account is disabled. CC ID 07065 | Configuration | Preventive | |
| Review and update accounts and access rights when notified of personnel status changes. CC ID 00788 | Behavior | Corrective | |
| Change authenticators after personnel status changes. CC ID 12284 | Human Resources Management | Preventive | |
| Review each user's access capabilities when their role changes. CC ID 00524 | Technical Security | Preventive | |
| Establish and maintain a Digital Rights Management program. CC ID 07093 | Establish/Maintain Documentation | Preventive | |
| Enable products restricted by Digital Rights Management to be used while offline. CC ID 07094 | Technical Security | Preventive | |
| Establish, implement, and maintain User Access Management procedures. CC ID 00514 | Technical Security | Preventive | |
| Establish, implement, and maintain an authority for access authorization list. CC ID 06782 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Establish/Maintain Documentation | Preventive | |
| Review and approve logical access to all assets based upon organizational policies. CC ID 06641 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical Security | Preventive | |
| Control the addition and modification of user identifiers, user credentials, or other authenticators. CC ID 00515 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical Security | Preventive | |
| Assign roles and responsibilities for administering user account management. CC ID 11900 | Human Resources Management | Preventive | |
| Automate access control methods, as necessary. CC ID 11838 | Technical Security | Preventive | |
| Automate Access Control Systems, as necessary. CC ID 06854 | Technical Security | Preventive | |
| Refrain from storing logon credentials for third party applications. CC ID 13690 | Technical Security | Preventive | |
| Refrain from allowing user access to identifiers and authenticators used by applications. CC ID 10048 | Technical Security | Preventive | |
| Notify interested personnel when user accounts are added or deleted. CC ID 14327 | Communicate | Detective | |
| Remove inactive user accounts, as necessary. CC ID 00517 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical Security | Corrective | |
| Remove temporary user accounts, as necessary. CC ID 11839 | Technical Security | Corrective | |
| Establish, implement, and maintain a password policy. CC ID 16346 | Establish/Maintain Documentation | Preventive | |
| Enforce the password policy. CC ID 16347 | Technical Security | Preventive | |
| Disseminate and communicate the password policies and password procedures to all users who have access to restricted data or restricted information. CC ID 00518 | Establish/Maintain Documentation | Preventive | |
| Limit superuser accounts to designated System Administrators. CC ID 06766 | Configuration | Preventive | |
| Enforce usage restrictions for superuser accounts. CC ID 07064 | Technical Security | Preventive | |
| Establish, implement, and maintain user accounts in accordance with the organizational Governance, Risk, and Compliance framework. CC ID 00526 | Technical Security | Preventive | |
| Protect and manage biometric systems and biometric data. CC ID 01261 | Technical Security | Preventive | |
| Establish, implement, and maintain biometric collection procedures. CC ID 15419 | Establish/Maintain Documentation | Preventive | |
| Document the business need justification for authentication data storage. CC ID 06325 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain access control procedures. CC ID 11663 | Establish/Maintain Documentation | Preventive | |
| Implement out-of-band authentication, as necessary. CC ID 10606 | Technical Security | Corrective | |
| Grant access to authorized personnel or systems. CC ID 12186 | Configuration | Preventive | |
| Document approving and granting access in the access control log. CC ID 06786 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442 | Communicate | Preventive | |
| Include the user identifiers of all personnel who are authorized to access a system in the system record. CC ID 15171 | Establish/Maintain Documentation | Preventive | |
| Include identity information of all personnel who are authorized to access a system in the system record. CC ID 16406 | Establish/Maintain Documentation | Preventive | |
| Include the date and time that access was reviewed in the system record. CC ID 16416 | Data and Information Management | Preventive | |
| Include the date and time that access rights were changed in the system record. CC ID 16415 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the access control procedures to all interested personnel and affected parties. CC ID 14123 | Communicate | Corrective | |
| Establish, implement, and maintain an identification and authentication policy. CC ID 14033 [User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Establish/Maintain Documentation | Preventive | |
| Include the purpose in the identification and authentication policy. CC ID 14234 | Establish/Maintain Documentation | Preventive | |
| Include the scope in the identification and authentication policy. CC ID 14232 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the identification and authentication policy. CC ID 14230 | Establish/Maintain Documentation | Preventive | |
| Include management commitment in the identification and authentication policy. CC ID 14229 | Establish/Maintain Documentation | Preventive | |
| Include coordination amongst entities in the identification and authentication policy. CC ID 14227 | Establish/Maintain Documentation | Preventive | |
| Include compliance requirements in the identification and authentication policy. CC ID 14225 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the identification and authentication policy to interested personnel and affected parties. CC ID 14197 | Communicate | Preventive | |
| Establish, implement, and maintain identification and authentication procedures. CC ID 14053 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the identification and authentication procedures to interested personnel and affected parties. CC ID 14223 | Communicate | Preventive | |
| Include digital identification procedures in the access control program. CC ID 11841 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical Security | Preventive | |
| Employ unique identifiers. CC ID 01273 | Testing | Detective | |
| Disseminate and communicate user identifiers and authenticators using secure communication protocols. CC ID 06791 | Data and Information Management | Preventive | |
| Include instructions to refrain from using previously used authenticators in the access control program. CC ID 11930 | Establish/Maintain Documentation | Preventive | |
| Disallow the use of Personal Identification Numbers as user identifiers. CC ID 06785 | Technical Security | Preventive | |
| Define the activation requirements for identification cards or badges. CC ID 06583 | Process or Activity | Preventive | |
| Require multiple forms of personal identification prior to issuing user identifiers. CC ID 08712 | Human Resources Management | Preventive | |
| Authenticate user identities before unlocking an account. CC ID 11837 | Testing | Detective | |
| Authenticate user identities before manually resetting an authenticator. CC ID 04567 | Testing | Detective | |
| Require proper authentication for user identifiers. CC ID 11785 | Technical Security | Preventive | |
| Assign authenticators to user accounts. CC ID 06855 | Configuration | Preventive | |
| Assign authentication mechanisms for user account authentication. CC ID 06856 | Configuration | Preventive | |
| Refrain from allowing individuals to share authentication mechanisms. CC ID 11932 | Technical Security | Preventive | |
| Establish and maintain a memorized secret list. CC ID 13791 | Establish/Maintain Documentation | Preventive | |
| Limit account credential reuse as a part of digital identification procedures. CC ID 12357 | Configuration | Preventive | |
| Refrain from assigning authentication mechanisms for shared accounts. CC ID 11910 | Technical Security | Preventive | |
| Use biometric authentication for identification and authentication, as necessary. CC ID 06857 | Establish Roles | Preventive | |
| Employ live scans to verify biometric authentication. CC ID 06847 | Technical Security | Preventive | |
| Identify the user when enrolling them in the biometric system. CC ID 06882 | Testing | Detective | |
| Disallow self-enrollment of biometric information. CC ID 11834 | Process or Activity | Preventive | |
| Tune the biometric identification equipment, as necessary. CC ID 07077 | Configuration | Corrective | |
| Notify a user when an authenticator for a user account is changed. CC ID 13820 | Communicate | Preventive | |
| Identify and control all network access controls. CC ID 00529 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Technical Security | Preventive | |
| Place Intrusion Detection Systems and Intrusion Response Systems in network locations where they will be the most effective. CC ID 04589 | Technical Security | Detective | |
| Establish, implement, and maintain a network configuration standard. CC ID 00530 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain network segmentation requirements. CC ID 16380 | Establish/Maintain Documentation | Preventive | |
| Enforce the network segmentation requirements. CC ID 16381 | Process or Activity | Preventive | |
| Ensure the data plane, control plane, and management plane have been segregated according to organizational standards. CC ID 16385 | Technical Security | Preventive | |
| Establish, implement, and maintain a network security policy. CC ID 06440 | Establish/Maintain Documentation | Preventive | |
| Include compliance requirements in the network security policy. CC ID 14205 | Establish/Maintain Documentation | Preventive | |
| Include coordination amongst entities in the network security policy. CC ID 14204 | Establish/Maintain Documentation | Preventive | |
| Include management commitment in the network security policy. CC ID 14203 | Establish/Maintain Documentation | Preventive | |
| Include roles and responsibilities in the network security policy. CC ID 14202 | Establish/Maintain Documentation | Preventive | |
| Include the scope in the network security policy. CC ID 14201 | Establish/Maintain Documentation | Preventive | |
| Include the purpose in the network security policy. CC ID 14200 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the network security policy to interested personnel and affected parties. CC ID 14199 | Communicate | Preventive | |
| Establish, implement, and maintain system and communications protection procedures. CC ID 14052 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the system and communications protection procedures to interested personnel and affected parties. CC ID 14206 | Communicate | Preventive | |
| Establish, implement, and maintain a wireless networking policy. CC ID 06732 | Establish/Maintain Documentation | Preventive | |
| Include usage restrictions for Bluetooth in the wireless networking policy. CC ID 16443 | Establish/Maintain Documentation | Preventive | |
| Maintain up-to-date network diagrams. CC ID 00531 | Establish/Maintain Documentation | Preventive | |
| Include the date of the most recent update on the network diagram. CC ID 14319 | Establish/Maintain Documentation | Preventive | |
| Include virtual systems in the network diagram. CC ID 16324 | Data and Information Management | Preventive | |
| Include the organization's name in the network diagram. CC ID 14318 | Establish/Maintain Documentation | Preventive | |
| Use a passive asset inventory discovery tool to identify assets when network mapping. CC ID 13735 | Process or Activity | Detective | |
| Include Internet Protocol addresses in the network diagram. CC ID 16244 | Establish/Maintain Documentation | Preventive | |
| Include Domain Name System names in the network diagram. CC ID 16240 | Establish/Maintain Documentation | Preventive | |
| Accept, by formal signature, the security implications of the network topology. CC ID 12323 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate network diagrams to interested personnel and affected parties. CC ID 13137 | Communicate | Preventive | |
| Maintain up-to-date data flow diagrams. CC ID 10059 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Establish/Maintain Documentation | Preventive | |
| Use an active asset inventory discovery tool to identify sensitive information for data flow diagrams. CC ID 13737 | Process or Activity | Detective | |
| Establish, implement, and maintain a sensitive information inventory. CC ID 13736 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Establish/Maintain Documentation | Detective | |
| Include information flows to third parties in the data flow diagram. CC ID 13185 | Establish/Maintain Documentation | Preventive | |
| Document where data-at-rest and data in transit is encrypted on the data flow diagram. CC ID 16412 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the data flow diagrams to interested personnel and affected parties. CC ID 16407 | Communicate | Preventive | |
| Manage all internal network connections. CC ID 06329 | Technical Security | Preventive | |
| Employ Dynamic Host Configuration Protocol server logging when assigning dynamic IP addresses using the Dynamic Host Configuration Protocol. CC ID 12109 | Technical Security | Preventive | |
| Establish, implement, and maintain separate virtual private networks to transport sensitive information. CC ID 12124 | Technical Security | Preventive | |
| Establish, implement, and maintain separate virtual local area networks for untrusted devices. CC ID 12095 | Technical Security | Preventive | |
| Plan for and approve all network changes. CC ID 00534 | Technical Security | Preventive | |
| Manage all external network connections. CC ID 11842 | Technical Security | Preventive | |
| Route outbound Internet traffic through a proxy server that supports decrypting network traffic. CC ID 12116 | Technical Security | Preventive | |
| Prohibit systems from connecting directly to external networks. CC ID 08709 | Configuration | Preventive | |
| Prohibit systems from connecting directly to internal networks outside the demilitarized zone (DMZ). CC ID 16360 | Technical Security | Preventive | |
| Secure the Domain Name System. CC ID 00540 | Configuration | Preventive | |
| Implement a fault-tolerant architecture. CC ID 01626 | Technical Security | Preventive | |
| Implement segregation of duties. CC ID 11843 | Technical Security | Preventive | |
| Configure the network to limit zone transfers to trusted servers. CC ID 01876 | Configuration | Preventive | |
| Register all Domain Names associated with the organization to the organization and not an individual. CC ID 07210 | Testing | Detective | |
| Establish, implement, and maintain a Boundary Defense program. CC ID 00544 | Establish/Maintain Documentation | Preventive | |
| Refrain from disclosing private Internet Protocol addresses and routing information, unless necessary. CC ID 11891 | Technical Security | Preventive | |
| Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034 | Communicate | Preventive | |
| Segregate systems in accordance with organizational standards. CC ID 12546 [The entity considers and, when deemed necessary, uses network segmentation to restrict access within and between its internal network segments and external networks. Segmentation permits unrelated portions of the entity's information system to be isolated from other network segments. S7.1 Considers network segmentation] | Technical Security | Preventive | |
| Implement gateways between security domains. CC ID 16493 | Systems Design, Build, and Implementation | Preventive | |
| Implement resource-isolation mechanisms in organizational networks. CC ID 16438 | Technical Security | Preventive | |
| Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533 | Technical Security | Preventive | |
| Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310 | Technical Security | Preventive | |
| Design Demilitarized Zones with proper isolation rules. CC ID 00532 | Technical Security | Preventive | |
| Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285 | Data and Information Management | Preventive | |
| Restrict inbound network traffic into the Demilitarized Zone to Internet Protocol addresses within the Demilitarized Zone. CC ID 11998 | Technical Security | Preventive | |
| Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993 | Technical Security | Preventive | |
| Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 | Data and Information Management | Preventive | |
| Establish, implement, and maintain a network access control standard. CC ID 00546 | Establish/Maintain Documentation | Preventive | |
| Include assigned roles and responsibilities in the network access control standard. CC ID 06410 | Establish Roles | Preventive | |
| Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373 | Technical Security | Preventive | |
| Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821 | Technical Security | Preventive | |
| Place firewalls between all security domains and between any Demilitarized Zone and internal network zones. CC ID 01274 | Configuration | Preventive | |
| Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293 | Configuration | Preventive | |
| Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784 | Configuration | Preventive | |
| Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588 | Technical Security | Preventive | |
| Include configuration management and rulesets in the network access control standard. CC ID 11845 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Establish/Maintain Documentation | Preventive | |
| Secure the network access control standard against unauthorized changes. CC ID 11920 | Establish/Maintain Documentation | Preventive | |
| Employ centralized management systems to configure and control networks, as necessary. CC ID 12540 | Technical Security | Preventive | |
| Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541 | Configuration | Preventive | |
| Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270 | Process or Activity | Detective | |
| Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948 | Establish/Maintain Documentation | Preventive | |
| Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903 | Technical Security | Corrective | |
| Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960 | Establish/Maintain Documentation | Preventive | |
| Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961 | Establish/Maintain Documentation | Preventive | |
| Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435 | Establish/Maintain Documentation | Preventive | |
| Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434 | Establish/Maintain Documentation | Preventive | |
| Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426 | Establish/Maintain Documentation | Preventive | |
| Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847 | Configuration | Preventive | |
| Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 | Establish/Maintain Documentation | Preventive | |
| Configure network ports to organizational standards. CC ID 14007 | Configuration | Preventive | |
| Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547 | Establish/Maintain Documentation | Preventive | |
| Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539 | Establish/Maintain Documentation | Preventive | |
| Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280 | Establish/Maintain Documentation | Preventive | |
| Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033 | Establish/Maintain Documentation | Preventive | |
| Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 | Establish/Maintain Documentation | Preventive | |
| Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550 | Configuration | Preventive | |
| Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420 | Technical Security | Preventive | |
| Configure network access and control points to protect restricted data or restricted information. CC ID 01284 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Configuration | Preventive | |
| Protect data stored at external locations. CC ID 16333 | Data and Information Management | Preventive | |
| Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174 | Configuration | Detective | |
| Protect the firewall's network connection interfaces. CC ID 01955 | Technical Security | Preventive | |
| Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 | Configuration | Preventive | |
| Allow local program exceptions on the firewall, as necessary. CC ID 01956 | Configuration | Preventive | |
| Allow remote administration exceptions on the firewall, as necessary. CC ID 01957 | Configuration | Preventive | |
| Allow file sharing exceptions on the firewall, as necessary. CC ID 01958 | Configuration | Preventive | |
| Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849 | Configuration | Preventive | |
| Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959 | Configuration | Preventive | |
| Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960 | Configuration | Preventive | |
| Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961 | Configuration | Preventive | |
| Allow notification exceptions on the firewall, as necessary. CC ID 01962 | Configuration | Preventive | |
| Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964 | Configuration | Preventive | |
| Allow protocol port exceptions on the firewall, as necessary. CC ID 01965 | Configuration | Preventive | |
| Allow local port exceptions on the firewall, as necessary. CC ID 01966 | Configuration | Preventive | |
| Establish, implement, and maintain ingress address filters on the firewall, as necessary. CC ID 01287 | Configuration | Preventive | |
| Configure firewalls to perform dynamic packet filtering. CC ID 01288 | Testing | Detective | |
| Establish, implement, and maintain packet filtering requirements. CC ID 16362 | Technical Security | Preventive | |
| Configure firewall filtering to only permit established connections into the network. CC ID 12482 | Technical Security | Preventive | |
| Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295 | Data and Information Management | Preventive | |
| Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271 | Data and Information Management | Preventive | |
| Synchronize and secure all router configuration files. CC ID 01291 | Configuration | Preventive | |
| Synchronize and secure all firewall configuration files. CC ID 11851 | Configuration | Preventive | |
| Configure firewalls to generate an audit log. CC ID 12038 | Audits and Risk Management | Preventive | |
| Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165 | Configuration | Preventive | |
| Record the configuration rules for network access and control points in the configuration management system. CC ID 12105 | Establish/Maintain Documentation | Preventive | |
| Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107 | Establish/Maintain Documentation | Preventive | |
| Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106 | Establish/Maintain Documentation | Preventive | |
| Configure network access and control points to organizational standards. CC ID 12442 | Configuration | Detective | |
| Install and configure application layer firewalls for all key web-facing applications. CC ID 01450 | Configuration | Preventive | |
| Update application layer firewalls to the most current version. CC ID 12037 | Process or Activity | Preventive | |
| Establish, implement, and maintain Voice over Internet Protocol Configuration Management standards. CC ID 11853 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a Wireless Local Area Network Configuration Management standard. CC ID 11854 | Establish/Maintain Documentation | Preventive | |
| Configure third party Wireless Local Area Network services in accordance with organizational Information Assurance standards. CC ID 00751 | Configuration | Preventive | |
| Remove all unauthorized Wireless Local Area Networks. CC ID 06309 | Configuration | Preventive | |
| Establish, implement, and maintain Voice over Internet Protocol design specification. CC ID 01449 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a Wireless Local Area Network Configuration Management program. CC ID 01646 | Establish/Maintain Documentation | Preventive | |
| Distrust relying solely on Wired Equivalent Privacy encryption for Wireless Local Area Networks. CC ID 01647 | Technical Security | Preventive | |
| Refrain from using Wired Equivalent Privacy for Wireless Local Area Networks that use Wi-Fi Protected Access. CC ID 01648 | Configuration | Preventive | |
| Conduct a Wireless Local Area Network site survey to determine the proper location for wireless access points. CC ID 00605 | Technical Security | Preventive | |
| Configure Intrusion Detection Systems and Intrusion Prevention Systems to continuously check and send alerts for rogue devices connected to Wireless Local Area Networks. CC ID 04830 | Configuration | Preventive | |
| Remove all unauthorized wireless access points. CC ID 11856 | Configuration | Preventive | |
| Enforce information flow control. CC ID 11781 | Monitor and Evaluate Occurrences | Preventive | |
| Establish, implement, and maintain information flow control configuration standards. CC ID 01924 | Establish/Maintain Documentation | Preventive | |
| Require the system to identify and authenticate approved devices before establishing a connection. CC ID 01429 [Persons, infrastructure, network devices and software are identified and authenticated, and their access privileges are validated prior to granting access to information assets, whether locally or remotely. S7.1 Identifies and authenticates users] | Testing | Preventive | |
| Maintain a record of the challenge state during identification and authentication in an automated information exchange. CC ID 06629 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain a data loss prevention solution to protect Access Control Lists. CC ID 12128 [Data loss prevention processes and technologies are used to restrict a user or system's ability to exfiltrate protected information, to execute data transmission, move information stored logically or maintained in physical devices, or otherwise modify, view, reproduce or destroy such information. S7.3 Restricts the ability to perform transmission] | Technical Security | Preventive | |
| Constrain the information flow of restricted data or restricted information. CC ID 06763 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Data and Information Management | Preventive | |
| Quarantine data that fails security tests. CC ID 16500 | Data and Information Management | Corrective | |
| Restrict access to restricted data and restricted information on a need to know basis. CC ID 12453 | Data and Information Management | Preventive | |
| Prohibit restricted data or restricted information from being sent to mobile devices. CC ID 04725 | Data and Information Management | Preventive | |
| Prohibit restricted data or restricted information from being copied or moved absent approval of system boundaries for information flow control. CC ID 06310 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Data and Information Management | Preventive | |
| Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3 {internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Establish/Maintain Documentation | Preventive | |
| Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923 | Data and Information Management | Preventive | |
| Establish, implement, and maintain a document printing policy. CC ID 14384 | Establish/Maintain Documentation | Preventive | |
| Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain information flow procedures. CC ID 04542 | Establish/Maintain Documentation | Preventive | |
| Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242 | Data and Information Management | Preventive | |
| Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243 | Data and Information Management | Preventive | |
| Establish, implement, and maintain information exchange procedures. CC ID 11782 | Establish/Maintain Documentation | Preventive | |
| Perform content sanitization on data-in-transit. CC ID 16512 | Data and Information Management | Preventive | |
| Perform content conversion on data-in-transit. CC ID 16510 | Data and Information Management | Preventive | |
| Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499 | Data and Information Management | Preventive | |
| Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554 | Data and Information Management | Preventive | |
| Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859 | Data and Information Management | Preventive | |
| Review and approve information exchange system connections. CC ID 07143 | Technical Security | Preventive | |
| Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312 | Log Management | Preventive | |
| Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104 | Technical Security | Preventive | |
| Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107 | Technical Security | Preventive | |
| Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097 | Establish/Maintain Documentation | Preventive | |
| Revoke membership in the whitelist, as necessary. CC ID 13827 | Establish/Maintain Documentation | Corrective | |
| Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183 | Configuration | Preventive | |
| Block uncategorized sites using URL filtering. CC ID 12140 | Technical Security | Preventive | |
| Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139 | Technical Security | Detective | |
| Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234 | Data and Information Management | Preventive | |
| Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 | Establish/Maintain Documentation | Preventive | |
| Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094 | Behavior | Preventive | |
| Manage the use of encryption controls and cryptographic controls. CC ID 00570 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Technical Security | Preventive | |
| Comply with the encryption laws of the local country. CC ID 16377 | Business Processes | Preventive | |
| Define the cryptographic module security functions and the cryptographic module operational modes. CC ID 06542 | Establish/Maintain Documentation | Preventive | |
| Define the cryptographic boundaries. CC ID 06543 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain the documentation requirements for cryptographic modules. CC ID 06544 | Establish/Maintain Documentation | Preventive | |
| Establish and maintain the security requirements for cryptographic module ports and cryptographic module interfaces. CC ID 06545 | Establish/Maintain Documentation | Preventive | |
| Implement the documented cryptographic module security functions. CC ID 06755 | Data and Information Management | Preventive | |
| Establish, implement, and maintain documentation for the delivery and operation of cryptographic modules. CC ID 06547 | Establish/Maintain Documentation | Preventive | |
| Document the operation of the cryptographic module. CC ID 06546 | Establish/Maintain Documentation | Preventive | |
| Employ cryptographic controls that comply with applicable requirements. CC ID 12491 | Technical Security | Preventive | |
| Establish, implement, and maintain digital signatures. CC ID 13828 | Data and Information Management | Preventive | |
| Include the expiration date in digital signatures. CC ID 13833 | Data and Information Management | Preventive | |
| Include audience restrictions in digital signatures. CC ID 13834 | Data and Information Management | Preventive | |
| Include the subject in digital signatures. CC ID 13832 | Data and Information Management | Preventive | |
| Include the issuer in digital signatures. CC ID 13831 | Data and Information Management | Preventive | |
| Include identifiers in the digital signature. CC ID 13829 | Data and Information Management | Preventive | |
| Generate and protect a secret random number for each digital signature. CC ID 06577 | Establish/Maintain Documentation | Preventive | |
| Establish the security strength requirements for the digital signature process. CC ID 06578 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain an encryption management and cryptographic controls policy. CC ID 04546 | Establish/Maintain Documentation | Preventive | |
| Refrain from allowing the use of cleartext for input or output of restricted data or restricted information. CC ID 04823 | Configuration | Preventive | |
| Encrypt in scope data or in scope information, as necessary. CC ID 04824 | Data and Information Management | Preventive | |
| Digitally sign records and data, as necessary. CC ID 16507 | Data and Information Management | Preventive | |
| Make key usage for data fields unique for each device. CC ID 04828 | Technical Security | Preventive | |
| Decrypt restricted data for the minimum time required. CC ID 12308 | Data and Information Management | Preventive | |
| Decrypt personal data only on dedicated networks, not on public networks. CC ID 12309 | Data and Information Management | Preventive | |
| Accept only trusted keys and/or certificates. CC ID 11988 | Technical Security | Preventive | |
| Establish, implement, and maintain cryptographic key creation domain parameter requirements. CC ID 06575 | Data and Information Management | Preventive | |
| Define the asymmetric signature field for the CHUID container on identification cards or badges. CC ID 06584 | Process or Activity | Preventive | |
| Implement cryptographic operations and support functions on identification cards or badges. CC ID 06585 | Process or Activity | Preventive | |
| Disseminate and communicate the encryption management and cryptographic controls policy to all interested personnel and affected parties. CC ID 15476 | Communicate | Preventive | |
| Define the format of the biometric data on identification cards or badges. CC ID 06586 | Process or Activity | Preventive | |
| Protect salt values and hash values in accordance with organizational standards. CC ID 16471 | Data and Information Management | Preventive | |
| Provide guidance to customers on how to securely transmit, store, and update cryptographic keys. CC ID 12040 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate the encryption management procedures to all interested personnel and affected parties. CC ID 15477 | Communicate | Preventive | |
| Establish, implement, and maintain encryption management procedures. CC ID 15475 | Establish/Maintain Documentation | Preventive | |
| Define and assign cryptographic, encryption and key management roles and responsibilities. CC ID 15470 | Establish Roles | Preventive | |
| Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164 | Communicate | Preventive | |
| Bind keys to each identity. CC ID 12337 | Technical Security | Preventive | |
| Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152 | Establish/Maintain Documentation | Preventive | |
| Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151 | Establish/Maintain Documentation | Preventive | |
| Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301 | Data and Information Management | Preventive | |
| Generate strong cryptographic keys. CC ID 01299 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Data and Information Management | Preventive | |
| Generate unique cryptographic keys for each user. CC ID 12169 | Technical Security | Preventive | |
| Use approved random number generators for creating cryptographic keys. CC ID 06574 | Data and Information Management | Preventive | |
| Implement decryption keys so that they are not linked to user accounts. CC ID 06851 | Technical Security | Preventive | |
| Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540 | Establish/Maintain Documentation | Preventive | |
| Disseminate and communicate cryptographic keys securely. CC ID 01300 | Data and Information Management | Preventive | |
| Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541 | Data and Information Management | Preventive | |
| Store cryptographic keys securely. CC ID 01298 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Data and Information Management | Preventive | |
| Restrict access to cryptographic keys. CC ID 01297 | Data and Information Management | Preventive | |
| Store cryptographic keys in encrypted format. CC ID 06084 | Data and Information Management | Preventive | |
| Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085 | Technical Security | Preventive | |
| Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data] | Establish/Maintain Documentation | Preventive | |
| Change cryptographic keys in accordance with organizational standards. CC ID 01302 | Data and Information Management | Preventive | |
| Destroy cryptographic keys promptly after the retention period. CC ID 01303 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Data and Information Management | Preventive | |
| Control cryptographic keys with split knowledge and dual control. CC ID 01304 | Data and Information Management | Preventive | |
| Prevent the unauthorized substitution of cryptographic keys. CC ID 01305 | Data and Information Management | Preventive | |
| Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical Security | Preventive | |
| Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307 | Data and Information Management | Corrective | |
| Replace known or suspected compromised cryptographic keys immediately. CC ID 01306 | Data and Information Management | Corrective | |
| Archive outdated cryptographic keys. CC ID 06884 | Data and Information Management | Preventive | |
| Archive revoked cryptographic keys. CC ID 11819 | Data and Information Management | Preventive | |
| Require key custodians to sign the cryptographic key management policy. CC ID 01308 | Establish/Maintain Documentation | Preventive | |
| Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820 | Human Resources Management | Preventive | |
| Test cryptographic key management applications, as necessary. CC ID 04829 | Testing | Detective | |
| Manage the digital signature cryptographic key pair. CC ID 06576 | Data and Information Management | Preventive | |
| Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079 | Establish/Maintain Documentation | Preventive | |
| Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725 | Establish Roles | Preventive | |
| Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080 | Establish/Maintain Documentation | Preventive | |
| Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081 | Establish/Maintain Documentation | Preventive | |
| Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082 | Establish/Maintain Documentation | Preventive | |
| Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083 | Establish/Maintain Documentation | Preventive | |
| Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816 | Establish/Maintain Documentation | Preventive | |
| Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092 | Technical Security | Preventive | |
| Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084 | Technical Security | Preventive | |
| Establish, implement, and maintain Public Key certificate procedures. CC ID 07085 | Establish/Maintain Documentation | Preventive | |
| Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817 | Establish/Maintain Documentation | Preventive | |
| Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087 | Establish/Maintain Documentation | Preventive | |
| Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086 | Establish/Maintain Documentation | Preventive | |
| Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091 | Technical Security | Preventive | |
| Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090 | Records Management | Preventive | |
| Refrain from storing encryption keys with cloud service providers when cryptographic key management services are in place locally. CC ID 13153 | Technical Security | Preventive | |
| Refrain from permitting cloud service providers to manage encryption keys when cryptographic key management services are in place locally. CC ID 13154 | Technical Security | Preventive | |
| Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data] | Technical Security | Preventive | |
| Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 [{data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data] | Configuration | Preventive | |
| Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492 | Technical Security | Preventive | |
| Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490 | Technical Security | Preventive | |
| Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566 | Establish/Maintain Documentation | Preventive | |
| Implement non-repudiation for transactions. CC ID 00567 | Testing | Detective | |
| Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416 | Technical Security | Preventive | |
| Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568 | Technical Security | Preventive | |
| Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021 | Technical Security | Preventive | |
| Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020 | Technical Security | Preventive | |
| Protect application services information transmitted over a public network from contract disputes. CC ID 12019 | Technical Security | Preventive | |
| Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018 | Technical Security | Preventive | |
| Establish, implement, and maintain a malicious code protection program. CC ID 00574 | Establish/Maintain Documentation | Preventive | |
| Install security and protection software, as necessary. CC ID 00575 [The entity uses antivirus and anti-malware software and requires that it be implemented and maintained on all end-point devices connected to the internal and external networks to provide for the interception, detection and remediation of malware. The entity also requires third-party service organizations to confirm that their users and systems that connect to the entity's internal networks, infrastructure systems, network devices, application systems and data storage devices and information, also have active and currently updated antivirus and anti-malware protections. S7.1 Uses antivirus and anti-malware software] | Configuration | Preventive | |
| Install and maintain container security solutions. CC ID 16178 | Technical Security | Preventive | |
Third Party and supply chain oversight | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | TYPE | CLASS | |
|---|---|---|---|
| Third Party and supply chain oversight CC ID 08807 | IT Impact Zone | IT Impact Zone | |
| Establish, implement, and maintain a supply chain management program. CC ID 11742 | Establish/Maintain Documentation | Preventive | |
| Establish, implement, and maintain procedures for establishing, maintaining, and terminating third party contracts. CC ID 00796 | Establish/Maintain Documentation | Preventive | |
| Review and update all contracts, as necessary. CC ID 11612 [The entity's internal personnel or advisers review contracts for consistency with privacy policies and procedures and address any inconsistencies. M1.2 Consistency of commitments with privacy policies and procedures] | Establish/Maintain Documentation | Preventive | |
| Formalize client and third party relationships with contracts or nondisclosure agreements. CC ID 00794 | Process or Activity | Detective | |
| Include text that organizations must meet organizational compliance requirements in third party contracts. CC ID 06506 | Establish/Maintain Documentation | Preventive | |
| Include compliance with the organization's privacy policy in third party contracts. CC ID 06518 [The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Establish/Maintain Documentation | Preventive | |
| Include incident management procedures and incident reporting procedures in third party contracts. CC ID 01214 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5 A process exists for obtaining commitments from vendors and other third parties to report to the entity actual or suspected unauthorized disclosures of PI. D6.5 Reports actual or suspected unauthorized disclosures] | Establish/Maintain Documentation | Preventive | |
| Include third party acknowledgment of their data protection responsibilities in third party contracts. CC ID 01364 | Testing | Detective | |
| Employ access controls that meet the organization's compliance requirements on third party systems with access to the organization's restricted data. CC ID 04264 [PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.4 Discloses PI only to appropriate third parties PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.1 Discloses PI only to appropriate third parties] | Data and Information Management | Detective | |
| Conduct all parts of the supply chain due diligence process. CC ID 08854 | Business Processes | Preventive | |
| Assess third parties' compliance environment during due diligence. CC ID 13134 | Process or Activity | Detective | |
| Request attestation of compliance from third parties. CC ID 12067 | Establish/Maintain Documentation | Detective | |
| Assess third parties' compliance with the organization's third party security policies during due diligence. CC ID 12075 [The entity uses antivirus and anti-malware software and requires that it be implemented and maintained on all end-point devices connected to the internal and external networks to provide for the interception, detection and remediation of malware. The entity also requires third-party service organizations to confirm that their users and systems that connect to the entity's internal networks, infrastructure systems, network devices, application systems and data storage devices and information, also have active and currently updated antivirus and anti-malware protections. S7.1 Uses antivirus and anti-malware software] | Business Processes | Detective | |
| Validate the third parties' compliance to organizationally mandated compliance requirements. CC ID 08819 [The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Business Processes | Preventive | |
Common Controls andEach Common Control is assigned a meta-data type to help you determine the objective of the Control and associated Authority Document mandates aligned with it. These types include behavioral controls, process controls, records management, technical security, configuration management, etc. They are provided as another tool to dissect the Authority Document’s mandates and assign them effectively within your organization.
Acquisition/Sale of Assets or Services | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Implement automated audit tools. CC ID 04882 | Monitoring and measurement | Preventive | |
| Include the ability to obtain additional liquidity in the continuity plan. CC ID 12770 | Operational and Systems Continuity | Preventive | |
| Obtain an insurance policy that covers business interruptions applicable to organizational needs and geography. CC ID 06682 | Operational and Systems Continuity | Preventive | |
| Obtain an insurance policy to cover business products and services delivered to clients. CC ID 06683 | Operational and Systems Continuity | Preventive | |
| Transfer legal ownership of assets when the system is redeployed to a third party. CC ID 06698 | Operational management | Preventive | |
| Acquire spare parts prior to when maintenance requests are scheduled. CC ID 11833 | Operational management | Preventive | |
| Acquire enough insurance to cover the liability for damages due to data leakage. CC ID 06408 | Privacy protection for information and data | Preventive | |
Actionable Reports or Measurements | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Report on the percentage of critical assets for which an assurance strategy is implemented. CC ID 01657 | Monitoring and measurement | Detective | |
| Report on the percentage of key organizational functions for which an assurance strategy is implemented. CC ID 01658 | Monitoring and measurement | Detective | |
| Report on the percentage of key compliance requirements for which an assurance strategy has been implemented. CC ID 01659 | Monitoring and measurement | Detective | |
| Report on the percentage of the Information System budget allocated to Information Security. CC ID 04571 | Monitoring and measurement | Detective | |
| Report on the policies and controls that have been implemented by management. CC ID 01670 | Monitoring and measurement | Detective | |
| Report on the percentage of security management roles that have been assigned. CC ID 01671 | Monitoring and measurement | Detective | |
| Report on the percentage of board meetings or committee meetings at which Information Assurance was on the agenda. CC ID 01672 | Monitoring and measurement | Detective | |
| Report on the percentage of supply chain members for which all Information Assurance requirements have been implemented. CC ID 01675 | Monitoring and measurement | Detective | |
| Report on the Service Level Agreement performance of supply chain members. CC ID 06838 | Monitoring and measurement | Preventive | |
| Report on the percentage of organizational units that have an established Business Continuity Plan. CC ID 01676 | Monitoring and measurement | Detective | |
| Report on the percentage of organizational units with a documented Business Continuity Plan for which specific responsibilities have been assigned. CC ID 02057 | Monitoring and measurement | Detective | |
| Report on the percentage of Business Continuity Plans that have been reviewed, tested, and updated. CC ID 02058 | Monitoring and measurement | Detective | |
| Report on the percentage of needed internal audits that have been completed and reviewed. CC ID 01677 | Monitoring and measurement | Detective | |
| Report on the percentage of Information Security requirements from applicable laws and regulations that are included in the audit program. CC ID 02069 | Monitoring and measurement | Detective | |
| Report on the percentage of needed external audits that have been completed and reviewed. CC ID 11632 | Monitoring and measurement | Detective | |
| Report on the percentage of Information Security audits conducted in compliance with the approved audit program. CC ID 02070 | Monitoring and measurement | Detective | |
| Report on the percentage of audit findings that have been resolved since the last audit. CC ID 01678 | Monitoring and measurement | Detective | |
| Report on the percentage of management actions in response to audit findings and audit recommendations that were implemented in a timely way. CC ID 02071 | Monitoring and measurement | Detective | |
| Report compliance monitoring statistics to the Board of Directors and other critical stakeholders, as necessary. CC ID 00676 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Monitoring and measurement | Corrective | |
| Collect all work papers for the audit and audit report into an engagement file. CC ID 07001 | Audits and risk management | Preventive | |
| Monitor and report on the status of mitigation actions in the corrective action plan. CC ID 15250 | Audits and risk management | Corrective | |
| Document the continuity plan test results and provide them to interested personnel and affected parties. CC ID 06548 | Operational and Systems Continuity | Preventive | |
| Refrain from including restricted information in the incident response notification. CC ID 16806 | Operational management | Preventive | |
| Document the results of incident response tests and provide them to senior management. CC ID 14857 | Operational management | Preventive | |
Audits and Risk Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Address operational anomalies within the incident management system. CC ID 11633 | Monitoring and measurement | Preventive | |
| Incorporate an Identity Theft Prevention Program into the organization's incident management system. CC ID 11634 | Monitoring and measurement | Preventive | |
| Verify segmentation controls are operational and effective. CC ID 12545 | Monitoring and measurement | Detective | |
| Identify information being used to support performance reviews for risk optimization. CC ID 12865 | Monitoring and measurement | Preventive | |
| Audit in scope audit items and compliance documents. CC ID 06730 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Audits and risk management | Preventive | |
| Identify hypothetical assumptions in forecasts and projections during an audit. CC ID 13946 | Audits and risk management | Detective | |
| Refrain from examining forecasts and projections which refrain from disclosing assumptions during an audit. CC ID 13932 | Audits and risk management | Detective | |
| Audit policies, standards, and procedures. CC ID 12927 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Audits and risk management | Preventive | |
| Investigate the nature and causes of misstatements in the audit assertion's in scope system description. CC ID 16557 | Audits and risk management | Detective | |
| Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157 | Audits and risk management | Detective | |
| Review audit reports to determine the effectiveness of in scope controls. CC ID 12156 | Audits and risk management | Detective | |
| Observe processes to determine the effectiveness of in scope controls. CC ID 12155 | Audits and risk management | Detective | |
| Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154 | Audits and risk management | Detective | |
| Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144 | Audits and risk management | Detective | |
| Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556 | Audits and risk management | Detective | |
| Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555 | Audits and risk management | Detective | |
| Implement procedures that collect sufficient audit evidence. CC ID 07153 | Audits and risk management | Preventive | |
| Collect evidence about the in scope audit items of the audit assertion. CC ID 07154 | Audits and risk management | Preventive | |
| Collect audit evidence sufficient to avoid misstatements. CC ID 07155 | Audits and risk management | Preventive | |
| Collect audit evidence at the level of the organization's competence in the subject matter. CC ID 07156 | Audits and risk management | Preventive | |
| Collect audit evidence sufficient to overcome inadequacies in the organization's attestation. CC ID 07157 | Audits and risk management | Preventive | |
| Include audit evidence obtained from previous engagements in the work papers. CC ID 16518 | Audits and risk management | Preventive | |
| Include if the audit evidence has identified in scope control deficiencies in the work papers. CC ID 07152 | Audits and risk management | Detective | |
| Include any subsequent events related to the audit assertion or audit subject matter in the work papers. CC ID 07177 | Audits and risk management | Preventive | |
| Review management's response to issues raised in past audit reports. CC ID 01149 | Audits and risk management | Detective | |
| Configure firewalls to generate an audit log. CC ID 12038 | Technical security | Preventive | |
| Conduct a risk assessment on reciprocal agreements that provide for recovery capabilities. CC ID 12759 | Operational and Systems Continuity | Preventive | |
| Configure the "audit file ownership changes" setting to organizational standards. CC ID 08966 | System hardening through configuration management | Preventive | |
Behavior | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Disseminate and communicate compliance documents to all interested personnel and affected parties. CC ID 06282 | Leadership and high level objectives | Preventive | |
| Disseminate and communicate any compliance document changes when the documents are updated to interested personnel and affected parties. CC ID 06283 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a testing program. CC ID 00654 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a penetration test program. CC ID 01105 | Monitoring and measurement | Preventive | |
| Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748 | Monitoring and measurement | Corrective | |
| Carry out disciplinary actions when a compliance violation is detected. CC ID 06675 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Monitoring and measurement | Corrective | |
| Verify statements made by interviewees are correct. CC ID 16299 | Audits and risk management | Detective | |
| Explain the goals of the interview to the interviewee. CC ID 07189 | Audits and risk management | Detective | |
| Revoke asset access when a personnel status change occurs or an individual is terminated. CC ID 00516 [Processes are in place to remove physical access to facilities and system resources when an individual no longer requires access. S7.2 Removes physical access] | Technical security | Corrective | |
| Review and update accounts and access rights when notified of personnel status changes. CC ID 00788 | Technical security | Corrective | |
| Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094 | Technical security | Preventive | |
| Refrain from providing access to facilities that transmit, process, or store restricted data until the contract for accessing the facility is signed. CC ID 12311 | Physical and environmental protection | Preventive | |
| Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702 | Physical and environmental protection | Preventive | |
| Manage constituent identification inside the facility. CC ID 02215 | Physical and environmental protection | Preventive | |
| Issue visitor identification badges to all non-employees. CC ID 00543 | Physical and environmental protection | Preventive | |
| Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331 | Physical and environmental protection | Preventive | |
| Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649 | Physical and environmental protection | Preventive | |
| Refrain from search and seizure inside organizational facilities absent a warrant. CC ID 09980 | Physical and environmental protection | Preventive | |
| Disallow either search or seizure of any person inside organizational facilities absent a warrant. CC ID 09981 | Physical and environmental protection | Preventive | |
| Disallow inspecting computers or searching computer records inside organizational facilities absent a warrant. CC ID 09983 | Physical and environmental protection | Preventive | |
| Do nothing to help during a search and seizure inside organizational facilities absent a warrant and being legally compelled to assist. CC ID 09984 | Physical and environmental protection | Preventive | |
| Require removable storage media be in the custody of an authorized individual. CC ID 12319 | Physical and environmental protection | Preventive | |
| Request the return of all appropriate assets upon notification of a personnel status change. CC ID 06678 | Physical and environmental protection | Preventive | |
| Require the return of all assets upon notification an individual is terminated. CC ID 06679 | Physical and environmental protection | Preventive | |
| Prohibit the use of recording devices near restricted data or restricted information, absent authorization. CC ID 04598 | Physical and environmental protection | Preventive | |
| Prohibit usage of cell phones near restricted data or restricted information, absent authorization. CC ID 06354 | Physical and environmental protection | Preventive | |
| Prohibit mobile device usage near restricted data or restricted information, absent authorization. CC ID 04597 | Physical and environmental protection | Preventive | |
| Disseminate and communicate critical third party dependencies to interested personnel and affected parties. CC ID 06816 | Operational and Systems Continuity | Preventive | |
| Use rewards and career development to motivate personnel. CC ID 06906 | Human Resources management | Preventive | |
| Train all personnel and third parties, as necessary. CC ID 00785 | Human Resources management | Preventive | |
| Tailor training to be taught at each person's level of responsibility. CC ID 06674 [The entity provides a privacy awareness program about its privacy policies and related matters, and provides specific training for selected personnel depending on their roles and responsibilities. M1.2 Privacy awareness and training] | Human Resources management | Preventive | |
| Notify interested personnel and affected parties prior to when the system is redeployed or the system is disposed. CC ID 06400 | Operational management | Preventive | |
| Maintain contact with the device manufacturer or component manufacturer for maintenance requests. CC ID 06388 | Operational management | Preventive | |
| Respond to maintenance requests inside the organizationally established time frame. CC ID 04878 | Operational management | Preventive | |
| Perform periodic maintenance according to organizational standards. CC ID 01435 | Operational management | Preventive | |
| Respond to all alerts from security systems in a timely manner. CC ID 06434 | Operational management | Corrective | |
| Share data loss event information with the media. CC ID 01759 | Operational management | Corrective | |
| Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731 | Operational management | Corrective | |
| Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5 The entity provides notification of breaches and incidents to affected data subjects, regulators and others to meet the entity's objectives related to privacy. D6.6 The entity has a process for providing notice of breaches and incidents to affected data subjects, regulators and others to meet the entity's objectives related to privacy. D6.6 Provides notice of beaches and incidents {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Operational management | Corrective | |
| Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801 | Operational management | Detective | |
| Delay sending incident response notifications under predetermined conditions. CC ID 00804 | Operational management | Corrective | |
| Avoid false positive incident response notifications. CC ID 04732 | Operational management | Detective | |
| Send paper incident response notifications to affected parties, as necessary. CC ID 00366 | Operational management | Corrective | |
| Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803 | Operational management | Corrective | |
| Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368 | Operational management | Corrective | |
| Telephone incident response notifications to affected parties, as necessary. CC ID 04650 | Operational management | Corrective | |
| Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747 | Operational management | Preventive | |
| Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750 | Operational management | Preventive | |
| Publish the incident response notification in a general circulation periodical. CC ID 04651 | Operational management | Corrective | |
| Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769 | Operational management | Preventive | |
| Send electronic incident response notifications to affected parties, as necessary. CC ID 00367 | Operational management | Corrective | |
| Incorporate realistic exercises that are tested into the incident response training program. CC ID 06753 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Operational management | Preventive | |
| Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807 | Operational management | Preventive | |
| Notify affected parties to keep authenticators confidential. CC ID 06787 | System hardening through configuration management | Preventive | |
| Discourage affected parties from recording authenticators. CC ID 06788 | System hardening through configuration management | Preventive | |
| Train BlackBerry handheld device users on the Bluetooth Smart Card Reader's proper usage. CC ID 04603 | System hardening through configuration management | Preventive | |
| Register with public bodies and notify the Data Commissioner before processing personal data. CC ID 00383 | Privacy protection for information and data | Preventive | |
| Define the criteria for waivers of data subjects' rights. CC ID 16858 | Privacy protection for information and data | Preventive | |
| Revoke waivers of data subject's rights, as necessary. CC ID 16859 | Privacy protection for information and data | Preventive | |
| Notify interested personnel and affected parties when changes are made to the privacy policy. CC ID 06943 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the new purpose is documented, the olor:#F0BBBC;" class="term_primary-nostyle="background-color:#CBD0E5;" class="term_secondary-verb">un">data subject is style="background-color:#B7D8ED;" class="term_primary-verb">notified, and implicit or explicit consent is obtained prior to such new use or purpose. C3.2 Documents and obtained consent for new purposes and uses {privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Privacy protection for information and data | Preventive | |
| Notify the supervisory authority. CC ID 00472 | Privacy protection for information and data | Preventive | |
| Notify the data subject of the collection purpose. CC ID 00095 | Privacy protection for information and data | Preventive | |
| Notify the data subject of the consequences for not providing personal data. CC ID 00104 [When PI is collected, data subjects are informed of the consequences of refusing to provide PI for purposes identified in the notice. C3.1 Communicates consequences of denying or withdrawing consent The entity has a process to allow data subjects with the option of not providing their PI, according to the data privacy agreement, including notifying the data subjects of the consequences of not agreeing to its provision and use by the entity. C3.1 Ability to opt-out] | Privacy protection for information and data | Preventive | |
| Notify the data subject of changes to personal data use. CC ID 00105 [Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Privacy protection for information and data | Preventive | |
| Obtain the data subject's consent when the personal data use changes. CC ID 11832 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the new purpose is documented, the data subject is notified, and implicit or {privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Privacy protection for information and data | Preventive | |
| Respond to data access requests in a timely manner. CC ID 00421 | Privacy protection for information and data | Preventive | |
| Notify the individual of the reasons for delays in responding to data access requests. CC ID 00422 | Privacy protection for information and data | Detective | |
| Notify the individual when a cost is imposed which must be paid in advance to gain access. CC ID 00423 | Privacy protection for information and data | Detective | |
| Notify the data subject after personal data is used or disclosed. CC ID 06247 | Privacy protection for information and data | Preventive | |
| Notify the individual before restricted data is collected, used, or disclosed. CC ID 00132 | Privacy protection for information and data | Preventive | |
| Refrain from requiring individuals to use Personal Identification Numbers as an account number or password. CC ID 00253 | Privacy protection for information and data | Preventive | |
| Notify the data subject of the source of collected personal data. CC ID 00083 | Privacy protection for information and data | Preventive | |
| Refrain from requiring a Personal Identification Number to purchase goods or services. CC ID 00069 | Privacy protection for information and data | Preventive | |
| Use simple understandable language to collect information from children. CC ID 00039 | Privacy protection for information and data | Preventive | |
| Use the contact information on file to contact the individual identified in an account change request. CC ID 04857 | Privacy protection for information and data | Detective | |
| Notify data subjects when their personal data is transferred. CC ID 00352 | Privacy protection for information and data | Preventive | |
| Follow the instructions of the data transferrer. CC ID 00334 | Privacy protection for information and data | Preventive | |
| Notify the data subject of any personal data changes during the personal data transfer. CC ID 00350 | Privacy protection for information and data | Preventive | |
| Define the behaviors and actions that are included in privacy rights violations. CC ID 14852 | Privacy protection for information and data | Preventive | |
| Provide assistance to data subjects for filing privacy rights violation complaints. CC ID 00478 | Privacy protection for information and data | Corrective | |
| File privacy rights violation complaints inside the mandate stipulated from the refusal. CC ID 00479 | Privacy protection for information and data | Corrective | |
| Notify the data subject of changes made to personal data as the result of a dispute. CC ID 00463 | Privacy protection for information and data | Corrective | |
| Notify the data subject of which and why disputed changes were not made to personal data. CC ID 00466 [The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Privacy protection for information and data | Corrective | |
| Notify entities to whom personal data was transferred that the personal data is wrong, along with the corrections. CC ID 00467 [Data subjects are able to update or correct PI held by the entity. The entity provides such updated or corrected information to third parties that were previously provided with the data subject's PI consistent with the entity's objective related to privacy. A5.2 Permits data subjects to update or correct PI The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Privacy protection for information and data | Corrective | |
| Investigate privacy rights violation complaints. CC ID 00480 [Each complaint is addressed and the resolution is documented and communicated to the individual. M9.1 Documents and communicates dispute resolution and recourse] | Privacy protection for information and data | Detective | |
| Notify respondents after a privacy rights violation complaint investigation begins. CC ID 00491 | Privacy protection for information and data | Detective | |
| Investigate privacy rights violation complaints in private. CC ID 00492 | Privacy protection for information and data | Detective | |
| Make appropriate inquiries and obtain appropriate information regarding privacy rights violation complaints. CC ID 00493 | Privacy protection for information and data | Detective | |
| Allow the complainant to appear before the commissioner and make a submission, orally or in writing, about the privacy rights violation complaint investigation prior to an adverse decision to the complainant is reached. CC ID 00494 | Privacy protection for information and data | Detective | |
| Refer privacy rights violation complaints to the Privacy Commissioner under certain conditions. CC ID 00481 | Privacy protection for information and data | Preventive | |
| Determine not to investigate privacy rights violation complaints under certain conditions. CC ID 00482 | Privacy protection for information and data | Preventive | |
| Refrain from investigating a privacy rights violation complaint when the act or practice does not interfere with an individual's privacy. CC ID 00483 | Privacy protection for information and data | Preventive | |
| Refrain from investigating a privacy rights violation complaint when the complaint is created outside the stipulated time frame after the complainant became aware of it. CC ID 00484 | Privacy protection for information and data | Preventive | |
| Refrain from investigating a privacy rights violation complaint when the complaint is frivolous, vexatious, misconceived, or lacking in substance. CC ID 00485 | Privacy protection for information and data | Preventive | |
| Refrain from investigating a privacy rights violation complaint if the act or practice is subject to an application under another commonwealth law, state law, or territory law, and the complaint was or is being dealt with adequately under the law. CC ID 00486 | Privacy protection for information and data | Preventive | |
| Defer privacy rights violation complaint investigations under certain conditions. CC ID 00487 | Privacy protection for information and data | Preventive | |
| Defer privacy rights violation complaint investigations when the respondent has made an application for a determination. CC ID 00488 | Privacy protection for information and data | Preventive | |
| Defer privacy rights violation complaint investigations when the Privacy Commissioner believes the data subject's interests would not be affected if the investigation or further investigation were deferred until the application was disposed of. CC ID 00489 | Privacy protection for information and data | Preventive | |
| Respond to an investigative report in regards to a privacy rights violation complaint. CC ID 00496 | Privacy protection for information and data | Corrective | |
| Order the organization to change to be in compliance with applicable law. CC ID 00499 | Privacy protection for information and data | Corrective | |
| Order the organization to publish a notice with the corrections or actions taken. CC ID 00500 | Privacy protection for information and data | Corrective | |
| Award damages based on applicable law. CC ID 00501 | Privacy protection for information and data | Corrective | |
| Notify the public and other agencies after a penalty becomes final. CC ID 06217 | Privacy protection for information and data | Preventive | |
Business Processes | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Correct errors and deficiencies in a timely manner. CC ID 13501 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations {dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Leadership and high level objectives | Corrective | |
| Identify roles, tasks, information, systems, and assets that fall under the organization's mandated Authority Documents. CC ID 00688 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Leadership and high level objectives | Preventive | |
| Assess the impact of changes to organizational policies, standards, and procedures, as necessary. CC ID 14824 [The entity has a process for evaluating and addressing the potential impacts of required changes to information privacy policy and procedures as changes occur in entity operations and operating locations, and as applicable jurisdictional laws and regulations are enacted to become new regulatory compliance requirements. M1.2 Policy changes] | Leadership and high level objectives | Preventive | |
| Review the compliance exceptions in the exceptions document, as necessary. CC ID 01632 | Leadership and high level objectives | Preventive | |
| Implement a fraud detection system. CC ID 13081 | Monitoring and measurement | Preventive | |
| Approve the system security plan. CC ID 14241 | Monitoring and measurement | Preventive | |
| Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467 | Monitoring and measurement | Preventive | |
| Identify information being used to support the performance of the governance, risk, and compliance capability. CC ID 12866 | Monitoring and measurement | Preventive | |
| Align enforcement reviews for non-compliance with organizational risk tolerance. CC ID 13063 | Monitoring and measurement | Detective | |
| Accept the attestation engagement when all preconditions are met. CC ID 13933 | Audits and risk management | Preventive | |
| Respond to questions or clarification requests regarding the audit. CC ID 08902 | Audits and risk management | Preventive | |
| Review the need for organizational efficiency as balanced against the needs of compliance and security. CC ID 07111 | Audits and risk management | Preventive | |
| Comply with the encryption laws of the local country. CC ID 16377 | Technical security | Preventive | |
| Include an appeal process in the identification issuance procedures. CC ID 15428 | Physical and environmental protection | Preventive | |
| Disallow copying or excerpting from documents, books, or records that are on or in the premises of an organizational facility absent a warrant. CC ID 09982 | Physical and environmental protection | Preventive | |
| Transport restricted media using a delivery method that can be tracked. CC ID 11777 | Physical and environmental protection | Preventive | |
| Require users to refrain from leaving mobile devices unattended. CC ID 16446 | Physical and environmental protection | Preventive | |
| Review the insurance coverage of the insurance policy, as necessary. CC ID 12688 | Operational and Systems Continuity | Detective | |
| Review the beneficiaries of the insurance policy. CC ID 16563 | Operational and Systems Continuity | Detective | |
| Establish, implement, and maintain an education methodology. CC ID 06671 | Human Resources management | Preventive | |
| Establish, implement, and maintain an Asset Management program. CC ID 06630 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Operational management | Preventive | |
| Include coordination amongst entities in the asset management policy. CC ID 16424 | Operational management | Preventive | |
| Define and prioritize the importance of each asset in the asset management program. CC ID 16837 | Operational management | Preventive | |
| Establish, implement, and maintain administrative controls over all assets. CC ID 16400 | Operational management | Preventive | |
| Classify virtual systems by type and purpose. CC ID 16332 | Operational management | Preventive | |
| Establish, implement, and maintain an asset inventory. CC ID 06631 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Operational management | Preventive | |
| Destroy systems in accordance with the system disposal program. CC ID 16457 | Operational management | Preventive | |
| Approve the release of systems and waste material into the public domain. CC ID 16461 | Operational management | Preventive | |
| Obtain approval before removing maintenance tools from the facility. CC ID 14298 | Operational management | Preventive | |
| Disassemble and shut down unnecessary systems or unused systems. CC ID 06280 | Operational management | Preventive | |
| Dispose of hardware and software at their life cycle end. CC ID 06278 | Operational management | Preventive | |
| Refrain from placing assets being disposed into organizational dumpsters. CC ID 12200 | Operational management | Preventive | |
| Remove asset tags prior to disposal of an asset. CC ID 12198 | Operational management | Preventive | |
| Establish, implement, and maintain an Incident Management program. CC ID 00853 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational management | Preventive | |
| Establish, implement, and maintain an anti-money laundering program. CC ID 13675 | Operational management | Detective | |
| Remediate security violations according to organizational standards. CC ID 12338 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5] | Operational management | Preventive | |
| Refrain from charging for providing incident response notifications. CC ID 13876 | Operational management | Preventive | |
| Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766 | Operational management | Corrective | |
| Eradicate the cause of the incident after the incident has been contained. CC ID 01757 | Operational management | Corrective | |
| Manage change requests. CC ID 00887 | Operational management | Preventive | |
| Implement changes according to the change control program. CC ID 11776 | Operational management | Preventive | |
| Establish, implement, and maintain configuration control and Configuration Status Accounting. CC ID 00863 | System hardening through configuration management | Preventive | |
| Approve the configuration management plan. CC ID 14717 | System hardening through configuration management | Preventive | |
| Change the authenticator for shared accounts when the group membership changes. CC ID 14249 | System hardening through configuration management | Corrective | |
| Review the use of utility and device driver software, as necessary. CC ID 13145 | System hardening through configuration management | Detective | |
| Use approved media sanitization equipment for destruction. CC ID 16459 | Records management | Preventive | |
| Refrain from requiring the data subject to create an account in order to submit a consumer request. CC ID 13780 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the data protection officer's contact information. CC ID 12573 | Privacy protection for information and data | Preventive | |
| Approve the privacy plan. CC ID 14700 | Privacy protection for information and data | Preventive | |
| Protect private communications in keeping with compliance requirements. CC ID 14334 | Privacy protection for information and data | Preventive | |
| Refrain from charging a fee to implement an opt-out request. CC ID 13877 | Privacy protection for information and data | Preventive | |
| Offer incentives for consumers to opt-in to provide their personal data to the organization. CC ID 13781 | Privacy protection for information and data | Preventive | |
| Refrain from using coercive financial incentive programs to entice opt-in consent. CC ID 13795 | Privacy protection for information and data | Preventive | |
| Treat an opt-out direction by an individual joint consumer as applying to all associated joint consumers. CC ID 13452 | Privacy protection for information and data | Preventive | |
| Treat opt-out directions separately for each customer relationship the data subject establishes with the organization. CC ID 13454 | Privacy protection for information and data | Preventive | |
| Comply with opt-out directions by the data subject, unless otherwise directed by compliance requirements. CC ID 13451 | Privacy protection for information and data | Preventive | |
| Allow consent requests to be provided in any official languages. CC ID 16530 | Privacy protection for information and data | Preventive | |
| Define the requirements for approving or denying approval applications. CC ID 16780 | Privacy protection for information and data | Preventive | |
| Extend the time limit for approving or denying approval applications. CC ID 16779 | Privacy protection for information and data | Preventive | |
| Refrain from requiring data subjects having to justify personal data access requests. CC ID 12394 | Privacy protection for information and data | Preventive | |
| Grant a waiver or reduction of fees for data access under defined conditions. CC ID 15502 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data when the data subject consents to retention. CC ID 14326 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it reveals trade union membership. CC ID 12583 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it concerns an individual's sexual orientation. CC ID 12582 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it concerns an individual's sex life. CC ID 12581 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it contains Individually Identifiable Health Information. CC ID 12580 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when biometric data is used for the purpose of identifying an individual. CC ID 12579 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when the genetic data is used for the purpose of identifying individuals. CC ID 12578 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it reveals philosophical beliefs. CC ID 12577 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it reveals religious beliefs. CC ID 12576 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it reveals political opinions. CC ID 12575 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data if it reveals ethnic origin. CC ID 12574 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data for marketing or advertising to children. CC ID 14010 | Privacy protection for information and data | Preventive | |
| Dispose of personal data removal requests, as necessary. CC ID 13512 | Privacy protection for information and data | Preventive | |
| Determine the financial impact for the unauthorized disclosure of privacy-related data and privacy-related information. CC ID 06488 | Privacy protection for information and data | Detective | |
| Establish, implement, and maintain Consumer Reporting Agency notification procedures. CC ID 04851 | Privacy protection for information and data | Preventive | |
| Include personal data that is publicly available information as an out of scope privacy breach. CC ID 04678 | Privacy protection for information and data | Preventive | |
| Refrain from requiring independent recourse mechanisms when transferring personal data from one data controller to another data controller. CC ID 12528 | Privacy protection for information and data | Preventive | |
| Refrain from requiring a contract between the data controller and trusted third parties when personal information is transferred. CC ID 12527 | Privacy protection for information and data | Preventive | |
| Include the type of information to be collected in the privacy impact assessment. CC ID 15513 | Privacy protection for information and data | Preventive | |
| Refrain from charging a fee to file a privacy rights violation complaint. CC ID 16807 | Privacy protection for information and data | Preventive | |
| Cooperate with authorities during a privacy rights violation complaint investigation. CC ID 14364 | Privacy protection for information and data | Corrective | |
| Conduct all parts of the supply chain due diligence process. CC ID 08854 | Third Party and supply chain oversight | Preventive | |
| Assess third parties' compliance with the organization's third party security policies during due diligence. CC ID 12075 [The entity uses antivirus and anti-malware software and requires that it be implemented and maintained on all end-point devices connected to the internal and external networks to provide for the interception, detection and remediation of malware. The entity also requires third-party service organizations to confirm that their users and systems that connect to the entity's internal networks, infrastructure systems, network devices, application systems and data storage devices and information, also have active and currently updated antivirus and anti-malware protections. S7.1 Uses antivirus and anti-malware software] | Third Party and supply chain oversight | Detective | |
| Validate the third parties' compliance to organizationally mandated compliance requirements. CC ID 08819 [The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Third Party and supply chain oversight | Preventive | |
Communicate | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Disseminate and communicate the data classification scheme to interested personnel and affected parties. CC ID 16804 | Leadership and high level objectives | Preventive | |
| Disseminate and communicate the organization’s policies, standards, and procedures to all interested personnel and affected parties. CC ID 12901 | Leadership and high level objectives | Preventive | |
| Disseminate and communicate monitoring capabilities with interested personnel and affected parties. CC ID 13156 | Monitoring and measurement | Preventive | |
| Disseminate and communicate statistics on resource usage with interested personnel and affected parties. CC ID 13155 | Monitoring and measurement | Preventive | |
| Notify the appropriate personnel after identifying dormant accounts. CC ID 12125 | Monitoring and measurement | Detective | |
| Report inappropriate usage of user accounts to the appropriate personnel. CC ID 14243 | Monitoring and measurement | Detective | |
| Disseminate and communicate the system security plan to interested personnel and affected parties. CC ID 14275 | Monitoring and measurement | Preventive | |
| Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418 | Monitoring and measurement | Preventive | |
| Disseminate and communicate the disciplinary action notice to interested personnel and affected parties. CC ID 16585 | Monitoring and measurement | Preventive | |
| Report that audit evidence collected was not sufficient to the proper authorities. CC ID 16847 | Audits and risk management | Preventive | |
| Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818 | Technical security | Corrective | |
| Notify interested personnel when user accounts are added or deleted. CC ID 14327 | Technical security | Detective | |
| Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442 | Technical security | Preventive | |
| Disseminate and communicate the access control procedures to all interested personnel and affected parties. CC ID 14123 | Technical security | Corrective | |
| Disseminate and communicate the identification and authentication policy to interested personnel and affected parties. CC ID 14197 | Technical security | Preventive | |
| Disseminate and communicate the identification and authentication procedures to interested personnel and affected parties. CC ID 14223 | Technical security | Preventive | |
| Notify a user when an authenticator for a user account is changed. CC ID 13820 | Technical security | Preventive | |
| Disseminate and communicate the network security policy to interested personnel and affected parties. CC ID 14199 | Technical security | Preventive | |
| Disseminate and communicate the system and communications protection procedures to interested personnel and affected parties. CC ID 14206 | Technical security | Preventive | |
| Disseminate and communicate network diagrams to interested personnel and affected parties. CC ID 13137 | Technical security | Preventive | |
| Disseminate and communicate the data flow diagrams to interested personnel and affected parties. CC ID 16407 | Technical security | Preventive | |
| Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034 | Technical security | Preventive | |
| Disseminate and communicate the encryption management and cryptographic controls policy to all interested personnel and affected parties. CC ID 15476 | Technical security | Preventive | |
| Disseminate and communicate the encryption management procedures to all interested personnel and affected parties. CC ID 15477 | Technical security | Preventive | |
| Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164 | Technical security | Preventive | |
| Disseminate and communicate the physical and environmental protection procedures to interested personnel and affected parties. CC ID 14175 | Physical and environmental protection | Preventive | |
| Post floor plans of critical facilities in secure locations. CC ID 16138 | Physical and environmental protection | Preventive | |
| Disseminate and communicate the camera installation policy to interested personnel and affected parties. CC ID 15461 | Physical and environmental protection | Preventive | |
| Disseminate and communicate the media protection policy to interested personnel and affected parties. CC ID 14165 | Physical and environmental protection | Preventive | |
| Disseminate and communicate the media protection procedures to interested personnel and affected parties. CC ID 14186 | Physical and environmental protection | Preventive | |
| Disseminate and communicate the asset removal policy to interested personnel and affected parties. CC ID 13160 | Physical and environmental protection | Preventive | |
| Disseminate and communicate the continuity procedures to interested personnel and affected parties. CC ID 14055 | Operational and Systems Continuity | Preventive | |
| Identify the appropriate staff to route external communications to in the emergency communications procedures. CC ID 12762 | Operational and Systems Continuity | Preventive | |
| Identify who can speak to the media in the emergency communications procedures. CC ID 12761 | Operational and Systems Continuity | Corrective | |
| Disseminate and communicate screening results to interested personnel and affected parties. CC ID 16445 | Human Resources management | Preventive | |
| Disseminate and communicate the compensation, reward, and recognition program to interested personnel and affected parties. CC ID 14800 | Human Resources management | Preventive | |
| Disseminate and communicate the Asset Classification Policy to interested personnel and affected parties. CC ID 14851 | Operational management | Preventive | |
| Disseminate and communicate the system maintenance policy to interested personnel and affected parties. CC ID 14213 | Operational management | Preventive | |
| Disseminate and communicate the system maintenance procedures to interested personnel and affected parties. CC ID 14194 | Operational management | Preventive | |
| Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539 | Operational management | Preventive | |
| Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538 | Operational management | Preventive | |
| Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797 | Operational management | Preventive | |
| Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782 | Operational management | Preventive | |
| Submit written requests to delay the notification of affected parties. CC ID 16783 | Operational management | Preventive | |
| Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767 | Operational management | Corrective | |
| Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085 | Operational management | Preventive | |
| Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347 | Operational management | Corrective | |
| Establish, implement, and maintain incident reporting time frame standards. CC ID 12142 | Operational management | Preventive | |
| Disseminate and communicate the configuration management procedures to interested personnel and affected parties. CC ID 14139 | System hardening through configuration management | Preventive | |
| Disseminate and communicate the configuration management policy to interested personnel and affected parties. CC ID 14066 | System hardening through configuration management | Preventive | |
| Disseminate and communicate the configuration management program to all interested personnel and affected parties. CC ID 11946 | System hardening through configuration management | Preventive | |
| Include risk information when communicating critical security updates. CC ID 14948 | System hardening through configuration management | Preventive | |
| Disseminate and communicate with the end user when a memorized secret entered into an authenticator field matches one found in the memorized secret list. CC ID 13807 | System hardening through configuration management | Preventive | |
| Disseminate and communicate the system testing procedures to interested personnel and affected parties. CC ID 15471 | Systems design, build, and implementation | Preventive | |
| Refrain from delivering privacy notices to data subjects, as necessary. CC ID 13445 | Privacy protection for information and data | Preventive | |
| Deliver privacy notices to data subjects, as necessary. CC ID 13444 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1] | Privacy protection for information and data | Preventive | |
| Update privacy notices, as necessary. CC ID 13474 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Privacy protection for information and data | Preventive | |
| Redeliver privacy notices, as necessary. CC ID 14850 [Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2 Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Privacy protection for information and data | Preventive | |
| Deliver privacy notices to third parties, as necessary. CC ID 13473 | Privacy protection for information and data | Preventive | |
| Obtain acknowledgment of receipt of the privacy notice. CC ID 14435 | Privacy protection for information and data | Preventive | |
| Deliver opt-out notices, as necessary. CC ID 13449 | Privacy protection for information and data | Preventive | |
| Include an initial privacy notification when delivering the opt-out notice. CC ID 13453 | Privacy protection for information and data | Preventive | |
| Provide a copy of the organization's privacy program to statutory authorities, as necessary. CC ID 12376 | Privacy protection for information and data | Preventive | |
| Affirm adequate protection of personal data to applicable statutory authorities if the organization is not a member of a privacy program. CC ID 12372 | Privacy protection for information and data | Preventive | |
| Notify statutory authorities of the organization's withdrawal from the privacy program. CC ID 12391 | Privacy protection for information and data | Preventive | |
| Notify statutory authorities concerned with the privacy program if the surviving organization will continue in the privacy program. CC ID 12393 | Privacy protection for information and data | Preventive | |
| Notify data subjects about the organization's external requirements relevant to the privacy program. CC ID 12354 [{implicit consent} Data subjects are informed about the choices available to them with respect to the collection, use and disclosure of PI. Data subjects are informed that implicit or explicit consent is required to collect, use and disclose PI, unless a law or regulation specifically requires or allows otherwise. C3.1 Communicates to data subjects] | Privacy protection for information and data | Preventive | |
| Notify data subjects about their privacy rights. CC ID 12989 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the critical third party list with relevance to the privacy program to all interested personnel and affected parties. CC ID 12352 | Privacy protection for information and data | Preventive | |
| Provide public proof the organization participates in a privacy program. CC ID 12349 | Privacy protection for information and data | Preventive | |
| Disclose statements added to education records, as necessary. CC ID 12990 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent when disclosure is in connection with a disciplinary proceeding. CC ID 13005 | Privacy protection for information and data | Preventive | |
| Refrain from disclosing disciplinary proceeding results unless the student has violated the institution's rules or policies. CC ID 13023 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent when it concerns sex offenders. CC ID 13013 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent to organizations conducting studies if educational data is destroyed when no longer required. CC ID 12995 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject, as necessary. CC ID 12625 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject when it is forbidden by law. CC ID 12651 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject when it proves impossible due to statistical purposes. CC ID 12645 | Privacy protection for information and data | Preventive | |
| Provide the data subject with information about lifting any restriction of processing, as necessary. CC ID 12634 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject when it proves impossible due to historical research purposes. CC ID 12633 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject when it proves impossible due to scientific research purposes. CC ID 12632 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject when it proves impossible due to archival purposes. CC ID 12631 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject when providing information involves disproportionate effort. CC ID 12629 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject when the data subject has the information. CC ID 12628 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the disclosure accounting record to interested personnel and affected parties. CC ID 14433 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the privacy policy to interested personnel and affected parties. CC ID 13346 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1 The entity communicates its information privacy policies to internal personnel and other external third parties engaged in providing business process, IT services and information privacy support. M1.2 Policy communications Privacy policies and specific instructions or requirements for handling PI are communicated to third parties to whom PI is disclosed. D6.1 Communicates privacy policies to third parties] | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the privacy procedures to all interested personnel and affected parties. CC ID 14664 [Privacy policies and specific instructions or requirements for handling PI are communicated to third parties to whom PI is disclosed. D6.1 Communicates privacy policies to third parties] | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the privacy plan to interested personnel and affected parties. CC ID 14680 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the privacy report to interested personnel and affected parties. CC ID 14761 | Privacy protection for information and data | Preventive | |
| Disseminate private communications when required by law. CC ID 14335 | Privacy protection for information and data | Corrective | |
| Notify interested personnel and affected parties of the reasons the opt-out request was refused. CC ID 16537 | Privacy protection for information and data | Preventive | |
| Submit approval applications to the supervisory authority. CC ID 16627 | Privacy protection for information and data | Preventive | |
| Notify the supervisory authority of the safeguards employed to protect the data subject's rights. CC ID 12605 | Privacy protection for information and data | Preventive | |
| Include any reasons for delay if notifying the supervisory authority after the time limit. CC ID 12675 | Privacy protection for information and data | Corrective | |
| Notify the data controller of any changes in data processors. CC ID 12648 | Privacy protection for information and data | Preventive | |
| Notify the data subject after their personal data is disposed, as necessary. CC ID 13502 [When required, the entity has a process that provides data subjects a mechanism with which to request the entity to remove, dispose and erase a data subject's PI. Once a data subject's PI is no longer being stored in the entity's systems (this includes other affiliates and third parties that may also hold or store privacy information on behalf of the entity), the entity notifies the affected data subjects that such information has been removed. N2.1 Data subject revocations] | Privacy protection for information and data | Preventive | |
| Disclose de-identified data, as necessary. CC ID 13034 | Privacy protection for information and data | Preventive | |
| Notify the subject of care when a lack of availability of health information systems might have adversely affected their care. CC ID 13990 | Privacy protection for information and data | Corrective | |
| Refrain from disseminating and communicating with individuals that have opted out of direct marketing communications. CC ID 13708 | Privacy protection for information and data | Corrective | |
| Refrain from disclosing a security breach if an investigation concludes none has occurred. CC ID 13086 | Privacy protection for information and data | Corrective | |
| Notify the data subject when personal data has been inadvertently disclosed. CC ID 13989 | Privacy protection for information and data | Corrective | |
| Disclose personal data absent consent for specific and well-documented circumstances. CC ID 15267 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when the disclosure concerns the individual's products or services obtained from the organization. CC ID 13469 | Privacy protection for information and data | Preventive | |
| Capture personal data removal requests. CC ID 13507 [Requests for deletion of PI are captured and information related to the requests is identified and flagged for destruction to meet the entity's objectives related to privacy. U4.3 Captures, identifies and flags requests for deletion Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Privacy protection for information and data | Preventive | |
| Notify the data subject of the disclosure purpose. CC ID 15268 | Privacy protection for information and data | Preventive | |
| Notify the individual of the organization's legal rights to refuse the personal data access request, as necessary. CC ID 13509 [Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Privacy protection for information and data | Preventive | |
| Notify that data subject of any exclusions to requested personal data. CC ID 15271 | Privacy protection for information and data | Preventive | |
| Notify individuals of the new time limit for responding to an access request in a notice of extension. CC ID 13599 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the data collector's name and contact information to all interested personnel. CC ID 13760 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the data handling policy to all interested personnel and affected parties. CC ID 15465 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the data handling procedures to all interested personnel and affected parties. CC ID 15466 | Privacy protection for information and data | Preventive | |
| Notify data subjects of the geographic locations of the third parties when transferring personal data to third parties. CC ID 14414 | Privacy protection for information and data | Preventive | |
| Notify data subjects about organizational liability when transferring personal data to third parties. CC ID 12353 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the results of the Privacy Impact Assessment to interested personnel and affected parties. CC ID 15458 | Privacy protection for information and data | Preventive | |
| Notify individuals of the time frame in which they may challenge personal data. CC ID 16861 | Privacy protection for information and data | Preventive | |
| Notify third parties of unresolved challenges. CC ID 13559 | Privacy protection for information and data | Preventive | |
| Notify respondents after a privacy rights violation complaint investigation has been resolved. CC ID 13513 [Each complaint is addressed and the resolution is documented and communicated to the individual. M9.1 Documents and communicates dispute resolution and recourse] | Privacy protection for information and data | Corrective | |
| Disseminate and communicate instructions for the appeal process to interested personnel and affected parties. CC ID 16544 | Privacy protection for information and data | Preventive | |
| Disseminate and communicate a written explanation of the reasons for appeal decisions to interested personnel and affected parties. CC ID 16542 | Privacy protection for information and data | Preventive | |
Configuration | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Enable and configure logging on all network access controls. CC ID 01963 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Monitoring and measurement | Preventive | |
| Update the vulnerability scanners' vulnerability list. CC ID 10634 | Monitoring and measurement | Corrective | |
| Match user accounts to authorized parties. CC ID 12126 | Technical security | Detective | |
| Configure access control lists in accordance with organizational standards. CC ID 16465 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Technical security | Preventive | |
| Disallow application IDs from running as privileged users. CC ID 10050 | Technical security | Detective | |
| Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767 | Technical security | Preventive | |
| Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822 | Technical security | Preventive | |
| Establish, implement, and maintain session lock capabilities. CC ID 01417 | Technical security | Preventive | |
| Limit concurrent sessions according to account type. CC ID 01416 | Technical security | Preventive | |
| Configure the "tlsverify" argument to organizational standards. CC ID 14460 | Technical security | Preventive | |
| Configure the "tlscacert" argument to organizational standards. CC ID 14521 | Technical security | Preventive | |
| Configure the "tlscert" argument to organizational standards. CC ID 14520 | Technical security | Preventive | |
| Configure the "tlskey" argument to organizational standards. CC ID 14519 | Technical security | Preventive | |
| Enable access control for objects and users on each system. CC ID 04553 [The entity implements logical access security control software, infrastructures, authentication mechanisms and related architectures and security configuration controls over protected information assets to protect them from security incidents and events that might result in unauthorized access, alteration, destruction or disclosure of that information, and to meet the entity's privacy objectives. S7.1 Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Preventive | |
| Display previous logon information in the logon banner. CC ID 01415 | Technical security | Preventive | |
| Encrypt files and move them to a secure file server when a user account is disabled. CC ID 07065 | Technical security | Preventive | |
| Limit superuser accounts to designated System Administrators. CC ID 06766 | Technical security | Preventive | |
| Grant access to authorized personnel or systems. CC ID 12186 | Technical security | Preventive | |
| Assign authenticators to user accounts. CC ID 06855 | Technical security | Preventive | |
| Assign authentication mechanisms for user account authentication. CC ID 06856 | Technical security | Preventive | |
| Limit account credential reuse as a part of digital identification procedures. CC ID 12357 | Technical security | Preventive | |
| Tune the biometric identification equipment, as necessary. CC ID 07077 | Technical security | Corrective | |
| Prohibit systems from connecting directly to external networks. CC ID 08709 | Technical security | Preventive | |
| Secure the Domain Name System. CC ID 00540 | Technical security | Preventive | |
| Configure the network to limit zone transfers to trusted servers. CC ID 01876 | Technical security | Preventive | |
| Place firewalls between all security domains and between any Demilitarized Zone and internal network zones. CC ID 01274 | Technical security | Preventive | |
| Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293 | Technical security | Preventive | |
| Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784 | Technical security | Preventive | |
| Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541 | Technical security | Preventive | |
| Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847 | Technical security | Preventive | |
| Configure network ports to organizational standards. CC ID 14007 | Technical security | Preventive | |
| Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550 | Technical security | Preventive | |
| Configure network access and control points to protect restricted data or restricted information. CC ID 01284 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Technical security | Preventive | |
| Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174 | Technical security | Detective | |
| Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 | Technical security | Preventive | |
| Allow local program exceptions on the firewall, as necessary. CC ID 01956 | Technical security | Preventive | |
| Allow remote administration exceptions on the firewall, as necessary. CC ID 01957 | Technical security | Preventive | |
| Allow file sharing exceptions on the firewall, as necessary. CC ID 01958 | Technical security | Preventive | |
| Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849 | Technical security | Preventive | |
| Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959 | Technical security | Preventive | |
| Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960 | Technical security | Preventive | |
| Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961 | Technical security | Preventive | |
| Allow notification exceptions on the firewall, as necessary. CC ID 01962 | Technical security | Preventive | |
| Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964 | Technical security | Preventive | |
| Allow protocol port exceptions on the firewall, as necessary. CC ID 01965 | Technical security | Preventive | |
| Allow local port exceptions on the firewall, as necessary. CC ID 01966 | Technical security | Preventive | |
| Establish, implement, and maintain ingress address filters on the firewall, as necessary. CC ID 01287 | Technical security | Preventive | |
| Synchronize and secure all router configuration files. CC ID 01291 | Technical security | Preventive | |
| Synchronize and secure all firewall configuration files. CC ID 11851 | Technical security | Preventive | |
| Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165 | Technical security | Preventive | |
| Configure network access and control points to organizational standards. CC ID 12442 | Technical security | Detective | |
| Install and configure application layer firewalls for all key web-facing applications. CC ID 01450 | Technical security | Preventive | |
| Configure third party Wireless Local Area Network services in accordance with organizational Information Assurance standards. CC ID 00751 | Technical security | Preventive | |
| Remove all unauthorized Wireless Local Area Networks. CC ID 06309 | Technical security | Preventive | |
| Refrain from using Wired Equivalent Privacy for Wireless Local Area Networks that use Wi-Fi Protected Access. CC ID 01648 | Technical security | Preventive | |
| Configure Intrusion Detection Systems and Intrusion Prevention Systems to continuously check and send alerts for rogue devices connected to Wireless Local Area Networks. CC ID 04830 | Technical security | Preventive | |
| Remove all unauthorized wireless access points. CC ID 11856 | Technical security | Preventive | |
| Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183 | Technical security | Preventive | |
| Refrain from allowing the use of cleartext for input or output of restricted data or restricted information. CC ID 04823 | Technical security | Preventive | |
| Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 [{data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data] | Technical security | Preventive | |
| Install security and protection software, as necessary. CC ID 00575 [The entity uses antivirus and anti-malware software and requires that it be implemented and maintained on all end-point devices connected to the internal and external networks to provide for the interception, detection and remediation of malware. The entity also requires third-party service organizations to confirm that their users and systems that connect to the entity's internal networks, infrastructure systems, network devices, application systems and data storage devices and information, also have active and currently updated antivirus and anti-malware protections. S7.1 Uses antivirus and anti-malware software] | Technical security | Preventive | |
| Install doors so that exposed hinges are on the secured side. CC ID 06687 | Physical and environmental protection | Preventive | |
| Install emergency doors to permit egress only. CC ID 06688 | Physical and environmental protection | Preventive | |
| Install contact alarms on doors, as necessary. CC ID 06710 | Physical and environmental protection | Preventive | |
| Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650 | Physical and environmental protection | Preventive | |
| Install contact alarms on openable windows, as necessary. CC ID 06690 | Physical and environmental protection | Preventive | |
| Install glass break alarms on windows, as necessary. CC ID 06691 | Physical and environmental protection | Preventive | |
| Configure video cameras to cover all physical entry points. CC ID 06302 | Physical and environmental protection | Preventive | |
| Configure video cameras to prevent physical tampering or disablement. CC ID 06303 | Physical and environmental protection | Preventive | |
| Design interior walls that provide security to extend from true floor to true ceiling. CC ID 06693 | Physical and environmental protection | Preventive | |
| Serialize all removable storage media. CC ID 00949 | Physical and environmental protection | Preventive | |
| Prohibit wireless technology usage near restricted data or restricted information, absent authorization. CC ID 08706 | Physical and environmental protection | Preventive | |
| Provide a physical disconnect of collaborative computing devices in a way that supports ease of use. CC ID 06769 | Physical and environmental protection | Preventive | |
| Reconfigure restored systems to meet the Recovery Point Objectives. CC ID 01256 | Operational and Systems Continuity | Corrective | |
| Configure the off-site electronic media storage facilities to utilize timely and effective recovery operations. CC ID 01392 | Operational and Systems Continuity | Preventive | |
| Encrypt backup data. CC ID 00958 | Operational and Systems Continuity | Preventive | |
| Disallow systems from processing information, disseminating and communicating information, or storing information that is above the system's assigned asset classification. CC ID 06606 | Operational management | Preventive | |
| Separate remote maintenance sessions from other network sessions with a logically separate communications path based upon encryption. CC ID 10614 | Operational management | Preventive | |
| Verify configuration files requiring passwords for automation do not contain those passwords after the installation process is complete. CC ID 06555 | System hardening through configuration management | Preventive | |
| Employ the Configuration Management program. CC ID 11904 | System hardening through configuration management | Preventive | |
| Document external connections for all systems. CC ID 06415 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain configuration standards for all systems based upon industry best practices. CC ID 11953 [The entity implements logical access security control software, infrastructures, authentication mechanisms and related architectures and security configuration controls over protected information assets to protect them from security incidents and events that might result in unauthorized access, alteration, destruction or disclosure of that information, and to meet the entity's privacy objectives. S7.1] | System hardening through configuration management | Preventive | |
| Apply configuration standards to all systems, as necessary. CC ID 12503 | System hardening through configuration management | Preventive | |
| Document and justify system hardening standard exceptions. CC ID 06845 | System hardening through configuration management | Preventive | |
| Configure the Intrusion Detection System and Intrusion Prevention System in accordance with organizational standards. CC ID 04831 | System hardening through configuration management | Preventive | |
| Enable historical logging on the Intrusion Detection System and Intrusion Prevention System. CC ID 04836 | System hardening through configuration management | Preventive | |
| Configure automatic logoff to terminate the sessions based on inactivity according to organizational standards. CC ID 04490 | System hardening through configuration management | Preventive | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to detect rogue devices and unauthorized connections. CC ID 04837 | System hardening through configuration management | Preventive | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to alert upon finding rogue devices and unauthorized connections. CC ID 07062 | System hardening through configuration management | Preventive | |
| Display an explicit logout message when disconnecting an authenticated communications session. CC ID 10093 | System hardening through configuration management | Preventive | |
| Configure “Docker” to organizational standards. CC ID 14457 | System hardening through configuration management | Preventive | |
| Configure the "autolock" argument to organizational standards. CC ID 14547 | System hardening through configuration management | Preventive | |
| Configure the "COPY" instruction to organizational standards. CC ID 14515 | System hardening through configuration management | Preventive | |
| Configure the "memory" argument to organizational standards. CC ID 14497 | System hardening through configuration management | Preventive | |
| Configure the "docker0" bridge to organizational standards. CC ID 14504 | System hardening through configuration management | Preventive | |
| Configure the "docker exec commands" to organizational standards. CC ID 14502 | System hardening through configuration management | Preventive | |
| Configure the "health-cmd" argument to organizational standards. CC ID 14527 | System hardening through configuration management | Preventive | |
| Configure the "HEALTHCHECK" to organizational standards. CC ID 14511 | System hardening through configuration management | Detective | |
| Configure the maximum number of images to organizational standards. CC ID 14545 | System hardening through configuration management | Preventive | |
| Configure the minimum number of manager nodes to organizational standards. CC ID 14543 | System hardening through configuration management | Preventive | |
| Configure the "on-failure" restart policy to organizational standards. CC ID 14542 | System hardening through configuration management | Preventive | |
| Configure the maximum number of containers to organizational standards. CC ID 14540 | System hardening through configuration management | Preventive | |
| Configure the "lifetime_minutes" to organizational standards. CC ID 14539 | System hardening through configuration management | Preventive | |
| Configure the "Linux kernel capabilities" to organizational standards. CC ID 14531 | System hardening through configuration management | Preventive | |
| Configure the "Docker socket" to organizational standards. CC ID 14506 | System hardening through configuration management | Preventive | |
| Configure the "read-only" argument to organizational standards. CC ID 14498 | System hardening through configuration management | Preventive | |
| Configure the signed image enforcement to organizational standards. CC ID 14517 | System hardening through configuration management | Preventive | |
| Configure the "storage-opt" argument to organizational standards. CC ID 14658 | System hardening through configuration management | Preventive | |
| Configure the "swarm services" to organizational standards. CC ID 14516 | System hardening through configuration management | Preventive | |
| Configure the "experimental" argument to organizational standards. CC ID 14494 | System hardening through configuration management | Preventive | |
| Configure the cluster role-based access control policies to organizational standards. CC ID 14514 | System hardening through configuration management | Preventive | |
| Configure the "secret management commands" to organizational standards. CC ID 14512 | System hardening through configuration management | Preventive | |
| Configure the "renewal_threshold_minutes" to organizational standards. CC ID 14538 | System hardening through configuration management | Preventive | |
| Configure the "docker swarm unlock-key" command to organizational standards. CC ID 14490 | System hardening through configuration management | Preventive | |
| Configure the "per_user_limit" to organizational standards. CC ID 14523 | System hardening through configuration management | Preventive | |
| Configure the "privileged" argument to organizational standards. CC ID 14510 | System hardening through configuration management | Preventive | |
| Configure the "update instructions" to organizational standards. CC ID 14525 | System hardening through configuration management | Preventive | |
| Configure the "swarm mode" to organizational standards. CC ID 14508 | System hardening through configuration management | Preventive | |
| Configure the "USER" directive to organizational standards. CC ID 14507 | System hardening through configuration management | Preventive | |
| Configure the "DOCKER_CONTENT_TRUST" to organizational standards. CC ID 14488 | System hardening through configuration management | Preventive | |
| Configure the "no-new-privileges" argument to organizational standards. CC ID 14474 | System hardening through configuration management | Preventive | |
| Configure the "seccomp-profile" argument to organizational standards. CC ID 14503 | System hardening through configuration management | Preventive | |
| Configure the "cpu-shares" argument to organizational standards. CC ID 14489 | System hardening through configuration management | Preventive | |
| Configure the "volume" argument to organizational standards. CC ID 14533 | System hardening through configuration management | Preventive | |
| Configure the "cgroup-parent" to organizational standards. CC ID 14466 | System hardening through configuration management | Preventive | |
| Configure the "live-restore" argument to organizational standards. CC ID 14465 | System hardening through configuration management | Preventive | |
| Configure the "userland-proxy" argument to organizational standards. CC ID 14464 | System hardening through configuration management | Preventive | |
| Configure the "user namespace support" to organizational standards. CC ID 14462 | System hardening through configuration management | Preventive | |
| Configure "etcd" to organizational standards. CC ID 14535 | System hardening through configuration management | Preventive | |
| Configure the "auto-tls" argument to organizational standards. CC ID 14621 | System hardening through configuration management | Preventive | |
| Configure the "peer-auto-tls" argument to organizational standards. CC ID 14636 | System hardening through configuration management | Preventive | |
| Configure the "peer-client-cert-auth" argument to organizational standards. CC ID 14614 | System hardening through configuration management | Preventive | |
| Configure the "peer-cert-file" argument to organizational standards. CC ID 14606 | System hardening through configuration management | Preventive | |
| Configure the "key-file" argument to organizational standards. CC ID 14604 | System hardening through configuration management | Preventive | |
| Configure the "cert-file" argument to organizational standards. CC ID 14602 | System hardening through configuration management | Preventive | |
| Configure the "client-cert-auth" argument to organizational standards. CC ID 14596 | System hardening through configuration management | Preventive | |
| Configure the "peer-key-file" argument to organizational standards. CC ID 14595 | System hardening through configuration management | Preventive | |
| Configure "Kubernetes" to organizational standards. CC ID 14528 | System hardening through configuration management | Preventive | |
| Configure the "ImagePolicyWebhook" admission controller to organizational standards. CC ID 14657 | System hardening through configuration management | Preventive | |
| Configure the "allowedCapabilities" to organizational standards. CC ID 14653 | System hardening through configuration management | Preventive | |
| Configure the "allowPrivilegeEscalation" flag to organizational standards. CC ID 14645 | System hardening through configuration management | Preventive | |
| Configure the "Security Context" to organizational standards. CC ID 14656 | System hardening through configuration management | Preventive | |
| Configure the "cluster-admin" role to organizational standards. CC ID 14642 | System hardening through configuration management | Preventive | |
| Configure the "automountServiceAccountToken" to organizational standards. CC ID 14639 | System hardening through configuration management | Preventive | |
| Configure the "audit-log-maxsize" argument to organizational standards. CC ID 14624 | System hardening through configuration management | Detective | |
| Configure the "seccomp" profile to organizational standards. CC ID 14652 | System hardening through configuration management | Preventive | |
| Configure the "securityContext.privileged" flag to organizational standards. CC ID 14641 | System hardening through configuration management | Preventive | |
| Configure the "audit-log-path" argument to organizational standards. CC ID 14622 | System hardening through configuration management | Detective | |
| Configure the "audit-log-maxbackup" argument to organizational standards. CC ID 14613 | System hardening through configuration management | Detective | |
| Configure the "audit-policy-file" to organizational standards. CC ID 14610 | System hardening through configuration management | Preventive | |
| Configure the "audit-log-maxage" argument to organizational standards. CC ID 14605 | System hardening through configuration management | Detective | |
| Configure the "bind-address" argument to organizational standards. CC ID 14601 | System hardening through configuration management | Preventive | |
| Configure the "request-timeout" argument to organizational standards. CC ID 14583 | System hardening through configuration management | Preventive | |
| Configure the "secure-port" argument to organizational standards. CC ID 14582 | System hardening through configuration management | Preventive | |
| Configure the "service-account-key-file" argument to organizational standards. CC ID 14581 | System hardening through configuration management | Preventive | |
| Configure the "insecure-bind-address" argument to organizational standards. CC ID 14580 | System hardening through configuration management | Preventive | |
| Configure the "service-account-lookup" argument to organizational standards. CC ID 14579 | System hardening through configuration management | Preventive | |
| Configure the "admission control plugin PodSecurityPolicy" to organizational standards. CC ID 14578 | System hardening through configuration management | Preventive | |
| Configure the "profiling" argument to organizational standards. CC ID 14577 | System hardening through configuration management | Preventive | |
| Configure the "hostNetwork" flag to organizational standards. CC ID 14649 | System hardening through configuration management | Preventive | |
| Configure the "hostPID" flag to organizational standards. CC ID 14648 | System hardening through configuration management | Preventive | |
| Configure the "etcd-certfile" argument to organizational standards. CC ID 14584 | System hardening through configuration management | Preventive | |
| Configure the "runAsUser.rule" to organizational standards. CC ID 14651 | System hardening through configuration management | Preventive | |
| Configure the "requiredDropCapabilities" to organizational standards. CC ID 14650 | System hardening through configuration management | Preventive | |
| Configure the "hostIPC" flag to organizational standards. CC ID 14643 | System hardening through configuration management | Preventive | |
| Configure the "admission control plugin ServiceAccount" to organizational standards. CC ID 14576 | System hardening through configuration management | Preventive | |
| Configure the "insecure-port" argument to organizational standards. CC ID 14575 | System hardening through configuration management | Preventive | |
| Configure the "admission control plugin AlwaysPullImages" to organizational standards. CC ID 14574 | System hardening through configuration management | Preventive | |
| Configure the "pod" to organizational standards. CC ID 14644 | System hardening through configuration management | Preventive | |
| Configure the "ClusterRoles" to organizational standards. CC ID 14637 | System hardening through configuration management | Preventive | |
| Configure the "event-qps" argument to organizational standards. CC ID 14633 | System hardening through configuration management | Preventive | |
| Configure the "Kubelet" to organizational standards. CC ID 14635 | System hardening through configuration management | Preventive | |
| Configure the "NET_RAW" to organizational standards. CC ID 14647 | System hardening through configuration management | Preventive | |
| Configure the "make-iptables-util-chains" argument to organizational standards. CC ID 14638 | System hardening through configuration management | Preventive | |
| Configure the "hostname-override" argument to organizational standards. CC ID 14631 | System hardening through configuration management | Preventive | |
| Configure the "admission control plugin NodeRestriction" to organizational standards. CC ID 14573 | System hardening through configuration management | Preventive | |
| Configure the "admission control plugin AlwaysAdmit" to organizational standards. CC ID 14572 | System hardening through configuration management | Preventive | |
| Configure the "etcd-cafile" argument to organizational standards. CC ID 14592 | System hardening through configuration management | Preventive | |
| Configure the "encryption-provider-config" argument to organizational standards. CC ID 14587 | System hardening through configuration management | Preventive | |
| Configure the "rotate-certificates" argument to organizational standards. CC ID 14640 | System hardening through configuration management | Preventive | |
| Configure the "etcd-keyfile" argument to organizational standards. CC ID 14586 | System hardening through configuration management | Preventive | |
| Configure the "client-ca-file" argument to organizational standards. CC ID 14585 | System hardening through configuration management | Preventive | |
| Configure the "kube-apiserver" to organizational standards. CC ID 14589 | System hardening through configuration management | Preventive | |
| Configure the "tls-private-key-file" argument to organizational standards. CC ID 14590 | System hardening through configuration management | Preventive | |
| Configure the "streaming-connection-idle-timeout" argument to organizational standards. CC ID 14634 | System hardening through configuration management | Preventive | |
| Configure the "RotateKubeletServerCertificate" argument to organizational standards. CC ID 14626 | System hardening through configuration management | Preventive | |
| Configure the "protect-kernel-defaults" argument to organizational standards. CC ID 14629 | System hardening through configuration management | Preventive | |
| Configure the "read-only-port" argument to organizational standards. CC ID 14627 | System hardening through configuration management | Preventive | |
| Configure the "admission control plugin NamespaceLifecycle" to organizational standards. CC ID 14571 | System hardening through configuration management | Preventive | |
| Configure the "terminated-pod-gc-threshold" argument to organizational standards. CC ID 14593 | System hardening through configuration management | Preventive | |
| Configure the "tls-cert-file" argument to organizational standards. CC ID 14588 | System hardening through configuration management | Preventive | |
| Configure the "kubelet-certificate-authority" argument to organizational standards. CC ID 14570 | System hardening through configuration management | Preventive | |
| Configure the "service-account-private-key-file" argument to organizational standards. CC ID 14607 | System hardening through configuration management | Preventive | |
| Configure the "admission control plugin SecurityContextDeny" to organizational standards. CC ID 14569 | System hardening through configuration management | Preventive | |
| Configure the "kubelet-client-certificate" argument to organizational standards. CC ID 14568 | System hardening through configuration management | Preventive | |
| Configure the "root-ca-file" argument to organizational standards. CC ID 14599 | System hardening through configuration management | Preventive | |
| Configure the "admission control plugin EventRateLimit" to organizational standards. CC ID 14567 | System hardening through configuration management | Preventive | |
| Configure the "use-service-account-credentials" argument to organizational standards. CC ID 14594 | System hardening through configuration management | Preventive | |
| Configure the "token-auth-file" argument to organizational standards. CC ID 14566 | System hardening through configuration management | Preventive | |
| Configure the "authorization-mode" argument to organizational standards. CC ID 14565 | System hardening through configuration management | Preventive | |
| Configure the "anonymous-auth" argument to organizational standards. CC ID 14564 | System hardening through configuration management | Preventive | |
| Configure the "kubelet-client-key" argument to organizational standards. CC ID 14563 | System hardening through configuration management | Preventive | |
| Configure the "kubelet-https" argument to organizational standards. CC ID 14561 | System hardening through configuration management | Preventive | |
| Configure the "basic-auth-file" argument to organizational standards. CC ID 14559 | System hardening through configuration management | Preventive | |
| Configure the Remote Deposit Capture system to organizational standards. CC ID 13569 | System hardening through configuration management | Preventive | |
| Block and/or remove unnecessary software and unauthorized software. CC ID 00865 | System hardening through configuration management | Preventive | |
| Install the most current Windows Service Pack. CC ID 01695 | System hardening through configuration management | Preventive | |
| Install critical security updates and important security updates in a timely manner. CC ID 01696 | System hardening through configuration management | Preventive | |
| Change default configurations, as necessary. CC ID 00877 | System hardening through configuration management | Preventive | |
| Configure custom security parameters for X-Windows. CC ID 02168 | System hardening through configuration management | Preventive | |
| Configure custom security settings for Lotus Domino. CC ID 02171 | System hardening through configuration management | Preventive | |
| Configure custom security settings for the Automated Security Enhancement Tool. CC ID 02177 | System hardening through configuration management | Preventive | |
| Configure custom Security settings for Sun Answerbook2. CC ID 02178 | System hardening through configuration management | Preventive | |
| Configure custom security settings for Command (PROM) Monitor. CC ID 02180 | System hardening through configuration management | Preventive | |
| Configure and secure each interface for Executive Interfaces. CC ID 02182 | System hardening through configuration management | Preventive | |
| Reconfigure the default settings and configure the system security for Site Management Complex. CC ID 02183 | System hardening through configuration management | Preventive | |
| Configure the unisys executive (GENNED) GEN tags. CC ID 02184 | System hardening through configuration management | Preventive | |
| Reconfigure the default Console Mode privileges. CC ID 02189 | System hardening through configuration management | Preventive | |
| Restrict access to security-related Console Mode key-in groups based on the security profiles. CC ID 02190 | System hardening through configuration management | Preventive | |
| Configure security profiles for the various Console Mode levels. CC ID 02191 | System hardening through configuration management | Preventive | |
| Configure custom access privileges for all mapper files. CC ID 02194 | System hardening through configuration management | Preventive | |
| Configure custom access privileges for the PSERVER configuration file. CC ID 02195 | System hardening through configuration management | Preventive | |
| Configure custom access privileges for the DEPCON configuration file. CC ID 02196 | System hardening through configuration management | Preventive | |
| Disable the default NetWare user web page unless absolutely necessary. CC ID 04447 | System hardening through configuration management | Preventive | |
| Enable and reset the primary administrator names, primary administrator passwords, root names, and root passwords. CC ID 04448 | System hardening through configuration management | Preventive | |
| Remove unnecessary documentation or unprotected documentation from installed applications. CC ID 04452 | System hardening through configuration management | Preventive | |
| Complete the NetWare eGuide configuration. CC ID 04449 | System hardening through configuration management | Preventive | |
| Verify the usr/aset/masters/uid_aliases file exists and contains an appropriate aliases list. CC ID 04902 | System hardening through configuration management | Preventive | |
| Set the low security directory list properly. CC ID 04903 | System hardening through configuration management | Preventive | |
| Set the medium security directory list properly. CC ID 04904 | System hardening through configuration management | Preventive | |
| Set the high security directory list properly. CC ID 04905 | System hardening through configuration management | Preventive | |
| Set the UID aliases pointer properly. CC ID 04906 | System hardening through configuration management | Preventive | |
| Reconfigure the encryption keys from their default setting or previous setting. CC ID 06079 | System hardening through configuration management | Preventive | |
| Change the default Service Set Identifier for Wireless Access Points and wireless bridges. CC ID 06086 | System hardening through configuration management | Preventive | |
| Revoke public execute privileges for all processes or applications that allow such privileges. CC ID 06568 | System hardening through configuration management | Preventive | |
| Configure the system's booting configuration. CC ID 10656 | System hardening through configuration management | Preventive | |
| Configure the system to boot directly to the correct Operating System. CC ID 04509 | System hardening through configuration management | Preventive | |
| Verify an appropriate bootloader is used. CC ID 04900 | System hardening through configuration management | Preventive | |
| Configure the ability to boot from USB devices, as appropriate. CC ID 04901 | System hardening through configuration management | Preventive | |
| Configure the system to boot from hardware enforced read-only media. CC ID 10657 | System hardening through configuration management | Preventive | |
| Configure the "Approved Installation Sites for ActiveX Controls" security mechanism properly. CC ID 04909 | System hardening through configuration management | Preventive | |
| Configure Least Functionality and Least Privilege settings to organizational standards. CC ID 07599 | System hardening through configuration management | Preventive | |
| Prohibit directories from having read/write capability, as appropriate. CC ID 16313 | System hardening through configuration management | Preventive | |
| Configure "Block public access (bucket settings)" to organizational standards. CC ID 15444 | System hardening through configuration management | Preventive | |
| Configure S3 Bucket Policies to organizational standards. CC ID 15431 | System hardening through configuration management | Preventive | |
| Configure "Allow suggested apps in Windows Ink Workspace" to organizational standards. CC ID 15417 | System hardening through configuration management | Preventive | |
| Configure "Allow Cloud Search" to organizational standards. CC ID 15416 | System hardening through configuration management | Preventive | |
| Configure "Configure Watson events" to organizational standards. CC ID 15414 | System hardening through configuration management | Preventive | |
| Configure "Allow Clipboard synchronization across devices" to organizational standards. CC ID 15412 | System hardening through configuration management | Preventive | |
| Configure "Prevent users from modifying settings" to organizational standards. CC ID 15411 | System hardening through configuration management | Preventive | |
| Configure "Prevent users from sharing files within their profile" to organizational standards. CC ID 15408 | System hardening through configuration management | Preventive | |
| Configure "Manage preview builds" to organizational standards. CC ID 15405 | System hardening through configuration management | Preventive | |
| Configure "Turn off Help Experience Improvement Program" to organizational standards. CC ID 15403 | System hardening through configuration management | Preventive | |
| Configure "Sign-in and lock last interactive user automatically after a restart" to organizational standards. CC ID 15402 | System hardening through configuration management | Preventive | |
| Configure "Hardened UNC Paths" to organizational standards. CC ID 15400 | System hardening through configuration management | Preventive | |
| Configure "Turn off all Windows spotlight features" to organizational standards. CC ID 15397 | System hardening through configuration management | Preventive | |
| Configure "Allow Message Service Cloud Sync" to organizational standards. CC ID 15396 | System hardening through configuration management | Preventive | |
| Configure "Configure local setting override for reporting to Microsoft MAPS" to organizational standards. CC ID 15394 | System hardening through configuration management | Preventive | |
| Configure "Configure Windows spotlight on lock screen" to organizational standards. CC ID 15391 | System hardening through configuration management | Preventive | |
| Configure "Do not suggest third-party content in Windows spotlight" to organizational standards. CC ID 15389 | System hardening through configuration management | Preventive | |
| Configure "Enable Font Providers" to organizational standards. CC ID 15388 | System hardening through configuration management | Preventive | |
| Configure "Disallow copying of user input methods to the system account for sign-in" to organizational standards. CC ID 15386 | System hardening through configuration management | Preventive | |
| Configure "Do not display network selection UI" to organizational standards. CC ID 15381 | System hardening through configuration management | Preventive | |
| Configure "Turn off KMS Client Online AVS Validation" to organizational standards. CC ID 15380 | System hardening through configuration management | Preventive | |
| Configure "Allow Telemetry" to organizational standards. CC ID 15378 | System hardening through configuration management | Preventive | |
| Configure "Allow users to enable online speech recognition services" to organizational standards. CC ID 15377 | System hardening through configuration management | Preventive | |
| Configure "Prevent enabling lock screen camera" to organizational standards. CC ID 15373 | System hardening through configuration management | Preventive | |
| Configure "Continue experiences on this device" to organizational standards. CC ID 15372 | System hardening through configuration management | Preventive | |
| Configure "Prevent the usage of OneDrive for file storage" to organizational standards. CC ID 15369 | System hardening through configuration management | Preventive | |
| Configure "Do not use diagnostic data for tailored experiences" to organizational standards. CC ID 15367 | System hardening through configuration management | Preventive | |
| Configure "Network access: Restrict clients allowed to make remote calls to SAM" to organizational standards. CC ID 15365 | System hardening through configuration management | Preventive | |
| Configure "Turn off Microsoft consumer experiences" to organizational standards. CC ID 15363 | System hardening through configuration management | Preventive | |
| Configure "Allow Use of Camera" to organizational standards. CC ID 15362 | System hardening through configuration management | Preventive | |
| Configure "Allow Online Tips" to organizational standards. CC ID 15360 | System hardening through configuration management | Preventive | |
| Configure "Turn off cloud optimized content" to organizational standards. CC ID 15357 | System hardening through configuration management | Preventive | |
| Configure "Apply UAC restrictions to local accounts on network logons" to organizational standards. CC ID 15356 | System hardening through configuration management | Preventive | |
| Configure "Toggle user control over Insider builds" to organizational standards. CC ID 15354 | System hardening through configuration management | Preventive | |
| Configure "Allow network connectivity during connected-standby (plugged in)" to organizational standards. CC ID 15353 | System hardening through configuration management | Preventive | |
| Configure "Do not show feedback notifications" to organizational standards. CC ID 15350 | System hardening through configuration management | Preventive | |
| Configure "Prevent enabling lock screen slide show" to organizational standards. CC ID 15349 | System hardening through configuration management | Preventive | |
| Configure "Turn off the advertising ID" to organizational standards. CC ID 15348 | System hardening through configuration management | Preventive | |
| Configure "Allow Windows Ink Workspace" to organizational standards. CC ID 15346 | System hardening through configuration management | Preventive | |
| Configure "Allow a Windows app to share application data between users" to organizational standards. CC ID 15345 | System hardening through configuration management | Preventive | |
| Configure "Turn off handwriting personalization data sharing" to organizational standards. CC ID 15339 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Prevent users from installing printer drivers" to organizational standards. CC ID 07600 | System hardening through configuration management | Preventive | |
| Configure the "Log on as a service" to organizational standards. CC ID 07609 | System hardening through configuration management | Preventive | |
| Configure "Restore files and directories" to organizational standards. CC ID 07610 | System hardening through configuration management | Preventive | |
| Configure the "Back up files and directories" to organizational standards. CC ID 07629 | System hardening through configuration management | Preventive | |
| Configure the "Change the system time" to organizational standards. CC ID 07633 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" to organizational standards. CC ID 07635 | System hardening through configuration management | Preventive | |
| Configure the "Perform volume maintenance tasks" to organizational standards. CC ID 07653 | System hardening through configuration management | Preventive | |
| Configure the "Create global objects" to organizational standards. CC ID 07659 | System hardening through configuration management | Preventive | |
| Configure the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" to organizational standards. CC ID 07660 | System hardening through configuration management | Preventive | |
| Configure the "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07671 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Named Pipes that can be accessed anonymously" to organizational standards. CC ID 07676 | System hardening through configuration management | Preventive | |
| Configure the "Change the time zone" to organizational standards. CC ID 07677 | System hardening through configuration management | Preventive | |
| Configure the "Adjust memory quotas for a process" to organizational standards. CC ID 07685 | System hardening through configuration management | Preventive | |
| Configure the "Add workstations to domain" to organizational standards. CC ID 07689 | System hardening through configuration management | Preventive | |
| Configure the "Take ownership of files or other objects" to organizational standards. CC ID 07691 | System hardening through configuration management | Preventive | |
| Configure the "Access this computer from the network" to organizational standards. CC ID 07706 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)" to organizational standards. CC ID 07710 | System hardening through configuration management | Preventive | |
| Configure the "Shutdown: Allow system to be shut down without having to log on" to organizational standards. CC ID 07717 | System hardening through configuration management | Preventive | |
| Configure the "System objects: Require case insensitivity for non-Windows subsystems" to organizational standards. CC ID 07718 | System hardening through configuration management | Preventive | |
| Configure the "Domain controller: Allow server operators to schedule tasks" to organizational standards. CC ID 07722 | System hardening through configuration management | Preventive | |
| Configure the "Debug programs" to organizational standards. CC ID 07729 | System hardening through configuration management | Preventive | |
| Configure the "Increase scheduling priority" to organizational standards. CC ID 07739 | System hardening through configuration management | Preventive | |
| Configure the "Load and unload device drivers" to organizational standards. CC ID 07745 | System hardening through configuration management | Preventive | |
| Configure the "Modify an object label" to organizational standards. CC ID 07755 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on as a service" to organizational standards. CC ID 07762 | System hardening through configuration management | Preventive | |
| Configure the "Recovery console: Allow automatic administrative logon" to organizational standards. CC ID 07770 | System hardening through configuration management | Preventive | |
| Configure the "Create a token object" to organizational standards. CC ID 07774 | System hardening through configuration management | Preventive | |
| Configure the "Create symbolic links" to organizational standards. CC ID 07778 | System hardening through configuration management | Preventive | |
| Configure the "Deny access to this computer from the network" to organizational standards. CC ID 07779 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on locally" to organizational standards. CC ID 07781 | System hardening through configuration management | Preventive | |
| Configure the "Manage auditing and security log" to organizational standards. CC ID 07783 | System hardening through configuration management | Preventive | |
| Configure the "Lock pages in memory" to organizational standards. CC ID 07784 | System hardening through configuration management | Preventive | |
| Configure the "Shutdown: Clear virtual memory pagefile" to organizational standards. CC ID 07787 | System hardening through configuration management | Preventive | |
| Configure the "Increase a process working set" to organizational standards. CC ID 07788 | System hardening through configuration management | Preventive | |
| Configure the "Generate security audits" to organizational standards. CC ID 07796 | System hardening through configuration management | Preventive | |
| Configure the "Remove computer from docking station" to organizational standards. CC ID 07802 | System hardening through configuration management | Preventive | |
| Configure the "System settings: Optional subsystems" to organizational standards. CC ID 07804 | System hardening through configuration management | Preventive | |
| Configure the "Shut down the system" to organizational standards. CC ID 07808 | System hardening through configuration management | Preventive | |
| Configure the "Bypass traverse checking" to organizational standards. CC ID 07809 | System hardening through configuration management | Preventive | |
| Configure the "Always install with elevated privileges" to organizational standards. CC ID 07811 | System hardening through configuration management | Preventive | |
| Configure the "Allow log on through Remote Desktop Services" to organizational standards. CC ID 07813 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" to organizational standards. CC ID 07814 | System hardening through configuration management | Preventive | |
| Configure the "Create permanent shared objects" to organizational standards. CC ID 07818 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Allow undock without having to log on" to organizational standards. CC ID 07821 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Restrict floppy access to locally logged-on user only" to organizational standards. CC ID 07823 | System hardening through configuration management | Preventive | |
| Configure the "Log on as a batch job" to organizational standards. CC ID 07838 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 07841 | System hardening through configuration management | Preventive | |
| Configure the "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07842 | System hardening through configuration management | Preventive | |
| Configure the "Replace a process level token" to organizational standards. CC ID 07845 | System hardening through configuration management | Preventive | |
| Configure the "Modify firmware environment values" to organizational standards. CC ID 07847 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on through Remote Desktop Services" to organizational standards. CC ID 07854 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Allowed to format and eject removable media" to organizational standards. CC ID 07862 | System hardening through configuration management | Preventive | |
| Configure the "Profile single process" to organizational standards. CC ID 07866 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Autoplay" to organizational standards. CC ID 07867 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Restrict CD-ROM access to locally logged-on user only" to organizational standards. CC ID 07871 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on as a batch job" to organizational standards. CC ID 07876 | System hardening through configuration management | Preventive | |
| Configure the "Create a pagefile" to organizational standards. CC ID 07878 | System hardening through configuration management | Preventive | |
| Configure the "Profile system performance" to organizational standards. CC ID 07879 | System hardening through configuration management | Preventive | |
| Configure the "Impersonate a client after authentication" to organizational standards. CC ID 07882 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" to organizational standards. CC ID 07886 | System hardening through configuration management | Preventive | |
| Configure the "Force shutdown from a remote system" to organizational standards. CC ID 07889 | System hardening through configuration management | Preventive | |
| Configure the "Act as part of the operating system" to organizational standards. CC ID 07891 | System hardening through configuration management | Preventive | |
| Configure the "Allow log on locally" to organizational standards. CC ID 07894 | System hardening through configuration management | Preventive | |
| Configure the "Synchronize directory service data" to organizational standards. CC ID 07897 | System hardening through configuration management | Preventive | |
| Configure the "Access Credential Manager as a trusted caller" to organizational standards. CC ID 07898 | System hardening through configuration management | Preventive | |
| Configure the "Enable computer and user accounts to be trusted for delegation" to organizational standards. CC ID 07900 | System hardening through configuration management | Preventive | |
| Configure the "Recovery console: Allow floppy copy and access to all drives and all folders" to organizational standards. CC ID 07901 | System hardening through configuration management | Preventive | |
| Configure the "Software channel permissions" to organizational standards. CC ID 07910 | System hardening through configuration management | Preventive | |
| Configure the "Allow drag and drop or copy and paste files" to organizational standards. CC ID 07915 | System hardening through configuration management | Preventive | |
| Configure the "Disable Per-User Installation of ActiveX Controls" to organizational standards. CC ID 07918 | System hardening through configuration management | Preventive | |
| Configure the "Download signed ActiveX controls" to organizational standards. CC ID 07921 | System hardening through configuration management | Preventive | |
| Configure the "Disable "Configuring History"" to organizational standards. CC ID 07922 | System hardening through configuration management | Preventive | |
| Configure the "Turn off ActiveX opt-in prompt" to organizational standards. CC ID 07928 | System hardening through configuration management | Preventive | |
| Configure the "Allow installation of desktop items" to organizational standards. CC ID 07931 | System hardening through configuration management | Preventive | |
| Configure the "Only allow approved domains to use ActiveX controls without prompt" to organizational standards. CC ID 07936 | System hardening through configuration management | Preventive | |
| Configure the "Initialize and script ActiveX controls not marked as safe" to organizational standards. CC ID 07945 | System hardening through configuration management | Preventive | |
| Configure the "Allow file downloads" to organizational standards. CC ID 07960 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the Security Settings Check feature" to organizational standards. CC ID 07979 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Advanced page" to organizational standards. CC ID 07981 | System hardening through configuration management | Preventive | |
| Configure the "Intranet Sites: Include all network paths (UNCs)" to organizational standards. CC ID 07986 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing Automatic Configuration settings" to organizational standards. CC ID 07992 | System hardening through configuration management | Preventive | |
| Configure the "Turn off "Delete Browsing History" functionality" to organizational standards. CC ID 07993 | System hardening through configuration management | Preventive | |
| Configure the "Allow META REFRESH" to organizational standards. CC ID 07998 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Deleting Temporary Internet Files" to organizational standards. CC ID 08000 | System hardening through configuration management | Preventive | |
| Configure the "Security Zones: Do not allow users to change policies" to organizational standards. CC ID 08001 | System hardening through configuration management | Preventive | |
| Configure the "Only use the ActiveX Installer Service for installation of ActiveX Controls" to organizational standards. CC ID 08003 | System hardening through configuration management | Preventive | |
| Configure the "Prevent "Fix settings" functionality" to organizational standards. CC ID 08010 | System hardening through configuration management | Preventive | |
| Configure the "XAML browser applications" to organizational standards. CC ID 08011 | System hardening through configuration management | Preventive | |
| Configure the "Run .NET Framework-reliant components signed with Authenticode" to organizational standards CC ID 08014 | System hardening through configuration management | Preventive | |
| Configure the "Access data sources across domains" to organizational standards. CC ID 08018 | System hardening through configuration management | Preventive | |
| Configure the "Allow script-initiated windows without size or position constraints" to organizational standards. CC ID 08020 | System hardening through configuration management | Preventive | |
| Configure the "Disable Save this program to disk option" to organizational standards. CC ID 08021 | System hardening through configuration management | Preventive | |
| Configure the "Security Zones: Do not allow users to add/delete sites" to organizational standards. CC ID 08061 | System hardening through configuration management | Preventive | |
| Configure the "Script ActiveX controls marked safe for scripting" to organizational standards. CC ID 08067 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Deleting Cookies" to organizational standards. CC ID 08069 | System hardening through configuration management | Preventive | |
| Configure the "Allow binary and script behaviors" to organizational standards. CC ID 08070 | System hardening through configuration management | Preventive | |
| Configure the "Launching applications and files in an IFRAME" to organizational standards. CC ID 08078 | System hardening through configuration management | Preventive | |
| Configure the "Allow status bar updates via script" to organizational standards. CC ID 08081 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Crash Detection" to organizational standards. CC ID 08085 | System hardening through configuration management | Preventive | |
| Configure the "Security Zones: Use only machine settings" to organizational standards. CC ID 08088 | System hardening through configuration management | Preventive | |
| Configure the "Web sites in less privileged Web content zones can navigate into this zone" to organizational standards. CC ID 08089 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Security page" to organizational standards. CC ID 08090 | System hardening through configuration management | Preventive | |
| Configure the "Automatically check for Internet Explorer updates" to organizational standards. CC ID 08094 | System hardening through configuration management | Preventive | |
| Configure the "Navigate windows and frames across different domains" to organizational standards. CC ID 08107 | System hardening through configuration management | Preventive | |
| Configure the "Allow active scripting" setting to organizational standards. CC ID 08115 | System hardening through configuration management | Preventive | |
| Configure the "Allow font downloads" to organizational standards. CC ID 08116 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing proxy settings" to organizational standards. CC ID 08126 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing connection settings" to organizational standards. CC ID 08129 | System hardening through configuration management | Preventive | |
| Configure the "Run .NET Framework-reliant components not signed with Authenticode" to organizational standards CC ID 08130 | System hardening through configuration management | Preventive | |
| Configure the "Turn off printing over HTTP" to organizational standards. CC ID 08162 | System hardening through configuration management | Preventive | |
| Configure the "Registry policy processing" to organizational standards. CC ID 08169 | System hardening through configuration management | Preventive | |
| Configure the "Disable remote Desktop Sharing" to organizational standards. CC ID 08186 | System hardening through configuration management | Preventive | |
| Configure the "Report operating system errors" to organizational standards. CC ID 08187 | System hardening through configuration management | Preventive | |
| Configure the "Enumerate administrator accounts on elevation" to organizational standards. CC ID 08190 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Update device driver searching" to organizational standards. CC ID 08193 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow drive redirection" to organizational standards. CC ID 08199 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" to organizational standards. CC ID 08204 | System hardening through configuration management | Preventive | |
| Configure the "Turn off downloading of print drivers over HTTP" to organizational standards. CC ID 08218 | System hardening through configuration management | Preventive | |
| Configure the "Do not process the run once list" to organizational standards. CC ID 08219 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on through Terminal Services" to organizational standards. CC ID 08220 | System hardening through configuration management | Preventive | |
| Configure the "Offer Remote Assistance" to organizational standards. CC ID 08222 | System hardening through configuration management | Preventive | |
| Configure the "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" to organizational standards. CC ID 08228 | System hardening through configuration management | Preventive | |
| Configure the "Allow users to connect remotely using Remote Desktop Services" to organizational standards. CC ID 08234 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 08247 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames" to organizational standards. CC ID 08253 | System hardening through configuration management | Preventive | |
| Configure the "Solicited Remote Assistance" to organizational standards. CC ID 08265 | System hardening through configuration management | Preventive | |
| Configure "Turn off the "Publish to Web" task for files and folders" to organizational standards. CC ID 08285 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Windows Messenger to be run" to organizational standards. CC ID 08288 | System hardening through configuration management | Preventive | |
| Configure the "Allow log on through Terminal Services" to organizational standards. CC ID 08291 | System hardening through configuration management | Preventive | |
| Configure the "Require trusted path for credential entry." to organizational standards CC ID 08293 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Search Companion content file updates" to organizational standards. CC ID 08302 | System hardening through configuration management | Preventive | |
| Configure the "Prevent access to registry editing tools" to organizational standards. CC ID 08331 | System hardening through configuration management | Preventive | |
| Configure the "Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08347 | System hardening through configuration management | Preventive | |
| Configure the "Turn on SmartScreen Filter scan" to organizational standards. CC ID 08357 | System hardening through configuration management | Preventive | |
| Configure the "Disallow WinRM from storing RunAs credentials" to organizational standards. CC ID 08362 | System hardening through configuration management | Preventive | |
| Configure the "Turn off URL Suggestions" to organizational standards. CC ID 08372 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from bypassing SmartScreen Filter's application reputation warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08385 | System hardening through configuration management | Preventive | |
| Configure the "Prevent access to Delete Browsing History" to organizational standards. CC ID 08387 | System hardening through configuration management | Preventive | |
| Configure the "Turn off InPrivate Browsing" to organizational standards. CC ID 08421 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Location Provider" to organizational standards. CC ID 08427 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Suggested Sites" to organizational standards. CC ID 08434 | System hardening through configuration management | Preventive | |
| Configure the "Turn off access to the Store" to organizational standards. CC ID 08436 | System hardening through configuration management | Preventive | |
| Configure the "Point and Print Restrictions" to organizational standards. CC ID 08441 | System hardening through configuration management | Preventive | |
| Configure the "Prevent changing proxy settings" to organizational standards. CC ID 08447 | System hardening through configuration management | Preventive | |
| Configure the "Allow deleting browsing history on exit" to organizational standards. CC ID 08456 | System hardening through configuration management | Preventive | |
| Configure the "Allow scripting of Internet Explorer WebBrowser controls" to organizational standards. CC ID 08464 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Managing SmartScreen Filter for Internet Explorer 9" to organizational standards. CC ID 08472 | System hardening through configuration management | Preventive | |
| Configure the "Check Administrator Group Membership" to organizational standards. CC ID 08473 | System hardening through configuration management | Preventive | |
| Configure the "Check if AppLocker is Enabled" to organizational standards. CC ID 08475 | System hardening through configuration management | Preventive | |
| Configure the "Prevent the computer from joining a homegroup" to organizational standards. CC ID 08486 | System hardening through configuration management | Preventive | |
| Configure the "Disable Browser Geolocation" to organizational standards. CC ID 08491 | System hardening through configuration management | Preventive | |
| Configure the "Allow Remote Shell Access" to organizational standards. CC ID 08496 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off the Display (Plugged In)" to organizational standards. CC ID 08502 | System hardening through configuration management | Preventive | |
| Configure the "Do not enumerate connected users on domain-joined computers" to organizational standards. CC ID 08507 | System hardening through configuration management | Preventive | |
| Configure the "Enable dragging of content from different domains across windows" to organizational standards. CC ID 08517 | System hardening through configuration management | Preventive | |
| Configure the "Turn off first-run prompt" to organizational standards. CC ID 08521 | System hardening through configuration management | Preventive | |
| Configure the "Allow Scriptlets" to organizational standards. CC ID 08523 | System hardening through configuration management | Preventive | |
| Configure the "Turn on ActiveX Filtering" to organizational standards. CC ID 08524 | System hardening through configuration management | Preventive | |
| Configure the "Userdata persistence" to organizational standards. CC ID 08533 | System hardening through configuration management | Preventive | |
| Configure the "Enable dragging of content from different domains within a window" to organizational standards. CC ID 08535 | System hardening through configuration management | Preventive | |
| Configure the "Turn off app notifications on the lock screen" to organizational standards. CC ID 08536 | System hardening through configuration management | Preventive | |
| Configure the "Allow updates to status bar via script" to organizational standards. CC ID 08540 | System hardening through configuration management | Preventive | |
| Configure the "Enumerate local users on domain-joined computers" to organizational standards. CC ID 08546 | System hardening through configuration management | Preventive | |
| Configure the "Prevent deleting websites that the user has visited" to organizational standards. CC ID 08547 | System hardening through configuration management | Preventive | |
| Configure the "Install new versions of Internet Explorer automatically" to organizational standards. CC ID 08551 | System hardening through configuration management | Preventive | |
| Configure the "Make proxy settings per-machine (rather than per-user)" to organizational standards. CC ID 08553 | System hardening through configuration management | Preventive | |
| Configure the "Disable external branding of Internet Explorer" to organizational standards. CC ID 08555 | System hardening through configuration management | Preventive | |
| Configure the "Include local path when user is uploading files to a server" to organizational standards. CC ID 08557 | System hardening through configuration management | Preventive | |
| Configure the "Configure Solicited Remote Assistance" to organizational standards. CC ID 08561 | System hardening through configuration management | Preventive | |
| Configure the "Allow loading of XAML files" to organizational standards. CC ID 08562 | System hardening through configuration management | Preventive | |
| Configure the "Do not display the password reveal button" to organizational standards. CC ID 08567 | System hardening through configuration management | Preventive | |
| Configure the "Prevent running First Run wizard" to organizational standards. CC ID 08572 | System hardening through configuration management | Preventive | |
| Configure the "Turn off location" to organizational standards. CC ID 08575 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Enhanced Protected Mode" to organizational standards. CC ID 08577 | System hardening through configuration management | Preventive | |
| Configure the "Turn off browser geolocation" to organizational standards. CC ID 08580 | System hardening through configuration management | Preventive | |
| Configure the "Do not display the reveal password button" to organizational standards. CC ID 08583 | System hardening through configuration management | Preventive | |
| Configure the "Include updated website lists from Microsoft" to organizational standards. CC ID 08593 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Event Viewer "Events.asp" links" to organizational standards. CC ID 08604 | System hardening through configuration management | Preventive | |
| Configure the "Configure Offer Remote Assistance" to organizational standards. CC ID 08605 | System hardening through configuration management | Preventive | |
| Configure the "Prevent specifying the update check interval (in days)" to organizational standards. CC ID 08608 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off the Display (On Battery)" to organizational standards. CC ID 08609 | System hardening through configuration management | Preventive | |
| Configure the "Prevent participation in the Customer Experience Improvement Program" to organizational standards. CC ID 08611 | System hardening through configuration management | Preventive | |
| Configure the "Add a specific list of search providers to the user's search provider list" setting to organizational standards. CC ID 10420 | System hardening through configuration management | Preventive | |
| Configure the "Admin-approved behaviors" setting to organizational standards. CC ID 10421 | System hardening through configuration management | Preventive | |
| Configure the "Allow the display of image download placeholders" setting to organizational standards. CC ID 10422 | System hardening through configuration management | Preventive | |
| Configure the "Allow the printing of background colors and images" setting to organizational standards. CC ID 10423 | System hardening through configuration management | Preventive | |
| Configure the "Audio/Video Player" setting to organizational standards. CC ID 10424 | System hardening through configuration management | Preventive | |
| Configure the "Auto-hide the Toolbars" setting to organizational standards. CC ID 10425 | System hardening through configuration management | Preventive | |
| Configure the "Binary Behavior Security Restriction: All Processes" setting to organizational standards. CC ID 10426 | System hardening through configuration management | Preventive | |
| Configure the "Binary Behavior Security Restriction: Internet Explorer Processes" setting to organizational standards. CC ID 10427 | System hardening through configuration management | Preventive | |
| Configure the "Binary Behavior Security Restriction: Process List" setting to organizational standards. CC ID 10428 | System hardening through configuration management | Preventive | |
| Configure the "Carpoint" setting to organizational standards. CC ID 10429 | System hardening through configuration management | Preventive | |
| Configure the "Configure new tab page default behavior" setting to organizational standards. CC ID 10430 | System hardening through configuration management | Preventive | |
| Configure the "Customize Command Labels" setting to organizational standards. CC ID 10431 | System hardening through configuration management | Preventive | |
| Configure the "Customize User Agent String" setting to organizational standards. CC ID 10432 | System hardening through configuration management | Preventive | |
| Configure the "Deploy default Accelerators" setting to organizational standards. CC ID 10433 | System hardening through configuration management | Preventive | |
| Configure the "Deploy non-default Accelerators" setting to organizational standards. CC ID 10434 | System hardening through configuration management | Preventive | |
| Configure the "DHTML Edit Control" setting to organizational standards. CC ID 10435 | System hardening through configuration management | Preventive | |
| Configure the "Disable caching of Auto-Proxy scripts" setting to organizational standards. CC ID 10436 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing accessibility settings" setting to organizational standards. CC ID 10437 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing Calendar and Contact settings" setting to organizational standards. CC ID 10438 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing color settings" setting to organizational standards. CC ID 10439 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing default browser check" setting to organizational standards. CC ID 10440 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing font settings" setting to organizational standards. CC ID 10441 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing home page settings" setting to organizational standards. CC ID 10442 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing language settings" setting to organizational standards. CC ID 10443 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing link color settings" setting to organizational standards. CC ID 10444 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing Messaging settings" setting to organizational standards. CC ID 10445 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing ratings settings" setting to organizational standards. CC ID 10446 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing secondary home page settings" setting to organizational standards. CC ID 10447 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing Temporary Internet files settings" setting to organizational standards. CC ID 10448 | System hardening through configuration management | Preventive | |
| Configure the "Disable Context menu" setting to organizational standards. CC ID 10449 | System hardening through configuration management | Preventive | |
| Configure the "Disable customizing browser toolbar buttons" setting to organizational standards. CC ID 10450 | System hardening through configuration management | Preventive | |
| Configure the "Disable customizing browser toolbars" setting to organizational standards. CC ID 10451 | System hardening through configuration management | Preventive | |
| Configure the "Disable Import/Export Settings wizard" setting to organizational standards. CC ID 10452 | System hardening through configuration management | Preventive | |
| Configure the "Disable Open in New Window menu option" setting to organizational standards. CC ID 10453 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Connections page" setting to organizational standards. CC ID 10454 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Content page" setting to organizational standards. CC ID 10455 | System hardening through configuration management | Preventive | |
| Configure the "Disable the General page" setting to organizational standards. CC ID 10456 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Programs page" setting to organizational standards. CC ID 10457 | System hardening through configuration management | Preventive | |
| Configure the "Disable toolbars and extensions when InPrivate Browsing starts" setting to organizational standards. CC ID 10458 | System hardening through configuration management | Preventive | |
| Configure the "Display error message on proxy script download failure" setting to organizational standards. CC ID 10459 | System hardening through configuration management | Preventive | |
| Configure the "Do not collect InPrivate Filtering data" setting to organizational standards. CC ID 10460 | System hardening through configuration management | Preventive | |
| Configure the "Do not save encrypted pages to disk" setting to organizational standards. CC ID 10461 | System hardening through configuration management | Preventive | |
| Configure the "Empty Temporary Internet Files folder when browser is closed" setting to organizational standards. CC ID 10462 | System hardening through configuration management | Preventive | |
| Configure the "Enforce Full Screen Mode" setting to organizational standards. CC ID 10463 | System hardening through configuration management | Preventive | |
| Configure the "File menu: Disable closing the browser and Explorer windows" setting to organizational standards. CC ID 10464 | System hardening through configuration management | Preventive | |
| Configure the "File menu: Disable New menu option" setting to organizational standards. CC ID 10465 | System hardening through configuration management | Preventive | |
| Configure the "File menu: Disable Open menu option" setting to organizational standards. CC ID 10466 | System hardening through configuration management | Preventive | |
| Configure the "File menu: Disable Save As Web Page Complete" setting to organizational standards. CC ID 10467 | System hardening through configuration management | Preventive | |
| Configure the "File menu: Disable Save As.. menu option" setting to organizational standards. CC ID 10468 | System hardening through configuration management | Preventive | |
| Configure the "File size limits for Internet zone" setting to organizational standards. CC ID 10469 | System hardening through configuration management | Preventive | |
| Configure the "File size limits for Intranet zone" setting to organizational standards. CC ID 10470 | System hardening through configuration management | Preventive | |
| Configure the "File size limits for Local Machine zone" setting to organizational standards. CC ID 10471 | System hardening through configuration management | Preventive | |
| Configure the "File size limits for Restricted Sites zone" setting to organizational standards. CC ID 10472 | System hardening through configuration management | Preventive | |
| Configure the "File size limits for Trusted Sites zone" setting to organizational standards. CC ID 10473 | System hardening through configuration management | Preventive | |
| Configure the "Help menu: Remove 'Send Feedback' menu option" setting to organizational standards. CC ID 10474 | System hardening through configuration management | Preventive | |
| Configure the "Help menu: Remove 'Tour' menu option" setting to organizational standards. CC ID 10475 | System hardening through configuration management | Preventive | |
| Configure the "Hide Favorites menu" setting to organizational standards. CC ID 10476 | System hardening through configuration management | Preventive | |
| Configure the "Hide the Command Bar" setting to organizational standards. CC ID 10477 | System hardening through configuration management | Preventive | |
| Configure the "Hide the Status Bar" setting to organizational standards. CC ID 10478 | System hardening through configuration management | Preventive | |
| Configure the "InPrivate Filtering Threshold" setting to organizational standards. CC ID 10479 | System hardening through configuration management | Preventive | |
| Configure the "Internet Zone Restricted Protocols" setting to organizational standards. CC ID 10480 | System hardening through configuration management | Preventive | |
| Configure the "Internet Zone Template" setting to organizational standards. CC ID 10481 | System hardening through configuration management | Preventive | |
| Configure the "Intranet Sites: Include all local (intranet) sites not listed in other zones" setting to organizational standards. CC ID 10482 | System hardening through configuration management | Preventive | |
| Configure the "Intranet Sites: Include all sites that bypass the proxy server" setting to organizational standards. CC ID 10483 | System hardening through configuration management | Preventive | |
| Configure the "Intranet Zone Restricted Protocols" setting to organizational standards. CC ID 10484 | System hardening through configuration management | Preventive | |
| Configure the "Intranet Zone Template" setting to organizational standards. CC ID 10485 | System hardening through configuration management | Preventive | |
| Configure the "Investor" setting to organizational standards. CC ID 10486 | System hardening through configuration management | Preventive | |
| Configure the "Local Machine Zone Restricted Protocols" setting to organizational standards. CC ID 10487 | System hardening through configuration management | Preventive | |
| Configure the "Local Machine Zone Template" setting to organizational standards. CC ID 10488 | System hardening through configuration management | Preventive | |
| Configure the "Lock all Toolbars" setting to organizational standards. CC ID 10489 | System hardening through configuration management | Preventive | |
| Configure the "Locked-Down Internet Zone Template" setting to organizational standards. CC ID 10490 | System hardening through configuration management | Preventive | |
| Configure the "Locked-Down Intranet Zone Template" setting to organizational standards. CC ID 10491 | System hardening through configuration management | Preventive | |
| Configure the "Locked-Down Local Machine Zone Template" setting to organizational standards. CC ID 10492 | System hardening through configuration management | Preventive | |
| Configure the "Locked-Down Restricted Sites Zone Template" setting to organizational standards. CC ID 10493 | System hardening through configuration management | Preventive | |
| Configure the "Locked-Down Trusted Sites Zone Template" setting to organizational standards. CC ID 10494 | System hardening through configuration management | Preventive | |
| Configure the "Maximum number of connections per server (HTTP 1.0)" setting to organizational standards. CC ID 10495 | System hardening through configuration management | Preventive | |
| Configure the "Maximum number of connections per server (HTTP 1.1)" setting to organizational standards. CC ID 10496 | System hardening through configuration management | Preventive | |
| Configure the "Menu Controls" setting to organizational standards. CC ID 10497 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Agent" setting to organizational standards. CC ID 10498 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Chat" setting to organizational standards. CC ID 10499 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Scriptlet Component" setting to organizational standards. CC ID 10500 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Survey Control" setting to organizational standards. CC ID 10501 | System hardening through configuration management | Preventive | |
| Configure the "Moving the menu bar above the navigation bar" setting to organizational standards. CC ID 10502 | System hardening through configuration management | Preventive | |
| Configure the "MSNBC" setting to organizational standards. CC ID 10503 | System hardening through configuration management | Preventive | |
| Configure the "NetShow File Transfer Control" setting to organizational standards. CC ID 10504 | System hardening through configuration management | Preventive | |
| Configure the "Network Protocol Lockdown: All Processes" setting to organizational standards. CC ID 10505 | System hardening through configuration management | Preventive | |
| Configure the "Network Protocol Lockdown: Internet Explorer Processes" setting to organizational standards. CC ID 10506 | System hardening through configuration management | Preventive | |
| Configure the "Network Protocol Lockdown: Process List" setting to organizational standards. CC ID 10507 | System hardening through configuration management | Preventive | |
| Configure the "Play animations in web pages" setting to organizational standards. CC ID 10508 | System hardening through configuration management | Preventive | |
| Configure the "Play sounds in web pages" setting to organizational standards. CC ID 10509 | System hardening through configuration management | Preventive | |
| Configure the "Pop-up allow list" setting to organizational standards. CC ID 10510 | System hardening through configuration management | Preventive | |
| Configure the "Prevent configuration of search from the Address bar" setting to organizational standards. CC ID 10511 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Deleting Favorites Site Data" setting to organizational standards. CC ID 10512 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Deleting Form Data" setting to organizational standards. CC ID 10513 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Deleting InPrivate Filtering data" setting to organizational standards. CC ID 10514 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Deleting Passwords" setting to organizational standards. CC ID 10515 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Internet Explorer Search box from displaying" setting to organizational standards. CC ID 10516 | System hardening through configuration management | Preventive | |
| Configure the "Prevent setting of the code download path for each machine" setting to organizational standards. CC ID 10517 | System hardening through configuration management | Preventive | |
| Configure the "Prevent the configuration of cipher strength update information URLs" setting to organizational standards. CC ID 10518 | System hardening through configuration management | Preventive | |
| Configure the "Prevent the use of Windows colors" setting to organizational standards. CC ID 10519 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from choosing default text size" setting to organizational standards. CC ID 10520 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from configuring background color" setting to organizational standards. CC ID 10521 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from configuring text color" setting to organizational standards. CC ID 10522 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from configuring the color of links that have already been clicked" setting to organizational standards. CC ID 10523 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from configuring the color of links that have not yet been clicked" setting to organizational standards. CC ID 10524 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from configuring the hover color" setting to organizational standards. CC ID 10525 | System hardening through configuration management | Preventive | |
| Configure the "Restrict changing the default search provider" setting to organizational standards. CC ID 10526 | System hardening through configuration management | Preventive | |
| Configure the "Restrict search providers to a specific list of providers" setting to organizational standards. CC ID 10527 | System hardening through configuration management | Preventive | |
| Configure the "Restricted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10528 | System hardening through configuration management | Preventive | |
| Configure the "Restricted Sites Zone Template" setting to organizational standards. CC ID 10529 | System hardening through configuration management | Preventive | |
| Configure the "Send internationalized domain names" setting to organizational standards. CC ID 10530 | System hardening through configuration management | Preventive | |
| Configure the "Set location of Stop and Refresh buttons" setting to organizational standards. CC ID 10531 | System hardening through configuration management | Preventive | |
| Configure the "Set tab process growth" setting to organizational standards. CC ID 10532 | System hardening through configuration management | Preventive | |
| Configure the "Flash" setting to organizational standards. CC ID 10533 | System hardening through configuration management | Preventive | |
| Configure the "Tools menu: Disable Internet Options.. menu option" setting to organizational standards. CC ID 10534 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10535 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Sites Zone Template" setting to organizational standards. CC ID 10536 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Accelerators" setting to organizational standards. CC ID 10537 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Automatic Crash Recovery Prompt" setting to organizational standards. CC ID 10538 | System hardening through configuration management | Preventive | |
| Configure the "Turn off automatic image resizing" setting to organizational standards. CC ID 10539 | System hardening through configuration management | Preventive | |
| Configure the "Turn off ClearType" setting to organizational standards. CC ID 10540 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Compatibility View button" setting to organizational standards. CC ID 10541 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Compatibility View" setting to organizational standards. CC ID 10542 | System hardening through configuration management | Preventive | |
| Configure the "Turn off configuration of default behavior of new tab creation" setting to organizational standards. CC ID 10543 | System hardening through configuration management | Preventive | |
| Configure the "Turn off configuration of tabbed browsing pop-up behavior" setting to organizational standards. CC ID 10544 | System hardening through configuration management | Preventive | |
| Configure the "Turn off configuration of window reuse" setting to organizational standards. CC ID 10545 | System hardening through configuration management | Preventive | |
| Configure the "Turn off configuring underline links" setting to organizational standards. CC ID 10546 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Cross Document Messaging" setting to organizational standards. CC ID 10547 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Data URI Support" setting to organizational standards. CC ID 10548 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Developer Tools" setting to organizational standards. CC ID 10549 | System hardening through configuration management | Preventive | |
| Configure the "Turn off displaying the Internet Explorer Help Menu" setting to organizational standards. CC ID 10550 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Favorites bar" setting to organizational standards. CC ID 10551 | System hardening through configuration management | Preventive | |
| Configure the "Turn off friendly http error messages" setting to organizational standards. CC ID 10552 | System hardening through configuration management | Preventive | |
| Configure the "Turn off InPrivate Filtering" setting to organizational standards. CC ID 10553 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Managing Pop-up Allow list" setting to organizational standards. CC ID 10554 | System hardening through configuration management | Preventive | |
| Configure the "Turn off managing Pop-up filter level" setting to organizational standards. CC ID 10555 | System hardening through configuration management | Preventive | |
| Configure the "Turn off page zooming functionality" setting to organizational standards. CC ID 10556 | System hardening through configuration management | Preventive | |
| Configure the "Turn off picture display" setting to organizational standards. CC ID 10557 | System hardening through configuration management | Preventive | |
| Configure the "Turn off pop-up management" setting to organizational standards. CC ID 10558 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Print Menu" setting to organizational standards. CC ID 10559 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Quick Tabs functionality" setting to organizational standards. CC ID 10560 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Reopen Last Browsing Session" setting to organizational standards. CC ID 10561 | System hardening through configuration management | Preventive | |
| Configure the "Turn off sending URLs as UTF-8 (requires restart)" setting to organizational standards. CC ID 10562 | System hardening through configuration management | Preventive | |
| Configure the "Turn off smart image dithering" setting to organizational standards. CC ID 10563 | System hardening through configuration management | Preventive | |
| Configure the "Turn off smooth scrolling" setting to organizational standards. CC ID 10564 | System hardening through configuration management | Preventive | |
| Configure the "Turn off suggestions for all user-installed providers" setting to organizational standards. CC ID 10565 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Tab Grouping" setting to organizational standards. CC ID 10566 | System hardening through configuration management | Preventive | |
| Configure the "Turn off tabbed browsing" setting to organizational standards. CC ID 10567 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the activation of the quick pick menu" setting to organizational standards. CC ID 10568 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the auto-complete feature for web addresses" setting to organizational standards. CC ID 10569 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the XDomainRequest Object" setting to organizational standards. CC ID 10570 | System hardening through configuration management | Preventive | |
| Configure the "Turn off toolbar upgrade tool" setting to organizational standards. CC ID 10571 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Search AutoComplete" setting to organizational standards. CC ID 10572 | System hardening through configuration management | Preventive | |
| Configure the "Turn on automatic detection of the intranet" setting to organizational standards. CC ID 10573 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Automatic Signup" setting to organizational standards. CC ID 10574 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Caret Browsing support" setting to organizational standards. CC ID 10575 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Compatibility Logging" setting to organizational standards. CC ID 10576 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Information bar notification for intranet content" setting to organizational standards. CC ID 10577 | System hardening through configuration management | Preventive | |
| Configure the "Turn on inline AutoComplete for Web addresses" setting to organizational standards. CC ID 10578 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Internet Explorer 7 Standards Mode" setting to organizational standards. CC ID 10579 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Internet Explorer Standards Mode for Local Intranet" setting to organizational standards. CC ID 10580 | System hardening through configuration management | Preventive | |
| Configure the "Turn on menu bar by default" setting to organizational standards. CC ID 10581 | System hardening through configuration management | Preventive | |
| Configure the "Turn on the display of a notification about every script error" setting to organizational standards. CC ID 10582 | System hardening through configuration management | Preventive | |
| Configure the "Turn on the hover color option" setting to organizational standards. CC ID 10583 | System hardening through configuration management | Preventive | |
| Configure the "Use Automatic Detection for dial-up connections" setting to organizational standards. CC ID 10584 | System hardening through configuration management | Preventive | |
| Configure the "Use HTTP 1.1 through proxy connections" setting to organizational standards. CC ID 10585 | System hardening through configuration management | Preventive | |
| Configure the "Use HTTP 1.1" setting to organizational standards. CC ID 10586 | System hardening through configuration management | Preventive | |
| Configure the "Use large Icons for Command Buttons" setting to organizational standards. CC ID 10587 | System hardening through configuration management | Preventive | |
| Configure the "Use Policy Accelerators" setting to organizational standards. CC ID 10588 | System hardening through configuration management | Preventive | |
| Configure the "Use Policy List of Internet Explorer 7 sites" setting to organizational standards. CC ID 10589 | System hardening through configuration management | Preventive | |
| Configure the "Use UTF-8 for mailto links" setting to organizational standards. CC ID 10590 | System hardening through configuration management | Preventive | |
| Configure the "View menu: Disable Full Screen menu option" setting to organizational standards. CC ID 10591 | System hardening through configuration management | Preventive | |
| Configure the "View menu: Disable Source menu option" setting to organizational standards. CC ID 10592 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting to organizational standards. CC ID 10607 | System hardening through configuration management | Preventive | |
| Configure the "AutoRun" setting to organizational standards. CC ID 10608 | System hardening through configuration management | Preventive | |
| Configure the "Disable binding directly to IPropertySetStorage without intermediate layers." setting to organizational standards. CC ID 10861 | System hardening through configuration management | Preventive | |
| Configure the "Disable delete notifications on all volumes" setting to organizational standards. CC ID 10862 | System hardening through configuration management | Preventive | |
| Configure the "Disable IE security prompt for Windows Installer scripts" setting to organizational standards. CC ID 10863 | System hardening through configuration management | Preventive | |
| Configure the "Disable or enable software Secure Attention Sequence" setting to organizational standards. CC ID 10865 | System hardening through configuration management | Preventive | |
| Configure the "Disable text prediction" setting to organizational standards. CC ID 10867 | System hardening through configuration management | Preventive | |
| Configure the "Disable Windows Error Reporting" machine setting should be configured correctly. to organizational standards. CC ID 10868 | System hardening through configuration management | Preventive | |
| Configure the "Disable Windows Installer" setting to organizational standards. CC ID 10869 | System hardening through configuration management | Preventive | |
| Configure the "Display a custom message when installation is prevented by a policy setting" setting to organizational standards. CC ID 10886 | System hardening through configuration management | Preventive | |
| Configure the "Enable/Disable PerfTrack" setting to organizational standards. CC ID 10953 | System hardening through configuration management | Preventive | |
| Configure the "Enforce disk quota limit" setting to organizational standards. CC ID 10956 | System hardening through configuration management | Preventive | |
| Configure the "Limit audio playback quality" setting to organizational standards. CC ID 11006 | System hardening through configuration management | Preventive | |
| Configure the "Limit disk space used by offline files" setting to organizational standards. CC ID 11007 | System hardening through configuration management | Preventive | |
| Configure the "Limit maximum color depth" setting to organizational standards. CC ID 11008 | System hardening through configuration management | Preventive | |
| Configure the "Limit maximum display resolution" setting to organizational standards. CC ID 11009 | System hardening through configuration management | Preventive | |
| Configure the "Limit maximum number of monitors" setting to organizational standards. CC ID 11010 | System hardening through configuration management | Preventive | |
| Configure the "Limit outstanding packets" setting to organizational standards. CC ID 11012 | System hardening through configuration management | Preventive | |
| Configure the "Limit reservable bandwidth" setting to organizational standards. CC ID 11013 | System hardening through configuration management | Preventive | |
| Configure the "Limit the age of files in the BITS Peercache" setting to organizational standards. CC ID 11014 | System hardening through configuration management | Preventive | |
| Configure the "Limit the BITS Peercache size" setting to organizational standards. CC ID 11015 | System hardening through configuration management | Preventive | |
| Configure the "Limit the maximum BITS job download time" setting to organizational standards. CC ID 11016 | System hardening through configuration management | Preventive | |
| Configure the "Limit the maximum number of BITS jobs for each user" setting to organizational standards. CC ID 11018 | System hardening through configuration management | Preventive | |
| Configure the "Limit the maximum number of BITS jobs for this computer" setting to organizational standards. CC ID 11019 | System hardening through configuration management | Preventive | |
| Configure the "Limit the maximum number of ranges that can be added to the file in a BITS job" setting to organizational standards. CC ID 11021 | System hardening through configuration management | Preventive | |
| Configure the "Limit the size of the entire roaming user profile cache" setting to organizational standards. CC ID 11022 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Support Diagnostic Tool: Restrict tool download" setting to organizational standards. CC ID 11044 | System hardening through configuration management | Preventive | |
| Configure the "Prevent access to 16-bit applications" setting to organizational standards. CC ID 11066 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Automatic Updates" setting to organizational standards. CC ID 11067 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Back-ESC mapping" setting to organizational standards. CC ID 11068 | System hardening through configuration management | Preventive | |
| Configure the "Prevent backing up to local disks" setting to organizational standards. CC ID 11069 | System hardening through configuration management | Preventive | |
| Configure the "Prevent backing up to optical media (CD/DVD)" setting to organizational standards. CC ID 11071 | System hardening through configuration management | Preventive | |
| Configure the "Prevent display of the user interface for critical errors" setting to organizational standards. CC ID 11074 | System hardening through configuration management | Preventive | |
| Configure the "Prevent flicks" setting to organizational standards. CC ID 11075 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Flicks Learning Mode" setting to organizational standards. CC ID 11076 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Input Panel tab from appearing" setting to organizational standards. CC ID 11077 | System hardening through configuration management | Preventive | |
| Configure the "Prevent launch an application" setting to organizational standards. CC ID 11081 | System hardening through configuration management | Preventive | |
| Configure the "Prevent license upgrade" setting to organizational standards. CC ID 11082 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Media Sharing" setting to organizational standards. CC ID 11083 | System hardening through configuration management | Preventive | |
| Configure the "Prevent plaintext PINs from being returned by Credential Manager" setting to organizational standards. CC ID 11084 | System hardening through configuration management | Preventive | |
| Configure the "Prevent press and hold" setting to organizational standards. CC ID 11085 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Quick Launch Toolbar Shortcut Creation" setting to organizational standards. CC ID 11086 | System hardening through configuration management | Preventive | |
| Configure the "Prevent restoring local previous versions" setting to organizational standards. CC ID 11087 | System hardening through configuration management | Preventive | |
| Configure the "Prevent restoring previous versions from backups" setting to organizational standards. CC ID 11088 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Roaming Profile changes from propagating to the server" setting to organizational standards. CC ID 11090 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Video Smoothing" setting to organizational standards. CC ID 11091 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Windows Anytime Upgrade from running." setting to organizational standards. CC ID 11092 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit Access of the Windows Connect Now wizards" setting to organizational standards. CC ID 11100 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit Flyweight Patching" setting to organizational standards. CC ID 11101 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit installing or uninstalling color profiles" setting to organizational standards. CC ID 11103 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit patching" setting to organizational standards. CC ID 11104 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit removal of updates" setting to organizational standards. CC ID 11105 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit rollback" setting to organizational standards. CC ID 11106 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit Use of Restart Manager" setting to organizational standards. CC ID 11107 | System hardening through configuration management | Preventive | |
| Configure the "Restrict Internet communication" setting to organizational standards. CC ID 11140 | System hardening through configuration management | Preventive | |
| Configure the "Restrict potentially unsafe HTML Help functions to specified folders" setting to organizational standards. CC ID 11141 | System hardening through configuration management | Preventive | |
| Configure the "Restrict system locales" setting to organizational standards. CC ID 11143 | System hardening through configuration management | Preventive | |
| Configure the "Restrict these programs from being launched from Help" setting to organizational standards. CC ID 11144 | System hardening through configuration management | Preventive | |
| Configure the "Restrict unpacking and installation of gadgets that are not digitally signed." setting to organizational standards. CC ID 11145 | System hardening through configuration management | Preventive | |
| Configure the "Restrict user locales" setting to organizational standards. CC ID 11146 | System hardening through configuration management | Preventive | |
| Configure the "Terminate session when time limits are reached" setting to organizational standards. CC ID 11241 | System hardening through configuration management | Preventive | |
| Configure the "Turn off access to all Windows Update features" setting to organizational standards. CC ID 11254 | System hardening through configuration management | Preventive | |
| Configure the "Turn off access to the OEM and Microsoft branding section" setting to organizational standards. CC ID 11255 | System hardening through configuration management | Preventive | |
| Configure the "Turn off access to the performance center core section" setting to organizational standards. CC ID 11256 | System hardening through configuration management | Preventive | |
| Configure the "Turn off access to the solutions to performance problems section" setting to organizational standards. CC ID 11257 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Active Help" setting to organizational standards. CC ID 11258 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Application Compatibility Engine" setting to organizational standards. CC ID 11261 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Application Telemetry" setting to organizational standards. CC ID 11262 | System hardening through configuration management | Preventive | |
| Configure the "Turn off AutoComplete integration with Input Panel" setting to organizational standards. CC ID 11263 | System hardening through configuration management | Preventive | |
| Configure the "Turn off automatic learning" setting to organizational standards. CC ID 11264 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Automatic Root Certificates Update" setting to organizational standards. CC ID 11265 | System hardening through configuration management | Preventive | |
| Configure the "Turn off automatic termination of applications that block or cancel shutdown" setting to organizational standards. CC ID 11266 | System hardening through configuration management | Preventive | |
| Configure the "Turn off automatic wake" setting to organizational standards. CC ID 11267 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Boot and Resume Optimizations" setting to organizational standards. CC ID 11269 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Configuration" setting to organizational standards. CC ID 11271 | System hardening through configuration management | Preventive | |
| Configure the "Turn off creation of System Restore Checkpoints" setting to organizational standards. CC ID 11273 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Data Execution Prevention for HTML Help Executible" setting to organizational standards. CC ID 11274 | System hardening through configuration management | Preventive | |
| Configure the "Turn off downloading of game information" setting to organizational standards. CC ID 11276 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Fair Share CPU Scheduling" setting to organizational standards. CC ID 11277 | System hardening through configuration management | Preventive | |
| Configure the "Turn off game updates" setting to organizational standards. CC ID 11279 | System hardening through configuration management | Preventive | |
| Configure the "Turn off hardware buttons" setting to organizational standards. CC ID 11280 | System hardening through configuration management | Preventive | |
| Configure the "Turn off location scripting" setting to organizational standards. CC ID 11287 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Global" to organizational standards. CC ID 11290 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Site Local" to organizational standards. CC ID 11292 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Multicast Name Resolution" setting to organizational standards. CC ID 11293 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Non Volatile Cache Feature" setting to organizational standards. CC ID 11294 | System hardening through configuration management | Preventive | |
| Configure the "Turn off numerical sorting in Windows Explorer" setting to organizational standards. CC ID 11295 | System hardening through configuration management | Preventive | |
| Configure the "Turn off pen feedback" setting to organizational standards. CC ID 11297 | System hardening through configuration management | Preventive | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Global" to organizational standards. CC ID 11298 | System hardening through configuration management | Preventive | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Site Local" to organizational standards. CC ID 11300 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Problem Steps Recorder" setting to organizational standards. CC ID 11301 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Program Compatibility Assistant" setting to organizational standards. CC ID 11302 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Program Inventory" setting to organizational standards. CC ID 11303 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Real-Time Monitoring" setting to organizational standards. CC ID 11304 | System hardening through configuration management | Preventive | |
| Configure the "Turn off restore functionality" setting to organizational standards. CC ID 11306 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Routinely Taking Action" setting to organizational standards. CC ID 11308 | System hardening through configuration management | Preventive | |
| Configure the "Turn off sensors" setting to organizational standards. CC ID 11309 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Solid State Mode" setting to organizational standards. CC ID 11310 | System hardening through configuration management | Preventive | |
| Configure the "Turn off SwitchBack Compatibility Engine" setting to organizational standards. CC ID 11311 | System hardening through configuration management | Preventive | |
| Configure the "Turn off System Restore" setting to organizational standards. CC ID 11312 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Tablet PC touch input" setting to organizational standards. CC ID 11313 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the ability to back up data files" setting to organizational standards. CC ID 11315 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the ability to create a system image" setting to organizational standards. CC ID 11316 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the communities features" setting to organizational standards. CC ID 11317 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Touch Panning" setting to organizational standards. CC ID 11320 | System hardening through configuration management | Preventive | |
| Configure the "Turn off tracking of last play time of games in the Games folder" setting to organizational standards. CC ID 11321 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Customer Experience Improvement Program" setting to organizational standards. CC ID 11323 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Defender" setting to organizational standards. CC ID 11324 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows HotStart" setting to organizational standards. CC ID 11325 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Installer RDS Compatibility" setting to organizational standards. CC ID 11326 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Mobility Center" setting to organizational standards. CC ID 11327 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows presentation settings" setting to organizational standards. CC ID 11329 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows SideShow" setting to organizational standards. CC ID 11330 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Startup Sound" setting to organizational standards. CC ID 11331 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 | System hardening through configuration management | Preventive | |
| Configure Session Configuration settings in accordance with organizational standards. CC ID 07698 | System hardening through configuration management | Preventive | |
| Invalidate unexpected session identifiers. CC ID 15307 | System hardening through configuration management | Preventive | |
| Configure the "MaxStartups" settings to organizational standards. CC ID 15329 | System hardening through configuration management | Preventive | |
| Reject session identifiers that are not valid. CC ID 15306 | System hardening through configuration management | Preventive | |
| Configure the "MaxSessions" settings to organizational standards. CC ID 15330 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699 | System hardening through configuration management | Preventive | |
| Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328 | System hardening through configuration management | Preventive | |
| Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870 | System hardening through configuration management | Preventive | |
| Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350 | System hardening through configuration management | Preventive | |
| Install custom applications, only if they are trusted. CC ID 04822 | System hardening through configuration management | Preventive | |
| Configure virtual networks in accordance with the information security policy. CC ID 13165 | System hardening through configuration management | Preventive | |
| Configure Simple Network Management Protocol (SNMP) to organizational standards. CC ID 12423 | System hardening through configuration management | Preventive | |
| Configure Simple Network Management Protocol to enable authentication and privacy. CC ID 12427 | System hardening through configuration management | Preventive | |
| Change the community string for Simple Network Management Protocol, as necessary. CC ID 01872 | System hardening through configuration management | Preventive | |
| Configure the system's storage media. CC ID 10618 | System hardening through configuration management | Preventive | |
| Configure the system's electronic storage media's encryption settings. CC ID 11927 | System hardening through configuration management | Preventive | |
| Prohibit the use of sanitization-resistant media in Information Systems. CC ID 10617 | System hardening through configuration management | Preventive | |
| Configure Internet Browser security options according to organizational standards. CC ID 02166 | System hardening through configuration management | Preventive | |
| Configure the "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting. CC ID 04910 | System hardening through configuration management | Preventive | |
| Configure the "Disable Internet Connection wizard" setting. CC ID 02242 | System hardening through configuration management | Preventive | |
| Configure the "Disable Automatic Install of Internet Explorer components" setting. CC ID 04337 | System hardening through configuration management | Preventive | |
| Configure the "Disable Periodic Check for Internet Explorer software updates" setting. CC ID 04338 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow users to enable or disable add-ons" setting in Internet Explorer properly. CC ID 04340 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Crash Detection" setting in Internet Explorer properly. CC ID 04345 | System hardening through configuration management | Preventive | |
| Configure the "internet explorer processes (mk protocol)" setting. CC ID 04347 | System hardening through configuration management | Preventive | |
| Configure the "internet explorer processes (consistent MIME handling)" setting. CC ID 04348 | System hardening through configuration management | Preventive | |
| Configure the "internet explorer processes (MIME sniffing)" setting. CC ID 04349 | System hardening through configuration management | Preventive | |
| Configure the "Internet Explorer Processes (Restrict ActiveX Install)" setting. CC ID 04352 | System hardening through configuration management | Preventive | |
| Configure the "internet explorer processes (restrict file download)" setting. CC ID 04353 | System hardening through configuration management | Preventive | |
| Configure the "Deny all add-ons unless specifically allowed in the Add-on List" setting. CC ID 04354 | System hardening through configuration management | Preventive | |
| Configure the "Disable Save this program to disk option" setting in limited functionality environments properly. CC ID 04366 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Advanced Page" setting in limited functionality environments. CC ID 04367 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Security Page" setting in limited functionality environments properly. CC ID 04368 | System hardening through configuration management | Preventive | |
| Configure the "Disable adding channels" setting in Internet Explorer properly. CC ID 04369 | System hardening through configuration management | Preventive | |
| Configure the "Disable adding schedules for offline pages" setting. CC ID 04370 | System hardening through configuration management | Preventive | |
| Configure the "Disable all scheduled offline pages" setting. CC ID 04371 | System hardening through configuration management | Preventive | |
| Configure the "Disable channel user interface completely" setting. CC ID 04372 | System hardening through configuration management | Preventive | |
| Configure the "Disable downloading of site subscription content" setting. CC ID 04373 | System hardening through configuration management | Preventive | |
| Configure the "Disable editing and creating of schedule groups" setting. CC ID 04374 | System hardening through configuration management | Preventive | |
| Configure the "Disable editing schedules for offline pages" setting. CC ID 04375 | System hardening through configuration management | Preventive | |
| Configure the "Disable offline page hit logging" setting. CC ID 04376 | System hardening through configuration management | Preventive | |
| Configure the "Disable removing channels" setting. CC ID 04377 | System hardening through configuration management | Preventive | |
| Configure the "Disable removing schedules for offline pages" setting. CC ID 04378 | System hardening through configuration management | Preventive | |
| Configure the "Disable 'Configuring History'" setting in specialized security environments properly. CC ID 04405 | System hardening through configuration management | Preventive | |
| Configure the "Disable AutoComplete for forms" setting in limited functionality environments properly. CC ID 04406 | System hardening through configuration management | Preventive | |
| Configure the "Prevent 'fix settings' functionality" setting in limited functionality environments properly. CC ID 04407 | System hardening through configuration management | Preventive | |
| Configure the "Prevent deletion of 'Temporary Internet Files and Cookies'" setting in limited functionality environments properly. CC ID 04408 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off 'Delete Browsing History' Functionality" setting in limited functionality environments properly. CC ID 04409 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the Security Settings Check feature" setting in limited functionality environments properly. CC ID 04410 | System hardening through configuration management | Preventive | |
| Configure the "Prevent ignoring certificate errors" setting in limited functionality environments properly. CC ID 04411 | System hardening through configuration management | Preventive | |
| Configure the "allow install on demand (Internet Explorer)" setting in limited functionality environments properly. CC ID 04412 | System hardening through configuration management | Preventive | |
| Configure the "Check for server certificate revocation" setting in limited functionality environments properly. CC ID 04413 | System hardening through configuration management | Preventive | |
| Configure the "Access data sources across domains" setting. CC ID 04415 | System hardening through configuration management | Preventive | |
| Configure the "Allow active scripting" setting in limited functionality environments properly. CC ID 04416 | System hardening through configuration management | Preventive | |
| Configure the "Allow binary and script behaviors" setting in limited functionality environments properly. CC ID 04417 | System hardening through configuration management | Preventive | |
| Configure the "Allow cut, copy, or paste operations from the clipboard via script" setting. CC ID 04418 | System hardening through configuration management | Preventive | |
| Configure the "Allow drag and drop or copy and paste files" setting. CC ID 04419 | System hardening through configuration management | Preventive | |
| Configure the "Allow file downloads" setting in limited functionality environments properly. CC ID 04420 | System hardening through configuration management | Preventive | |
| Configure the "Allow font downloads" setting in limited functionality environments properly. CC ID 04421 | System hardening through configuration management | Preventive | |
| Configure the "Allow installation of desktop items" setting in limited functionality environments properly. CC ID 04422 | System hardening through configuration management | Preventive | |
| Configure the "Allow META REFRESH" setting in limited functionality environments properly. CC ID 04423 | System hardening through configuration management | Preventive | |
| Configure the "Allow script-initiated windows without size or position constraints" setting in limited functionality environments properly. CC ID 04424 | System hardening through configuration management | Preventive | |
| Configure the "Allow status bar updates via script" setting in limited functionality environments properly. CC ID 04425 | System hardening through configuration management | Preventive | |
| Configure the "Automatic prompting for file downloads" setting in limited functionality environments properly. CC ID 04426 | System hardening through configuration management | Preventive | |
| Configure the "Download signed ActiveX controls" setting in limited functionality environments properly. CC ID 04427 | System hardening through configuration management | Preventive | |
| Configure the "Download unsigned ActiveX controls" setting in limited functionality environments properly. CC ID 04428 | System hardening through configuration management | Preventive | |
| Configure the "Initialize and script ActiveX controls not marked as safe" setting in limited functionality environments properly. CC ID 04429 | System hardening through configuration management | Preventive | |
| Configure the "Java permissions" setting in limited functionality environments properly. CC ID 04430 | System hardening through configuration management | Preventive | |
| Configure the "Launching applications and files in an IFRAME" setting in limited functionality environments properly. CC ID 04431 | System hardening through configuration management | Preventive | |
| Configure the "Logon Options" setting in limited functionality environments. CC ID 04432 | System hardening through configuration management | Preventive | |
| Configure the "Navigate sub-frames across different domains" setting in limited functionality environments properly. CC ID 04433 | System hardening through configuration management | Preventive | |
| Configure the "Open file based on content, not on file extension" setting in limited functionality environments properly. CC ID 04434 | System hardening through configuration management | Preventive | |
| Configure the "Run.NET Framework-reliant components not signed with Authenticode" setting in limited functionality environments properly. CC ID 04435 | System hardening through configuration management | Preventive | |
| Configure the "Run.NET Framework-reliant components signed with Authenticode" setting in limited functionality environments properly. CC ID 04436 | System hardening through configuration management | Preventive | |
| Configure the "Run ActiveX controls and plugins" setting in limited functionality environments properly. CC ID 04437 | System hardening through configuration management | Preventive | |
| Configure the "Script ActiveX controls marked safe for scripting" setting in limited functionality environments properly. CC ID 04438 | System hardening through configuration management | Preventive | |
| Configure the "Scripting of Java applets" setting in limited functionality environments properly. CC ID 04439 | System hardening through configuration management | Preventive | |
| Configure the "Software channel permissions" setting in limited functionality environments properly. CC ID 04440 | System hardening through configuration management | Preventive | |
| Configure the "Use Pop-up Blocker" setting in limited functionality environments properly. CC ID 04441 | System hardening through configuration management | Preventive | |
| Configure the "Web sites in less privileged Web content zones could navigate into this zone" setting in limited functionality environments properly. CC ID 04442 | System hardening through configuration management | Preventive | |
| Configure the .NET Framework to prevent unauthorized mobile code from executing. CC ID 04531 | System hardening through configuration management | Preventive | |
| Configure the "Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools" setting. CC ID 04644 | System hardening through configuration management | Preventive | |
| Configure the "Prevent performance of first run customize settings" setting. CC ID 04645 | System hardening through configuration management | Preventive | |
| Configure the "Allow Scriptlets" setting in limited functionality environments properly. CC ID 02237 | System hardening through configuration management | Preventive | |
| Configure the "Disable showing the splash screen" setting. CC ID 02238 | System hardening through configuration management | Preventive | |
| Configure the "Add-on List" setting. CC ID 02239 | System hardening through configuration management | Preventive | |
| Configure the "Loose XAML" setting in limited functionality environments properly. CC ID 02240 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Privacy page" setting. CC ID 02241 | System hardening through configuration management | Preventive | |
| Configure the "XPS documents" setting in limited functionality environments properly. CC ID 02243 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Managing Phishing filter" setting. CC ID 02244 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Protected Mode" setting in limited functionality environments properly. CC ID 02245 | System hardening through configuration management | Preventive | |
| Configure the "Userdata persistence" setting in limited functionality environments properly. CC ID 02246 | System hardening through configuration management | Preventive | |
| Configure the "Display mixed content" setting in limited functionality environments properly. CC ID 02247 | System hardening through configuration management | Preventive | |
| Configure the "Check for signature on download programs" setting. CC ID 02250 | System hardening through configuration management | Preventive | |
| Configure the "Turn on the Internet Connection Wizard Auto Detect" setting. CC ID 02252 | System hardening through configuration management | Preventive | |
| Configure the "Web Browser Applications" setting for the Restricted Sites Zone properly. CC ID 02254 | System hardening through configuration management | Preventive | |
| Configure the "Turn off page transitions" setting. CC ID 02255 | System hardening through configuration management | Preventive | |
| Configure the "Turn off configuring the update check interval (in days)" setting. CC ID 02257 | System hardening through configuration management | Preventive | |
| Configure the "Web Browser Applications" setting for the Internet Zone properly. CC ID 02259 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off First-Run Opt-In" setting in limited functionality environments properly. CC ID 02261 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow resetting Internet Explorer settings" setting. CC ID 02262 | System hardening through configuration management | Preventive | |
| Configure the "Enable third-party browser extensions" setting. CC ID 02263 | System hardening through configuration management | Preventive | |
| Configure the "Disable the reset Web settings feature" setting. CC ID 02264 | System hardening through configuration management | Preventive | |
| Configure the "Disable external branding of Internet Explorer" setting. CC ID 02266 | System hardening through configuration management | Preventive | |
| Configure the "Enable Native XMLHttp Support" setting. CC ID 02267 | System hardening through configuration management | Preventive | |
| Configure the "Site to Zone Assignment List" to organizational standards. CC ID 08650 | System hardening through configuration management | Preventive | |
| Configure the "Notification bar" setting to organizational standards. CC ID 10008 | System hardening through configuration management | Preventive | |
| Remove all unnecessary functionality. CC ID 00882 | System hardening through configuration management | Preventive | |
| Find and eradicate unauthorized world writable files. CC ID 01541 | System hardening through configuration management | Preventive | |
| Strip dangerous/unneeded SUID/SGID system executables. CC ID 01542 | System hardening through configuration management | Preventive | |
| Find and eradicate unauthorized SUID/SGID system executables. CC ID 01543 | System hardening through configuration management | Preventive | |
| Find and eradicate unowned files and unowned directories. CC ID 01544 | System hardening through configuration management | Preventive | |
| Disable logon prompts on serial ports. CC ID 01553 | System hardening through configuration management | Preventive | |
| Disable "nobody" access for Secure RPC. CC ID 01554 | System hardening through configuration management | Preventive | |
| Disable all unnecessary interfaces. CC ID 04826 | System hardening through configuration management | Preventive | |
| Enable or disable all unused USB ports as appropriate. CC ID 06042 | System hardening through configuration management | Preventive | |
| Disable all user-mounted removable file systems. CC ID 01536 | System hardening through configuration management | Preventive | |
| Set the Bluetooth Security Mode to the organizational standard. CC ID 00587 | System hardening through configuration management | Preventive | |
| Secure the Bluetooth headset connections. CC ID 00593 | System hardening through configuration management | Preventive | |
| Disable automatic dial-in access to computers that have installed modems. CC ID 02036 | System hardening through configuration management | Preventive | |
| Configure the "Turn off AutoPlay" setting. CC ID 01787 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Restrict floppy access to locally logged on users only" setting. CC ID 01732 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Restrict CD-ROM access to locally logged on users" setting. CC ID 01731 | System hardening through configuration management | Preventive | |
| Configure the "Remove CD Burning features" setting. CC ID 04379 | System hardening through configuration management | Preventive | |
| Disable Autorun. CC ID 01790 | System hardening through configuration management | Preventive | |
| Disable USB devices (aka hotplugger). CC ID 01545 | System hardening through configuration management | Preventive | |
| Enable or disable all unused auxiliary ports as appropriate. CC ID 06414 | System hardening through configuration management | Preventive | |
| Remove rhosts support unless absolutely necessary. CC ID 01555 | System hardening through configuration management | Preventive | |
| Remove weak authentication services from Pluggable Authentication Modules. CC ID 01556 | System hardening through configuration management | Preventive | |
| Remove the /etc/hosts.equiv file. CC ID 01559 | System hardening through configuration management | Preventive | |
| Create the /etc/ftpd/ftpusers file. CC ID 01560 | System hardening through configuration management | Preventive | |
| Remove the X Wrapper and enable the X Display Manager. CC ID 01564 | System hardening through configuration management | Preventive | |
| Remove empty crontab files and restrict file permissions to the file. CC ID 01571 | System hardening through configuration management | Preventive | |
| Remove all compilers and assemblers from the system. CC ID 01594 | System hardening through configuration management | Preventive | |
| Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827 | System hardening through configuration management | Preventive | |
| Disable the storing of movies in cache in Apple's QuickTime. CC ID 04489 | System hardening through configuration management | Preventive | |
| Install and enable file sharing utilities, as necessary. CC ID 02174 | System hardening through configuration management | Preventive | |
| Disable boot services unless boot services are absolutely necessary. CC ID 01481 | System hardening through configuration management | Preventive | |
| Disable File Services for Macintosh unless File Services for Macintosh are absolutely necessary. CC ID 04279 | System hardening through configuration management | Preventive | |
| Configure the Trivial FTP Daemon service to organizational standards. CC ID 01484 | System hardening through configuration management | Preventive | |
| Disable printer daemons or the printer service unless printer daemons or the printer service is absolutely necessary. CC ID 01487 | System hardening through configuration management | Preventive | |
| Disable web server unless web server is absolutely necessary. CC ID 01490 | System hardening through configuration management | Preventive | |
| Disable portmapper unless portmapper is absolutely necessary. CC ID 01492 | System hardening through configuration management | Preventive | |
| Disable writesrv, pmd, and httpdlite unless writesrv, pmd, and httpdlite are absolutely necessary. CC ID 01498 | System hardening through configuration management | Preventive | |
| Disable hwscan hardware detection unless hwscan hardware detection is absolutely necessary. CC ID 01504 | System hardening through configuration management | Preventive | |
| Configure the “xinetd” service to organizational standards. CC ID 01509 | System hardening through configuration management | Preventive | |
| Configure the /etc/xinetd.conf file permissions as appropriate. CC ID 01568 | System hardening through configuration management | Preventive | |
| Disable inetd unless inetd is absolutely necessary. CC ID 01508 | System hardening through configuration management | Preventive | |
| Disable Network Computing System unless it is absolutely necessary. CC ID 01497 | System hardening through configuration management | Preventive | |
| Disable print server for macintosh unless print server for macintosh is absolutely necessary. CC ID 04284 | System hardening through configuration management | Preventive | |
| Disable Print Server unless Print Server is absolutely necessary. CC ID 01488 | System hardening through configuration management | Preventive | |
| Disable ruser/remote login/remote shell/rcp command, unless it is absolutely necessary. CC ID 01480 | System hardening through configuration management | Preventive | |
| Disable xfsmd unless xfsmd is absolutely necessary. CC ID 02179 | System hardening through configuration management | Preventive | |
| Disable RPC-based services unless RPC-based services are absolutely necessary. CC ID 01455 | System hardening through configuration management | Preventive | |
| Disable netfs script unless netfs script is absolutely necessary. CC ID 01495 | System hardening through configuration management | Preventive | |
| Disable Remote Procedure Calls unless Remote Procedure Calls are absolutely necessary and if enabled, set restrictions. CC ID 01456 | System hardening through configuration management | Preventive | |
| Configure the "RPC Endpoint Mapper Client Authentication" setting. CC ID 04327 | System hardening through configuration management | Preventive | |
| Disable ncpfs Script unless ncpfs Script is absolutely necessary. CC ID 01494 | System hardening through configuration management | Preventive | |
| Disable sendmail server unless sendmail server is absolutely necessary. CC ID 01511 | System hardening through configuration management | Preventive | |
| Disable postfix unless postfix is absolutely necessary. CC ID 01512 | System hardening through configuration management | Preventive | |
| Disable directory server unless directory server is absolutely necessary. CC ID 01464 | System hardening through configuration management | Preventive | |
| Disable Windows-compatibility client processes unless Windows-compatibility client processes are absolutely necessary. CC ID 01471 | System hardening through configuration management | Preventive | |
| Disable Windows-compatibility servers unless Windows-compatibility servers are absolutely necessary. CC ID 01470 | System hardening through configuration management | Preventive | |
| Configure the “Network File System” server to organizational standards CC ID 01472 | System hardening through configuration management | Preventive | |
| Configure NFS to respond or not as appropriate to NFS client requests that do not include a User ID. CC ID 05981 | System hardening through configuration management | Preventive | |
| Configure NFS with appropriate authentication methods. CC ID 05982 | System hardening through configuration management | Preventive | |
| Configure the "AUTH_DES authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08971 | System hardening through configuration management | Preventive | |
| Configure the "AUTH_KERB authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08972 | System hardening through configuration management | Preventive | |
| Configure the "AUTH_NONE authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08973 | System hardening through configuration management | Preventive | |
| Configure the "AUTH_UNIX authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08974 | System hardening through configuration management | Preventive | |
| Disable webmin processes unless the webmin process is absolutely necessary. CC ID 01501 | System hardening through configuration management | Preventive | |
| Disable automount daemon unless automount daemon is absolutely necessary. CC ID 01476 | System hardening through configuration management | Preventive | |
| Disable CDE-related daemons unless CDE-related daemons are absolutely necessary. CC ID 01474 | System hardening through configuration management | Preventive | |
| Disable finger unless finger is absolutely necessary. CC ID 01505 | System hardening through configuration management | Preventive | |
| Disable Rexec unless Rexec is absolutely necessary. CC ID 02164 | System hardening through configuration management | Preventive | |
| Disable Squid cache server unless Squid cache server is absolutely necessary. CC ID 01502 | System hardening through configuration management | Preventive | |
| Disable Kudzu hardware detection unless Kudzu hardware detection is absolutely necessary. CC ID 01503 | System hardening through configuration management | Preventive | |
| Install and enable public Instant Messaging clients as necessary. CC ID 02173 | System hardening through configuration management | Preventive | |
| Disable x font server unless x font server is absolutely necessary. CC ID 01499 | System hardening through configuration management | Preventive | |
| Disable NFS client processes unless NFS client processes are absolutely necessary. CC ID 01475 | System hardening through configuration management | Preventive | |
| Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477 | System hardening through configuration management | Preventive | |
| Disable GSS daemon unless GSS daemon is absolutely necessary. CC ID 01465 | System hardening through configuration management | Preventive | |
| Disable Computer Browser unless Computer Browser is absolutely necessary. CC ID 01814 | System hardening through configuration management | Preventive | |
| Configure the Computer Browser ResetBrowser Frames as appropriate. CC ID 05984 | System hardening through configuration management | Preventive | |
| Configure the /etc/samba/smb.conf file file permissions as appropriate. CC ID 05989 | System hardening through configuration management | Preventive | |
| Disable NetMeeting remote desktop sharing unless NetMeeting remote desktop sharing is absolutely necessary. CC ID 01821 | System hardening through configuration management | Preventive | |
| Disable web directory browsing on all web-enabled devices. CC ID 01874 | System hardening through configuration management | Preventive | |
| Disable WWW publishing services unless WWW publishing services are absolutely necessary. CC ID 01833 | System hardening through configuration management | Preventive | |
| Install and enable samba, as necessary. CC ID 02175 | System hardening through configuration management | Preventive | |
| Configure the samba hosts allow option with an appropriate set of networks. CC ID 05985 | System hardening through configuration management | Preventive | |
| Configure the samba security option option as appropriate. CC ID 05986 | System hardening through configuration management | Preventive | |
| Configure the samba encrypt passwords option as appropriate. CC ID 05987 | System hardening through configuration management | Preventive | |
| Configure the Samba 'smb passwd file' option with an appropriate password file or no password file. CC ID 05988 | System hardening through configuration management | Preventive | |
| Disable Usenet Internet news package file capabilities unless Usenet Internet news package file capabilities are absolutely necessary. CC ID 02176 | System hardening through configuration management | Preventive | |
| Disable iPlanet Web Server unless iPlanet Web Server is absolutely necessary. CC ID 02172 | System hardening through configuration management | Preventive | |
| Disable volume manager unless volume manager is absolutely necessary. CC ID 01469 | System hardening through configuration management | Preventive | |
| Disable Solaris Management Console unless Solaris Management Console is absolutely necessary. CC ID 01468 | System hardening through configuration management | Preventive | |
| Disable the Graphical User Interface unless it is absolutely necessary. CC ID 01466 | System hardening through configuration management | Preventive | |
| Disable help and support unless help and support is absolutely necessary. CC ID 04280 | System hardening through configuration management | Preventive | |
| Disable speech recognition unless speech recognition is absolutely necessary. CC ID 04491 | System hardening through configuration management | Preventive | |
| Disable or secure the NetWare QuickFinder search engine. CC ID 04453 | System hardening through configuration management | Preventive | |
| Disable messenger unless messenger is absolutely necessary. CC ID 01819 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Windows Messenger to be run" setting. CC ID 04516 | System hardening through configuration management | Preventive | |
| Configure the "Do not automatically start Windows Messenger initially" setting. CC ID 04517 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" setting. CC ID 04330 | System hardening through configuration management | Preventive | |
| Disable automatic updates unless automatic updates are absolutely necessary. CC ID 01811 | System hardening through configuration management | Preventive | |
| Configure automatic update installation and shutdown/restart options and shutdown/restart procedures to organizational standards. CC ID 05979 | System hardening through configuration management | Preventive | |
| Disable Name Service Cache Daemon unless Name Service Cache Daemon is absolutely necessary. CC ID 04846 | System hardening through configuration management | Preventive | |
| Prohibit R-command files from existing for root or administrator. CC ID 16322 | System hardening through configuration management | Preventive | |
| Verify the /bin/rsh file exists or not, as appropriate. CC ID 05101 | System hardening through configuration management | Preventive | |
| Verify the /sbin/rsh file exists or not, as appropriate. CC ID 05102 | System hardening through configuration management | Preventive | |
| Verify the /usr/bin/rsh file exists or not, as appropriate. CC ID 05103 | System hardening through configuration management | Preventive | |
| Verify the /etc/ftpusers file exists or not, as appropriate. CC ID 05104 | System hardening through configuration management | Preventive | |
| Verify the /etc/rsh file exists or not, as appropriate. CC ID 05105 | System hardening through configuration management | Preventive | |
| Install or uninstall the AIDE package, as appropriate. CC ID 05106 | System hardening through configuration management | Preventive | |
| Enable the GNOME automounter (gnome-volume-manager) as necessary. CC ID 05107 | System hardening through configuration management | Preventive | |
| Install or uninstall the setroubleshoot package, as appropriate. CC ID 05108 | System hardening through configuration management | Preventive | |
| Configure Avahi properly. CC ID 05109 | System hardening through configuration management | Preventive | |
| Install or uninstall OpenNTPD, as appropriate. CC ID 05110 | System hardening through configuration management | Preventive | |
| Configure the "httpd" service to organizational standards. CC ID 05111 | System hardening through configuration management | Preventive | |
| Install or uninstall the net-smtp package properly. CC ID 05112 | System hardening through configuration management | Preventive | |
| Configure the apache web service properly. CC ID 05113 | System hardening through configuration management | Preventive | |
| Configure the vlock package properly. CC ID 05114 | System hardening through configuration management | Preventive | |
| Configure the daemon account properly. CC ID 05115 | System hardening through configuration management | Preventive | |
| Configure the bin account properly. CC ID 05116 | System hardening through configuration management | Preventive | |
| Configure the nuucp account properly. CC ID 05117 | System hardening through configuration management | Preventive | |
| Configure the smmsp account properly. CC ID 05118 | System hardening through configuration management | Preventive | |
| Configure the listen account properly. CC ID 05119 | System hardening through configuration management | Preventive | |
| Configure the gdm account properly. CC ID 05120 | System hardening through configuration management | Preventive | |
| Configure the webservd account properly. CC ID 05121 | System hardening through configuration management | Preventive | |
| Configure the nobody account properly. CC ID 05122 | System hardening through configuration management | Preventive | |
| Configure the noaccess account properly. CC ID 05123 | System hardening through configuration management | Preventive | |
| Configure the nobody4 account properly. CC ID 05124 | System hardening through configuration management | Preventive | |
| Configure the sys account properly. CC ID 05125 | System hardening through configuration management | Preventive | |
| Configure the adm account properly. CC ID 05126 | System hardening through configuration management | Preventive | |
| Configure the lp account properly. CC ID 05127 | System hardening through configuration management | Preventive | |
| Configure the uucp account properly. CC ID 05128 | System hardening through configuration management | Preventive | |
| Install or uninstall the tftp-server package, as appropriate. CC ID 05130 | System hardening through configuration management | Preventive | |
| Enable the web console as necessary. CC ID 05131 | System hardening through configuration management | Preventive | |
| Enable rlogin auth by Pluggable Authentication Modules or pam.d properly. CC ID 05132 | System hardening through configuration management | Preventive | |
| Enable rsh auth by Pluggable Authentication Modules properly. CC ID 05133 | System hardening through configuration management | Preventive | |
| Enable the listening sendmail daemon, as appropriate. CC ID 05134 | System hardening through configuration management | Preventive | |
| Configure Squid properly. CC ID 05135 | System hardening through configuration management | Preventive | |
| Configure the "/etc/shells" file to organizational standards. CC ID 08978 | System hardening through configuration management | Preventive | |
| Configure the LDAP package to organizational standards. CC ID 09937 | System hardening through configuration management | Preventive | |
| Configure the "FTP server" package to organizational standards. CC ID 09938 | System hardening through configuration management | Preventive | |
| Configure the "HTTP Proxy Server" package to organizational standards. CC ID 09939 | System hardening through configuration management | Preventive | |
| Configure the "prelink" package to organizational standards. CC ID 11379 | System hardening through configuration management | Preventive | |
| Configure the Network Information Service (NIS) package to organizational standards. CC ID 11380 | System hardening through configuration management | Preventive | |
| Configure the "time" setting to organizational standards. CC ID 11381 | System hardening through configuration management | Preventive | |
| Configure the "biosdevname" package to organizational standards. CC ID 11383 | System hardening through configuration management | Preventive | |
| Configure the "ufw" setting to organizational standards. CC ID 11384 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Allow undock without having to log on" setting. CC ID 01728 | System hardening through configuration management | Preventive | |
| Limit the user roles that are allowed to format and eject removable storage media. CC ID 01729 | System hardening through configuration management | Preventive | |
| Prevent users from installing printer drivers. CC ID 01730 | System hardening through configuration management | Preventive | |
| Minimize the inetd.conf file and set the file to the appropriate permissions. CC ID 01506 | System hardening through configuration management | Preventive | |
| Configure the unsigned driver installation behavior. CC ID 01733 | System hardening through configuration management | Preventive | |
| Configure the unsigned non-driver installation behavior. CC ID 02038 | System hardening through configuration management | Preventive | |
| Remove all demonstration applications on the system. CC ID 01875 | System hardening through configuration management | Preventive | |
| Configure the system to disallow optional Subsystems. CC ID 04265 | System hardening through configuration management | Preventive | |
| Configure the "Remove Security tab" setting. CC ID 04380 | System hardening through configuration management | Preventive | |
| Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | System hardening through configuration management | Preventive | |
| Disable rquotad unless rquotad is absolutely necessary. CC ID 01473 | System hardening through configuration management | Preventive | |
| Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983 | System hardening through configuration management | Preventive | |
| Disable telnet unless telnet use is absolutely necessary. CC ID 01478 | System hardening through configuration management | Preventive | |
| Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479 | System hardening through configuration management | Preventive | |
| Configure anonymous FTP to restrict the use of restricted data. CC ID 16314 | System hardening through configuration management | Preventive | |
| Disable anonymous access to File Transfer Protocol. CC ID 06739 | System hardening through configuration management | Preventive | |
| Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485 | System hardening through configuration management | Preventive | |
| Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486 | System hardening through configuration management | Preventive | |
| Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500 | System hardening through configuration management | Preventive | |
| Disable alerter unless alerter use is absolutely necessary. CC ID 01810 | System hardening through configuration management | Preventive | |
| Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812 | System hardening through configuration management | Preventive | |
| Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813 | System hardening through configuration management | Preventive | |
| Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815 | System hardening through configuration management | Preventive | |
| Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817 | System hardening through configuration management | Preventive | |
| Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818 | System hardening through configuration management | Preventive | |
| Disable net logon unless net logon use is absolutely necessary. CC ID 01820 | System hardening through configuration management | Preventive | |
| Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822 | System hardening through configuration management | Preventive | |
| Disable the "Offer Remote Assistance" setting. CC ID 04325 | System hardening through configuration management | Preventive | |
| Disable the "Solicited Remote Assistance" setting. CC ID 04326 | System hardening through configuration management | Preventive | |
| Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823 | System hardening through configuration management | Preventive | |
| Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824 | System hardening through configuration management | Preventive | |
| Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829 | System hardening through configuration management | Preventive | |
| Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831 | System hardening through configuration management | Preventive | |
| Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832 | System hardening through configuration management | Preventive | |
| Disable File Service Protocol. CC ID 02167 | System hardening through configuration management | Preventive | |
| Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282 | System hardening through configuration management | Preventive | |
| Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285 | System hardening through configuration management | Preventive | |
| Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286 | System hardening through configuration management | Preventive | |
| Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287 | System hardening through configuration management | Preventive | |
| Disable remote installation unless remote installation is absolutely necessary. CC ID 04288 | System hardening through configuration management | Preventive | |
| Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289 | System hardening through configuration management | Preventive | |
| Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290 | System hardening through configuration management | Preventive | |
| Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291 | System hardening through configuration management | Preventive | |
| Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292 | System hardening through configuration management | Preventive | |
| Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293 | System hardening through configuration management | Preventive | |
| Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294 | System hardening through configuration management | Preventive | |
| Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315 | System hardening through configuration management | Preventive | |
| Configure the "ntpd service" setting to organizational standards. CC ID 04911 | System hardening through configuration management | Preventive | |
| Configure the "echo service" setting to organizational standards. CC ID 04912 | System hardening through configuration management | Preventive | |
| Configure the "echo-dgram service" setting to organizational standards. CC ID 09927 | System hardening through configuration management | Preventive | |
| Configure the "echo-stream service" setting to organizational standards. CC ID 09928 | System hardening through configuration management | Preventive | |
| Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327 | System hardening through configuration management | Preventive | |
| Configure the "tcpmux-server" setting to organizational standards. CC ID 09929 | System hardening through configuration management | Preventive | |
| Configure the "netstat service" setting to organizational standards. CC ID 04913 | System hardening through configuration management | Preventive | |
| Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914 | System hardening through configuration management | Preventive | |
| Configure the "tftpd service" setting to organizational standards. CC ID 04915 | System hardening through configuration management | Preventive | |
| Configure the "walld service" setting to organizational standards. CC ID 04916 | System hardening through configuration management | Preventive | |
| Configure the "rstatd service" setting to organizational standards. CC ID 04917 | System hardening through configuration management | Preventive | |
| Configure the "sprayd service" setting to organizational standards. CC ID 04918 | System hardening through configuration management | Preventive | |
| Configure the "rusersd service" setting to organizational standards. CC ID 04919 | System hardening through configuration management | Preventive | |
| Configure the "inn service" setting to organizational standards. CC ID 04920 | System hardening through configuration management | Preventive | |
| Configure the "font service" setting to organizational standards. CC ID 04921 | System hardening through configuration management | Preventive | |
| Configure the "ident service" setting to organizational standards. CC ID 04922 | System hardening through configuration management | Preventive | |
| Configure the "rexd service" setting to organizational standards. CC ID 04923 | System hardening through configuration management | Preventive | |
| Configure the "daytime service" setting to organizational standards. CC ID 04924 | System hardening through configuration management | Preventive | |
| Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925 | System hardening through configuration management | Preventive | |
| Configure the "cmsd service" setting to organizational standards. CC ID 04926 | System hardening through configuration management | Preventive | |
| Configure the "ToolTalk service" setting to organizational standards. CC ID 04927 | System hardening through configuration management | Preventive | |
| Configure the "discard service" setting to organizational standards. CC ID 04928 | System hardening through configuration management | Preventive | |
| Configure the "vino-server service" setting to organizational standards. CC ID 04929 | System hardening through configuration management | Preventive | |
| Configure the "bind service" setting to organizational standards. CC ID 04930 | System hardening through configuration management | Preventive | |
| Configure the "nfsd service" setting to organizational standards. CC ID 04931 | System hardening through configuration management | Preventive | |
| Configure the "mountd service" setting to organizational standards. CC ID 04932 | System hardening through configuration management | Preventive | |
| Configure the "statd service" setting to organizational standards. CC ID 04933 | System hardening through configuration management | Preventive | |
| Configure the "lockd service" setting to organizational standards. CC ID 04934 | System hardening through configuration management | Preventive | |
| Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980 | System hardening through configuration management | Preventive | |
| Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935 | System hardening through configuration management | Preventive | |
| Configure the sendmail vrfy command, as appropriate. CC ID 04936 | System hardening through configuration management | Preventive | |
| Configure the sendmail expn command, as appropriate. CC ID 04937 | System hardening through configuration management | Preventive | |
| Configure .netrc with an appropriate set of services. CC ID 04938 | System hardening through configuration management | Preventive | |
| Enable NFS insecure locks as necessary. CC ID 04939 | System hardening through configuration management | Preventive | |
| Configure the "X server ac" setting to organizational standards. CC ID 04940 | System hardening through configuration management | Preventive | |
| Configure the "X server core" setting to organizational standards. CC ID 04941 | System hardening through configuration management | Preventive | |
| Enable or disable the setroubleshoot service, as appropriate. CC ID 05540 | System hardening through configuration management | Preventive | |
| Configure the "X server nolock" setting to organizational standards. CC ID 04942 | System hardening through configuration management | Preventive | |
| Enable or disable the mcstrans service, as appropriate. CC ID 05541 | System hardening through configuration management | Preventive | |
| Configure the "PAM console" setting to organizational standards. CC ID 04943 | System hardening through configuration management | Preventive | |
| Enable or disable the restorecond service, as appropriate. CC ID 05542 | System hardening through configuration management | Preventive | |
| Enable the rhnsd service as necessary. CC ID 04944 | System hardening through configuration management | Preventive | |
| Enable the yum-updatesd service as necessary. CC ID 04945 | System hardening through configuration management | Preventive | |
| Enable the autofs service as necessary. CC ID 04946 | System hardening through configuration management | Preventive | |
| Enable the ip6tables service as necessary. CC ID 04947 | System hardening through configuration management | Preventive | |
| Configure syslog to organizational standards. CC ID 04949 | System hardening through configuration management | Preventive | |
| Enable the auditd service as necessary. CC ID 04950 | System hardening through configuration management | Preventive | |
| Enable the logwatch service as necessary. CC ID 04951 | System hardening through configuration management | Preventive | |
| Enable the logrotate (syslog rotator) service as necessary. CC ID 04952 | System hardening through configuration management | Preventive | |
| Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953 | System hardening through configuration management | Preventive | |
| Enable the ypbind service as necessary. CC ID 04954 | System hardening through configuration management | Preventive | |
| Enable the ypserv service as necessary. CC ID 04955 | System hardening through configuration management | Preventive | |
| Enable the firstboot service as necessary. CC ID 04956 | System hardening through configuration management | Preventive | |
| Enable the gpm service as necessary. CC ID 04957 | System hardening through configuration management | Preventive | |
| Enable the irqbalance service as necessary. CC ID 04958 | System hardening through configuration management | Preventive | |
| Enable the isdn service as necessary. CC ID 04959 | System hardening through configuration management | Preventive | |
| Enable the kdump service as necessary. CC ID 04960 | System hardening through configuration management | Preventive | |
| Enable the mdmonitor service as necessary. CC ID 04961 | System hardening through configuration management | Preventive | |
| Enable the microcode_ctl service as necessary. CC ID 04962 | System hardening through configuration management | Preventive | |
| Enable the pcscd service as necessary. CC ID 04963 | System hardening through configuration management | Preventive | |
| Enable the smartd service as necessary. CC ID 04964 | System hardening through configuration management | Preventive | |
| Enable the readahead_early service as necessary. CC ID 04965 | System hardening through configuration management | Preventive | |
| Enable the readahead_later service as necessary. CC ID 04966 | System hardening through configuration management | Preventive | |
| Enable the messagebus service as necessary. CC ID 04967 | System hardening through configuration management | Preventive | |
| Enable the haldaemon service as necessary. CC ID 04968 | System hardening through configuration management | Preventive | |
| Enable the apmd service as necessary. CC ID 04969 | System hardening through configuration management | Preventive | |
| Enable the acpid service as necessary. CC ID 04970 | System hardening through configuration management | Preventive | |
| Enable the cpuspeed service as necessary. CC ID 04971 | System hardening through configuration management | Preventive | |
| Enable the network service as necessary. CC ID 04972 | System hardening through configuration management | Preventive | |
| Enable the hidd service as necessary. CC ID 04973 | System hardening through configuration management | Preventive | |
| Enable the crond service as necessary. CC ID 04974 | System hardening through configuration management | Preventive | |
| Install and enable the anacron service as necessary. CC ID 04975 | System hardening through configuration management | Preventive | |
| Enable the xfs service as necessary. CC ID 04976 | System hardening through configuration management | Preventive | |
| Install and enable the Avahi daemon service, as necessary. CC ID 04977 | System hardening through configuration management | Preventive | |
| Enable the CUPS service, as necessary. CC ID 04978 | System hardening through configuration management | Preventive | |
| Enable the hplip service as necessary. CC ID 04979 | System hardening through configuration management | Preventive | |
| Enable the dhcpd service as necessary. CC ID 04980 | System hardening through configuration management | Preventive | |
| Enable the nfslock service as necessary. CC ID 04981 | System hardening through configuration management | Preventive | |
| Enable the rpcgssd service as necessary. CC ID 04982 | System hardening through configuration management | Preventive | |
| Enable the rpcidmapd service as necessary. CC ID 04983 | System hardening through configuration management | Preventive | |
| Enable the rpcsvcgssd service as necessary. CC ID 04985 | System hardening through configuration management | Preventive | |
| Configure root squashing for all NFS shares, as appropriate. CC ID 04986 | System hardening through configuration management | Preventive | |
| Configure write access to NFS shares, as appropriate. CC ID 04987 | System hardening through configuration management | Preventive | |
| Configure the named service, as appropriate. CC ID 04988 | System hardening through configuration management | Preventive | |
| Configure the vsftpd service, as appropriate. CC ID 04989 | System hardening through configuration management | Preventive | |
| Configure the “dovecot” service to organizational standards. CC ID 04990 | System hardening through configuration management | Preventive | |
| Configure Server Message Block (SMB) to organizational standards. CC ID 04991 | System hardening through configuration management | Preventive | |
| Enable the snmpd service as necessary. CC ID 04992 | System hardening through configuration management | Preventive | |
| Enable the calendar manager as necessary. CC ID 04993 | System hardening through configuration management | Preventive | |
| Enable the GNOME logon service as necessary. CC ID 04994 | System hardening through configuration management | Preventive | |
| Enable the WBEM services as necessary. CC ID 04995 | System hardening through configuration management | Preventive | |
| Enable the keyserv service as necessary. CC ID 04996 | System hardening through configuration management | Preventive | |
| Enable the Generic Security Service daemon as necessary. CC ID 04997 | System hardening through configuration management | Preventive | |
| Enable the volfs service as necessary. CC ID 04998 | System hardening through configuration management | Preventive | |
| Enable the smserver service as necessary. CC ID 04999 | System hardening through configuration management | Preventive | |
| Enable the mpxio-upgrade service as necessary. CC ID 05000 | System hardening through configuration management | Preventive | |
| Enable the metainit service as necessary. CC ID 05001 | System hardening through configuration management | Preventive | |
| Enable the meta service as necessary. CC ID 05003 | System hardening through configuration management | Preventive | |
| Enable the metaed service as necessary. CC ID 05004 | System hardening through configuration management | Preventive | |
| Enable the metamh service as necessary. CC ID 05005 | System hardening through configuration management | Preventive | |
| Enable the Local RPC Port Mapping Service as necessary. CC ID 05006 | System hardening through configuration management | Preventive | |
| Enable the Kerberos kadmind service as necessary. CC ID 05007 | System hardening through configuration management | Preventive | |
| Enable the Kerberos krb5kdc service as necessary. CC ID 05008 | System hardening through configuration management | Preventive | |
| Enable the Kerberos kpropd service as necessary. CC ID 05009 | System hardening through configuration management | Preventive | |
| Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010 | System hardening through configuration management | Preventive | |
| Enable the sadmin service as necessary. CC ID 05011 | System hardening through configuration management | Preventive | |
| Enable the IPP listener as necessary. CC ID 05012 | System hardening through configuration management | Preventive | |
| Enable the serial port listener as necessary. CC ID 05013 | System hardening through configuration management | Preventive | |
| Enable the Smart Card Helper service as necessary. CC ID 05014 | System hardening through configuration management | Preventive | |
| Enable the Application Management service as necessary. CC ID 05015 | System hardening through configuration management | Preventive | |
| Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016 | System hardening through configuration management | Preventive | |
| Enable the Network News Transport Protocol service as necessary. CC ID 05017 | System hardening through configuration management | Preventive | |
| Enable the network Dynamic Data Exchange service as necessary. CC ID 05018 | System hardening through configuration management | Preventive | |
| Enable the Distributed Link Tracking Server service as necessary. CC ID 05019 | System hardening through configuration management | Preventive | |
| Enable the RARP service as necessary. CC ID 05020 | System hardening through configuration management | Preventive | |
| Configure the ".NET Framework service" setting to organizational standards. CC ID 05021 | System hardening through configuration management | Preventive | |
| Enable the Network DDE Share Database Manager service as necessary. CC ID 05022 | System hardening through configuration management | Preventive | |
| Enable the Certificate Services service as necessary. CC ID 05023 | System hardening through configuration management | Preventive | |
| Configure the ATI hotkey poller service properly. CC ID 05024 | System hardening through configuration management | Preventive | |
| Configure the Interix Subsystem Startup service properly. CC ID 05025 | System hardening through configuration management | Preventive | |
| Configure the Cluster Service service properly. CC ID 05026 | System hardening through configuration management | Preventive | |
| Configure the IAS Jet Database Access service properly. CC ID 05027 | System hardening through configuration management | Preventive | |
| Configure the IAS service properly. CC ID 05028 | System hardening through configuration management | Preventive | |
| Configure the IP Version 6 Helper service properly. CC ID 05029 | System hardening through configuration management | Preventive | |
| Configure "Message Queuing service" to organizational standards. CC ID 05030 | System hardening through configuration management | Preventive | |
| Configure the Message Queuing Down Level Clients service properly. CC ID 05031 | System hardening through configuration management | Preventive | |
| Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033 | System hardening through configuration management | Preventive | |
| Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034 | System hardening through configuration management | Preventive | |
| Configure the Utility Manager service properly. CC ID 05035 | System hardening through configuration management | Preventive | |
| Configure the secondary logon service properly. CC ID 05036 | System hardening through configuration management | Preventive | |
| Configure the Windows Management Instrumentation service properly. CC ID 05037 | System hardening through configuration management | Preventive | |
| Configure the Workstation service properly. CC ID 05038 | System hardening through configuration management | Preventive | |
| Configure the Windows Installer service properly. CC ID 05039 | System hardening through configuration management | Preventive | |
| Configure the Windows System Resource Manager service properly. CC ID 05040 | System hardening through configuration management | Preventive | |
| Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041 | System hardening through configuration management | Preventive | |
| Configure the Services for Unix Client for NFS service properly. CC ID 05042 | System hardening through configuration management | Preventive | |
| Configure the Services for Unix Server for PCNFS service properly. CC ID 05043 | System hardening through configuration management | Preventive | |
| Configure the Services for Unix Perl Socket service properly. CC ID 05044 | System hardening through configuration management | Preventive | |
| Configure the Services for Unix User Name Mapping service properly. CC ID 05045 | System hardening through configuration management | Preventive | |
| Configure the Services for Unix Windows Cron service properly. CC ID 05046 | System hardening through configuration management | Preventive | |
| Configure the Windows Media Services service properly. CC ID 05047 | System hardening through configuration management | Preventive | |
| Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048 | System hardening through configuration management | Preventive | |
| Configure the Web Element Manager service properly. CC ID 05049 | System hardening through configuration management | Preventive | |
| Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050 | System hardening through configuration management | Preventive | |
| Configure the Terminal Services Licensing service properly. CC ID 05051 | System hardening through configuration management | Preventive | |
| Configure the COM+ Event System service properly. CC ID 05052 | System hardening through configuration management | Preventive | |
| Configure the Event Log service properly. CC ID 05053 | System hardening through configuration management | Preventive | |
| Configure the Infrared Monitor service properly. CC ID 05054 | System hardening through configuration management | Preventive | |
| Configure the Services for Unix Server for NFS service properly. CC ID 05055 | System hardening through configuration management | Preventive | |
| Configure the System Event Notification Service properly. CC ID 05056 | System hardening through configuration management | Preventive | |
| Configure the NTLM Security Support Provider service properly. CC ID 05057 | System hardening through configuration management | Preventive | |
| Configure the Performance Logs and Alerts service properly. CC ID 05058 | System hardening through configuration management | Preventive | |
| Configure the Protected Storage service properly. CC ID 05059 | System hardening through configuration management | Preventive | |
| Configure the QoS Admission Control (RSVP) service properly. CC ID 05060 | System hardening through configuration management | Preventive | |
| Configure the Remote Procedure Call service properly. CC ID 05061 | System hardening through configuration management | Preventive | |
| Configure the Removable Storage service properly. CC ID 05062 | System hardening through configuration management | Preventive | |
| Configure the Server service properly. CC ID 05063 | System hardening through configuration management | Preventive | |
| Configure the Security Accounts Manager service properly. CC ID 05064 | System hardening through configuration management | Preventive | |
| Configure the “Network Connections” service to organizational standards. CC ID 05065 | System hardening through configuration management | Preventive | |
| Configure the Logical Disk Manager service properly. CC ID 05066 | System hardening through configuration management | Preventive | |
| Configure the Logical Disk Manager Administrative Service properly. CC ID 05067 | System hardening through configuration management | Preventive | |
| Configure the File Replication service properly. CC ID 05068 | System hardening through configuration management | Preventive | |
| Configure the Kerberos Key Distribution Center service properly. CC ID 05069 | System hardening through configuration management | Preventive | |
| Configure the Intersite Messaging service properly. CC ID 05070 | System hardening through configuration management | Preventive | |
| Configure the Remote Procedure Call locator service properly. CC ID 05071 | System hardening through configuration management | Preventive | |
| Configure the Distributed File System service properly. CC ID 05072 | System hardening through configuration management | Preventive | |
| Configure the Windows Internet Name Service service properly. CC ID 05073 | System hardening through configuration management | Preventive | |
| Configure the FTP Publishing Service properly. CC ID 05074 | System hardening through configuration management | Preventive | |
| Configure the Windows Search service properly. CC ID 05075 | System hardening through configuration management | Preventive | |
| Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076 | System hardening through configuration management | Preventive | |
| Configure the Remote Shell service properly. CC ID 05077 | System hardening through configuration management | Preventive | |
| Configure Simple TCP/IP services to organizational standards. CC ID 05078 | System hardening through configuration management | Preventive | |
| Configure the Print Services for Unix service properly. CC ID 05079 | System hardening through configuration management | Preventive | |
| Configure the File Shares service to organizational standards. CC ID 05080 | System hardening through configuration management | Preventive | |
| Configure the NetMeeting service properly. CC ID 05081 | System hardening through configuration management | Preventive | |
| Configure the Application Layer Gateway service properly. CC ID 05082 | System hardening through configuration management | Preventive | |
| Configure the Cryptographic Services service properly. CC ID 05083 | System hardening through configuration management | Preventive | |
| Configure the Help and Support Service properly. CC ID 05084 | System hardening through configuration management | Preventive | |
| Configure the Human Interface Device Access service properly. CC ID 05085 | System hardening through configuration management | Preventive | |
| Configure the IMAPI CD-Burning COM service properly. CC ID 05086 | System hardening through configuration management | Preventive | |
| Configure the MS Software Shadow Copy Provider service properly. CC ID 05087 | System hardening through configuration management | Preventive | |
| Configure the Network Location Awareness service properly. CC ID 05088 | System hardening through configuration management | Preventive | |
| Configure the Portable Media Serial Number Service service properly. CC ID 05089 | System hardening through configuration management | Preventive | |
| Configure the System Restore Service service properly. CC ID 05090 | System hardening through configuration management | Preventive | |
| Configure the Themes service properly. CC ID 05091 | System hardening through configuration management | Preventive | |
| Configure the Uninterruptible Power Supply service properly. CC ID 05092 | System hardening through configuration management | Preventive | |
| Configure the Upload Manager service properly. CC ID 05093 | System hardening through configuration management | Preventive | |
| Configure the Volume Shadow Copy Service properly. CC ID 05094 | System hardening through configuration management | Preventive | |
| Configure the WebClient service properly. CC ID 05095 | System hardening through configuration management | Preventive | |
| Configure the Windows Audio service properly. CC ID 05096 | System hardening through configuration management | Preventive | |
| Configure the Windows Image Acquisition service properly. CC ID 05097 | System hardening through configuration management | Preventive | |
| Configure the WMI Performance Adapter service properly. CC ID 05098 | System hardening through configuration management | Preventive | |
| Enable file uploads via vsftpd service, as appropriate. CC ID 05100 | System hardening through configuration management | Preventive | |
| Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885 | System hardening through configuration management | Preventive | |
| Configure the "SNMP version 1" setting to organizational standards. CC ID 08976 | System hardening through configuration management | Preventive | |
| Configure the "xdmcp service" setting to organizational standards. CC ID 08985 | System hardening through configuration management | Preventive | |
| Disable the automatic display of remote images in HTML-formatted e-mail. CC ID 04494 | System hardening through configuration management | Preventive | |
| Disable Remote Apply Events unless Remote Apply Events are absolutely necessary. CC ID 04495 | System hardening through configuration management | Preventive | |
| Disable Xgrid unless Xgrid is absolutely necessary. CC ID 04496 | System hardening through configuration management | Preventive | |
| Configure the "Do Not Show First Use Dialog Boxes" setting for Windows Media Player properly. CC ID 05136 | System hardening through configuration management | Preventive | |
| Disable Core dumps unless absolutely necessary. CC ID 01507 | System hardening through configuration management | Preventive | |
| Set hard core dump size limits, as appropriate. CC ID 05990 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Desktop Shortcut Creation" setting for Windows Media Player properly. CC ID 05137 | System hardening through configuration management | Preventive | |
| Set the Squid EUID and Squid GUID to an appropriate user and group. CC ID 05138 | System hardening through configuration management | Preventive | |
| Verify groups referenced in /etc/passwd are included in /etc/group, as appropriate. CC ID 05139 | System hardening through configuration management | Preventive | |
| Use of the cron.allow file should be enabled or disabled as appropriate. CC ID 06014 | System hardening through configuration management | Preventive | |
| Use of the at.allow file should be enabled or disabled as appropriate. CC ID 06015 | System hardening through configuration management | Preventive | |
| Enable or disable the Dynamic DNS feature of the DHCP Server as appropriate. CC ID 06039 | System hardening through configuration management | Preventive | |
| Enable or disable each user's Screen saver software, as necessary. CC ID 06050 | System hardening through configuration management | Preventive | |
| Disable any unnecessary scripting languages, as necessary. CC ID 12137 | System hardening through configuration management | Preventive | |
| Configure the system to refrain from completing authentication methods when a security breach is detected. CC ID 13790 | System hardening through configuration management | Preventive | |
| Allow logon to privileged accounts, as appropriate. CC ID 05281 | System hardening through configuration management | Preventive | |
| Verify the logon accounts include an appropriate GECOS identifier, as appropriate. CC ID 05280 | System hardening through configuration management | Preventive | |
| Configure the "/etc/shadow" settings to organizational standards. CC ID 15332 | System hardening through configuration management | Preventive | |
| Set the default su console properly. CC ID 05279 | System hardening through configuration management | Preventive | |
| Set the default logon console properly. CC ID 05278 | System hardening through configuration management | Preventive | |
| Enable or disable local user logon to the vsftpd service, as appropriate. CC ID 05277 | System hardening through configuration management | Preventive | |
| Enable or disable anonymous root logons, as appropriate. CC ID 05276 | System hardening through configuration management | Preventive | |
| Enable or disable interactive logon to non-root system accounts, as necessary. CC ID 05275 | System hardening through configuration management | Preventive | |
| Enable or disable logins through the primary console device, as appropriate. CC ID 05274 | System hardening through configuration management | Preventive | |
| Enable or disable logins through the named virtual console device, as appropriate. CC ID 05273 | System hardening through configuration management | Preventive | |
| Enable or disable logons through the named virtual console interface, as appropriate. CC ID 05272 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Do not display last user name" setting to organizational standards. CC ID 01740 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Do not require CTRL+ALT+DEL" setting. CC ID 01741 | System hardening through configuration management | Preventive | |
| Configure the system logon banner. CC ID 01742 | System hardening through configuration management | Preventive | |
| Configure the system logon banner message title. CC ID 01743 | System hardening through configuration management | Preventive | |
| Configure the "interactive logon: number of previous logons to cache (in case domain controller is not available" setting. CC ID 01744 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Require Domain Controller authentication to unlock workstation" setting. CC ID 01746 | System hardening through configuration management | Preventive | |
| Configure the Prompt for password on resume from hibernate / suspend setting. CC ID 04356 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Smart card removal behavior" setting. CC ID 01747 | System hardening through configuration management | Preventive | |
| Configure the "Recovery console: Allow automatic administrative logon" setting. CC ID 01776 | System hardening through configuration management | Preventive | |
| Configure the "Recovery console: Allow floppy copy and access to all drivers and all folders" setting. CC ID 01777 | System hardening through configuration management | Preventive | |
| Configure the system to require an Open Firmware password on system startup. CC ID 04479 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Require removal card" setting. CC ID 06053 | System hardening through configuration management | Preventive | |
| Configure the settings of the system registry and the systems objects (for Windows OS only). CC ID 01781 | System hardening through configuration management | Preventive | |
| Configure ICMP timestamp request responses properly. CC ID 05150 | System hardening through configuration management | Preventive | |
| Configure the Administrators group as the default owner for all new objects. CC ID 01782 | System hardening through configuration management | Preventive | |
| Configure the "System objects: Require case-insensitivity for non-Windows systems" setting. CC ID 01783 | System hardening through configuration management | Preventive | |
| Configure the "System objects: Strengthen default permissions of internal system objects" setting. CC ID 01784 | System hardening through configuration management | Preventive | |
| Configure the system to suppress Dr. Watson Crash dumps. CC ID 01785 | System hardening through configuration management | Preventive | |
| Disable automatic execution of the system debugger. CC ID 01786 | System hardening through configuration management | Preventive | |
| Disable automatic logon. CC ID 01788 | System hardening through configuration management | Preventive | |
| Disable automatic reboots after a Blue Screen of Death. CC ID 01789 | System hardening through configuration management | Preventive | |
| Remove administrative shares on workstations. CC ID 01791 | System hardening through configuration management | Preventive | |
| Configure the system to protect against Browser Spoofing attacks. CC ID 01792 | System hardening through configuration management | Preventive | |
| Configure the system to protect against source-routing spoofing. CC ID 01793 | System hardening through configuration management | Preventive | |
| Configure the system to protect the default gateway network setting. CC ID 01794 | System hardening through configuration management | Preventive | |
| Configure the TCP/IP Dead Gateway Detection as appropriate. CC ID 06025 | System hardening through configuration management | Preventive | |
| Configure the system to ensure ICMP routing via the shortest path first. CC ID 01795 | System hardening through configuration management | Preventive | |
| Configure the system to protect against packet fragmentation. CC ID 01796 | System hardening through configuration management | Preventive | |
| Configure the keep-alive times. CC ID 01797 | System hardening through configuration management | Preventive | |
| Configure the system to protect against malicious Name-Release Attacks. CC ID 01798 | System hardening through configuration management | Preventive | |
| Disable Internet Router Discovery Protocol. CC ID 01799 | System hardening through configuration management | Preventive | |
| Configure the system to protect against SYN Flood attacks. CC ID 01800 | System hardening through configuration management | Preventive | |
| Configure the TCP Maximum half-open sockets. CC ID 01801 | System hardening through configuration management | Preventive | |
| Configure the TCP Maximum half-open retired sockets. CC ID 01802 | System hardening through configuration management | Preventive | |
| Configure the number of dropped connect requests to a set maximum. CC ID 04272 | System hardening through configuration management | Preventive | |
| Enable Internet Protocol Security to protect Kerberos RSVP communication. CC ID 01803 | System hardening through configuration management | Preventive | |
| Configure the system to hide workstations from the network browser listing. CC ID 01804 | System hardening through configuration management | Preventive | |
| Enable the safe DSS search mode. CC ID 01805 | System hardening through configuration management | Preventive | |
| Disable WebDAV basic authentication (sp 2 only). CC ID 01806 | System hardening through configuration management | Preventive | |
| Disable basic authentication over a clear channel (sp 2 only). CC ID 01807 | System hardening through configuration management | Preventive | |
| Enable the usb block storage device policy (sp 2 only). CC ID 01808 | System hardening through configuration management | Preventive | |
| Block the Distributed Transaction Coordinator service and set additional Distributed Transaction Coordinator parameters, if necessary. CC ID 01809 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software\Classes. CC ID 02010 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software. CC ID 02011 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\NetDDE. CC ID 02012 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\OS/2 Subsystem for NT. CC ID 02013 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows NT\CurrentVersion\AsrCommands. CC ID 02014 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib. CC ID 02015 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy. CC ID 02016 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Installer. CC ID 02017 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies. CC ID 02018 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System. CC ID 02019 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\Clone. CC ID 02020 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\ControlSet001. CC ID 02021 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\ControlSet00x. CC ID 02022 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Control\SecurePipeServers\WinReg. CC ID 02023 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Control\WMI\Security. CC ID 02024 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Enum. CC ID 02025 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Hardware Profiles. CC ID 02026 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers. CC ID 02027 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities. CC ID 02028 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKU\.Default. CC ID 02029 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKU\.Default\Software\Microsoft\NetDDE. CC ID 02030 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKU\.Default\Software\Microsoft\Protected Storage System Provider. CC ID 02031 | System hardening through configuration management | Preventive | |
| Set the registry permission for %SystemDrive%. CC ID 02032 | System hardening through configuration management | Preventive | |
| Enable auditing for HKLM\Software and set its registry permission. CC ID 02033 | System hardening through configuration management | Preventive | |
| Enable auditing for HKLM\System and set its registry permission. CC ID 02034 | System hardening through configuration management | Preventive | |
| Configure the system to a set number of unacknowledged data retransmissions. CC ID 04271 | System hardening through configuration management | Preventive | |
| Configure the system to remap folder types to Notepad. CC ID 04312 | System hardening through configuration management | Preventive | |
| Configure the system to show hidden file types. CC ID 04313 | System hardening through configuration management | Preventive | |
| Configure the "Do not process the legacy run list" setting. CC ID 04322 | System hardening through configuration management | Preventive | |
| Configure the "Do not process the run once list" setting. CC ID 04323 | System hardening through configuration management | Preventive | |
| Configure "Registry policy processing" to organizational standards. CC ID 04324 | System hardening through configuration management | Preventive | |
| Configure the "Restrict Terminal Server users to a single remote session" setting to organizational standards. CC ID 04510 | System hardening through configuration management | Preventive | |
| Configure the "Do not use temporary folders per session" setting to organizational standards. CC ID 04513 | System hardening through configuration management | Preventive | |
| Configure the "Do not delete temp folder upon exit" setting to organizational standards. CC ID 04514 | System hardening through configuration management | Preventive | |
| Configure the "Turn off background refresh of Group Policy" setting to organizational standards. CC ID 04520 | System hardening through configuration management | Preventive | |
| Configure the "Configure Windows NTP Client" setting. CC ID 04522 | System hardening through configuration management | Preventive | |
| Configure the "Disallow installation of printers using kernel-mode drivers" setting to organizational standards. CC ID 04523 | System hardening through configuration management | Preventive | |
| Configure the "Prevent codec download" setting to organizational standards. CC ID 04524 | System hardening through configuration management | Preventive | |
| Verify the Posix registry key does not exist. CC ID 04525 | System hardening through configuration management | Preventive | |
| Configure the Recycle Bin to delete files on assets running Windows Server 2003. CC ID 04526 | System hardening through configuration management | Preventive | |
| Configure the system to allow only administrators with permissions to change the security settings of Distributed Component Object Model objects. CC ID 04529 | System hardening through configuration management | Preventive | |
| Configure the system to allow Distributed Component Object Model calls to be executed only under the calling user's security context. CC ID 04530 | System hardening through configuration management | Preventive | |
| Configure the version string reported by the bind service properly. CC ID 05140 | System hardening through configuration management | Preventive | |
| Enable or disable performing source validation by reverse path, as appropriate. CC ID 05141 | System hardening through configuration management | Preventive | |
| Verify the environment variable "Os2LibPath" exists, as appropriate. CC ID 05142 | System hardening through configuration management | Preventive | |
| Define the path to the Microsoft OS/2 version 1.x library properly. CC ID 05143 | System hardening through configuration management | Preventive | |
| Set the "Specify intranet Microsoft update service location" properly. CC ID 05144 | System hardening through configuration management | Preventive | |
| Set the path to the debugger used for Just-In-Time debugging properly. CC ID 05145 | System hardening through configuration management | Preventive | |
| Set the OS/2 Subsystem location properly. CC ID 05146 | System hardening through configuration management | Preventive | |
| Configure extended TCP reserved ports properly. CC ID 05147 | System hardening through configuration management | Preventive | |
| Enable or disable ICMPv4 redirects, as appropriate. CC ID 05148 | System hardening through configuration management | Preventive | |
| Enable or disable ICMPv6 redirects, as appropriate. CC ID 05149 | System hardening through configuration management | Preventive | |
| Configure ICMP timestamp broadcast request responses properly. CC ID 05151 | System hardening through configuration management | Preventive | |
| Configure Internet Control Message Protocol echo (ping) request responses properly. CC ID 05152 | System hardening through configuration management | Preventive | |
| Configure ICMP netmask request responses properly. CC ID 05153 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_CLASSES_ROOT properly. CC ID 05154 | System hardening through configuration management | Preventive | |
| Set the registry key HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Os2 properly. CC ID 05155 | System hardening through configuration management | Preventive | |
| Set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Debugger properly. CC ID 05156 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Regfile\Shell\Open\Command properly. CC ID 05157 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography properly. CC ID 05158 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp properly. CC ID 05159 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\helpfile properly. CC ID 05160 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing properly. CC ID 05161 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais properly. CC ID 05162 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell properly. CC ID 05163 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony properly. CC ID 05164 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability properly. CC ID 05165 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell properly. CC ID 05166 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion properly. CC ID 05167 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech properly. CC ID 05168 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC properly. CC ID 05169 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem properly. CC ID 05170 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates properly. CC ID 05171 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports properly. CC ID 05172 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing properly. CC ID 05173 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Policies properly. CC ID 05174 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor properly. CC ID 05175 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ads\Providers\WinNT properly. CC ID 05176 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT properly. CC ID 05177 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS properly. CC ID 05178 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions properly. CC ID 05179 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots properly. CC ID 05180 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager properly. CC ID 05181 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help properly. CC ID 05182 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip properly. CC ID 05183 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing properly. CC ID 05184 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DeviceManager properly. CC ID 05185 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security properly. CC ID 05186 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP properly. CC ID 05187 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent properly. CC ID 05188 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security properly. CC ID 05189 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security properly. CC ID 05190 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security properly. CC ID 05191 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security properly. CC ID 05192 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security properly. CC ID 05193 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security properly. CC ID 05194 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security properly. CC ID 05195 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security properly. CC ID 05196 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility properly. CC ID 05197 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security properly. CC ID 05198 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security properly. CC ID 05199 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services properly. CC ID 05200 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers properly. CC ID 05201 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network properly. CC ID 05202 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\LSA\Data properly. CC ID 05203 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG properly. CC ID 05204 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1 properly. CC ID 05205 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD properly. CC ID 05206 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control properly. CC ID 05207 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wbem properly. CC ID 05208 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security properly. CC ID 05209 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font properly. CC ID 05210 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog properly. CC ID 05211 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares properly. CC ID 05212 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status properly. CC ID 05213 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Secure properly. CC ID 05214 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups properly. CC ID 05215 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon properly. CC ID 05216 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones properly. CC ID 05217 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping properly. CC ID 05218 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS properly. CC ID 05219 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper properly. CC ID 05220 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility properly. CC ID 05221 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug properly. CC ID 05222 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx properly. CC ID 05223 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce properly. CC ID 05224 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run properly. CC ID 05225 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows properly. CC ID 05226 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Secure properly. CC ID 05227 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC properly. CC ID 05228 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options properly. CC ID 05229 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole properly. CC ID 05230 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions properly. CC ID 05231 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout properly. CC ID 05232 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex properly. CC ID 05233 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName properly. CC ID 05234 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy properly. CC ID 05235 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule properly. CC ID 05236 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost properly. CC ID 05237 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit properly. CC ID 05238 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList properly. CC ID 05239 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS properly. CC ID 05240 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 properly. CC ID 05241 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes properly. CC ID 05242 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion properly. CC ID 05243 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates properly. CC ID 05244 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows properly. CC ID 05245 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole properly. CC ID 05246 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers properly. CC ID 05247 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies properly. CC ID 05248 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey properly. CC ID 05249 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host properly. CC ID 05250 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings properly. CC ID 05251 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class properly. CC ID 05252 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security properly. CC ID 05253 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache properly. CC ID 05254 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security properly. CC ID 05255 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security properly. CC ID 05256 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt properly. CC ID 05257 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess properly. CC ID 05259 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security properly. CC ID 05260 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security properly. CC ID 05261 | System hardening through configuration management | Preventive | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries properly. CC ID 05262 | System hardening through configuration management | Preventive | |
| Configure the "audit the %SystemDrive% directory" setting to organizational standards. CC ID 10099 | System hardening through configuration management | Preventive | |
| Configure the "audit the HKEY_LOCAL_MACHINESOFTWARE registry key" setting to organizational standards. CC ID 10100 | System hardening through configuration management | Preventive | |
| Configure the "audit the HKEY_LOCAL_MACHINESYSTEM registry key" setting to organizational standards. CC ID 10101 | System hardening through configuration management | Preventive | |
| Configure the "%ProgramFiles%" directory permissions to organizational standards. CC ID 10102 | System hardening through configuration management | Preventive | |
| Configure the "%ProgramFiles%Resource Kit" directory permissions to organizational standards. CC ID 10103 | System hardening through configuration management | Preventive | |
| Configure the "%ProgramFiles%Resource Pro Kit" directory permissions to organizational standards. CC ID 10104 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%" directory permissions to organizational standards. CC ID 10105 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%AUTOEXEC.BAT" file permissions to organizational standards. CC ID 10106 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%BOOT.INI" file permissions to organizational standards. CC ID 10107 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%CONFIG.SYS" file permissions to organizational standards. CC ID 10108 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%Documents and Settings" file permissions to organizational standards. CC ID 10109 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAdministrator" directory permissions to organizational standards. CC ID 10110 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAll Users" directory permissions to organizational standards. CC ID 10111 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersDocumentsDrWatson" directory permissions to organizational standards. CC ID 10112 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersDocumentsDrWatsondrwtsn32.log" file permissions to organizational standards. CC ID 10113 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsDefault User" directory permissions to organizational standards. CC ID 10114 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%IO.SYS" file permissions to organizational standards. CC ID 10115 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%MSDOS.SYS" file permissions to organizational standards. CC ID 10116 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%NTBOOTDD.SYS" file permissions to organizational standards. CC ID 10117 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%NTDETECT.COM" file permissions to organizational standards. CC ID 10118 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%NTLDR" file permissions to organizational standards. CC ID 10119 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%Temp" directory permissions to organizational standards. CC ID 10120 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%My Download Files" directory permissions to organizational standards. CC ID 10121 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%System Volume Information" file permissions to organizational standards. CC ID 10122 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%" directory permissions to organizational standards. CC ID 10123 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Driver CacheI386Driver.cab" directory permissions to organizational standards. CC ID 10124 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%$NtServicePackUninstall$" directory permissions to organizational standards. CC ID 10125 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%$NtServicePackUninstall$" directory permissions to organizational standards. CC ID 10126 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%$NtUninstall*" directories permissions to organizational standards. CC ID 10127 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%CSC" directory permissions to organizational standards. CC ID 10128 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Debug" directory permissions to organizational standards. CC ID 10129 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%DebugUserMode" directory permissions to organizational standards. CC ID 10130 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot% egedit.exe" file permissions to organizational standards. CC ID 10131 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%NTDS" directory permissions to organizational standards. CC ID 10132 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Offline Web Pages" directory permissions to organizational standards. CC ID 10133 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Registration" directory permissions to organizational standards. CC ID 10134 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot% epair" directory permissions to organizational standards. CC ID 10135 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%security" directory permissions to organizational standards. CC ID 10136 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%SYSVOL" directory permissions to organizational standards. CC ID 10137 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%SYSVOLdomainPolicies" directory permissions to organizational standards. CC ID 10138 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Temp" directory permissions to organizational standards. CC ID 10139 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32" directory permissions to organizational standards. CC ID 10140 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32arp.exe" directory permissions to organizational standards. CC ID 10141 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32at.exe" file permissions to organizational standards. CC ID 10142 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32CONFIG" file permissions to organizational standards. CC ID 10143 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32CONFIGAppEvent.evt" file permissions to organizational standards. CC ID 10144 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32CONFIG*.evt" file permissions to organizational standards. CC ID 10145 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32dllcache" directory permissions to organizational standards. CC ID 10146 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32DTCLog" directory permissions to organizational standards. CC ID 10147 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32GroupPolicy" directory permissions to organizational standards. CC ID 10148 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32ias" directory permissions to organizational standards. CC ID 10149 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32Ntbackup.exe" file permissions to organizational standards. CC ID 10150 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32NTMSData" directory permissions to organizational standards. CC ID 10151 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32Rcp.exe" file permissions to organizational standards. CC ID 10152 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32Regedt32.exe" file permissions to organizational standards. CC ID 10153 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%system32ReinstallBackups" directory permissions to organizational standards. CC ID 10154 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32Rexec.exe" file permissions to organizational standards. CC ID 10155 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32Rsh.exe" file permissions to organizational standards. CC ID 10156 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32Secedit.exe" file permissions to organizational standards. CC ID 10157 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32Setup" directory permissions to organizational standards. CC ID 10158 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 epl" directory permissions to organizational standards. CC ID 10159 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 eplexport" directory permissions to organizational standards. CC ID 10160 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 eplimport" directory permissions to organizational standards. CC ID 10161 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32spoolPrinters" directory permissions to organizational standards. CC ID 10162 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Tasks" directory permissions to organizational standards. CC ID 10163 | System hardening through configuration management | Preventive | |
| Configure the "%ALL%Program FilesMQSeries" directory permissions to organizational standards. CC ID 10164 | System hardening through configuration management | Preventive | |
| Configure the "%ALL%Program FilesMQSeriesqmggr" directory permissions to organizational standards. CC ID 10165 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersApplication DataMicrosoftHTML Help ACL" directory permissions to organizational standards. CC ID 10166 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%WINNTSECURITYDatabaseSECEDIT.SDB ACL" directory permissions to organizational standards. CC ID 10167 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_CLASSES_ROOT" registry key permissions to organizational standards. CC ID 10168 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWARE" registry key permissions to organizational standards. CC ID 10169 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasses" registry key permissions to organizational standards. CC ID 10170 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClassesRegfileShellOpenCommand" registry key permissions to organizational standards. CC ID 10171 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftNetDDE" registry key permissions to organizational standards. CC ID 10172 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftOS/2 Subsystem for NT" registry key permissions to organizational standards. CC ID 10173 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAsrCommands" registry key permissions to organizational standards. CC ID 10174 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib" registry key permissions to organizational standards. CC ID 10175 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup Policy" registry key permissions to organizational standards. CC ID 10176 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller" registry key permissions to organizational standards. CC ID 10177 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPolicies" registry key permissions to organizational standards. CC ID 10178 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEM" registry key permissions to organizational standards. CC ID 10179 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMclone" registry key permissions to organizational standards. CC ID 10180 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset001" registry key permissions to organizational standards. CC ID 10181 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset002" registry key permissions to organizational standards. CC ID 10182 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset003" registry key permissions to organizational standards. CC ID 10183 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset004" registry key permissions to organizational standards. CC ID 10184 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset005" registry key permissions to organizational standards. CC ID 10185 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset006" registry key permissions to organizational standards. CC ID 10186 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset007" registry key permissions to organizational standards. CC ID 10187 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset008" registry key permissions to organizational standards. CC ID 10188 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset009" registry key permissions to organizational standards. CC ID 10189 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset010" registry key permissions to organizational standards. CC ID 10190 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServerswinreg" registry key permissions to organizational standards. CC ID 10191 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlWmiSecurity" registry key permissions to organizational standards. CC ID 10192 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum" registry key permissions to organizational standards. CC ID 10193 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetHardware Profiles" registry key permissions to organizational standards. CC ID 10194 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers" registry key permissions to organizational standards. CC ID 10195 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities" registry key permissions to organizational standards. CC ID 10196 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_USERS.DEFAULT " registry key permissions to organizational standards. CC ID 10197 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftNetDDE" registry key permissions to organizational standards. CC ID 10198 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftProtected Storage System Provider" registry key permissions to organizational standards. CC ID 10199 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_CLASSES_ROOT" registry key permissions to organizational standards. CC ID 10200 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 unas.exe" file permissions to organizational standards. CC ID 10222 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAEDebugDebugger" registry key to organizational standards. CC ID 10233 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%perflogs" directory permissions to organizational standards. CC ID 10266 | System hardening through configuration management | Preventive | |
| Configure the "%SystemDrive%i386" directory permissions to organizational standards. CC ID 10267 | System hardening through configuration management | Preventive | |
| Configure the "%ProgramFiles%Common FilesSpeechEnginesTTS" directory permissions to organizational standards. CC ID 10268 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%\_default.plf" file permissions to organizational standards. CC ID 10269 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%addins" directory permissions to organizational standards. CC ID 10270 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%appPatch" directory permissions to organizational standards. CC ID 10271 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%clock.avi" file permissions to organizational standards. CC ID 10272 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Connection Wizard" directory permissions to organizational standards. CC ID 10273 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Driver Cache" file permissions to organizational standards. CC ID 10274 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%explorer.scf" file permissions to organizational standards. CC ID 10275 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%explorer.exe" file permissions to organizational standards. CC ID 10276 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Help" directory permissions to organizational standards. CC ID 10277 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%infunregmp2.exe" file permissions to organizational standards. CC ID 10278 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Java" directory permissions to organizational standards. CC ID 10279 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%mib.bin" file permissions to organizational standards. CC ID 10280 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%msagent" directory permissions to organizational standards. CC ID 10281 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%msdfmap.ini" file permissions to organizational standards. CC ID 10282 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%mui" directory permissions to organizational standards. CC ID 10283 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%security emplates" directory permissions to organizational standards. CC ID 10284 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%speech" directory permissions to organizational standards. CC ID 10285 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%system.ini" file permissions to organizational standards. CC ID 10286 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%systemsetup.inf" file permissions to organizational standards. CC ID 10287 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%systemstdole.tlb" file permissions to organizational standards. CC ID 10288 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot% wain_32" directory permissions to organizational standards. CC ID 10289 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32cacls.exe" directory permissions to organizational standards. CC ID 10290 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32attrib.exe" directory permissions to organizational standards. CC ID 10291 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32CatRoot" directory permissions to organizational standards. CC ID 10292 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32configsystemprofile" directory permissions to organizational standards. CC ID 10293 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32debug.exe" file permissions to organizational standards. CC ID 10294 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32dhcp" directory permissions to organizational standards. CC ID 10295 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32drivers" directory permissions to organizational standards. CC ID 10296 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32eventtriggers.exe" file permissions to organizational standards. CC ID 10297 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32edlin.exe" file permissions to organizational standards. CC ID 10298 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32eventcreate.exe" file permissions to organizational standards. CC ID 10299 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32Export" directory permissions to organizational standards. CC ID 10300 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32ipconfig.exe" file permissions to organizational standards. CC ID 10301 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32\nslookup.exe" file permissions to organizational standards CC ID 10302 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 etstat.exe" file permissions to organizational standards. CC ID 10303 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 btstat.exe" file permissions to organizational standards. CC ID 10304 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32ftp.exe" file permissions to organizational standards. CC ID 10305 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32LogFiles" directory permissions to organizational standards. CC ID 10306 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32mshta.exe" file permissions to organizational standards. CC ID 10307 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32mui" directory permissions to organizational standards. CC ID 10308 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 et.exe" file permissions to organizational standards. CC ID 10309 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 etsh.exe" file permissions to organizational standards. CC ID 10310 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 et1.exe" file permissions to organizational standards. CC ID 10311 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 eg.exe" file permissions to organizational standards. CC ID 10312 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 egini.exe" file permissions to organizational standards. CC ID 10313 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 egsvr32.exe" file permissions to organizational standards. CC ID 10314 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 oute.exe" file permissions to organizational standards. CC ID 10315 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32sc.exe" file permissions to organizational standards. CC ID 10316 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32ShellExt" directory permissions to organizational standards. CC ID 10317 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32subst.exe" file permissions to organizational standards. CC ID 10318 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32systeminfo.exe" file permissions to organizational standards. CC ID 10319 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 elnet.exe" file permissions to organizational standards. CC ID 10320 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 ftp.exe" file permissions to organizational standards. CC ID 10321 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32wbem" directory permissions to organizational standards. CC ID 10322 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32 lntsvr.exe" file permissions to organizational standards. CC ID 10323 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32wbemmof" directory permissions to organizational standards. CC ID 10324 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32wbem epository" directory permissions to organizational standards. CC ID 10325 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32wbemlogs" directory permissions to organizational standards. CC ID 10326 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography" registry key permissions to organizational standards. CC ID 10327 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasses.hlp" registry key permissions to organizational standards. CC ID 10328 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasseshelpfile" registry key permissions to organizational standards. CC ID 10329 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftTracing" registry key permissions to organizational standards. CC ID 10330 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyCalais" registry key permissions to organizational standards. CC ID 10331 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell" registry key permissions to organizational standards. CC ID 10332 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionTelephony" registry key permissions to organizational standards. CC ID 10333 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionReliability" registry key permissions to organizational standards. CC ID 10334 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerUser Shell" registry key permissions to organizational standards. CC ID 10335 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion" registry key permissions to organizational standards. CC ID 10336 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSpeech" registry key permissions to organizational standards. CC ID 10337 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTC" registry key permissions to organizational standards. CC ID 10338 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEventSystem" registry key permissions to organizational standards. CC ID 10339 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEnterpriseCertificates" registry key permissions to organizational standards. CC ID 10340 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPorts" registry key permissions to organizational standards. CC ID 10341 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftDriver Signing" registry key permissions to organizational standards. CC ID 10342 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREPolicies" registry key permissions to organizational standards. CC ID 10343 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor" registry key permissions to organizational standards. CC ID 10344 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdsProvidersWinNT" registry key permissions to organizational standards. CC ID 10345 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersNWCOMPAT" registry key permissions to organizational standards. CC ID 10346 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersNDS" registry key permissions to organizational standards. CC ID 10347 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersLDAPExtensions" registry key permissions to organizational standards. CC ID 10348 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftSystemCertificatesRootProtectedRoots" registry key permissions to organizational standards. CC ID 10349 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager" registry key permissions to organizational standards. CC ID 10350 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsHelp" registry key permissions to organizational standards. CC ID 10351 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip" registry key permissions to organizational standards. CC ID 10352 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftNon-Driver Signing" registry key permissions to organizational standards. CC ID 10353 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftDeviceManager" registry key permissions to organizational standards. CC ID 10354 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesClipSrvSecurity" registry key permissions to organizational standards. CC ID 10355 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDHCP" registry key permissions to organizational standards. CC ID 10356 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlServiceCurrent" registry key permissions to organizational standards. CC ID 10357 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogSecurity" registry key permissions to organizational standards. CC ID 10358 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWMISecurity" registry key permissions to organizational standards. CC ID 10359 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeSecurity" registry key permissions to organizational standards. CC ID 10360 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTapiSrvSecurity" registry key permissions to organizational standards. CC ID 10361 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSCardSvrSecurity" registry key permissions to organizational standards. CC ID 10362 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSamssSecurity" registry key permissions to organizational standards. CC ID 10363 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRpcSsSecurity" registry key permissions to organizational standards. CC ID 10364 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDEdsdmSecurity" registry key permissions to organizational standards. CC ID 10365 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAccessibility" registry key permissions to organizational standards. CC ID 10366 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceskdcSecurity" registry key permissions to organizational standards. CC ID 10367 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAppMgmtSecurity" registry key permissions to organizational standards. CC ID 10368 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices" registry key permissions to organizational standards. CC ID 10369 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServers" registry key permissions to organizational standards. CC ID 10370 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetwork" registry key permissions to organizational standards. CC ID 10371 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAData" registry key permissions to organizational standards. CC ID 10372 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAGBG" registry key permissions to organizational standards. CC ID 10373 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSASkew1" registry key permissions to organizational standards. CC ID 10374 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAJD" registry key permissions to organizational standards. CC ID 10375 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl" registry key permissions to organizational standards. CC ID 10376 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftwbem" registry key permissions to organizational standards. CC ID 10377 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDESecurity" registry key permissions to organizational standards. CC ID 10378 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFont" registry key permissions to organizational standards. CC ID 10379 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLog" registry key permissions to organizational standards. CC ID 10380 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerShares" registry key permissions to organizational standards. CC ID 10381 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREWindows 3.1 Migration Status" registry key permissions to organizational standards. CC ID 10382 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWARESecure" registry key permissions to organizational standards. CC ID 10383 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREProgram Groups" registry key permissions to organizational standards. CC ID 10384 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" registry key permissions to organizational standards. CC ID 10385 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTime Zones" registry key permissions to organizational standards. CC ID 10386 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMapping" registry key permissions to organizational standards. CC ID 10387 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUPS" registry key permissions to organizational standards. CC ID 10388 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontMapper" registry key permissions to organizational standards. CC ID 10389 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionCompatibility" registry key permissions to organizational standards. CC ID 10390 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAEDebug" registry key permissions to organizational standards. CC ID 10391 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx" registry key permissions to organizational standards. CC ID 10392 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce" registry key permissions to organizational standards. CC ID 10393 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" registry key permissions to organizational standards. CC ID 10394 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows" registry key permissions to organizational standards. CC ID 10395 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecure" registry key permissions to organizational standards. CC ID 10396 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftRPC" registry key permissions to organizational standards. CC ID 10397 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" registry key permissions to organizational standards. CC ID 10398 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSetupRecoveryConsole" registry key permissions to organizational standards. CC ID 10399 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlProductOptions" registry key permissions to organizational standards. CC ID 10400 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlKeyboard Layout" registry key permissions to organizational standards. CC ID 10401 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlContentIndex" registry key permissions to organizational standards. CC ID 10402 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlComputerName" registry key permissions to organizational standards. CC ID 10403 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup Policy" registry key permissions to organizational standards. CC ID 10404 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule" registry key permissions to organizational standards. CC ID 10405 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost" registry key permissions to organizational standards. CC ID 10406 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSecEdit" registry key permissions to organizational standards. CC ID 10407 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList" registry key permissions to organizational standards. CC ID 10408 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionEFS" registry key permissions to organizational standards. CC ID 10409 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32" registry key permissions to organizational standards. CC ID 10410 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionClasses" registry key permissions to organizational standards. CC ID 10411 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion" registry key permissions to organizational standards. CC ID 10412 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSystemCertificates" registry key permissions to organizational standards. CC ID 10413 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows" registry key permissions to organizational standards. CC ID 10414 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%Web" directory permissions to organizational standards. CC ID 10415 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle" registry key permissions to organizational standards. CC ID 10416 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintPrinters" registry key permissions to organizational standards. CC ID 10417 | System hardening through configuration management | Preventive | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionPolicies" registry key permissions to organizational standards. CC ID 10418 | System hardening through configuration management | Preventive | |
| Apply the appropriate warning message to systems. CC ID 01596 | System hardening through configuration management | Preventive | |
| Create a warning message for standard logon services. CC ID 01597 | System hardening through configuration management | Preventive | |
| Create a warning message for graphical logons. CC ID 01598 | System hardening through configuration management | Preventive | |
| Create a warning message for terminal session logons. CC ID 06564 | System hardening through configuration management | Preventive | |
| Create a warning message for FTP daemon. CC ID 01599 | System hardening through configuration management | Preventive | |
| Create a warning message for telnet daemon. CC ID 01600 | System hardening through configuration management | Preventive | |
| Create a power on warning message. CC ID 01601 | System hardening through configuration management | Preventive | |
| Enable the Kerberos TGT expiration warning, as appropriate. CC ID 05263 | System hardening through configuration management | Preventive | |
| Configure the sendmail greeting properly. CC ID 05264 | System hardening through configuration management | Preventive | |
| Set the Electrically-Erasable Programmable Read-Only Memory warning message properly. CC ID 05265 | System hardening through configuration management | Preventive | |
| Set the warning messages switchpoint distance to an appropriate value. CC ID 05266 | System hardening through configuration management | Preventive | |
| Enable logon authentication management techniques. CC ID 00553 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | System hardening through configuration management | Preventive | |
| Configure the system to log all access attempts to all systems. CC ID 00554 | System hardening through configuration management | Preventive | |
| Configure devices and users to re-authenticate, as necessary. CC ID 10609 | System hardening through configuration management | Preventive | |
| Configure the "Lockout Enabled" setting to organizational standards. CC ID 09859 | System hardening through configuration management | Preventive | |
| Prohibit the use of cached authenticators and credentials after a defined period of time. CC ID 10610 | System hardening through configuration management | Preventive | |
| Configure authenticators to comply with organizational standards. CC ID 06412 | System hardening through configuration management | Preventive | |
| Configure the system to require new users to change their authenticator on first use. CC ID 05268 | System hardening through configuration management | Preventive | |
| Configure authenticators so that group authenticators or shared authenticators are prohibited. CC ID 00519 | System hardening through configuration management | Preventive | |
| Configure the system to prevent unencrypted authenticator use. CC ID 04457 | System hardening through configuration management | Preventive | |
| Disable store passwords using reversible encryption. CC ID 01708 | System hardening through configuration management | Preventive | |
| Configure the system to encrypt authenticators. CC ID 06735 | System hardening through configuration management | Preventive | |
| Configure the system to mask authenticators. CC ID 02037 | System hardening through configuration management | Preventive | |
| Configure the authenticator policy to ban the use of usernames or user identifiers in authenticators. CC ID 05992 | System hardening through configuration management | Preventive | |
| Configure the system to refrain from specifying the type of information used as password hints. CC ID 13783 | System hardening through configuration management | Preventive | |
| Disable machine account password changes. CC ID 01737 | System hardening through configuration management | Preventive | |
| Configure the "Disable Remember Password" setting. CC ID 05270 | System hardening through configuration management | Preventive | |
| Configure the "Minimum password age" to organizational standards. CC ID 01703 | System hardening through configuration management | Preventive | |
| Configure the LILO/GRUB password. CC ID 01576 | System hardening through configuration management | Preventive | |
| Configure the system to use Apple's Keychain Access to store passwords and certificates. CC ID 04481 | System hardening through configuration management | Preventive | |
| Change the default password to Apple's Keychain. CC ID 04482 | System hardening through configuration management | Preventive | |
| Configure Apple's Keychain items to ask for the Keychain password. CC ID 04483 | System hardening through configuration management | Preventive | |
| Configure the Syskey Encryption Key and associated password. CC ID 05978 | System hardening through configuration management | Preventive | |
| Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting. CC ID 04505 | System hardening through configuration management | Preventive | |
| Configure the "System cryptography: Force strong key protection for user keys stored in the computer" setting. CC ID 04534 | System hardening through configuration management | Preventive | |
| Configure interactive logon for accounts that do not have assigned authenticators in accordance with organizational standards. CC ID 05267 | System hardening through configuration management | Preventive | |
| Enable or disable remote connections from accounts with empty authenticators, as appropriate. CC ID 05269 | System hardening through configuration management | Preventive | |
| Configure the "Send LanMan compatible password" setting. CC ID 05271 | System hardening through configuration management | Preventive | |
| Configure the authenticator policy to ban or allow authenticators as words found in dictionaries, as appropriate. CC ID 05993 | System hardening through configuration management | Preventive | |
| Set the most number of characters required for the BitLocker Startup PIN correctly. CC ID 06054 | System hardening through configuration management | Preventive | |
| Set the default folder for BitLocker recovery passwords correctly. CC ID 06055 | System hardening through configuration management | Preventive | |
| Configure the "Disable password strength validation for Peer Grouping" setting to organizational standards. CC ID 10866 | System hardening through configuration management | Preventive | |
| Configure the "Set the interval between synchronization retries for Password Synchronization" setting to organizational standards. CC ID 11185 | System hardening through configuration management | Preventive | |
| Configure the "Set the number of synchronization retries for servers running Password Synchronization" setting to organizational standards. CC ID 11187 | System hardening through configuration management | Preventive | |
| Configure the "Turn off password security in Input Panel" setting to organizational standards. CC ID 11296 | System hardening through configuration management | Preventive | |
| Configure the "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" setting to organizational standards. CC ID 11355 | System hardening through configuration management | Preventive | |
| Configure the authenticator display screen to organizational standards. CC ID 13794 | System hardening through configuration management | Preventive | |
| Configure the authenticator field to disallow memorized secrets found in the memorized secret list. CC ID 13808 | System hardening through configuration management | Preventive | |
| Configure the authenticator display screen to display the memorized secret as an option. CC ID 13806 | System hardening through configuration management | Preventive | |
| Configure the look-up secret authenticator to dispose of memorized secrets after their use. CC ID 13817 | System hardening through configuration management | Corrective | |
| Configure the memorized secret verifiers to refrain from allowing anonymous users to access memorized secret hints. CC ID 13823 | System hardening through configuration management | Preventive | |
| Configure the system to allow paste functionality for the authenticator field. CC ID 13819 | System hardening through configuration management | Preventive | |
| Configure the system to require successful authentication before an authenticator for a user account is changed. CC ID 13821 | System hardening through configuration management | Preventive | |
| Obscure authentication information during the login process. CC ID 15316 | System hardening through configuration management | Preventive | |
| Change authenticators, as necessary. CC ID 15315 | System hardening through configuration management | Preventive | |
| Change all default authenticators. CC ID 15309 | System hardening through configuration management | Preventive | |
| Configure the system to issue a security alert when an administrator account is created. CC ID 12122 | System hardening through configuration management | Preventive | |
| Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881 | System hardening through configuration management | Preventive | |
| Configure Hypertext Transfer Protocol headers in accordance with organizational standards. CC ID 16851 | System hardening through configuration management | Preventive | |
| Configure Hypertext Transfer Protocol security headers in accordance with organizational standards. CC ID 16488 | System hardening through configuration management | Preventive | |
| Configure "Enable Structured Exception Handling Overwrite Protection (SEHOP)" to organizational standards. CC ID 15385 | System hardening through configuration management | Preventive | |
| Configure Microsoft Attack Surface Reduction rules in accordance with organizational standards. CC ID 16478 | System hardening through configuration management | Preventive | |
| Configure "Remote host allows delegation of non-exportable credentials" to organizational standards. CC ID 15379 | System hardening through configuration management | Preventive | |
| Configure "Configure enhanced anti-spoofing" to organizational standards. CC ID 15376 | System hardening through configuration management | Preventive | |
| Configure "Block user from showing account details on sign-in" to organizational standards. CC ID 15374 | System hardening through configuration management | Preventive | |
| Configure "Configure Attack Surface Reduction rules" to organizational standards. CC ID 15370 | System hardening through configuration management | Preventive | |
| Configure "Turn on e-mail scanning" to organizational standards. CC ID 15361 | System hardening through configuration management | Preventive | |
| Configure "Prevent users and apps from accessing dangerous websites" to organizational standards. CC ID 15359 | System hardening through configuration management | Preventive | |
| Configure "Enumeration policy for external devices incompatible with Kernel DMA Protection" to organizational standards. CC ID 15352 | System hardening through configuration management | Preventive | |
| Configure "Prevent Internet Explorer security prompt for Windows Installer scripts" to organizational standards. CC ID 15351 | System hardening through configuration management | Preventive | |
| Store state information from applications and software separately. CC ID 14767 | System hardening through configuration management | Preventive | |
| Configure the "aufs storage" to organizational standards. CC ID 14461 | System hardening through configuration management | Preventive | |
| Configure the "AppArmor Profile" to organizational standards. CC ID 14496 | System hardening through configuration management | Preventive | |
| Configure the "device" argument to organizational standards. CC ID 14536 | System hardening through configuration management | Preventive | |
| Configure the "Docker" group ownership to organizational standards. CC ID 14495 | System hardening through configuration management | Preventive | |
| Configure the "Docker" user ownership to organizational standards. CC ID 14505 | System hardening through configuration management | Preventive | |
| Configure "Allow upload of User Activities" to organizational standards. CC ID 15338 | System hardening through configuration management | Preventive | |
| Configure the system to restrict Core dumps to a protected directory. CC ID 01513 | System hardening through configuration management | Preventive | |
| Configure the system to enable Stack protection. CC ID 01514 | System hardening through configuration management | Preventive | |
| Configure the system to restrict NFS client requests to privileged ports. CC ID 01515 | System hardening through configuration management | Preventive | |
| Configure the system to use better TCP Sequence Numbers. CC ID 01516 | System hardening through configuration management | Preventive | |
| Configure the system to a default secure level. CC ID 01519 | System hardening through configuration management | Preventive | |
| Configure the system to block users from viewing un-owned processes. CC ID 01520 | System hardening through configuration management | Preventive | |
| Configure the system to block users from viewing processes in other groups. CC ID 01521 | System hardening through configuration management | Preventive | |
| Add the "nosuid" option to /etc/rmmount.conf. CC ID 01532 | System hardening through configuration management | Preventive | |
| Configure the system to block non-privileged mountd requests. CC ID 01533 | System hardening through configuration management | Preventive | |
| Use host-based or Internet Protocol-based export lists for mountd. CC ID 06887 | System hardening through configuration management | Preventive | |
| Add the "nodev" option to the appropriate partitions in /etc/fstab. CC ID 01534 | System hardening through configuration management | Preventive | |
| Add the "nosuid" option and "nodev" option for removable storage media in the /etc/fstab file. CC ID 01535 | System hardening through configuration management | Preventive | |
| Configure the sticky bit on world-writable directories. CC ID 01540 | System hardening through configuration management | Preventive | |
| Run hp_checkperms. CC ID 01548 | System hardening through configuration management | Preventive | |
| Run fix-modes. CC ID 01549 | System hardening through configuration management | Preventive | |
| Convert the system to "Trusted Mode", if possible. CC ID 01550 | System hardening through configuration management | Preventive | |
| Configure the sadmind service to a higher Security level. CC ID 01551 | System hardening through configuration management | Preventive | |
| Use host-based or Internet Protocol-based export lists for sadmind. CC ID 06886 | System hardening through configuration management | Preventive | |
| Configure all.rhosts files to be readable only by their owners. CC ID 01557 | System hardening through configuration management | Preventive | |
| Set the symlink /etc/hosts.equiv file to /dev/null. CC ID 01558 | System hardening through configuration management | Preventive | |
| Configure the default locking Screen saver timeout to a predetermined time period. CC ID 01570 | System hardening through configuration management | Preventive | |
| Configure the Security Center (Domain PCs only). CC ID 01967 | System hardening through configuration management | Preventive | |
| Configure the system to immediately protect the computer after the Screen saver is activated by setting the time before the Screen saver grace period expires to a predefined amount. CC ID 04276 | System hardening through configuration management | Preventive | |
| Configure the system to require a password before it unlocks the Screen saver software. CC ID 04443 | System hardening through configuration management | Preventive | |
| Enable the safe DLL search mode. CC ID 04273 | System hardening through configuration management | Preventive | |
| Configure the computer to stop generating 8.3 filename formats. CC ID 04274 | System hardening through configuration management | Preventive | |
| Configure the system to use certificate rules for software restriction policies. CC ID 04266 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow drive redirection" setting. CC ID 04316 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the 'Publish to Web' task for files and folders" setting. CC ID 04328 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Internet download for Web publishing and online ordering wizards" setting. CC ID 04329 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Search Companion content file updates" setting. CC ID 04331 | System hardening through configuration management | Preventive | |
| Configure the "Turn off printing over HTTP" setting. CC ID 04332 | System hardening through configuration management | Preventive | |
| Configure the "Turn off downloading of print drivers over HTTP" setting. CC ID 04333 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Update device driver searching" setting. CC ID 04334 | System hardening through configuration management | Preventive | |
| Configure the "Display Error Notification" setting to organizational standards. CC ID 04335 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows error reporting" setting to organizational standards. CC ID 04336 | System hardening through configuration management | Preventive | |
| Configure the "Disable software update shell notifications on program launch" setting. CC ID 04339 | System hardening through configuration management | Preventive | |
| Configure the "Make proxy settings per-machine (rather than per-user)" setting. CC ID 04341 | System hardening through configuration management | Preventive | |
| Configure the "Security Zones: Do not allow users to add/delete sites" setting. CC ID 04342 | System hardening through configuration management | Preventive | |
| Configure the "Security Zones: Do not allow users to change policies" setting. CC ID 04343 | System hardening through configuration management | Preventive | |
| Configure the "Security Zones: Use only machine settings" setting. CC ID 04344 | System hardening through configuration management | Preventive | |
| Configure the "Allow software to run or install even if the signature is invalid" setting. CC ID 04346 | System hardening through configuration management | Preventive | |
| Configure the "internet explorer processes (scripted window security restrictions)" setting. CC ID 04350 | System hardening through configuration management | Preventive | |
| Configure the "internet explorer processes (zone elevation protection)" setting. CC ID 04351 | System hardening through configuration management | Preventive | |
| Configure the "Prevent access to registry editing tools" setting. CC ID 04355 | System hardening through configuration management | Preventive | |
| Configure the "Do not preserve zone information in file attachments" setting. CC ID 04357 | System hardening through configuration management | Preventive | |
| Configure the "Hide mechanisms to remove zone information" setting. CC ID 04358 | System hardening through configuration management | Preventive | |
| Configure the "Notify antivirus programs when opening attachments" setting. CC ID 04359 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook Express" setting. CC ID 04360 | System hardening through configuration management | Preventive | |
| Configure the "Disable Changing Automatic Configuration settings" setting. CC ID 04361 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing certificate settings" setting. CC ID 04362 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing connection settings" setting. CC ID 04363 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing proxy settings" setting. CC ID 04364 | System hardening through configuration management | Preventive | |
| Configure the "Turn on the auto-complete feature for user names and passwords on forms" setting. CC ID 04365 | System hardening through configuration management | Preventive | |
| Configure the NetWare bindery contexts. CC ID 04444 | System hardening through configuration management | Preventive | |
| Configure the NetWare console's SECURE.NCF settings. CC ID 04445 | System hardening through configuration management | Preventive | |
| Configure the CPU Hog Timeout setting. CC ID 04446 | System hardening through configuration management | Preventive | |
| Configure the "Check Equivalent to Me" setting. CC ID 04463 | System hardening through configuration management | Preventive | |
| Configure the /etc/sshd_config file. CC ID 04475 | System hardening through configuration management | Preventive | |
| Configure the .Mac preferences. CC ID 04484 | System hardening through configuration management | Preventive | |
| Configure the Fast User Switching setting. CC ID 04485 | System hardening through configuration management | Preventive | |
| Configure the Recent Items List (servers, applications, documents) setting. CC ID 04486 | System hardening through configuration management | Preventive | |
| Configure Apple's Dock preferences. CC ID 04487 | System hardening through configuration management | Preventive | |
| Configure the "ulimit" to organizational standards. CC ID 14499 | System hardening through configuration management | Preventive | |
| Configure the Energy Saver preferences. CC ID 04488 | System hardening through configuration management | Preventive | |
| Configure the local system search preferences to directories that do not contain restricted data or restricted information. CC ID 04492 | System hardening through configuration management | Preventive | |
| Configure the computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender properly. CC ID 05282 | System hardening through configuration management | Preventive | |
| Enable or disable the ability of users to perform interactive startups, as appropriate. CC ID 05283 | System hardening through configuration management | Preventive | |
| Set the /etc/passwd file's NIS file inclusions properly. CC ID 05284 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Help Ratings" setting. CC ID 05285 | System hardening through configuration management | Preventive | |
| Configure the "Decoy Admin Account Not Disabled" policy properly. CC ID 05286 | System hardening through configuration management | Preventive | |
| Configure the "Additional restrictions for anonymous connections" policy properly. CC ID 05287 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous access to the registry" policy properly. CC ID 05288 | System hardening through configuration management | Preventive | |
| Configure the File System Checker and Popups setting. CC ID 05289 | System hardening through configuration management | Preventive | |
| Configure the System File Checker setting. CC ID 05290 | System hardening through configuration management | Preventive | |
| Configure the System File Checker Progress Meter setting. CC ID 05291 | System hardening through configuration management | Preventive | |
| Configure the Protect Kernel object attributes properly. CC ID 05292 | System hardening through configuration management | Preventive | |
| Configure the "Deleted Cached Copies of Roaming Profiles" policy properly. CC ID 05293 | System hardening through configuration management | Preventive | |
| Verify that the X*.hosts file lists all authorized X-clients. CC ID 05294 | System hardening through configuration management | Preventive | |
| Verify all files are owned by an existing account and group. CC ID 05295 | System hardening through configuration management | Preventive | |
| Verify programs executed through the aliases file are owned by an appropriate user or group. CC ID 05296 | System hardening through configuration management | Preventive | |
| Verify programs executed through the aliases file are stored in a directory with an appropriate owner. CC ID 05297 | System hardening through configuration management | Preventive | |
| Verify the at directory is owned by an appropriate user or group. CC ID 05298 | System hardening through configuration management | Preventive | |
| Verify the at.allow file is owned by an appropriate user or group. CC ID 05299 | System hardening through configuration management | Preventive | |
| Verify the at.deny file is owned by an appropriate user or group. CC ID 05300 | System hardening through configuration management | Preventive | |
| Verify the crontab directories are owned by an appropriate user or group. CC ID 05302 | System hardening through configuration management | Preventive | |
| Verify the cron.allow file is owned by an appropriate user or group. CC ID 05303 | System hardening through configuration management | Preventive | |
| Verify the cron.deny file is owned by an appropriate user or group. CC ID 05304 | System hardening through configuration management | Preventive | |
| Verify crontab files are owned by an appropriate user or group. CC ID 05305 | System hardening through configuration management | Preventive | |
| Verify the /etc/resolv.conf file is owned by an appropriate user or group. CC ID 05306 | System hardening through configuration management | Preventive | |
| Verify the /etc/named.boot file is owned by an appropriate user or group. CC ID 05307 | System hardening through configuration management | Preventive | |
| Verify the /etc/named.conf file is owned by an appropriate user or group. CC ID 05308 | System hardening through configuration management | Preventive | |
| Verify the /var/named/chroot/etc/named.conf file is owned by an appropriate user or group. CC ID 05309 | System hardening through configuration management | Preventive | |
| Verify home directories are owned by an appropriate user or group. CC ID 05310 | System hardening through configuration management | Preventive | |
| Verify the inetd.conf file is owned by an appropriate user or group. CC ID 05311 | System hardening through configuration management | Preventive | |
| Verify /etc/exports are owned by an appropriate user or group. CC ID 05312 | System hardening through configuration management | Preventive | |
| Verify exported files and exported directories are owned by an appropriate user or group. CC ID 05313 | System hardening through configuration management | Preventive | |
| Verify the /etc/services file is owned by an appropriate user or group. CC ID 05314 | System hardening through configuration management | Preventive | |
| Verify the /etc/notrouter file is owned by an appropriate user or group. CC ID 05315 | System hardening through configuration management | Preventive | |
| Verify the /etc/samba/smb.conf file is owned by an appropriate user or group. CC ID 05316 | System hardening through configuration management | Preventive | |
| Verify the smbpasswd file and smbpasswd executable are owned by an appropriate user or group. CC ID 05317 | System hardening through configuration management | Preventive | |
| Verify the aliases file is owned by an appropriate user or group. CC ID 05318 | System hardening through configuration management | Preventive | |
| Verify Shell files are owned by an appropriate user or group. CC ID 05320 | System hardening through configuration management | Preventive | |
| Verify the snmpd.conf file is owned by an appropriate user or group. CC ID 05321 | System hardening through configuration management | Preventive | |
| Verify the /etc/syslog.conf file is owned by an appropriate user or group. CC ID 05322 | System hardening through configuration management | Preventive | |
| Verify the traceroute executable is owned by an appropriate user or group. CC ID 05323 | System hardening through configuration management | Preventive | |
| Verify the /etc/passwd file is owned by an appropriate user or group. CC ID 05325 | System hardening through configuration management | Preventive | |
| Verify the /etc/shadow file is owned by an appropriate user or group. CC ID 05326 | System hardening through configuration management | Preventive | |
| Verify the /etc/security/audit/config file is owned by an appropriate user or group. CC ID 05327 | System hardening through configuration management | Preventive | |
| Verify the /etc/securit/audit/events file is owned by an appropriate user or group. CC ID 05328 | System hardening through configuration management | Preventive | |
| Verify the /etc/security/audit/objects file is owned by an appropriate user or group. CC ID 05329 | System hardening through configuration management | Preventive | |
| Verify the /usr/lib/trcload file is owned by an appropriate user or group. CC ID 05330 | System hardening through configuration management | Preventive | |
| Verify the /usr/lib/semutil file is owned by an appropriate user or group. CC ID 05331 | System hardening through configuration management | Preventive | |
| Verify system files are owned by an appropriate user or group. CC ID 05332 | System hardening through configuration management | Preventive | |
| Verify the default/skeleton dot files are owned by an appropriate user or group. CC ID 05333 | System hardening through configuration management | Preventive | |
| Verify the global initialization files are owned by an appropriate user or group. CC ID 05334 | System hardening through configuration management | Preventive | |
| Verify the /etc/rc.config.d/auditing file is owned by an appropriate user or group. CC ID 05335 | System hardening through configuration management | Preventive | |
| Verify the /etc/init.d file is owned by an appropriate user or group. CC ID 05336 | System hardening through configuration management | Preventive | |
| Verify the /etc/hosts.lpd file is owned by an appropriate user or group. CC ID 05337 | System hardening through configuration management | Preventive | |
| Verify the /etc/auto.master file is owned by an appropriate user or group. CC ID 05338 | System hardening through configuration management | Preventive | |
| Verify the /etc/auto.misc file is owned by an appropriate user or group. CC ID 05339 | System hardening through configuration management | Preventive | |
| Verify the /etc/auto.net file is owned by an appropriate user or group. CC ID 05340 | System hardening through configuration management | Preventive | |
| Verify the boot/grub/grub.conf file is owned by an appropriate user or group. CC ID 05341 | System hardening through configuration management | Preventive | |
| Verify the /etc/lilo.conf file is owned by an appropriate user or group. CC ID 05342 | System hardening through configuration management | Preventive | |
| Verify the /etc/login.access file is owned by an appropriate user or group. CC ID 05343 | System hardening through configuration management | Preventive | |
| Verify the /etc/security/access.conf file is owned by an appropriate user or group. CC ID 05344 | System hardening through configuration management | Preventive | |
| Verify the /etc/sysctl.conf file is owned by an appropriate user or group. CC ID 05345 | System hardening through configuration management | Preventive | |
| Configure the "secure_redirects" setting to organizational standards. CC ID 09941 | System hardening through configuration management | Preventive | |
| Configure the "icmp_ignore_bogus_error_responses" setting to organizational standards. CC ID 09942 | System hardening through configuration management | Preventive | |
| Configure the "rp_filter" setting to organizational standards. CC ID 09943 | System hardening through configuration management | Preventive | |
| Verify the /etc/securetty file is owned by an appropriate user or group. CC ID 05346 | System hardening through configuration management | Preventive | |
| Verify the /etc/audit/auditd.conf file is owned by an appropriate user or group. CC ID 05347 | System hardening through configuration management | Preventive | |
| Verify the audit.rules file is owned by an appropriate user or group. CC ID 05348 | System hardening through configuration management | Preventive | |
| Verify the /etc/group file is owned by an appropriate user or group. CC ID 05349 | System hardening through configuration management | Preventive | |
| Verify the /etc/gshadow file is owned by an appropriate user or group. CC ID 05350 | System hardening through configuration management | Preventive | |
| Verify the /usr/sbin/userhelper file is owned by an appropriate user or group. CC ID 05351 | System hardening through configuration management | Preventive | |
| Verify all syslog log files are owned by an appropriate user or group. CC ID 05352 | System hardening through configuration management | Preventive | |
| Verify the /etc/anacrontab file is owned by an appropriate user or group. CC ID 05353 | System hardening through configuration management | Preventive | |
| Verify the /etc/pki/tls/ldap file is owned by an appropriate user or group. CC ID 05354 | System hardening through configuration management | Preventive | |
| Verify the /etc/pki/tls/ldap/serverkey.pem file is owned by an appropriate user or group. CC ID 05355 | System hardening through configuration management | Preventive | |
| Verify the /etc/pki/tls/CA/cacert.pem file is owned by an appropriate user or group. CC ID 05356 | System hardening through configuration management | Preventive | |
| Verify the /etc/pki/tls/ldap/servercert.pem file is owned by an appropriate user or group. CC ID 05357 | System hardening through configuration management | Preventive | |
| Verify the var/lib/ldap/* files are owned by an appropriate user or group. CC ID 05358 | System hardening through configuration management | Preventive | |
| Verify the /etc/httpd/conf/* files are owned by an appropriate user or group. CC ID 05359 | System hardening through configuration management | Preventive | |
| Verify the /etc/auto_* file is owned by an appropriate user. CC ID 05360 | System hardening through configuration management | Preventive | |
| Verify the /etc/rmmount.conf file is owned by an appropriate user or group. CC ID 05361 | System hardening through configuration management | Preventive | |
| Verify the /var/log/pamlog log is owned by an appropriate user or group. CC ID 05362 | System hardening through configuration management | Preventive | |
| Verify the /etc/security/audit_control file is owned by an appropriate user or group. CC ID 05363 | System hardening through configuration management | Preventive | |
| Verify the /etc/security/audit_class file is owned by an appropriate user or group. CC ID 05364 | System hardening through configuration management | Preventive | |
| Verify the /etc/security/audit_event file is owned by an appropriate user or group. CC ID 05365 | System hardening through configuration management | Preventive | |
| Verify the ASET userlist file is owned by an appropriate user or group. CC ID 05366 | System hardening through configuration management | Preventive | |
| Verify the /var directory is owned by an appropriate user. CC ID 05367 | System hardening through configuration management | Preventive | |
| Verify the /var/log directory is owned by an appropriate user. CC ID 05368 | System hardening through configuration management | Preventive | |
| Verify the /var/adm directory is owned by an appropriate user. CC ID 05369 | System hardening through configuration management | Preventive | |
| Restrict the debug level daemon logging file owner and daemon debug group owner. CC ID 05370 | System hardening through configuration management | Preventive | |
| Restrict the Cron log file owner and Cron group owner. CC ID 05371 | System hardening through configuration management | Preventive | |
| Restrict the system accounting file owner and system accounting group owner. CC ID 05372 | System hardening through configuration management | Preventive | |
| Restrict audit log file ownership and audit group ownership. CC ID 05373 | System hardening through configuration management | Preventive | |
| Set the X server timeout properly. CC ID 05374 | System hardening through configuration management | Preventive | |
| Configure each user's authentication mechanism (system attribute) properly. CC ID 05375 | System hardening through configuration management | Preventive | |
| Enable or disable SeLinux, as appropriate. CC ID 05376 | System hardening through configuration management | Preventive | |
| Set the SELinux state properly. CC ID 05377 | System hardening through configuration management | Preventive | |
| Set the SELinux policy properly. CC ID 05378 | System hardening through configuration management | Preventive | |
| Configure Dovecot properly. CC ID 05379 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit Access of the Windows Connect Now Wizards" setting. CC ID 05380 | System hardening through configuration management | Preventive | |
| Configure the "Allow remote access to the PnP interface" setting. CC ID 05381 | System hardening through configuration management | Preventive | |
| Configure the "Do not create system restore point when new device driver installed" setting. CC ID 05382 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Access to All Windows Update Feature" setting. CC ID 05383 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Automatic Root Certificates Update" setting. CC ID 05384 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Event Views 'Events.asp' Links" setting. CC ID 05385 | System hardening through configuration management | Preventive | |
| Configure "Turn Off Handwriting Recognition Error Reporting" to organizational standards. CC ID 05386 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Help and Support Center 'Did You Know?' content" setting. CC ID 05387 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting. CC ID 05388 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Internet File Association Service" setting. CC ID 05389 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting. CC ID 05390 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the 'Order Prints' Picture task" setting. CC ID 05391 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Windows Movie Maker Online Web Links" setting. CC ID 05392 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting. CC ID 05393 | System hardening through configuration management | Preventive | |
| Configure the "Don't Display the Getting Started Welcome Screen at Logon" setting. CC ID 05394 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Startup Sound" setting. CC ID 05395 | System hardening through configuration management | Preventive | |
| Configure the "Allow only Vista or later connections" setting. CC ID 05396 | System hardening through configuration management | Preventive | |
| Configure the "Turn on bandwidth optimization" setting. CC ID 05397 | System hardening through configuration management | Preventive | |
| Configure the "Prevent IIS Installation" setting. CC ID 05398 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Active Help" setting. CC ID 05399 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Untrusted Content" setting. CC ID 05400 | System hardening through configuration management | Preventive | |
| Configure the "Turn off downloading of enclosures" setting. CC ID 05401 | System hardening through configuration management | Preventive | |
| Configure "Allow indexing of encrypted files" to organizational standards. CC ID 05402 | System hardening through configuration management | Preventive | |
| Configure the "Prevent indexing uncached Exchange folders" setting. CC ID 05403 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Calendar" setting. CC ID 05404 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Defender" setting. CC ID 05405 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Heap termination on corruption" setting to organizational standards. CC ID 05406 | System hardening through configuration management | Preventive | |
| Configure the "Turn off shell protocol protected mode" setting to organizational standards. CC ID 05407 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit non-administrators from applying vendor signed updates" setting. CC ID 05408 | System hardening through configuration management | Preventive | |
| Configure the "Report when logon server was not available during user logon" setting. CC ID 05409 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the communication features" setting. CC ID 05410 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Mail application" setting. CC ID 05411 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Windows Media DRM Internet Access" setting. CC ID 05412 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Meeting Space" setting. CC ID 05413 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Windows Meeting Space auditing" setting. CC ID 05414 | System hardening through configuration management | Preventive | |
| Configure the "Disable unpacking and installation of gadgets that are not digitally signed" setting. CC ID 05415 | System hardening through configuration management | Preventive | |
| Configure the "Override the More Gadgets Link" setting. CC ID 05416 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off User Installed Windows Sidebar Gadgets" setting. CC ID 05417 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Digital Locker to run" setting. CC ID 05418 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Downloading of Game Information" setting. CC ID 05419 | System hardening through configuration management | Preventive | |
| Configure "Turn on Responder (RSPNDR) driver" to organizational standards. CC ID 05420 | System hardening through configuration management | Preventive | |
| Verify ExecShield has been randomly placed in Virtual Memory regions. CC ID 05436 | System hardening through configuration management | Preventive | |
| Enable the ExecShield, as appropriate. CC ID 05421 | System hardening through configuration management | Preventive | |
| Configure Kernel support for the XD/NX processor feature, as appropriate. CC ID 05422 | System hardening through configuration management | Preventive | |
| Configure the XD/NX processor feature in the BIOS, as appropriate. CC ID 05423 | System hardening through configuration management | Preventive | |
| Configure the Shell for the bin account properly. CC ID 05424 | System hardening through configuration management | Preventive | |
| Configure the Shell for the nuucp account properly. CC ID 05425 | System hardening through configuration management | Preventive | |
| Configure the Shell for the smmsp account properly. CC ID 05426 | System hardening through configuration management | Preventive | |
| Configure the Shell for the listen account properly. CC ID 05427 | System hardening through configuration management | Preventive | |
| Configure the Shell for the gdm account properly. CC ID 05428 | System hardening through configuration management | Preventive | |
| Configure the Shell for the webservd account properly. CC ID 05429 | System hardening through configuration management | Preventive | |
| Configure the Shell for the nobody account properly. CC ID 05430 | System hardening through configuration management | Preventive | |
| Configure the Shell for the noaccess account properly. CC ID 05431 | System hardening through configuration management | Preventive | |
| Configure the Shell for the nobody4 account properly. CC ID 05432 | System hardening through configuration management | Preventive | |
| Configure the Shell for the adm account properly. CC ID 05433 | System hardening through configuration management | Preventive | |
| Configure the Shell for the lp account properly. CC ID 05434 | System hardening through configuration management | Preventive | |
| Configure the Shell for the uucp account properly. CC ID 05435 | System hardening through configuration management | Preventive | |
| Set the noexec_user_stack parameter properly. CC ID 05437 | System hardening through configuration management | Preventive | |
| Set the no_exec_user_stack_log parameter properly. CC ID 05438 | System hardening through configuration management | Preventive | |
| Set the noexec_user_stack flag on the user stack properly. CC ID 05439 | System hardening through configuration management | Preventive | |
| Set the TCP max connection limit properly. CC ID 05440 | System hardening through configuration management | Preventive | |
| Set the TCP abort interval properly. CC ID 05441 | System hardening through configuration management | Preventive | |
| Enable or disable the GNOME screenlock, as appropriate. CC ID 05442 | System hardening through configuration management | Preventive | |
| Set the ARP cache cleanup interval properly. CC ID 05443 | System hardening through configuration management | Preventive | |
| Set the ARP IRE scan rate properly. CC ID 05444 | System hardening through configuration management | Preventive | |
| Disable proxy ARP on all interfaces. CC ID 06570 | System hardening through configuration management | Preventive | |
| Set the FileSpaceSwitch variable to an appropriate value. CC ID 05445 | System hardening through configuration management | Preventive | |
| Set the wakeup switchpoint frequency to an appropriate time interval. CC ID 05446 | System hardening through configuration management | Preventive | |
| Enable or disable the setuid option on removable storage media, as appropriate. CC ID 05447 | System hardening through configuration management | Preventive | |
| Configure TCP/IP PMTU Discovery, as appropriate. CC ID 05991 | System hardening through configuration management | Preventive | |
| Configure Secure Shell to enable or disable empty passwords, as appropriate. CC ID 06016 | System hardening through configuration management | Preventive | |
| Configure each user's Screen Saver Executable Name. CC ID 06027 | System hardening through configuration management | Preventive | |
| Configure the NIS+ server to operate at an appropriate security level. CC ID 06038 | System hardening through configuration management | Preventive | |
| Configure the "restrict guest access to system log" policy, as appropriate. CC ID 06047 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Open XML file types" setting, as appropriate. CC ID 06048 | System hardening through configuration management | Preventive | |
| Enable or disable user-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence for keyboards. CC ID 06051 | System hardening through configuration management | Preventive | |
| Configure the "Syskey mode" to organizational standards. CC ID 06052 | System hardening through configuration management | Preventive | |
| Configure the Trusted Platform Module (TPM) platform validation profile, as appropriate. CC ID 06056 | System hardening through configuration management | Preventive | |
| Configure the "Allow Remote Shell Access" setting, as appropriate. CC ID 06057 | System hardening through configuration management | Preventive | |
| Configure the "Prevent the computer from joining a homegroup" setting, as appropriate. CC ID 06058 | System hardening through configuration management | Preventive | |
| Enable or disable the authenticator requirement after waking, as appropriate. CC ID 06059 | System hardening through configuration management | Preventive | |
| Enable or disable the standby states, as appropriate. CC ID 06060 | System hardening through configuration management | Preventive | |
| Configure the Trusted Platform Module startup options properly. CC ID 06061 | System hardening through configuration management | Preventive | |
| Configure the system to purge Policy Caches. CC ID 06569 | System hardening through configuration management | Preventive | |
| Separate authenticator files and application system data on different file systems. CC ID 06790 | System hardening through configuration management | Preventive | |
| Configure Application Programming Interfaces to limit or shut down interactivity based upon a rate limit. CC ID 06811 | System hardening through configuration management | Preventive | |
| Configure the "Executable stack" setting to organizational standards. CC ID 08969 | System hardening through configuration management | Preventive | |
| Configure the "smbpasswd executable" user ownership to organizational standards. CC ID 08975 | System hardening through configuration management | Preventive | |
| Configure the "traceroute executable" group ownership to organizational standards. CC ID 08980 | System hardening through configuration management | Preventive | |
| Configure the "traceroute executable" user ownership to organizational standards. CC ID 08981 | System hardening through configuration management | Preventive | |
| Configure the "Apache configuration" directory group ownership to organizational standards. CC ID 08991 | System hardening through configuration management | Preventive | |
| Configure the "Apache configuration" directory user ownership to organizational standards. CC ID 08992 | System hardening through configuration management | Preventive | |
| Configure the "/var/log/httpd/" file group ownership to organizational standards. CC ID 09027 | System hardening through configuration management | Preventive | |
| Configure the "/etc/httpd/conf.d" file group ownership to organizational standards. CC ID 09028 | System hardening through configuration management | Preventive | |
| Configure the "/etc/httpd/conf/passwd" file group ownership to organizational standards. CC ID 09029 | System hardening through configuration management | Preventive | |
| Configure the "/usr/sbin/apachectl" file group ownership to organizational standards. CC ID 09030 | System hardening through configuration management | Preventive | |
| Configure the "/usr/sbin/httpd" file group ownership to organizational standards. CC ID 09031 | System hardening through configuration management | Preventive | |
| Configure the "/var/www/html" file group ownership to organizational standards. CC ID 09032 | System hardening through configuration management | Preventive | |
| Configure the "log files" the "/var/log/httpd/" directory user ownership to organizational standards. CC ID 09034 | System hardening through configuration management | Preventive | |
| Configure the "/etc/httpd/conf.d" file ownership to organizational standards. CC ID 09035 | System hardening through configuration management | Preventive | |
| Configure the "/etc/httpd/conf/passwd" file ownership to organizational standards. CC ID 09036 | System hardening through configuration management | Preventive | |
| Configure the "/usr/sbin/apachectl" file ownership to organizational standards. CC ID 09037 | System hardening through configuration management | Preventive | |
| Configure the "/usr/sbin/httpd" file ownership to organizational standards. CC ID 09038 | System hardening through configuration management | Preventive | |
| Configure the "/var/www/html" file ownership to organizational standards. CC ID 09039 | System hardening through configuration management | Preventive | |
| Configure the "httpd.conf" file user ownership to organizational standards. CC ID 09055 | System hardening through configuration management | Preventive | |
| Configure the "httpd.conf" group ownership to organizational standards. CC ID 09056 | System hardening through configuration management | Preventive | |
| Configure the "htpasswd" file user ownership to organizational standards. CC ID 09058 | System hardening through configuration management | Preventive | |
| Configure the "htpasswd" file group ownership to organizational standards. CC ID 09059 | System hardening through configuration management | Preventive | |
| Configure the "files specified by CustomLog" user ownership to organizational standards. CC ID 09074 | System hardening through configuration management | Preventive | |
| Configure the "files specified by CustomLog" group ownership to organizational standards. CC ID 09075 | System hardening through configuration management | Preventive | |
| Configure the "files specified by ErrorLog" user ownership to organizational standards. CC ID 09076 | System hardening through configuration management | Preventive | |
| Configure the "files specified by ErrorLog" group ownership to organizational standards. CC ID 09077 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by ScriptAlias" user ownership to organizational standards. CC ID 09079 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by ScriptAlias" group ownership to organizational standards. CC ID 09080 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by ScriptAliasMatch" user ownership to organizational standards. CC ID 09082 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by ScriptAliasMatch" group ownership to organizational standards. CC ID 09083 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by DocumentRoot" user ownership to organizational standards. CC ID 09085 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by DocumentRoot" group ownership to organizational standards. CC ID 09086 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by Alias" user ownership to organizational standards. CC ID 09088 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by Alias" group ownership to organizational standards. CC ID 09089 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by ServerRoot" user ownership to organizational standards. CC ID 09091 | System hardening through configuration management | Preventive | |
| Configure the "directories specified by ServerRoot" group ownership to organizational standards. CC ID 09092 | System hardening through configuration management | Preventive | |
| Configure the "apache /bin" directory user ownership to organizational standards. CC ID 09094 | System hardening through configuration management | Preventive | |
| Configure the "apache /bin" directory group ownership to organizational standards. CC ID 09095 | System hardening through configuration management | Preventive | |
| Configure the "apache /logs" directory user ownership to organizational standards. CC ID 09097 | System hardening through configuration management | Preventive | |
| Configure the "apache /logs" directory group ownership to organizational standards. CC ID 09098 | System hardening through configuration management | Preventive | |
| Configure the "apache /htdocs" directory user ownership to organizational standards. CC ID 09100 | System hardening through configuration management | Preventive | |
| Configure the "apache /htdocs" directory group ownership to organizational standards. CC ID 09101 | System hardening through configuration management | Preventive | |
| Configure the "apache /cgi-bin" directory group ownership to organizational standards. CC ID 09104 | System hardening through configuration management | Preventive | |
| Configure the "User-specific directories" setting to organizational standards. CC ID 09123 | System hardening through configuration management | Preventive | |
| Configure the "apache process ID" file user ownership to organizational standards. CC ID 09125 | System hardening through configuration management | Preventive | |
| Configure the "apache process ID" file group ownership to organizational standards. CC ID 09126 | System hardening through configuration management | Preventive | |
| Configure the "apache scoreboard" file user ownership to organizational standards. CC ID 09128 | System hardening through configuration management | Preventive | |
| Configure the "apache scoreboard" file group ownership to organizational standards. CC ID 09129 | System hardening through configuration management | Preventive | |
| Configure the "Ownership of the asymmetric keys" setting to organizational standards. CC ID 09289 | System hardening through configuration management | Preventive | |
| Configure the "SQLServer2005ReportServerUser" registry key permissions to organizational standards. CC ID 09326 | System hardening through configuration management | Preventive | |
| Configure the "SQLServerADHelperUser" registry key permissions to organizational standards. CC ID 09329 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat home" directory user ownership to organizational standards. CC ID 09772 | System hardening through configuration management | Preventive | |
| Configure the "group" setting for the "Tomcat installation" to organizational standards. CC ID 09773 | System hardening through configuration management | Preventive | |
| Configure the "tomcat conf/" directory user ownership to organizational standards. CC ID 09774 | System hardening through configuration management | Preventive | |
| Configure the "tomcat conf/" directory group ownership to organizational standards. CC ID 09775 | System hardening through configuration management | Preventive | |
| Configure the "tomcat-users.xml" file user ownership to organizational standards. CC ID 09776 | System hardening through configuration management | Preventive | |
| Configure the "tomcat-users.xml" file group ownership to organizational standards. CC ID 09777 | System hardening through configuration management | Preventive | |
| Configure the "group membership" setting for "Tomcat" to organizational standards. CC ID 09793 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat home" directory group ownership to organizational standards. CC ID 09798 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat home/conf/" directory user ownership to organizational standards. CC ID 09800 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat home/conf/" directory group ownership to organizational standards. CC ID 09801 | System hardening through configuration management | Preventive | |
| Configure the "system" files permissions to organizational standards. CC ID 09922 | System hardening through configuration management | Preventive | |
| Configure the "size limit" setting for the "application log" to organizational standards. CC ID 10063 | System hardening through configuration management | Preventive | |
| Configure the "restrict guest access to security log" setting to organizational standards. CC ID 10064 | System hardening through configuration management | Preventive | |
| Configure the "size limit" setting for the "system log" to organizational standards. CC ID 10065 | System hardening through configuration management | Preventive | |
| Configure the "Automatic Update service" setting to organizational standards. CC ID 10066 | System hardening through configuration management | Preventive | |
| Configure the "Safe DLL Search Mode" setting to organizational standards. CC ID 10067 | System hardening through configuration management | Preventive | |
| Configure the "screensaver" setting to organizational standards. CC ID 10068 | System hardening through configuration management | Preventive | |
| Configure the "screensaver" setting for the "default" user to organizational standards. CC ID 10069 | System hardening through configuration management | Preventive | |
| Configure the "Enable User Control Over Installs" setting to organizational standards. CC ID 10070 | System hardening through configuration management | Preventive | |
| Configure the "Enable User to Browser for Source While Elevated" setting to organizational standards. CC ID 10071 | System hardening through configuration management | Preventive | |
| Configure the "Enable User to Use Media Source While Elevated" setting to organizational standards. CC ID 10072 | System hardening through configuration management | Preventive | |
| Configure the "Allow Administrator to Install from Terminal Services Session" setting to organizational standards. CC ID 10073 | System hardening through configuration management | Preventive | |
| Configure the "Enable User to Patch Elevated Products" setting to organizational standards. CC ID 10074 | System hardening through configuration management | Preventive | |
| Configure the "Cache Transforms in Secure Location" setting to organizational standards. CC ID 10075 | System hardening through configuration management | Preventive | |
| Configure the "Disable Media Player for automatic updates" setting to organizational standards. CC ID 10076 | System hardening through configuration management | Preventive | |
| Configure the "Internet access for Windows Messenger" setting to organizational standards. CC ID 10077 | System hardening through configuration management | Preventive | |
| Configure the "Do Not Automatically Start Windows Messenger" setting to organizational standards. CC ID 10078 | System hardening through configuration management | Preventive | |
| Configure the "Hide Property Pages" setting for the "task scheduler" to organizational standards. CC ID 10079 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit New Task Creation" setting for the "task scheduler" to organizational standards. CC ID 10080 | System hardening through configuration management | Preventive | |
| Configure "Set time limit for disconnected sessions" to organizational standards. CC ID 10081 | System hardening through configuration management | Preventive | |
| Configure the "Set time limit for idle sessions" setting to organizational standards. CC ID 10082 | System hardening through configuration management | Preventive | |
| Configure the "Enable Keep-Alive Messages" setting to organizational standards. CC ID 10083 | System hardening through configuration management | Preventive | |
| Configure the "Automatic Updates detection frequency" setting to organizational standards. CC ID 10084 | System hardening through configuration management | Preventive | |
| Configure the "TCPMaxPortsExhausted" setting to organizational standards. CC ID 10085 | System hardening through configuration management | Preventive | |
| Configure the "built-in Administrator" account to organizational standards. CC ID 10086 | System hardening through configuration management | Preventive | |
| Configure the "Prevent System Maintenance of Computer Account Password" setting to organizational standards. CC ID 10087 | System hardening through configuration management | Preventive | |
| Configure the "Digitally Sign Client Communication (When Possible)" setting to organizational standards. CC ID 10088 | System hardening through configuration management | Preventive | |
| Configure the "number of SYN-ACK retransmissions sent when attempting to respond to a SYN request" setting to organizational standards. CC ID 10089 | System hardening through configuration management | Preventive | |
| Configure the "warning level" setting for the "audit log" to organizational standards. CC ID 10090 | System hardening through configuration management | Preventive | |
| Configure the "Change Password" setting for the "Ctrl+Alt+Del dialog" to organizational standards. CC ID 10091 | System hardening through configuration management | Preventive | |
| Configure the "account description" setting for the "built-in Administrator" account to organizational standards. CC ID 10092 | System hardening through configuration management | Preventive | |
| Configure the "Decoy Admin Account Not Disabled" setting to organizational standards. CC ID 10201 | System hardening through configuration management | Preventive | |
| Configure the "when maximum log size is reached" setting for the "Application log" to organizational standards. CC ID 10202 | System hardening through configuration management | Preventive | |
| Configure the "password filtering DLL" setting to organizational standards. CC ID 10203 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous access to the registry" setting to organizational standards. CC ID 10204 | System hardening through configuration management | Preventive | |
| Configure the "Automatic Execution" setting for the "System Debugger" to organizational standards. CC ID 10205 | System hardening through configuration management | Preventive | |
| Configure the "CD-ROM Autorun" setting to organizational standards. CC ID 10206 | System hardening through configuration management | Preventive | |
| Configure the "ResetBrowser Frames" setting to organizational standards. CC ID 10207 | System hardening through configuration management | Preventive | |
| Configure the "Dr. Watson Crash Dumps" setting to organizational standards. CC ID 10208 | System hardening through configuration management | Preventive | |
| Configure the "File System Checker and Popups" setting to organizational standards. CC ID 10209 | System hardening through configuration management | Preventive | |
| Configure the "System File Checker" setting to organizational standards. CC ID 10210 | System hardening through configuration management | Preventive | |
| Configure the "System File Checker Progress Meter" setting to organizational standards. CC ID 10211 | System hardening through configuration management | Preventive | |
| Configure the "number of TCP/IP Maximum Half-open Sockets" setting to organizational standards. CC ID 10212 | System hardening through configuration management | Preventive | |
| Configure the "number of TCP/IP Maximum Retried Half-open Sockets" setting to organizational standards. CC ID 10213 | System hardening through configuration management | Preventive | |
| Configure the "Protect Kernel object attributes" setting to organizational standards. CC ID 10214 | System hardening through configuration management | Preventive | |
| Configure the "Unsigned Non-Driver Installation Behavior" setting to organizational standards. CC ID 10215 | System hardening through configuration management | Preventive | |
| Configure the "Automatically Log Off Users When Logon Time Expires (local)" setting to organizational standards. CC ID 10216 | System hardening through configuration management | Preventive | |
| Configure the "Local volumes" setting to organizational standards. CC ID 10217 | System hardening through configuration management | Preventive | |
| Configure the "Unused USB Ports" setting to organizational standards. CC ID 10218 | System hardening through configuration management | Preventive | |
| Configure the "Set Safe for Scripting" setting to organizational standards. CC ID 10219 | System hardening through configuration management | Preventive | |
| Configure the "Use of the Recycle Bin on file deletion" setting to organizational standards. CC ID 10220 | System hardening through configuration management | Preventive | |
| Configure the "Membership in the Power Users group" setting to organizational standards. CC ID 10224 | System hardening through configuration management | Preventive | |
| Configure the "AutoBackupLogFiles" setting for the "security log" to organizational standards. CC ID 10225 | System hardening through configuration management | Preventive | |
| Configure the "AutoBackupLogFiles" setting for the "application log" to organizational standards. CC ID 10226 | System hardening through configuration management | Preventive | |
| Configure the "AutoBackupLogFiles" setting for the "system log" to organizational standards. CC ID 10227 | System hardening through configuration management | Preventive | |
| Configure the "Syskey Encryption Key location and password method" setting to organizational standards. CC ID 10228 | System hardening through configuration management | Preventive | |
| Configure the "Os2LibPath environmental variable" setting to organizational standards. CC ID 10229 | System hardening through configuration management | Preventive | |
| Configure the "path to the Microsoft OS/2 version 1.x library" setting to organizational standards. CC ID 10230 | System hardening through configuration management | Preventive | |
| Configure the "location of the OS/2 subsystem" setting to organizational standards. CC ID 10231 | System hardening through configuration management | Preventive | |
| Configure the "location of the POSIX subsystem" setting to organizational standards. CC ID 10232 | System hardening through configuration management | Preventive | |
| Configure the "path to the debugger used for Just-In-Time debugging" setting to organizational standards. CC ID 10234 | System hardening through configuration management | Preventive | |
| Configure the "Distributed Component Object Model (DCOM)" setting to organizational standards. CC ID 10235 | System hardening through configuration management | Preventive | |
| Configure the "The "encryption algorithm" setting for "EFS"" setting to organizational standards. CC ID 10236 | System hardening through configuration management | Preventive | |
| Configure the "Interix Subsystem Startup service startup type" setting to organizational standards. CC ID 10238 | System hardening through configuration management | Preventive | |
| Configure the "Services for Unix Perl Socket service startup type" setting to organizational standards. CC ID 10247 | System hardening through configuration management | Preventive | |
| Configure the "Services for Unix Windows Cron service startup type" setting to organizational standards. CC ID 10248 | System hardening through configuration management | Preventive | |
| Configure the "fDisableCdm" setting to organizational standards. CC ID 10259 | System hardening through configuration management | Preventive | |
| Configure the "fDisableClip" setting to organizational standards. CC ID 10260 | System hardening through configuration management | Preventive | |
| Configure the "Inheritance of the shadow setting" setting to organizational standards. CC ID 10261 | System hardening through configuration management | Preventive | |
| Configure the "remote control configuration" setting to organizational standards. CC ID 10262 | System hardening through configuration management | Preventive | |
| Configure the "fDisableCam" setting to organizational standards. CC ID 10263 | System hardening through configuration management | Preventive | |
| Configure the "fDisableCcm" setting to organizational standards. CC ID 10264 | System hardening through configuration management | Preventive | |
| Configure the "fDisableLPT" setting to organizational standards. CC ID 10265 | System hardening through configuration management | Preventive | |
| Configure the "ActiveX installation policy for sites in Trusted zones" setting to organizational standards. CC ID 10691 | System hardening through configuration management | Preventive | |
| Configure the "Add the Administrators security group to roaming user profiles" setting to organizational standards. CC ID 10694 | System hardening through configuration management | Preventive | |
| Configure the "Administratively assigned offline files" setting to organizational standards. CC ID 10695 | System hardening through configuration management | Preventive | |
| Configure the "Apply policy to removable media" setting to organizational standards. CC ID 10756 | System hardening through configuration management | Preventive | |
| Configure the "Baseline file cache maximum size" setting to organizational standards. CC ID 10763 | System hardening through configuration management | Preventive | |
| Configure the "Check for New Signatures Before Scheduled Scans" setting to organizational standards. CC ID 10770 | System hardening through configuration management | Preventive | |
| Configure the "Check published state" setting to organizational standards. CC ID 10771 | System hardening through configuration management | Preventive | |
| Configure the "Communities" setting to organizational standards. CC ID 10772 | System hardening through configuration management | Preventive | |
| Configure the "Computer location" setting to organizational standards. CC ID 10773 | System hardening through configuration management | Preventive | |
| Configure the "Background Sync" setting to organizational standards. CC ID 10775 | System hardening through configuration management | Preventive | |
| Configure the "Corporate Windows Error Reporting" setting to organizational standards. CC ID 10777 | System hardening through configuration management | Preventive | |
| Configure the "Corrupted File Recovery Behavior" setting to organizational standards. CC ID 10778 | System hardening through configuration management | Preventive | |
| Configure the "Default consent" setting to organizational standards. CC ID 10780 | System hardening through configuration management | Preventive | |
| Configure the "list of IEEE 1667 silos usable on your computer" setting to organizational standards. CC ID 10792 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft SpyNet Reporting" setting to organizational standards. CC ID 10794 | System hardening through configuration management | Preventive | |
| Configure the "MSI Corrupted File Recovery Behavior" setting to organizational standards. CC ID 10795 | System hardening through configuration management | Preventive | |
| Configure the "Reliability WMI Providers" setting to organizational standards. CC ID 10804 | System hardening through configuration management | Preventive | |
| Configure the "Report Archive" setting to organizational standards. CC ID 10805 | System hardening through configuration management | Preventive | |
| Configure the "Report Queue" setting to organizational standards. CC ID 10806 | System hardening through configuration management | Preventive | |
| Configure the "root certificate clean up" setting to organizational standards. CC ID 10807 | System hardening through configuration management | Preventive | |
| Configure the "Security Policy for Scripted Diagnostics" setting to organizational standards. CC ID 10816 | System hardening through configuration management | Preventive | |
| Configure the "list of blocked TPM commands" setting to organizational standards. CC ID 10822 | System hardening through configuration management | Preventive | |
| Configure the "refresh interval for Server Manager" setting to organizational standards. CC ID 10823 | System hardening through configuration management | Preventive | |
| Configure the "server address, refresh interval, and issuer certificate authority of a target Subscription Manager" setting to organizational standards. CC ID 10824 | System hardening through configuration management | Preventive | |
| Configure the "Customize consent settings" setting to organizational standards. CC ID 10837 | System hardening through configuration management | Preventive | |
| Configure the "Default behavior for AutoRun" setting to organizational standards. CC ID 10839 | System hardening through configuration management | Preventive | |
| Configure the "Define Activation Security Check exemptions" setting to organizational standards. CC ID 10841 | System hardening through configuration management | Preventive | |
| Configure the "Define host name-to-Kerberos realm mappings" setting to organizational standards. CC ID 10842 | System hardening through configuration management | Preventive | |
| Configure the "Define interoperable Kerberos V5 realm settings" setting to organizational standards. CC ID 10843 | System hardening through configuration management | Preventive | |
| Configure the "Delay Restart for scheduled installations" setting to organizational standards. CC ID 10844 | System hardening through configuration management | Preventive | |
| Configure the "Delete cached copies of roaming profiles" setting to organizational standards. CC ID 10845 | System hardening through configuration management | Preventive | |
| Configure the "Delete user profiles older than a specified number of days on system restart" setting to organizational standards. CC ID 10847 | System hardening through configuration management | Preventive | |
| Configure the "Diagnostics: Configure scenario retention" setting to organizational standards. CC ID 10857 | System hardening through configuration management | Preventive | |
| Configure the "Directory pruning interval" setting to organizational standards. CC ID 10858 | System hardening through configuration management | Preventive | |
| Configure the "Directory pruning priority" setting to organizational standards. CC ID 10859 | System hardening through configuration management | Preventive | |
| Configure the "Directory pruning retry" setting to organizational standards. CC ID 10860 | System hardening through configuration management | Preventive | |
| Configure the "Disk Diagnostic: Configure custom alert text" setting to organizational standards. CC ID 10882 | System hardening through configuration management | Preventive | |
| Configure the "Display Shutdown Event Tracker" setting to organizational standards. CC ID 10888 | System hardening through configuration management | Preventive | |
| Configure the "Display string when smart card is blocked" setting to organizational standards. CC ID 10889 | System hardening through configuration management | Preventive | |
| Configure the "Do not automatically encrypt files moved to encrypted folders" setting to organizational standards. CC ID 10924 | System hardening through configuration management | Preventive | |
| Configure the "Do not check for user ownership of Roaming Profile Folders" setting to organizational standards. CC ID 10925 | System hardening through configuration management | Preventive | |
| Configure the "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" setting to organizational standards. CC ID 10932 | System hardening through configuration management | Preventive | |
| Configure the "Do not send additional data" machine setting should be configured correctly. to organizational standards. CC ID 10934 | System hardening through configuration management | Preventive | |
| Configure the "Domain Controller Address Type Returned" setting to organizational standards. CC ID 10939 | System hardening through configuration management | Preventive | |
| Configure the "Domain Location Determination URL" setting to organizational standards. CC ID 10940 | System hardening through configuration management | Preventive | |
| Configure the "Don't set the always do this checkbox" setting to organizational standards. CC ID 10941 | System hardening through configuration management | Preventive | |
| Configure the "Download missing COM components" setting to organizational standards. CC ID 10942 | System hardening through configuration management | Preventive | |
| Configure the "Dynamic Update" setting to organizational standards. CC ID 10944 | System hardening through configuration management | Preventive | |
| Configure the "Enable client-side targeting" setting to organizational standards. CC ID 10946 | System hardening through configuration management | Preventive | |
| Configure the "Enable NTFS pagefile encryption" setting to organizational standards. CC ID 10948 | System hardening through configuration management | Preventive | |
| Configure the "Enable Persistent Time Stamp" setting to organizational standards. CC ID 10949 | System hardening through configuration management | Preventive | |
| Configure the "Enable Transparent Caching" setting to organizational standards. CC ID 10950 | System hardening through configuration management | Preventive | |
| Configure the "Enable Windows NTP Client" setting to organizational standards. CC ID 10951 | System hardening through configuration management | Preventive | |
| Configure the "Enable Windows NTP Server" setting to organizational standards. CC ID 10952 | System hardening through configuration management | Preventive | |
| Configure the "Encrypt the Offline Files cache" setting to organizational standards. CC ID 10955 | System hardening through configuration management | Preventive | |
| Configure the "Enforce upgrade component rules" setting to organizational standards. CC ID 10958 | System hardening through configuration management | Preventive | |
| Configure the "Events.asp program" setting to organizational standards. CC ID 10959 | System hardening through configuration management | Preventive | |
| Configure the "Events.asp program command line parameters" setting to organizational standards. CC ID 10960 | System hardening through configuration management | Preventive | |
| Configure the "Events.asp URL" setting to organizational standards. CC ID 10961 | System hardening through configuration management | Preventive | |
| Configure the "Exclude credential providers" setting to organizational standards. CC ID 10962 | System hardening through configuration management | Preventive | |
| Configure the "Exclude files from being cached" setting to organizational standards. CC ID 10963 | System hardening through configuration management | Preventive | |
| Configure the "Final DC Discovery Retry Setting for Background Callers" setting to organizational standards. CC ID 10968 | System hardening through configuration management | Preventive | |
| Configure the "For tablet pen input, don't show the Input Panel icon" setting to organizational standards. CC ID 10973 | System hardening through configuration management | Preventive | |
| Configure the "For touch input, don't show the Input Panel icon" setting to organizational standards. CC ID 10974 | System hardening through configuration management | Preventive | |
| Configure the "Force Rediscovery Interval" setting to organizational standards. CC ID 10975 | System hardening through configuration management | Preventive | |
| Configure the "Force selected system UI language to overwrite the user UI language" setting to organizational standards. CC ID 10976 | System hardening through configuration management | Preventive | |
| Configure the "Force the reading of all certificates from the smart card" setting to organizational standards. CC ID 10977 | System hardening through configuration management | Preventive | |
| Configure the "ForwarderResourceUsage" setting to organizational standards. CC ID 10978 | System hardening through configuration management | Preventive | |
| Configure the "Global Configuration Settings" setting to organizational standards. CC ID 10979 | System hardening through configuration management | Preventive | |
| Configure the "Hash Publication for BranchCache" setting to organizational standards. CC ID 10986 | System hardening through configuration management | Preventive | |
| Configure the "Hide entry points for Fast User Switching" setting to organizational standards. CC ID 10987 | System hardening through configuration management | Preventive | |
| Configure the "Hide notifications about RD Licensing problems that affect the RD Session Host server" setting to organizational standards. CC ID 10988 | System hardening through configuration management | Preventive | |
| Configure the "Hide previous versions list for local files" setting to organizational standards. CC ID 10989 | System hardening through configuration management | Preventive | |
| Configure the "Hide previous versions of files on backup location" setting to organizational standards. CC ID 10991 | System hardening through configuration management | Preventive | |
| Configure the "Ignore custom consent settings" setting to organizational standards. CC ID 10992 | System hardening through configuration management | Preventive | |
| Configure the "Ignore Delegation Failure" setting to organizational standards. CC ID 10993 | System hardening through configuration management | Preventive | |
| Configure the "Ignore the default list of blocked TPM commands" setting to organizational standards. CC ID 10994 | System hardening through configuration management | Preventive | |
| Configure the "Ignore the local list of blocked TPM commands" setting to organizational standards. CC ID 10995 | System hardening through configuration management | Preventive | |
| Configure the "Include rarely used Chinese, Kanji, or Hanja characters" setting to organizational standards. CC ID 10996 | System hardening through configuration management | Preventive | |
| Configure the "Initial DC Discovery Retry Setting for Background Callers" setting to organizational standards. CC ID 10997 | System hardening through configuration management | Preventive | |
| Configure the "IP-HTTPS State" setting to organizational standards. CC ID 11000 | System hardening through configuration management | Preventive | |
| Configure the "ISATAP Router Name" setting to organizational standards. CC ID 11001 | System hardening through configuration management | Preventive | |
| Configure the "ISATAP State" setting to organizational standards. CC ID 11002 | System hardening through configuration management | Preventive | |
| Configure the "License server security group" setting to organizational standards. CC ID 11005 | System hardening through configuration management | Preventive | |
| Configure the "List of applications to be excluded" setting to organizational standards. CC ID 11023 | System hardening through configuration management | Preventive | |
| Configure the "Lock Enhanced Storage when the computer is locked" setting to organizational standards. CC ID 11025 | System hardening through configuration management | Preventive | |
| Configure the "Make Parental Controls control panel visible on a Domain" setting to organizational standards. CC ID 11039 | System hardening through configuration management | Preventive | |
| Configure the "MaxConcurrentUsers" setting to organizational standards. CC ID 11040 | System hardening through configuration management | Preventive | |
| Configure the "Maximum DC Discovery Retry Interval Setting for Background Callers" setting to organizational standards. CC ID 11041 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" setting to organizational standards. CC ID 11045 | System hardening through configuration management | Preventive | |
| Configure the "Negative DC Discovery Cache Setting" setting to organizational standards. CC ID 11047 | System hardening through configuration management | Preventive | |
| Configure the "Non-conforming packets" setting to organizational standards. CC ID 11053 | System hardening through configuration management | Preventive | |
| Configure the "Notify blocked drivers" setting to organizational standards. CC ID 11054 | System hardening through configuration management | Preventive | |
| Configure the "Notify user of successful smart card driver installation" setting to organizational standards. CC ID 11055 | System hardening through configuration management | Preventive | |
| Configure the "Permitted Managers" setting to organizational standards. CC ID 11062 | System hardening through configuration management | Preventive | |
| Configure the "Positive Periodic DC Cache Refresh for Background Callers" setting to organizational standards. CC ID 11063 | System hardening through configuration management | Preventive | |
| Configure the "Positive Periodic DC Cache Refresh for Non-Background Callers" setting to organizational standards. CC ID 11064 | System hardening through configuration management | Preventive | |
| Configure the "Prioritize all digitally signed drivers equally during the driver ranking and selection process" setting to organizational standards. CC ID 11098 | System hardening through configuration management | Preventive | |
| Configure the "Prompt for credentials on the client computer" setting to organizational standards. CC ID 11108 | System hardening through configuration management | Preventive | |
| Configure the "Propagation of extended error information" setting to organizational standards. CC ID 11110 | System hardening through configuration management | Preventive | |
| Configure the "Register PTR Records" setting to organizational standards. CC ID 11121 | System hardening through configuration management | Preventive | |
| Configure the "Registration Refresh Interval" setting to organizational standards. CC ID 11122 | System hardening through configuration management | Preventive | |
| Configure the "Remove Program Compatibility Property Page" setting to organizational standards. CC ID 11128 | System hardening through configuration management | Preventive | |
| Configure the "Remove users ability to invoke machine policy refresh" setting to organizational standards. CC ID 11129 | System hardening through configuration management | Preventive | |
| Configure the "Remove Windows Security item from Start menu" setting to organizational standards. CC ID 11130 | System hardening through configuration management | Preventive | |
| Configure the "Re-prompt for restart with scheduled installations" setting to organizational standards. CC ID 11131 | System hardening through configuration management | Preventive | |
| Configure the "Require secure RPC communication" setting to organizational standards. CC ID 11134 | System hardening through configuration management | Preventive | |
| Configure the "Require strict KDC validation" setting to organizational standards. CC ID 11135 | System hardening through configuration management | Preventive | |
| Configure the "Reverse the subject name stored in a certificate when displaying" setting to organizational standards. CC ID 11148 | System hardening through configuration management | Preventive | |
| Configure the "RPC Troubleshooting State Information" setting to organizational standards. CC ID 11150 | System hardening through configuration management | Preventive | |
| Configure the "Run shutdown scripts visible" setting to organizational standards. CC ID 11152 | System hardening through configuration management | Preventive | |
| Configure the "Run startup scripts asynchronously" setting to organizational standards. CC ID 11153 | System hardening through configuration management | Preventive | |
| Configure the "Run startup scripts visible" setting to organizational standards. CC ID 11154 | System hardening through configuration management | Preventive | |
| Configure the "Scavenge Interval" setting to organizational standards. CC ID 11158 | System hardening through configuration management | Preventive | |
| Configure the "Server Authentication Certificate Template" setting to organizational standards. CC ID 11170 | System hardening through configuration management | Preventive | |
| Configure the "Set BranchCache Distributed Cache mode" setting to organizational standards. CC ID 11172 | System hardening through configuration management | Preventive | |
| Configure the "Set BranchCache Hosted Cache mode" setting to organizational standards. CC ID 11173 | System hardening through configuration management | Preventive | |
| Configure the "Set compression algorithm for RDP data" setting to organizational standards. CC ID 11174 | System hardening through configuration management | Preventive | |
| Configure the "Set percentage of disk space used for client computer cache" setting to organizational standards. CC ID 11177 | System hardening through configuration management | Preventive | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Global" to organizational standards. CC ID 11178 | System hardening through configuration management | Preventive | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Site Local" to organizational standards. CC ID 11180 | System hardening through configuration management | Preventive | |
| Configure the "Set the Email IDs to which notifications are to be sent" setting to organizational standards. CC ID 11184 | System hardening through configuration management | Preventive | |
| Configure the "Set the map update interval for NIS subordinate servers" setting to organizational standards. CC ID 11186 | System hardening through configuration management | Preventive | |
| Configure the "Set the Seed Server" setting for "IPv6 Global" to organizational standards. CC ID 11189 | System hardening through configuration management | Preventive | |
| Configure the "Set the Seed Server" setting for "IPv6 Site Local" to organizational standards. CC ID 11191 | System hardening through configuration management | Preventive | |
| Configure the "Set the SMTP Server used to send notifications" setting to organizational standards. CC ID 11192 | System hardening through configuration management | Preventive | |
| Configure the "Set timer resolution" setting to organizational standards. CC ID 11196 | System hardening through configuration management | Preventive | |
| Configure the "Sets how often a DFS Client discovers DC's" setting to organizational standards. CC ID 11199 | System hardening through configuration management | Preventive | |
| Configure the "Short name creation options" setting to organizational standards. CC ID 11200 | System hardening through configuration management | Preventive | |
| Configure the "Site Name" setting to organizational standards. CC ID 11201 | System hardening through configuration management | Preventive | |
| Configure the "Specify a default color" setting to organizational standards. CC ID 11208 | System hardening through configuration management | Preventive | |
| Configure the "Specify idle Timeout" setting to organizational standards. CC ID 11210 | System hardening through configuration management | Preventive | |
| Configure the "Specify maximum amount of memory in MB per Shell" setting to organizational standards. CC ID 11211 | System hardening through configuration management | Preventive | |
| Configure the "Specify maximum number of processes per Shell" setting to organizational standards. CC ID 11212 | System hardening through configuration management | Preventive | |
| Configure the "Specify Shell Timeout" setting to organizational standards. CC ID 11216 | System hardening through configuration management | Preventive | |
| Configure the "Specify Windows installation file location" setting to organizational standards. CC ID 11225 | System hardening through configuration management | Preventive | |
| Configure the "Specify Windows Service Pack installation file location" setting to organizational standards. CC ID 11226 | System hardening through configuration management | Preventive | |
| Configure the "SSL Cipher Suite Order" setting to organizational standards. CC ID 11227 | System hardening through configuration management | Preventive | |
| Configure the "Switch to the Simplified Chinese (PRC) gestures" setting to organizational standards. CC ID 11230 | System hardening through configuration management | Preventive | |
| Configure the "Sysvol share compatibility" setting to organizational standards. CC ID 11231 | System hardening through configuration management | Preventive | |
| Configure the "Tag Windows Customer Experience Improvement data with Study Identifier" setting to organizational standards. CC ID 11232 | System hardening through configuration management | Preventive | |
| Configure the "Teredo Client Port" setting to organizational standards. CC ID 11236 | System hardening through configuration management | Preventive | |
| Configure the "Teredo Default Qualified" setting to organizational standards. CC ID 11237 | System hardening through configuration management | Preventive | |
| Configure the "Teredo Refresh Rate" setting to organizational standards. CC ID 11238 | System hardening through configuration management | Preventive | |
| Configure the "Teredo Server Name" setting to organizational standards. CC ID 11239 | System hardening through configuration management | Preventive | |
| Configure the "Teredo State" setting to organizational standards. CC ID 11240 | System hardening through configuration management | Preventive | |
| Configure the "Time (in seconds) to force reboot" setting to organizational standards. CC ID 11242 | System hardening through configuration management | Preventive | |
| Configure the "Time (in seconds) to force reboot when required for policy changes to take effect" setting to organizational standards. CC ID 11243 | System hardening through configuration management | Preventive | |
| Configure the "Timeout for fast user switching events" setting to organizational standards. CC ID 11244 | System hardening through configuration management | Preventive | |
| Configure the "Traps for public community" setting to organizational standards. CC ID 11246 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Hosts" setting to organizational standards. CC ID 11249 | System hardening through configuration management | Preventive | |
| Configure the "Try Next Closest Site" setting to organizational standards. CC ID 11250 | System hardening through configuration management | Preventive | |
| Configure the "TTL Set in the A and PTR records" setting to organizational standards. CC ID 11251 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Accounting for WSRM" setting to organizational standards. CC ID 11333 | System hardening through configuration management | Preventive | |
| Configure the "Turn on BranchCache" setting to organizational standards. CC ID 11334 | System hardening through configuration management | Preventive | |
| Configure the "Turn on certificate propagation from smart card" setting to organizational standards. CC ID 11335 | System hardening through configuration management | Preventive | |
| Configure the "Turn On Compatibility HTTP Listener" setting to organizational standards. CC ID 11336 | System hardening through configuration management | Preventive | |
| Configure the "Turn On Compatibility HTTPS Listener" setting to organizational standards. CC ID 11337 | System hardening through configuration management | Preventive | |
| Configure the "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" setting to organizational standards. CC ID 11338 | System hardening through configuration management | Preventive | |
| Configure the "Turn on definition updates through both WSUS and Windows Update" setting to organizational standards. CC ID 11339 | System hardening through configuration management | Preventive | |
| Configure the "Turn on economical application of administratively assigned Offline Files" setting to organizational standards. CC ID 11342 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Mapper I/O (LLTDIO) driver" setting to organizational standards. CC ID 11346 | System hardening through configuration management | Preventive | |
| Configure the "Turn on recommended updates via Automatic Updates" setting to organizational standards. CC ID 11347 | System hardening through configuration management | Preventive | |
| Configure the "Turn on root certificate propagation from smart card" setting to organizational standards. CC ID 11349 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Software Notifications" setting to organizational standards. CC ID 11352 | System hardening through configuration management | Preventive | |
| Configure the "Turn on TPM backup to Active Directory Domain Services" setting to organizational standards. CC ID 11356 | System hardening through configuration management | Preventive | |
| Configure the "Use forest search order" setting for "Key Distribution Center (KDC) searches" to organizational standards. CC ID 11359 | System hardening through configuration management | Preventive | |
| Configure the "Use forest search order" setting for "Kerberos client searches" to organizational standards. CC ID 11360 | System hardening through configuration management | Preventive | |
| Configure the "Use IP Address Redirection" setting to organizational standards. CC ID 11361 | System hardening through configuration management | Preventive | |
| Configure the "Use localized subfolder names when redirecting Start Menu and My Documents" setting to organizational standards. CC ID 11362 | System hardening through configuration management | Preventive | |
| Configure the "Use mandatory profiles on the RD Session Host server" setting to organizational standards. CC ID 11363 | System hardening through configuration management | Preventive | |
| Configure the "Verbose vs normal status messages" setting to organizational standards. CC ID 11368 | System hardening through configuration management | Preventive | |
| Configure the "Verify old and new Folder Redirection targets point to the same share before redirecting" setting to organizational standards. CC ID 11369 | System hardening through configuration management | Preventive | |
| Configure the "Windows Scaling Heuristics State" setting to organizational standards. CC ID 11372 | System hardening through configuration management | Preventive | |
| Configure the "Obtain Software Package Updates with apt-get" setting to organizational standards. CC ID 11375 | System hardening through configuration management | Preventive | |
| Configure the "display a banner before authentication" setting for "LightDM" to organizational standards. CC ID 11385 | System hardening through configuration management | Preventive | |
| Configure the "shadow" group to organizational standards. CC ID 11386 | System hardening through configuration management | Preventive | |
| Configure the "AppArmor" setting to organizational standards. CC ID 11387 | System hardening through configuration management | Preventive | |
| Configure knowledge-based authentication tools in accordance with organizational standards. CC ID 13740 | System hardening through configuration management | Preventive | |
| Configure the session timeout for the knowledge-based authentication tool used for the identity proofing process according to organizational standards. CC ID 13754 | System hardening through configuration management | Preventive | |
| Configure the knowledge-based authentication tool to restart after a session timeout. CC ID 13753 | System hardening through configuration management | Preventive | |
| Configure the number of attempts allowed to complete the knowledge-based authentication in the knowledge-based authentication tool. CC ID 13751 | System hardening through configuration management | Preventive | |
| Disable or configure the e-mail server, as necessary. CC ID 06563 | System hardening through configuration management | Preventive | |
| Configure e-mail servers to enable receiver-side verification. CC ID 12223 | System hardening through configuration management | Preventive | |
| Configure the e-mail server to prevent it from listening to external interfaces. CC ID 01561 | System hardening through configuration management | Preventive | |
| Configure the "Local-Only Mode" setting for the "Mail Transfer Agent" to organizational standards. CC ID 09940 | System hardening through configuration management | Preventive | |
| Configure the system account settings and the permission settings in accordance with the organizational standards. CC ID 01538 | System hardening through configuration management | Preventive | |
| Configure Windows User Account Control in accordance with organizational standards. CC ID 16437 | System hardening through configuration management | Preventive | |
| Configure the at.allow file with the users who are permitted to use the at facility, as appropriate. CC ID 06005 | System hardening through configuration management | Preventive | |
| Configure the /etc/xinetd.conf file group permissions, as appropriate. CC ID 05994 | System hardening through configuration management | Preventive | |
| Create the default adduser.conf file. CC ID 01581 | System hardening through configuration management | Preventive | |
| Configure user accounts. CC ID 07036 | System hardening through configuration management | Preventive | |
| Configure account expiration parameters on active accounts. CC ID 01580 | System hardening through configuration management | Preventive | |
| Change default usernames, as necessary. CC ID 14661 | System hardening through configuration management | Corrective | |
| Remove unnecessary default accounts. CC ID 01539 | System hardening through configuration management | Preventive | |
| Disable or delete shared User IDs. CC ID 12478 | System hardening through configuration management | Corrective | |
| Verify that no UID 0 accounts exist other than root. CC ID 01585 | System hardening through configuration management | Detective | |
| Disable or delete generic user IDs. CC ID 12479 | System hardening through configuration management | Corrective | |
| Disable all unnecessary user identifiers. CC ID 02185 | System hardening through configuration management | Preventive | |
| Remove unnecessary user credentials. CC ID 16409 | System hardening through configuration management | Preventive | |
| Remove the root user as appropriate. CC ID 01582 | System hardening through configuration management | Preventive | |
| Disable or remove the null account. CC ID 06572 | System hardening through configuration management | Preventive | |
| Configure accounts with administrative privilege. CC ID 07033 | System hardening through configuration management | Preventive | |
| Disable root logons or limit the logons to the system console. CC ID 01573 | System hardening through configuration management | Preventive | |
| Encrypt non-console administrative access. CC ID 00883 | System hardening through configuration management | Preventive | |
| Configure the default group for the root user. CC ID 01586 | System hardening through configuration management | Preventive | |
| Rename or disable the Administrator Account. CC ID 01721 | System hardening through configuration management | Preventive | |
| Create a backup administrator account. CC ID 04497 | System hardening through configuration management | Preventive | |
| Configure the general user ID parameters. CC ID 02186 | System hardening through configuration management | Preventive | |
| Configure the Master user ID parameters inside the Site Management Complex. CC ID 02187 | System hardening through configuration management | Preventive | |
| Configure the subadministrators user ID parameters. CC ID 02188 | System hardening through configuration management | Preventive | |
| Configure the user account expiration date. CC ID 07101 | System hardening through configuration management | Preventive | |
| Configure User Rights. CC ID 07034 | System hardening through configuration management | Preventive | |
| Configure the "Access this computer from the network" User Right. CC ID 01834 | System hardening through configuration management | Preventive | |
| Configure the "Act as a part of the operating system" User Right. CC ID 01835 | System hardening through configuration management | Preventive | |
| Configure the "Add workstations to domain" User Right setting to organizational standards. CC ID 01836 | System hardening through configuration management | Preventive | |
| Configure the "Adjust memory quotas for a process" User Right. CC ID 01837 | System hardening through configuration management | Preventive | |
| Configure the "Allow log on through Terminal Services" User Right setting to organizational standards. CC ID 01838 | System hardening through configuration management | Preventive | |
| Configure the "Back up files and directories" User Right. CC ID 01839 | System hardening through configuration management | Preventive | |
| Configure the "Bypass traverse checking" User Right. CC ID 01840 | System hardening through configuration management | Preventive | |
| Configure the "Change the system time" User Right. CC ID 01841 | System hardening through configuration management | Preventive | |
| Configure the "Change the time zone" User Right. CC ID 04382 | System hardening through configuration management | Preventive | |
| Configure the "Create a pagefile" User Right. CC ID 01842 | System hardening through configuration management | Preventive | |
| Configure the "Create a token object" User Right. CC ID 01843 | System hardening through configuration management | Preventive | |
| Configure the "Create permanent shared objects" User Right. CC ID 01844 | System hardening through configuration management | Preventive | |
| Configure the "Debug programs" User Right. CC ID 01845 | System hardening through configuration management | Preventive | |
| Configure the "Deny access to this computer from the network" User Right. CC ID 01846 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on as a batch job" User Right setting to organizational standards. CC ID 01847 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on as a service" User Right setting to organizational standards. CC ID 01848 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on locally" User Right setting to organizational standards. CC ID 01849 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on through Terminal Service" User Right setting to organizational standards. CC ID 01850 | System hardening through configuration management | Preventive | |
| Configure the "Enable computer and user accounts to be trusted for delegation" User Right. CC ID 01851 | System hardening through configuration management | Preventive | |
| Configure the "Force shutdown from a remote system" User Right. CC ID 01852 | System hardening through configuration management | Preventive | |
| Configure the "Generate security audits" User Right. CC ID 01853 | System hardening through configuration management | Preventive | |
| Configure the "Increase scheduling priority" User Right. CC ID 01854 | System hardening through configuration management | Preventive | |
| Configure the "Load and unload device drivers" User Right. CC ID 01855 | System hardening through configuration management | Preventive | |
| Configure the "Lock pages in memory" User Right. CC ID 01856 | System hardening through configuration management | Preventive | |
| Configure the "Lock Inactive User Accounts" setting to organizational standards. CC ID 09921 | System hardening through configuration management | Preventive | |
| Configure the "Log on as a batch job" User Right. CC ID 01857 | System hardening through configuration management | Preventive | |
| Configure the "Log on as a service" User Right. CC ID 01858 | System hardening through configuration management | Preventive | |
| Configure the "Allow log on locally" User Right setting to organizational standards. CC ID 01859 | System hardening through configuration management | Preventive | |
| Configure the "Manage auditing and security log" User Right. CC ID 01860 | System hardening through configuration management | Preventive | |
| Configure the "Modify firmware environment values" User Right. CC ID 01861 | System hardening through configuration management | Preventive | |
| Configure the "Perform volume maintenance tasks" User Right. CC ID 01862 | System hardening through configuration management | Preventive | |
| Configure the "Profile single process" User Right. CC ID 01863 | System hardening through configuration management | Preventive | |
| Configure the "Profile system performance" User Right. CC ID 01864 | System hardening through configuration management | Preventive | |
| Configure the "Remove computer from docking station" User Right. CC ID 01865 | System hardening through configuration management | Preventive | |
| Configure the "Replace a process level token" User Right. CC ID 01866 | System hardening through configuration management | Preventive | |
| Configure the "Restore files and directories" User Right. CC ID 01867 | System hardening through configuration management | Preventive | |
| Configure the "Shut down the system" User Right. CC ID 01868 | System hardening through configuration management | Preventive | |
| Configure the "Synchronize directory service data" User Right setting to organizational standards. CC ID 01869 | System hardening through configuration management | Preventive | |
| Configure the "Take ownership of files or other objects" User Right. CC ID 01870 | System hardening through configuration management | Preventive | |
| Configure the "Create global objects" User Right. CC ID 04383 | System hardening through configuration management | Preventive | |
| Configure the "Create symbolic links" User Right. CC ID 04384 | System hardening through configuration management | Preventive | |
| Configure the "Impersonate a client after authentication" User Right. CC ID 04385 | System hardening through configuration management | Preventive | |
| Configure the "Increase a process working set" User Right. CC ID 04386 | System hardening through configuration management | Preventive | |
| Configure file permissions and directory permissions to organizational standards. CC ID 07035 | System hardening through configuration management | Preventive | |
| Configure "SYSVOL" to organizational standards. CC ID 15398 | System hardening through configuration management | Preventive | |
| Configure the Cron log file permissions, as appropriate. CC ID 05998 | System hardening through configuration management | Preventive | |
| Configure the "docker.service" file ownership to organizational standards. CC ID 14477 | System hardening through configuration management | Preventive | |
| Verify uneven file permissions and uneven directory permissions do not occur, except on the WWW directory. CC ID 02159 | System hardening through configuration management | Preventive | |
| Configure the "/dev/kmem" file permissions to organizational standards. CC ID 05449 | System hardening through configuration management | Preventive | |
| Configure the "/dev/mem" file permissions to organizational standards. CC ID 05450 | System hardening through configuration management | Preventive | |
| Configure the "/dev/null" file permissions to organizational standards. CC ID 05451 | System hardening through configuration management | Preventive | |
| Configure the "resolv.conf" file permissions to organizational standards. CC ID 05452 | System hardening through configuration management | Preventive | |
| Configure the "/etc/named.conf" file permissions to organizational standards. CC ID 05453 | System hardening through configuration management | Preventive | |
| Configure the "/etc/group" file permissions to organizational standards. CC ID 05454 | System hardening through configuration management | Preventive | |
| Set the /etc/exports file file permissions properly. CC ID 05455 | System hardening through configuration management | Preventive | |
| Set the /usr/bin/at file file permissions properly. CC ID 05456 | System hardening through configuration management | Preventive | |
| Configure the "/usr/bin/rdist" file permissions to organizational standards. CC ID 05457 | System hardening through configuration management | Preventive | |
| Configure the "/usr/sbin/sync" file permissions to organizational standards. CC ID 05458 | System hardening through configuration management | Preventive | |
| Configure the "aliases" file permissions to organizational standards. CC ID 05460 | System hardening through configuration management | Preventive | |
| Set the file permissions for all files executed through /etc/aliases file entries properly. CC ID 05462 | System hardening through configuration management | Preventive | |
| Configure the "/bin/csh" file permissions to organizational standards. CC ID 05463 | System hardening through configuration management | Preventive | |
| Configure the "/bin/jsh" file permissions to organizational standards. CC ID 05464 | System hardening through configuration management | Preventive | |
| Configure the "/bin/ksh" file permissions to organizational standards. CC ID 05465 | System hardening through configuration management | Preventive | |
| Configure the "/bin/sh" file permissions to organizational standards. CC ID 05466 | System hardening through configuration management | Preventive | |
| Configure the "/bin/bash" file permissions to organizational standards. CC ID 05467 | System hardening through configuration management | Preventive | |
| Configure the "/sbin/csh" file permissions to organizational standards. CC ID 05468 | System hardening through configuration management | Preventive | |
| Configure the "/sbin/jsh" file permissions to organizational standards. CC ID 05469 | System hardening through configuration management | Preventive | |
| Configure the "/sbin/ksh" file permissions to organizational standards. CC ID 05470 | System hardening through configuration management | Preventive | |
| Configure the "/sbin/sh" file permissions to organizational standards. CC ID 05471 | System hardening through configuration management | Preventive | |
| Configure the "/sbin/bash" file permissions to organizational standards. CC ID 05472 | System hardening through configuration management | Preventive | |
| Configure the "/usr/bin/csh" file permissions to organizational standards. CC ID 05473 | System hardening through configuration management | Preventive | |
| Configure the "/usr/bin/jsh" file permissions to organizational standards. CC ID 05474 | System hardening through configuration management | Preventive | |
| Configure the "/usr/bin/ksh" file permissions to organizational standards. CC ID 05475 | System hardening through configuration management | Preventive | |
| Configure the "/usr/bin/sh" file permissions to organizational standards. CC ID 05476 | System hardening through configuration management | Preventive | |
| Configure the "/usr/bin/bash" file permissions to organizational standards. CC ID 05477 | System hardening through configuration management | Preventive | |
| Configure the "snmpd.conf" file permissions to organizational standards. CC ID 05478 | System hardening through configuration management | Preventive | |
| Configure the "/tmp" file permissions to organizational standards. CC ID 05479 | System hardening through configuration management | Preventive | |
| Configure the "/usr/tmp" file permissions to organizational standards. CC ID 05480 | System hardening through configuration management | Preventive | |
| Configure the ".Xauthority" file permissions to organizational standards. CC ID 05481 | System hardening through configuration management | Preventive | |
| Configure the "/etc/aliases" file permissions to organizational standards. CC ID 05482 | System hardening through configuration management | Preventive | |
| Configure the "/etc/csh" file permissions to organizational standards. CC ID 05483 | System hardening through configuration management | Preventive | |
| Configure the "/etc/default/docker" file permissions to organizational standards. CC ID 14487 | System hardening through configuration management | Preventive | |
| Configure the "/etc/default/docker" file ownership to organizational standards. CC ID 14484 | System hardening through configuration management | Preventive | |
| Configure the "/etc/default/*" file permissions to organizational standards. CC ID 05484 | System hardening through configuration management | Preventive | |
| Configure the "/etc/docker" directory permissions to organizational standards. CC ID 14470 | System hardening through configuration management | Preventive | |
| Configure the "/etc/docker" directory ownership to organizational standards. CC ID 14469 | System hardening through configuration management | Preventive | |
| Set the file permissions for /etc/default/login properly. CC ID 05485 | System hardening through configuration management | Preventive | |
| Configure the "/etc/gshadow" file permissions to organizational standards. CC ID 05486 | System hardening through configuration management | Preventive | |
| Configure the "/etc/host.lpd" file permissions to organizational standards. CC ID 05487 | System hardening through configuration management | Preventive | |
| Configure the "/etc/hostname*" file permissions to organizational standards. CC ID 05488 | System hardening through configuration management | Preventive | |
| Configure the "/etc/hosts" file permissions to organizational standards. CC ID 05489 | System hardening through configuration management | Preventive | |
| Set the /etc/inetd.conf file file permissions properly. CC ID 05490 | System hardening through configuration management | Preventive | |
| Configure the "/etc/issue" file permissions to organizational standards. CC ID 05491 | System hardening through configuration management | Preventive | |
| Configure the "/etc/jsh" file permissions to organizational standards. CC ID 05492 | System hardening through configuration management | Preventive | |
| Configure the "/etc/kubernetes/pki/*.crt" file permissions to organizational standards. CC ID 14562 | System hardening through configuration management | Preventive | |
| Configure the "/etc/kubernetes/pki/*.key" file permissions to organizational standards. CC ID 14557 | System hardening through configuration management | Preventive | |
| Configure the "/etc/kubernetes/pki" file ownership to organizational standards. CC ID 14555 | System hardening through configuration management | Preventive | |
| Configure the "/etc/ksh" file permissions to organizational standards. CC ID 05493 | System hardening through configuration management | Preventive | |
| Configure the "/etc/mail/aliases" file permissions to organizational standards. CC ID 05494 | System hardening through configuration management | Preventive | |
| Configure the "/etc/motd" file permissions to organizational standards. CC ID 05495 | System hardening through configuration management | Preventive | |
| Configure the "/etc/netconfig" file permissions to organizational standards. CC ID 05496 | System hardening through configuration management | Preventive | |
| Configure the "/etc/notrouter" file permissions to organizational standards. CC ID 05497 | System hardening through configuration management | Preventive | |
| Configure the "/etc/passwd" file permissions to organizational standards. CC ID 05498 | System hardening through configuration management | Preventive | |
| Configure the "/etc/security" file permissions to organizational standards. CC ID 05499 | System hardening through configuration management | Preventive | |
| Configure the "/etc/services" file permissions to organizational standards. CC ID 05500 | System hardening through configuration management | Preventive | |
| Configure the "/etc/sysconfig/docker" file ownership to organizational standards. CC ID 14491 | System hardening through configuration management | Preventive | |
| Configure the "/etc/sh" file permissions to organizational standards. CC ID 05501 | System hardening through configuration management | Preventive | |
| Configure the "/etc/sysconfig/docker" file permissions to organizational standards. CC ID 14486 | System hardening through configuration management | Preventive | |
| Configure the "/etc/shadow" file permissions to organizational standards. CC ID 05502 | System hardening through configuration management | Preventive | |
| Configure the "docker.socket" file ownership to organizational standards. CC ID 14472 | System hardening through configuration management | Preventive | |
| Configure the "/etc/syslog.conf" file permissions to organizational standards. CC ID 05503 | System hardening through configuration management | Preventive | |
| Configure the "/etc/fstab" file permissions to organizational standards. CC ID 05504 | System hardening through configuration management | Preventive | |
| Configure the "docker.socket" file permissions to organizational standards. CC ID 14468 | System hardening through configuration management | Preventive | |
| Configure the "/var/adm/messages" file permissions to organizational standards. CC ID 05505 | System hardening through configuration management | Preventive | |
| Configure the "/var/adm/sulog" file permissions to organizational standards. CC ID 05506 | System hardening through configuration management | Preventive | |
| Configure the "/var/adm/utmp" file permissions to organizational standards. CC ID 05507 | System hardening through configuration management | Preventive | |
| Configure the "/var/adm/wtmp" file permissions to organizational standards. CC ID 05508 | System hardening through configuration management | Preventive | |
| Configure the "/var/adm/authlog" file permissions to organizational standards. CC ID 05509 | System hardening through configuration management | Preventive | |
| Configure the "/var/adm/syslog" file permissions to organizational standards. CC ID 05510 | System hardening through configuration management | Preventive | |
| Configure the "/var/mail" file permissions to organizational standards. CC ID 05511 | System hardening through configuration management | Preventive | |
| Configure the "/var/tmp" file permissions to organizational standards. CC ID 05512 | System hardening through configuration management | Preventive | |
| Configure the "/usr/lib/pt_chmod" file permissions to organizational standards. CC ID 05513 | System hardening through configuration management | Preventive | |
| Configure the "/usr/lib/embedded_us" file permissions to organizational standards. CC ID 05514 | System hardening through configuration management | Preventive | |
| Configure the "/usr/kerberos/bin/rsh" file permissions to organizational standards. CC ID 05515 | System hardening through configuration management | Preventive | |
| Configure the "/var/spool/mail" file permissions to organizational standards. CC ID 05516 | System hardening through configuration management | Preventive | |
| Configure the "smbpasswd" file permissions to organizational standards. CC ID 05517 | System hardening through configuration management | Preventive | |
| Configure the "/usr/lib/sendmail" file permissions to organizational standards. CC ID 05518 | System hardening through configuration management | Preventive | |
| Set the /etc/security/audit/config file file permissions properly. CC ID 05519 | System hardening through configuration management | Preventive | |
| Set the /etc/security/audit/events file file permissions properly. CC ID 05520 | System hardening through configuration management | Preventive | |
| Set the /etc/security/audit/objects file file permissions properly. CC ID 05521 | System hardening through configuration management | Preventive | |
| Set the /usr/lib/trcload file file permissions properly. CC ID 05522 | System hardening through configuration management | Preventive | |
| Set the /usr/lib/semutil file file permissions properly. CC ID 05523 | System hardening through configuration management | Preventive | |
| Set the /etc/rc.config.d/auditing file file permissions properly. CC ID 05524 | System hardening through configuration management | Preventive | |
| Configure the "/etc/init.d" file permissions to organizational standards. CC ID 05525 | System hardening through configuration management | Preventive | |
| Set the /etc/hosts.lpd file file permissions properly. CC ID 05526 | System hardening through configuration management | Preventive | |
| Configure the "/etc/pam.conf" file permissions to organizational standards. CC ID 05527 | System hardening through configuration management | Preventive | |
| Configure the "/boot/grub/grub.conf" file permissions to organizational standards. CC ID 05528 | System hardening through configuration management | Preventive | |
| Configure the "/etc/grub.conf" file permissions to organizational standards. CC ID 05529 | System hardening through configuration management | Preventive | |
| Configure the "/etc/lilo.conf" file permissions to organizational standards. CC ID 05530 | System hardening through configuration management | Preventive | |
| Set the file permissions for /etc/login.access properly. CC ID 05531 | System hardening through configuration management | Preventive | |
| Configure the "docker.service" file permissions to organizational standards. CC ID 14479 | System hardening through configuration management | Preventive | |
| Configure the "/etc/security/access.conf" file permissions to organizational standards. CC ID 05532 | System hardening through configuration management | Preventive | |
| Configure the "/etc/sysctl.conf" file permissions to organizational standards. CC ID 05533 | System hardening through configuration management | Preventive | |
| Configure the "/etc/securetty" file permissions to organizational standards. CC ID 05534 | System hardening through configuration management | Preventive | |
| Configure the "/etc/audit/auditd.conf" file permissions to organizational standards. CC ID 05535 | System hardening through configuration management | Preventive | |
| Configure the "audit.rules" file permissions to organizational standards. CC ID 05536 | System hardening through configuration management | Preventive | |
| Set the /usr/sbin/userhelper file file permissions properly. CC ID 05537 | System hardening through configuration management | Preventive | |
| Set the file permissions for all syslog log files properly. CC ID 05538 | System hardening through configuration management | Preventive | |
| Set the /etc/anacrontab file file permissions properly. CC ID 05543 | System hardening through configuration management | Preventive | |
| Set the /etc/pki/tls/CA/cacert.pem file file permissions properly. CC ID 05544 | System hardening through configuration management | Preventive | |
| Set the /etc/pki/tls/ldap/serverkey.pem file file permissions properly. CC ID 05545 | System hardening through configuration management | Preventive | |
| Set the /etc/pki/tls/ldap/servercert.pem file file permissions properly. CC ID 05546 | System hardening through configuration management | Preventive | |
| Set the /etc/pki/tls/ldap file file permissions properly. CC ID 05547 | System hardening through configuration management | Preventive | |
| Set the /etc/httpd/conf file file permissions properly. CC ID 05548 | System hardening through configuration management | Preventive | |
| Set the /etc/httpd/conf/* file file permissions properly. CC ID 05549 | System hardening through configuration management | Preventive | |
| Set the /usr/sbin/httpd file file permissions properly. CC ID 05550 | System hardening through configuration management | Preventive | |
| Set the /var/log/httpd file file permissions properly. CC ID 05551 | System hardening through configuration management | Preventive | |
| Set the daemon debug log file file permissions properly. CC ID 05552 | System hardening through configuration management | Preventive | |
| Set the Cron log file file permissions properly. CC ID 05553 | System hardening through configuration management | Preventive | |
| Set the file permissions for system accounting properly. CC ID 05554 | System hardening through configuration management | Preventive | |
| Set the /etc/dfs file file permissions properly. CC ID 05555 | System hardening through configuration management | Preventive | |
| Set the /etc/fs file permissions properly. CC ID 05556 | System hardening through configuration management | Preventive | |
| Set the /etc/ufs file file permissions properly. CC ID 05557 | System hardening through configuration management | Preventive | |
| Set the /etc/vfstab file file permissions properly. CC ID 05558 | System hardening through configuration management | Preventive | |
| Set the vold.conf file permissions properly. CC ID 05559 | System hardening through configuration management | Preventive | |
| Configure the "Docker socket" file ownership to organizational standards. CC ID 14493 | System hardening through configuration management | Preventive | |
| Configure the "daemon.json" file permissions to organizational standards. CC ID 14492 | System hardening through configuration management | Preventive | |
| Set the ASET userlist file permissions properly. CC ID 05560 | System hardening through configuration management | Preventive | |
| Set the /etc/rmmount.conf file file permissions properly. CC ID 05561 | System hardening through configuration management | Preventive | |
| Configure the "Docker server certificate" file ownership to organizational standards. CC ID 14471 | System hardening through configuration management | Preventive | |
| Configure the "Docker server certificate key" file permissions to organizational standards. CC ID 14485 | System hardening through configuration management | Preventive | |
| Set the /etc/security/audit_control file file permissions properly. CC ID 05563 | System hardening through configuration management | Preventive | |
| Configure the "daemon.json" file ownership to organizational standards. CC ID 14482 | System hardening through configuration management | Preventive | |
| Configure the "Docker socket" file permissions to organizational standards. CC ID 14480 | System hardening through configuration management | Preventive | |
| Set the /etc/security/audit_class file file permissions properly. CC ID 05564 | System hardening through configuration management | Preventive | |
| Configure the "Docker server certificate key" file ownership to organizational standards. CC ID 14478 | System hardening through configuration management | Preventive | |
| Configure the "admin.conf" file ownership to organizational standards. CC ID 14556 | System hardening through configuration management | Preventive | |
| Set the /etc/security/audit_event file file permissions properly. CC ID 05565 | System hardening through configuration management | Preventive | |
| Configure the "admin.conf" file permissions to organizational standards. CC ID 14554 | System hardening through configuration management | Preventive | |
| Configure the "Certificate Authority" file ownership to organizational standards. CC ID 14630 | System hardening through configuration management | Preventive | |
| Configure the "Docker server certificate" file permissions to organizational standards. CC ID 14476 | System hardening through configuration management | Preventive | |
| Configure the "etcd" data directory ownership to organizational standards. CC ID 14620 | System hardening through configuration management | Preventive | |
| Configure the "etcd" data directory permissions to organizational standards. CC ID 14618 | System hardening through configuration management | Preventive | |
| Configure the "etcd.yaml" file ownership to organizational standards. CC ID 14615 | System hardening through configuration management | Preventive | |
| Configure the "etcd.yaml" file permissions to organizational standards. CC ID 14609 | System hardening through configuration management | Preventive | |
| Configure the file permissions for at.allow, as appropriate. CC ID 05995 | System hardening through configuration management | Preventive | |
| Configure the file permissions for at.deny, as appropriate. CC ID 05996 | System hardening through configuration management | Preventive | |
| Configure the file permissions for cron.allow, as appropriate. CC ID 05999 | System hardening through configuration management | Preventive | |
| Configure the file permissions for cron.deny, as appropriate. CC ID 06000 | System hardening through configuration management | Preventive | |
| Configure the "Certificate Authority" file permissions to organizational standards. CC ID 14623 | System hardening through configuration management | Preventive | |
| Configure the file permissions for /usr/bin/at file, as appropriate. CC ID 06001 | System hardening through configuration management | Preventive | |
| Configure the "kubelet --config" file ownership to organizational standards. CC ID 14632 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the /etc/cron.daily file, as appropriate. CC ID 06008 | System hardening through configuration management | Preventive | |
| Configure the "kubelet.conf" file ownership to organizational standards. CC ID 14628 | System hardening through configuration management | Preventive | |
| Configure the "kubelet --config" file permissions to organizational standards. CC ID 14625 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the /etc/cron.weekly file, as appropriate. CC ID 06009 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the /etc/cron.hourly file, as appropriate. CC ID 06010 | System hardening through configuration management | Preventive | |
| Configure the "kubelet service" file permissions to organizational standards. CC ID 14660 | System hardening through configuration management | Preventive | |
| Configure the "kubelet.conf" file permissions to organizational standards. CC ID 14619 | System hardening through configuration management | Preventive | |
| Configure the "controller-manager.conf" file ownership to organizational standards. CC ID 14560 | System hardening through configuration management | Preventive | |
| Configure the "kubeconfig" file ownership to organizational standards. CC ID 14617 | System hardening through configuration management | Preventive | |
| Configure the "kubeconfig" file permissions to organizational standards. CC ID 14616 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the /etc/cron.monthly file, as appropriate. CC ID 06013 | System hardening through configuration management | Preventive | |
| Configure the "kubelet service" file ownership to organizational standards. CC ID 14612 | System hardening through configuration management | Preventive | |
| Configure the "kube-scheduler.yaml" file ownership to organizational standards. CC ID 14611 | System hardening through configuration management | Preventive | |
| Configure the file permissions for all user home directories, as appropriate. CC ID 06019 | System hardening through configuration management | Preventive | |
| Configure the "kube-scheduler.yaml" file permissions to organizational standards. CC ID 14603 | System hardening through configuration management | Preventive | |
| Configure the "kube-controller-manager.yaml" file ownership to organizational standards. CC ID 14600 | System hardening through configuration management | Preventive | |
| Configure the "kube-controller-manager.yaml" file permissions to organizational standards. CC ID 14598 | System hardening through configuration management | Preventive | |
| Configure the "kube-apiserver.yaml" file ownership to organizational standards. CC ID 14597 | System hardening through configuration management | Preventive | |
| Configure the "scheduler.conf" file ownership to organizational standards. CC ID 14558 | System hardening through configuration management | Preventive | |
| Configure the .netrc file permissions, as necessary. CC ID 06022 | System hardening through configuration management | Preventive | |
| Configure the "controller-manager.conf" file permissions to organizational standards. CC ID 14553 | System hardening through configuration management | Preventive | |
| Configure the "Container Network Interface" file ownership to organizational standards. CC ID 14552 | System hardening through configuration management | Preventive | |
| Configure the "Container Network Interface" file permissions to organizational standards. CC ID 14550 | System hardening through configuration management | Preventive | |
| Configure the "crontab" directory permissions to organizational standards. CC ID 08967 | System hardening through configuration management | Preventive | |
| Configure the "scheduler.conf" file permissions to organizational standards. CC ID 14551 | System hardening through configuration management | Preventive | |
| Configure the "crontab" file permissions to organizational standards. CC ID 08968 | System hardening through configuration management | Preventive | |
| Configure the "kube-apiserver.yaml" file permissions to organizational standards. CC ID 14549 | System hardening through configuration management | Preventive | |
| Configure the "traceroute executable" file permissions to organizational standards. CC ID 08979 | System hardening through configuration management | Preventive | |
| Configure the "httpd.conf" file permissions to organizational standards. CC ID 09041 | System hardening through configuration management | Preventive | |
| Configure the "/etc/httpd/conf/passwd" file permissions to organizational standards. CC ID 09042 | System hardening through configuration management | Preventive | |
| Configure the "/usr/sbin/apachectl" file permissions to organizational standards. CC ID 09043 | System hardening through configuration management | Preventive | |
| Configure the "/var/www/html" file permissions to organizational standards. CC ID 09044 | System hardening through configuration management | Preventive | |
| Configure the "apache configuration" directory permissions to organizational standards. CC ID 09045 | System hardening through configuration management | Preventive | |
| Configure the "htpasswd" file permissions to organizational standards. CC ID 09057 | System hardening through configuration management | Preventive | |
| Configure all "files specified by CustomLogs" file permissions to organizational standards. CC ID 09073 | System hardening through configuration management | Preventive | |
| Configure the "apache /bin" directory permissions to organizational standards. CC ID 09093 | System hardening through configuration management | Preventive | |
| Configure the "apache /logs" directory permissions to organizational standards. CC ID 09096 | System hardening through configuration management | Preventive | |
| Configure the "registry certificate" file permissions to organizational standards. CC ID 14483 | System hardening through configuration management | Preventive | |
| Configure the "apache /htdocs" directory permissions to organizational standards. CC ID 09099 | System hardening through configuration management | Preventive | |
| Configure the "registry certificate" file ownership to organizational standards. CC ID 14481 | System hardening through configuration management | Preventive | |
| Configure the "apache /cgi-bin" directory permissions to organizational standards. CC ID 09102 | System hardening through configuration management | Preventive | |
| Configure the "cgi-bin" directory permissions to organizational standards. CC ID 09103 | System hardening through configuration management | Preventive | |
| Configure the "apache process ID" file permissions to organizational standards. CC ID 09124 | System hardening through configuration management | Preventive | |
| Configure the "apache scoreboard" file permissions to organizational standards. CC ID 09127 | System hardening through configuration management | Preventive | |
| Configure the "htpasswd.exe" file permissions to organizational standards. CC ID 09143 | System hardening through configuration management | Preventive | |
| Configure the "setgid" permissions to organizational standards. CC ID 14513 | System hardening through configuration management | Preventive | |
| Configure the "TLS CA certificate" file permissions to organizational standards. CC ID 14475 | System hardening through configuration management | Preventive | |
| Configure the "TLS CA certificate" file ownership to organizational standards. CC ID 14473 | System hardening through configuration management | Preventive | |
| Configure the "apache /config" directory permissions to organizational standards. CC ID 09144 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32wscript.exe" file permissions to organizational standards. CC ID 09145 | System hardening through configuration management | Preventive | |
| Configure the "%SystemRoot%System32cscript.exe" file permissions to organizational standards. CC ID 09146 | System hardening through configuration management | Preventive | |
| Configure the "apache's process ID" file permissions to organizational standards. CC ID 09148 | System hardening through configuration management | Preventive | |
| Configure the "/etc/httpd/conf.d" file permissions to organizational standards. CC ID 09149 | System hardening through configuration management | Preventive | |
| Configure the "setuid" permissions to organizational standards. CC ID 14509 | System hardening through configuration management | Preventive | |
| Configure the "Web Root 'Images'" directory permissions to organizational standards. CC ID 09191 | System hardening through configuration management | Preventive | |
| Configure the "Web Root 'scripts'" directory permissions to organizational standards. CC ID 09192 | System hardening through configuration management | Preventive | |
| Configure the "Web Root 'executables'" directory permissions to organizational standards. CC ID 09193 | System hardening through configuration management | Preventive | |
| Configure the "Web Root 'docs'" directory permissions to organizational standards. CC ID 09194 | System hardening through configuration management | Preventive | |
| Configure the "Web Root 'home'" directory permissions to organizational standards. CC ID 09195 | System hardening through configuration management | Preventive | |
| Configure the "Web Root 'include'" directory permissions to organizational standards. CC ID 09196 | System hardening through configuration management | Preventive | |
| Configure the "default Logfiles" directory permissions to organizational standards. CC ID 09197 | System hardening through configuration management | Preventive | |
| Configure the "Inetpub" directory permissions to organizational standards. CC ID 09221 | System hardening through configuration management | Preventive | |
| Configure the "inetsrv" directory permissions to organizational standards. CC ID 09222 | System hardening through configuration management | Preventive | |
| Configure the "inetsrvasp.dll" file permissions to organizational standards. CC ID 09223 | System hardening through configuration management | Preventive | |
| Configure the "Web Root" directory permissions . to organizational standards CC ID 09224 | System hardening through configuration management | Preventive | |
| Configure the "files located in the folder specified by the Logger component (server.xml)" file permissions to organizational standards. CC ID 09733 | System hardening through configuration management | Preventive | |
| Configure the "webapps" directory permissions to organizational standards. CC ID 09734 | System hardening through configuration management | Preventive | |
| Configure the "tomcat installation" directory permissions to organizational standards. CC ID 09735 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /bin" directory permissions to organizational standards. CC ID 09736 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /common" directory permissions to organizational standards. CC ID 09737 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /conf" directory permissions to organizational standards. CC ID 09738 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /logs" directory permissions to organizational standards. CC ID 09739 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /server" directory permissions to organizational standards. CC ID 09740 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /shared" directory permissions to organizational standards. CC ID 09741 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /webapps" directory permissions to organizational standards. CC ID 09742 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /work" directory permissions to organizational standards. CC ID 09743 | System hardening through configuration management | Preventive | |
| Configure the "tomcat /temp" directory permissions to organizational standards. CC ID 09744 | System hardening through configuration management | Preventive | |
| Configure the "tomcat-users.xml" file permissions to organizational standards. CC ID 09778 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat home" directory permissions to organizational standards. CC ID 09799 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat home/conf/" directory permissions to organizational standards. CC ID 09802 | System hardening through configuration management | Preventive | |
| Configure the "SerializedSystemIni.dat" file permissions to organizational standards. CC ID 09860 | System hardening through configuration management | Preventive | |
| Configure the "Keystore" file permissions to organizational standards. CC ID 09900 | System hardening through configuration management | Preventive | |
| Configure the "Weblogic Server Product Installation" directory permissions to organizational standards. CC ID 09902 | System hardening through configuration management | Preventive | |
| Configure the "Domain Home" directory permissions to organizational standards. CC ID 09903 | System hardening through configuration management | Preventive | |
| Configure the "Middleware Home" directory permissions to organizational standards. CC ID 09907 | System hardening through configuration management | Preventive | |
| Restrict at/cron to authorized users. CC ID 01572 | System hardening through configuration management | Preventive | |
| Configure the system to need authentication for single user mode. CC ID 01577 | System hardening through configuration management | Preventive | |
| Configure the system to block certain system accounts. CC ID 01578 | System hardening through configuration management | Preventive | |
| Verify that there are no accounts with empty password fields. CC ID 01579 | System hardening through configuration management | Preventive | |
| Use standards-based encryption for encryption, hashing, and signing. CC ID 01583 | System hardening through configuration management | Preventive | |
| Configure symbolic permissions for the passwd file, shadow file, and group files to organizational standards. CC ID 01584 | System hardening through configuration management | Detective | |
| Configure the "dCOM: Machine access restrictions in Security Descriptor Definition Language (sddl)" setting. CC ID 01726 | System hardening through configuration management | Preventive | |
| Configure the "dCOM: Machine launch restrictions in Security Descriptor Definition Language (sddl)" setting to organizational standards. CC ID 01727 | System hardening through configuration management | Preventive | |
| Configure the root $PATH to not have any "." directories, group directories or world writable directories. CC ID 01587 | System hardening through configuration management | Preventive | |
| Configure user home directories to be mode 750 or more restrictive. CC ID 01588 | System hardening through configuration management | Preventive | |
| Configure user dot-files to not be group or world-writable. CC ID 01589 | System hardening through configuration management | Preventive | |
| Remove .netrc files. CC ID 01590 | System hardening through configuration management | Preventive | |
| Configure default UMASK for users. CC ID 01591 | System hardening through configuration management | Preventive | |
| Configure the default UMASK for FTP users. CC ID 01592 | System hardening through configuration management | Preventive | |
| Configure the "mesg n" as default for all users. CC ID 01593 | System hardening through configuration management | Preventive | |
| Configure the system to restrict access to the root user from the su command. CC ID 01595 | System hardening through configuration management | Preventive | |
| Configure Restricted groups. CC ID 01928 | System hardening through configuration management | Preventive | |
| Configure the run control scripts permissions. CC ID 02160 | System hardening through configuration management | Preventive | |
| Configure root to be the Traceroute command owner. CC ID 02165 | System hardening through configuration management | Preventive | |
| Coordinate the User ID access restrictions with the site-unique configuration file, the UOSS control file, and the Tape File Configuration Transfer file. CC ID 02192 | System hardening through configuration management | Preventive | |
| Refrain from displaying user information when the system is locked. CC ID 04302 | System hardening through configuration management | Preventive | |
| Configure systems to prevent dial-up passwords from being saved. CC ID 04303 | System hardening through configuration management | Preventive | |
| Configure the "Always prompt client for password upon connection" setting. CC ID 04317 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow passwords to be saved" setting. CC ID 04320 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting. CC ID 04388 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" setting. CC ID 04389 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Behavior of the elevation prompt for standard users" setting. CC ID 04390 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Detect application installations and prompt for elevation" setting. CC ID 04391 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Only elevate executables that are signed and validated" setting. CC ID 04392 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting. CC ID 04393 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Run all administrators in Admin Approval Mode" setting. CC ID 04394 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" setting. CC ID 04395 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" setting. CC ID 04396 | System hardening through configuration management | Preventive | |
| Configure the "Enumerate administrator accounts on elevation" setting. CC ID 04403 | System hardening through configuration management | Preventive | |
| Configure the "Required trusted path for credential entry" setting. CC ID 04404 | System hardening through configuration management | Preventive | |
| Require proper authentication prior to accessing NetWare's eGuide. CC ID 04450 | System hardening through configuration management | Preventive | |
| Disable the SAdmin account and SDebug account in NetWare. CC ID 04458 | System hardening through configuration management | Preventive | |
| Configure the system to prevent helper applications from changing client rights. CC ID 04464 | System hardening through configuration management | Preventive | |
| Delete authenticator hint field contents or authenticator hint field files. CC ID 04477 | System hardening through configuration management | Preventive | |
| Configure the "Limit number of simultaneous connections" setting to organizational standards. CC ID 04511 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow local administrators to customize permissions" setting to organizational standards. CC ID 04512 | System hardening through configuration management | Preventive | |
| Configure the default Distributed Component Object Model authorization level to 'connect' or higher. CC ID 04528 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Shares that can be accessed anonymously" setting. CC ID 04533 | System hardening through configuration management | Preventive | |
| Configure domain-connected workstations to not have any local user accounts. CC ID 04535 | System hardening through configuration management | Preventive | |
| Configure printers to only accept print jobs from known print spoolers. CC ID 04812 | System hardening through configuration management | Preventive | |
| Configure print spoolers to accept jobs from authorized users only. CC ID 04813 | System hardening through configuration management | Preventive | |
| Prevent Multi-Function Devices from connecting to networks routing restricted data, unless authorized. CC ID 04815 | System hardening through configuration management | Preventive | |
| Restrict access to remote file shares. CC ID 04817 | System hardening through configuration management | Preventive | |
| Configure Multi-Function Devices to prevent non-printer administrators from altering the global configuration file. CC ID 04818 | System hardening through configuration management | Preventive | |
| Configure the user's .forward file to mode 600. CC ID 04848 | System hardening through configuration management | Preventive | |
| Configure the GID of accounts other than root and locked system accounts properly. CC ID 05448 | System hardening through configuration management | Preventive | |
| Set the smbpasswd executable permissions properly. CC ID 05459 | System hardening through configuration management | Preventive | |
| Grant or reject sudo privileges to the wheel group, as appropriate. CC ID 05539 | System hardening through configuration management | Preventive | |
| Set the /var/log/pamlog log permissions properly. CC ID 05562 | System hardening through configuration management | Preventive | |
| Restrict the audit log permissions. CC ID 05566 | System hardening through configuration management | Preventive | |
| Use the pkgchk utility to force default settings and to verify the ownership, group ownership, and access permissions for installed packages. CC ID 05567 | System hardening through configuration management | Preventive | |
| Configure role-based access control (RBAC) caching elements to organizational standards. CC ID 05568 | System hardening through configuration management | Preventive | |
| Configure the read-only option for all NFS exports. CC ID 05572 | System hardening through configuration management | Preventive | |
| Configure access controls through /etc/login.access and access.conf for non-superusers. CC ID 05573 | System hardening through configuration management | Preventive | |
| Enable or disable root login via Secure Shell, as appropriate. CC ID 05574 | System hardening through configuration management | Preventive | |
| Verify the ftpusers file restricts access to certain accounts. CC ID 05575 | System hardening through configuration management | Preventive | |
| Enable or disable SSH host-based authentication, as appropriate. CC ID 05576 | System hardening through configuration management | Preventive | |
| Configure the environmental variable path properly. CC ID 05577 | System hardening through configuration management | Preventive | |
| Configure local initialization files and global initialization files to allow or deny write access to the terminal, as appropriate. CC ID 05578 | System hardening through configuration management | Preventive | |
| Verify user .shosts files exist or not, as appropriate. CC ID 05579 | System hardening through configuration management | Preventive | |
| Set the default umask for the bash shell properly for all users. CC ID 05580 | System hardening through configuration management | Preventive | |
| Set the default umask for the csh shell properly for all users. CC ID 05581 | System hardening through configuration management | Preventive | |
| Configure the system umask properly. CC ID 05582 | System hardening through configuration management | Preventive | |
| Verify console device ownership is restricted to root-only, as appropriate. CC ID 05583 | System hardening through configuration management | Preventive | |
| Configure the "Access credential Manager as a trusted caller" User Right properly. CC ID 05584 | System hardening through configuration management | Preventive | |
| Restrict the right of modifying an Object label. CC ID 05585 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Allow UIAccess applications to prompt for elevation" setting. CC ID 05586 | System hardening through configuration management | Preventive | |
| Configure the "Do Not Allow New Client Connections" policy for Terminal Services properly. CC ID 05587 | System hardening through configuration management | Preventive | |
| Configure the "Remote Control Settings" policy for Terminal Services properly. CC ID 05588 | System hardening through configuration management | Preventive | |
| Configure the Cron directory permissions to organizational standards. CC ID 05997 | System hardening through configuration management | Preventive | |
| Configure the cron.allow file with the user group permitted to use the cron facility, as appropriate. CC ID 06002 | System hardening through configuration management | Preventive | |
| Configure the cron.deny file with the user set permitted to use the cron facility, as appropriate. CC ID 06003 | System hardening through configuration management | Preventive | |
| Configure the Cron directories to be owned by an appropriate user and group. CC ID 06004 | System hardening through configuration management | Preventive | |
| Configure the at.deny file with the user set permitted to use the at facility, as appropriate. CC ID 06006 | System hardening through configuration management | Preventive | |
| Configure the /etc/cron.monthly file to be owned by an appropriate user or group. CC ID 06007 | System hardening through configuration management | Preventive | |
| Configure /etc/cron.hourly to be owned by an appropriate user or group. CC ID 06011 | System hardening through configuration management | Preventive | |
| Configure /etc/cron.daily to be owned by an appropriate user or group. CC ID 06012 | System hardening through configuration management | Preventive | |
| Configure the home directory for the root user, as appropriate. CC ID 06017 | System hardening through configuration management | Preventive | |
| Configure the home directory for each user account, as appropriate. CC ID 06018 | System hardening through configuration management | Preventive | |
| Configure the home directory permissions for the Superuser account, as appropriate. CC ID 06020 | System hardening through configuration management | Preventive | |
| Configure each user home directory to be owned by an appropriate user or group. CC ID 06021 | System hardening through configuration management | Preventive | |
| Configure the world-write permissions for all files, as appropriate. CC ID 06026 | System hardening through configuration management | Preventive | |
| Configure and assign the correct service permissions for the SNMP Service. CC ID 06041 | System hardening through configuration management | Preventive | |
| Configure the service permissions for NetMeeting, as appropriate. CC ID 06045 | System hardening through configuration management | Preventive | |
| Configure the "Allow log on through Remote Desktop Services" User Right properly. CC ID 06062 | System hardening through configuration management | Preventive | |
| Configure the "Deny log on through Remote Desktop Services" User Right properly. CC ID 06063 | System hardening through configuration management | Preventive | |
| Remove all members found in the Windows OS Power Users Group. CC ID 06573 | System hardening through configuration management | Preventive | |
| Configure the "sudo" to organizational standards. CC ID 15325 | System hardening through configuration management | Preventive | |
| Require users to use the 'sudo' command when accessing the root account. CC ID 06736 | System hardening through configuration management | Preventive | |
| Configure the "log all su (switch user) activity" setting to organizational standards. CC ID 08965 | System hardening through configuration management | Preventive | |
| Configure the "status" of the "apache" account to organizational standards. CC ID 09018 | System hardening through configuration management | Preventive | |
| Configure the "apache" account group membership to organizational standards. CC ID 09033 | System hardening through configuration management | Preventive | |
| Configure the "CustomLog" files permissions to organizational standards. CC ID 09051 | System hardening through configuration management | Preventive | |
| Configure the "ErrorLog" files permissions to organizational standards. CC ID 09052 | System hardening through configuration management | Preventive | |
| Configure the "default webpage" for "all readable apache web document directories" to organizational standards. CC ID 09071 | System hardening through configuration management | Preventive | |
| Configure the "ScriptAlias" directories permissions to organizational standards. CC ID 09078 | System hardening through configuration management | Preventive | |
| Configure the "ScriptAliasMatch" directories permissions to organizational standards. CC ID 09081 | System hardening through configuration management | Preventive | |
| Configure the "DocumentRoot" directories permissions to organizational standards. CC ID 09084 | System hardening through configuration management | Preventive | |
| Configure the "Alias" directories permissions to organizational standards. CC ID 09087 | System hardening through configuration management | Preventive | |
| Configure the "ServerRoot" directories permissions to organizational standards. CC ID 09090 | System hardening through configuration management | Preventive | |
| Configure the "Enable Logging" setting for the "master home directory" to organizational standards. CC ID 09156 | System hardening through configuration management | Preventive | |
| Configure the "Read" permission for the "master home directory" to organizational standards. CC ID 09157 | System hardening through configuration management | Preventive | |
| Configure the "Write" permission for the "master home directory" to organizational standards. CC ID 09158 | System hardening through configuration management | Preventive | |
| Configure the "Script Source Access" permission for the "master home directory" to organizational standards. CC ID 09159 | System hardening through configuration management | Preventive | |
| Configure the "Directory Browsing" permission for the "master home directory" to organizational standards. CC ID 09160 | System hardening through configuration management | Preventive | |
| Configure the "Log Visits" permission for the "master home directory" to organizational standards. CC ID 09161 | System hardening through configuration management | Preventive | |
| Configure the "Index this resource" permission for the "master home directory" to organizational standards. CC ID 09162 | System hardening through configuration management | Preventive | |
| Configure the "Execute Permissions" permission for the "master home directory" to organizational standards. CC ID 09163 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous Access" permission for the "master home directory" to organizational standards. CC ID 09164 | System hardening through configuration management | Preventive | |
| Configure the "Basic Authentication" setting for the "master home directory" to organizational standards. CC ID 09165 | System hardening through configuration management | Preventive | |
| Configure the "Integrated Windows Authentication" setting for the "master home directory" to organizational standards. CC ID 09166 | System hardening through configuration management | Preventive | |
| Configure the "Read" permission" for the "website home directory" to organizational standards. CC ID 09168 | System hardening through configuration management | Preventive | |
| Configure the "Write" privilege for the "website home directory" to organizational standards. CC ID 09169 | System hardening through configuration management | Preventive | |
| Configure the "Script Source Access" permission for the "website home directory" to organizational standards. CC ID 09170 | System hardening through configuration management | Preventive | |
| Configure the "Directory Browsing" permission for the "website home directory" to organizational standards. CC ID 09171 | System hardening through configuration management | Preventive | |
| Configure the "Log Visits" permission for the "website home directory" to organizational standards. CC ID 09172 | System hardening through configuration management | Preventive | |
| Configure the "Index this resource" permission for the "website home directory" to organizational standards. CC ID 09173 | System hardening through configuration management | Preventive | |
| Configure the "Execute Permissions" permission to organizational standards. CC ID 09174 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous Access" permission for the "website home directory" to organizational standards. CC ID 09175 | System hardening through configuration management | Preventive | |
| Configure the "file auditing" setting for the "\%SystemRoot%System32Inetsrv" directory to organizational standards. CC ID 09198 | System hardening through configuration management | Preventive | |
| Configure the "membership" of the "IUSR" account to organizational standards. CC ID 09213 | System hardening through configuration management | Preventive | |
| Configure the "IUSR" account to organizational standards. CC ID 09214 | System hardening through configuration management | Preventive | |
| Configure the "file auditing" setting for the "Inetpub" directory to organizational standards. CC ID 09225 | System hardening through configuration management | Preventive | |
| Configure the "file auditing" setting for the "Web Root" directory to organizational standards. CC ID 09226 | System hardening through configuration management | Preventive | |
| Configure the "file auditing" setting for the "Metaback" directory to organizational standards. CC ID 09227 | System hardening through configuration management | Preventive | |
| Configure the "IWAM" account to organizational standards. CC ID 09228 | System hardening through configuration management | Preventive | |
| Configure the "Application object owner" accounts to organizational standards. CC ID 09257 | System hardening through configuration management | Preventive | |
| Configure the "system tables" permissions to organizational standards. CC ID 09260 | System hardening through configuration management | Preventive | |
| Configure the "DDL" permissions to organizational standards. CC ID 09261 | System hardening through configuration management | Preventive | |
| Configure the "WITH GRANT OPTION" permissions to organizational standards. CC ID 09262 | System hardening through configuration management | Preventive | |
| Configure the "Object" permissions for the "PUBLIC or GUEST" account to organizational standards. CC ID 09263 | System hardening through configuration management | Preventive | |
| Configure the "restore database data or other DBMS configurations, features or objects" permissions to organizational standards. CC ID 09267 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server Database Service" account to organizational standards. CC ID 09273 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server Agent" account to organizational standards. CC ID 09274 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server registry keys and sub-keys" permissions to organizational standards. CC ID 09276 | System hardening through configuration management | Preventive | |
| Configure the "built-in sa" account to organizational standards. CC ID 09298 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "ErrorDumpDir" directory to organizational standards. CC ID 09299 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "DefaultLog " file to organizational standards. CC ID 09300 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "ErrorLog" File to organizational standards. CC ID 09301 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "SQLPath " directory to organizational standards. CC ID 09302 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the " BackupDirectory " directory to organizational standards. CC ID 09303 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "FullTextDefaultPath " directory to organizational standards. CC ID 09304 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "WorkingDirectory " directory to organizational standards. CC ID 09305 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "SQLBinRoot " directory to organizational standards. CC ID 09306 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "SQLDataRoot " directory to organizational standards. CC ID 09307 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "SQLProgramDir " directory to organizational standards. CC ID 09308 | System hardening through configuration management | Preventive | |
| Configure the "audit access" setting for the "DataDir " directory to organizational standards. CC ID 09309 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services" account to organizational standards. CC ID 09318 | System hardening through configuration management | Preventive | |
| Configure the "Integration Services" account to organizational standards. CC ID 09319 | System hardening through configuration management | Preventive | |
| Configure the "Reporting Services" account to organizational standards. CC ID 09320 | System hardening through configuration management | Preventive | |
| Configure the "Notification Services" account to organizational standards. CC ID 09321 | System hardening through configuration management | Preventive | |
| Configure the "Full Text Search" account to organizational standards. CC ID 09322 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server Browser" account to organizational standards. CC ID 09323 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server Active Directory Helper" account to organizational standards. CC ID 09324 | System hardening through configuration management | Preventive | |
| Configure the "SQL Writer" account to organizational standards. CC ID 09325 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server MSSearch" registry key permissions to organizational standards. CC ID 09327 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server Agent" registry key permissions to organizational standards. CC ID 09328 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server RS" registry key permissions to organizational standards. CC ID 09330 | System hardening through configuration management | Preventive | |
| Configure the "Reporting Services Windows Integrated Security" accounts to organizational standards. CC ID 09347 | System hardening through configuration management | Preventive | |
| Configure the "permissions" of the "SQL Server Agent proxy" accounts to organizational standards. CC ID 09352 | System hardening through configuration management | Preventive | |
| Configure the "default webpage" for "all readable Tomcat Apache web document" directories to organizational standards. CC ID 09729 | System hardening through configuration management | Preventive | |
| Configure the "account" setting for "Tomcat" to organizational standards. CC ID 09792 | System hardening through configuration management | Preventive | |
| Configure the "specified codebase" permissions to organizational standards. CC ID 09796 | System hardening through configuration management | Preventive | |
| Configure the "property read permission" for the "Tomcat web application JVM" to organizational standards. CC ID 09813 | System hardening through configuration management | Preventive | |
| Configure the "property write permission" for the "Tomcat web application JVM" to organizational standards. CC ID 09814 | System hardening through configuration management | Preventive | |
| Configure the "status of the "Tomcat" account to organizational standards. CC ID 09815 | System hardening through configuration management | Preventive | |
| Configure the "user account" for "Oracle WebLogic Server" to organizational standards. CC ID 09823 | System hardening through configuration management | Preventive | |
| Configure the "Keystores" permission in "directories" to organizational standards. CC ID 09901 | System hardening through configuration management | Preventive | |
| Implement a reference monitor to implement the Access Control policies. CC ID 10096 | System hardening through configuration management | Preventive | |
| Configure the "Add Printer wizard - Network scan page (Managed network)" setting to organizational standards. CC ID 10692 | System hardening through configuration management | Preventive | |
| Configure the "Add Printer wizard - Network scan page (Unmanaged network)" setting to organizational standards. CC ID 10693 | System hardening through configuration management | Preventive | |
| Configure the "All Removable Storage classes: Deny all access" setting to organizational standards. CC ID 10696 | System hardening through configuration management | Preventive | |
| Configure the "All Removable Storage: Allow direct access in remote sessions" setting to organizational standards. CC ID 10697 | System hardening through configuration management | Preventive | |
| Configure the "Allowrdp files from unknown publishers" setting to organizational standards. CC ID 10698 | System hardening through configuration management | Preventive | |
| Configure the "Allowrdp files from valid publishers and user's defaultrdp settings" setting to organizational standards. CC ID 10699 | System hardening through configuration management | Preventive | |
| Configure the "Allow admin to install from Remote Desktop Services session" setting to organizational standards. CC ID 10700 | System hardening through configuration management | Preventive | |
| Configure the "Allow administrators to override Device Installation Restriction policies" setting to organizational standards. CC ID 10701 | System hardening through configuration management | Preventive | |
| Configure the "Allow Applications to Prevent Automatic Sleep (On Battery)" setting to organizational standards. CC ID 10702 | System hardening through configuration management | Preventive | |
| Configure the "Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services" setting to organizational standards. CC ID 10704 | System hardening through configuration management | Preventive | |
| Configure the "Allow audio and video playback redirection" setting to organizational standards. CC ID 10705 | System hardening through configuration management | Preventive | |
| Configure the "Allow audio recording redirection" setting to organizational standards. CC ID 10706 | System hardening through configuration management | Preventive | |
| Configure the "Allow automatic configuration of listeners" setting to organizational standards. CC ID 10707 | System hardening through configuration management | Preventive | |
| Configure the "Allow Automatic Sleep with Open Network Files (On Battery)" setting to organizational standards. CC ID 10708 | System hardening through configuration management | Preventive | |
| Configure the "Allow Automatic Updates immediate installation" setting to organizational standards. CC ID 10710 | System hardening through configuration management | Preventive | |
| Configure the "Allow BITS Peercaching" setting to organizational standards. CC ID 10711 | System hardening through configuration management | Preventive | |
| Configure the "Allow certificates with no extended key usage certificate attribute" setting to organizational standards. CC ID 10712 | System hardening through configuration management | Preventive | |
| Configure the "Allow Corporate redirection of Customer Experience Improvement uploads" setting to organizational standards. CC ID 10713 | System hardening through configuration management | Preventive | |
| Configure the "Allow CredSSP authentication" setting for the "WinRM client" to organizational standards. CC ID 10714 | System hardening through configuration management | Preventive | |
| Configure the "Allow Cross-Forest User Policy and Roaming User Profiles" setting to organizational standards. CC ID 10716 | System hardening through configuration management | Preventive | |
| Configure the "Allow cryptography algorithms compatible with Windows NT 4.0" setting to organizational standards. CC ID 10717 | System hardening through configuration management | Preventive | |
| Configure the "Allow Delegating Default Credentials" setting to organizational standards. CC ID 10718 | System hardening through configuration management | Preventive | |
| Configure the "Allow Delegating Default Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10719 | System hardening through configuration management | Preventive | |
| Configure the "Allow Delegating Fresh Credentials" setting to organizational standards. CC ID 10720 | System hardening through configuration management | Preventive | |
| Configure the "Allow Delegating Fresh Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10721 | System hardening through configuration management | Preventive | |
| Configure the "Allow Delegating Saved Credentials" setting to organizational standards. CC ID 10722 | System hardening through configuration management | Preventive | |
| Configure the "Allow Delegating Saved Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10723 | System hardening through configuration management | Preventive | |
| Configure the "Allow desktop composition for remote desktop sessions" setting to organizational standards. CC ID 10724 | System hardening through configuration management | Preventive | |
| Configure the "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries" setting to organizational standards. CC ID 10725 | System hardening through configuration management | Preventive | |
| Configure the "Allow domain users to log on using biometrics" setting to organizational standards. CC ID 10726 | System hardening through configuration management | Preventive | |
| Configure the "Allow ECC certificates to be used for logon and authentication" setting to organizational standards. CC ID 10727 | System hardening through configuration management | Preventive | |
| Configure the "Allow Enhanced Storage certificate provisioning" setting to organizational standards. CC ID 10728 | System hardening through configuration management | Preventive | |
| Configure the "Allow installation of devices that match any of these device IDs" setting to organizational standards. CC ID 10729 | System hardening through configuration management | Preventive | |
| Configure the "Allow installation of devices using drivers that match these device setup classes" setting to organizational standards. CC ID 10730 | System hardening through configuration management | Preventive | |
| Configure the "Allow Integrated Unblock screen to be displayed at the time of logon" setting to organizational standards. CC ID 10731 | System hardening through configuration management | Preventive | |
| Configure the "Allow local activation security check exemptions" setting to organizational standards. CC ID 10732 | System hardening through configuration management | Preventive | |
| Configure the "Allow logon scripts when NetBIOS or WINS is disabled" setting to organizational standards. CC ID 10733 | System hardening through configuration management | Preventive | |
| Configure the "Allow non-administrators to install drivers for these device setup classes" setting to organizational standards. CC ID 10734 | System hardening through configuration management | Preventive | |
| Configure the "Allow non-administrators to receive update notifications" setting to organizational standards. CC ID 10735 | System hardening through configuration management | Preventive | |
| Configure the "Allow only system backup" setting to organizational standards. CC ID 10736 | System hardening through configuration management | Preventive | |
| Configure the "Allow only USB root hub connected Enhanced Storage devices" setting to organizational standards. CC ID 10737 | System hardening through configuration management | Preventive | |
| Configure the "Allow or Disallow use of the Offline Files feature" setting to organizational standards. CC ID 10738 | System hardening through configuration management | Preventive | |
| Configure the "Allow Print Spooler to accept client connections" setting to organizational standards. CC ID 10739 | System hardening through configuration management | Preventive | |
| Configure the "Allow printers to be published" setting to organizational standards. CC ID 10740 | System hardening through configuration management | Preventive | |
| Configure the "Allow pruning of published printers" setting to organizational standards. CC ID 10741 | System hardening through configuration management | Preventive | |
| Configure the "Allow remote start of unlisted programs" setting to organizational standards. CC ID 10743 | System hardening through configuration management | Preventive | |
| Configure the "Allow restore of system to default state" setting to organizational standards. CC ID 10744 | System hardening through configuration management | Preventive | |
| Configure the "Allow signature keys valid for Logon" setting to organizational standards. CC ID 10745 | System hardening through configuration management | Preventive | |
| Configure the "Allow signed updates from an intranet Microsoft update service location" setting to organizational standards. CC ID 10746 | System hardening through configuration management | Preventive | |
| Configure the "Allow the Network Access Protection client to support the 802.1x Enforcement Client component" setting to organizational standards. CC ID 10747 | System hardening through configuration management | Preventive | |
| Configure the "Allow time invalid certificates" setting to organizational standards. CC ID 10748 | System hardening through configuration management | Preventive | |
| Configure the "Allow time zone redirection" setting to organizational standards. CC ID 10749 | System hardening through configuration management | Preventive | |
| Configure the "Allow user name hint" setting to organizational standards. CC ID 10750 | System hardening through configuration management | Preventive | |
| Configure the "Allow users to log on using biometrics" setting to organizational standards. CC ID 10751 | System hardening through configuration management | Preventive | |
| Configure the "Always render print jobs on the server" setting to organizational standards. CC ID 10752 | System hardening through configuration management | Preventive | |
| Configure the "Always use classic logon" setting to organizational standards. CC ID 10754 | System hardening through configuration management | Preventive | |
| Configure the "Always use custom logon background" setting to organizational standards. CC ID 10755 | System hardening through configuration management | Preventive | |
| Configure the "Apply the default user logon picture to all users" setting to organizational standards. CC ID 10757 | System hardening through configuration management | Preventive | |
| Configure the "Assign a default domain for logon" setting to organizational standards. CC ID 10758 | System hardening through configuration management | Preventive | |
| Configure the "CD and DVD: Deny execute access" setting to organizational standards. CC ID 10767 | System hardening through configuration management | Preventive | |
| Configure the "CD and DVD: Deny read access" setting to organizational standards. CC ID 10768 | System hardening through configuration management | Preventive | |
| Configure the "CD and DVD: Deny write access" setting to organizational standards. CC ID 10769 | System hardening through configuration management | Preventive | |
| Configure the "Printers preference logging and tracing" setting to organizational standards. CC ID 10799 | System hardening through configuration management | Preventive | |
| Configure the "Contact PDC on logon failure" setting to organizational standards. CC ID 10825 | System hardening through configuration management | Preventive | |
| Configure the "Custom Classes: Deny read access" setting to organizational standards. CC ID 10835 | System hardening through configuration management | Preventive | |
| Configure the "Custom Classes: Deny write access" setting to organizational standards. CC ID 10836 | System hardening through configuration management | Preventive | |
| Configure the "Deny Delegating Default Credentials" setting to organizational standards. CC ID 10848 | System hardening through configuration management | Preventive | |
| Configure the "Deny Delegating Fresh Credentials" setting to organizational standards. CC ID 10849 | System hardening through configuration management | Preventive | |
| Configure the "Deny Delegating Saved Credentials" setting to organizational standards. CC ID 10850 | System hardening through configuration management | Preventive | |
| Configure the "Disallow changing of geographic location" setting to organizational standards. CC ID 10870 | System hardening through configuration management | Preventive | |
| Configure the "Disallow Interactive Users from generating Resultant Set of Policy data" setting to organizational standards. CC ID 10871 | System hardening through configuration management | Preventive | |
| Configure the "Disallow Kerberos authentication" setting for the "WinRM client" to organizational standards. CC ID 10872 | System hardening through configuration management | Preventive | |
| Configure the "Disallow locally attached storage as backup target" setting to organizational standards. CC ID 10874 | System hardening through configuration management | Preventive | |
| Configure the "Disallow Negotiate authentication" setting for the "WinRM client" to organizational standards. CC ID 10875 | System hardening through configuration management | Preventive | |
| Configure the "Disallow network as backup target" setting to organizational standards. CC ID 10877 | System hardening through configuration management | Preventive | |
| Configure the "Disallow optical media as backup target" setting to organizational standards. CC ID 10878 | System hardening through configuration management | Preventive | |
| Configure the "Disallow run-once backups" setting to organizational standards. CC ID 10879 | System hardening through configuration management | Preventive | |
| Configure the "Disallow selection of Custom Locales" setting to organizational standards. CC ID 10880 | System hardening through configuration management | Preventive | |
| Configure the "Disallow user override of locale settings" setting to organizational standards. CC ID 10881 | System hardening through configuration management | Preventive | |
| Configure the "Display information about previous logons during user logon" setting to organizational standards. CC ID 10887 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow adding new targets via manual configuration" setting to organizational standards. CC ID 10891 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow additional session logins" setting to organizational standards. CC ID 10892 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow changes to initiator CHAP secret" setting to organizational standards. CC ID 10893 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow changes to initiator iqn name" setting to organizational standards. CC ID 10894 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow client printer redirection" setting to organizational standards. CC ID 10895 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow clipboard redirection" setting to organizational standards. CC ID 10896 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow color changes" setting to organizational standards. CC ID 10897 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow COM port redirection" setting to organizational standards. CC ID 10898 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow compression on all NTFS volumes" setting to organizational standards. CC ID 10899 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow connections without IPSec" setting to organizational standards. CC ID 10900 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow desktop composition" setting to organizational standards. CC ID 10901 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow encryption on all NTFS volumes" setting to organizational standards. CC ID 10902 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Flip3D invocation" setting to organizational standards. CC ID 10903 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow font smoothing" setting to organizational standards. CC ID 10904 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow LPT port redirection" setting to organizational standards. CC ID 10905 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow manual configuration of discovered targets" setting to organizational standards. CC ID 10906 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow manual configuration of iSNS servers" setting to organizational standards. CC ID 10907 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow manual configuration of target portals" setting to organizational standards. CC ID 10908 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow non-Enhanced Storage removable devices" setting to organizational standards. CC ID 10909 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow password authentication of Enhanced Storage devices" setting to organizational standards. CC ID 10910 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow sessions without mutual CHAP" setting to organizational standards. CC ID 10912 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow sessions without one way CHAP" setting to organizational standards. CC ID 10913 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow smart card device redirection" setting to organizational standards. CC ID 10914 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Snipping Tool to run" setting to organizational standards. CC ID 10915 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Sound Recorder to run" setting to organizational standards. CC ID 10916 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow the BITS client to use Windows Branch Cache" setting to organizational standards. CC ID 10918 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow the computer to act as a BITS Peercaching client" setting to organizational standards. CC ID 10919 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow the computer to act as a BITS Peercaching server" setting to organizational standards. CC ID 10920 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow window animations" setting to organizational standards. CC ID 10921 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Windows Media Center to run" setting to organizational standards. CC ID 10923 | System hardening through configuration management | Preventive | |
| Configure the "Do not display Initial Configuration Tasks window automatically at logon" setting to organizational standards. CC ID 10927 | System hardening through configuration management | Preventive | |
| Configure the "Do not display Manage Your Server page at logon" setting to organizational standards. CC ID 10928 | System hardening through configuration management | Preventive | |
| Configure the "Do not display Server Manager automatically at logon" setting to organizational standards. CC ID 10929 | System hardening through configuration management | Preventive | |
| Configure the "Do not set default client printer to be default printer in a session" setting to organizational standards. CC ID 10935 | System hardening through configuration management | Preventive | |
| Configure the "Execute print drivers in isolated processes" setting to organizational standards. CC ID 10964 | System hardening through configuration management | Preventive | |
| Configure the "Expected dial-up delay on logon" setting to organizational standards. CC ID 10965 | System hardening through configuration management | Preventive | |
| Configure the "Extend Point and Print connection to search Windows Update" setting to organizational standards. CC ID 10966 | System hardening through configuration management | Preventive | |
| Configure the "Filter duplicate logon certificates" setting to organizational standards. CC ID 10967 | System hardening through configuration management | Preventive | |
| Configure the "Floppy Drives: Deny execute access" setting to organizational standards. CC ID 10969 | System hardening through configuration management | Preventive | |
| Configure the "Floppy Drives: Deny read access" setting to organizational standards. CC ID 10970 | System hardening through configuration management | Preventive | |
| Configure the "Floppy Drives: Deny write access" setting to organizational standards. CC ID 10971 | System hardening through configuration management | Preventive | |
| Configure the "Limit the maximum number of files allowed in a BITS job" setting to organizational standards. CC ID 11020 | System hardening through configuration management | Preventive | |
| Configure the "Netlogon share compatibility" setting to organizational standards. CC ID 11048 | System hardening through configuration management | Preventive | |
| Configure the "Only allow local user profiles" setting to organizational standards. CC ID 11056 | System hardening through configuration management | Preventive | |
| Configure the "Only use Package Point and print" setting to organizational standards. CC ID 11057 | System hardening through configuration management | Preventive | |
| Configure the "Override print driver execution compatibility setting reported by print driver" setting to organizational standards. CC ID 11059 | System hardening through configuration management | Preventive | |
| Configure the "Package Point and print - Approved servers" setting to organizational standards. CC ID 11061 | System hardening through configuration management | Preventive | |
| Configure the "Pre-populate printer search location text" setting to organizational standards. CC ID 11065 | System hardening through configuration management | Preventive | |
| Configure the "Printer browsing" setting to organizational standards. CC ID 11097 | System hardening through configuration management | Preventive | |
| Configure the "Provide information about previous logons to client computers" setting to organizational standards. CC ID 11111 | System hardening through configuration management | Preventive | |
| Configure the "Prune printers that are not automatically republished" setting to organizational standards. CC ID 11112 | System hardening through configuration management | Preventive | |
| Configure the "Redirect only the default client printer" setting to organizational standards. CC ID 11116 | System hardening through configuration management | Preventive | |
| Configure the "Removable Disks: Deny execute access" setting to organizational standards. CC ID 11123 | System hardening through configuration management | Preventive | |
| Configure the "Removable Disks: Deny read access" setting to organizational standards. CC ID 11124 | System hardening through configuration management | Preventive | |
| Configure the "Removable Disks: Deny write access" setting to organizational standards. CC ID 11125 | System hardening through configuration management | Preventive | |
| Configure the "Run logon scripts synchronously" setting to organizational standards. CC ID 11151 | System hardening through configuration management | Preventive | |
| Configure the "Run these programs at user logon" setting to organizational standards. CC ID 11155 | System hardening through configuration management | Preventive | |
| Configure the "Selectively allow the evaluation of a symbolic link" setting to organizational standards. CC ID 11169 | System hardening through configuration management | Preventive | |
| Configure the "Specify SHA1 thumbprints of certificates representing trustedrdp publishers" setting to organizational standards. CC ID 11215 | System hardening through configuration management | Preventive | |
| Configure the "Tape Drives: Deny execute access" setting to organizational standards. CC ID 11233 | System hardening through configuration management | Preventive | |
| Configure the "Tape Drives: Deny read access" setting to organizational standards. CC ID 11234 | System hardening through configuration management | Preventive | |
| Configure the "Tape Drives: Deny write access" setting to organizational standards. CC ID 11235 | System hardening through configuration management | Preventive | |
| Configure the "Timeout for hung logon sessions during shutdown" setting to organizational standards. CC ID 11245 | System hardening through configuration management | Preventive | |
| Configure the "Troubleshooting: Allow users to access and run Troubleshooting Wizards" setting to organizational standards. CC ID 11247 | System hardening through configuration management | Preventive | |
| Configure the "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)" setting to organizational standards. CC ID 11248 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the "Order Prints" picture task" setting to organizational standards. CC ID 11314 | System hardening through configuration management | Preventive | |
| Configure the "Use Remote Desktop Easy Print printer driver first" setting to organizational standards. CC ID 11365 | System hardening through configuration management | Preventive | |
| Configure the "Domain controller: Allow server operators to schedule tasks" setting. CC ID 01735 | System hardening through configuration management | Preventive | |
| Configure the "domain member: require strong (Windows 2000 or later) session key" setting. CC ID 01738 | System hardening through configuration management | Preventive | |
| Configure the "Enforce user logon restrictions" setting. CC ID 04500 | System hardening through configuration management | Preventive | |
| Configure the "Maximum lifetime for service ticket" setting. CC ID 04501 | System hardening through configuration management | Preventive | |
| Configure the "Maximum lifetime for user ticket" setting. CC ID 04502 | System hardening through configuration management | Preventive | |
| Configure the "Maximum lifetime for user ticket renewal" setting. CC ID 04503 | System hardening through configuration management | Preventive | |
| Configure the "Maximum tolerance for computer clock synchronization" setting. CC ID 04504 | System hardening through configuration management | Preventive | |
| Verify the Trusted Computing Base is installed, as appropriate. CC ID 05589 | System hardening through configuration management | Preventive | |
| Configure the "Shutdown: Allow system to be shut down without having to log on" setting. CC ID 01779 | System hardening through configuration management | Preventive | |
| Configure the "Shutdown: Clear virtual memory pagefile" setting. CC ID 01780 | System hardening through configuration management | Preventive | |
| Configure Multi-Function Devices to clear their hard drives in between jobs. CC ID 04816 | System hardening through configuration management | Preventive | |
| Configure shared volumes to use the appropriate file system for the network protocols being operated (NT File System in Windows OS or Netware SS), and configure the security parameters. CC ID 01927 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\at.exe. CC ID 01929 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\attrib.exe. CC ID 01930 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\cacls.exe. CC ID 01931 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\debug.exe. CC ID 01932 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\drwatson.exe. CC ID 01933 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\drwtsn32.exe. CC ID 01934 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\edlin.exe. CC ID 01935 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\eventcreate.exe. CC ID 01936 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\eventtriggers.exe. CC ID 01937 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\ftp.exe. CC ID 01938 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\net.exe. CC ID 01939 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\net1.exe. CC ID 01940 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\netsh.exe. CC ID 01941 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\rcp.exe. CC ID 01942 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\reg.exe. CC ID 01943 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\regedit.exe. CC ID 01944 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\regedt32.exe. CC ID 01945 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\regsvr32.exe. CC ID 01946 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\rexec.exe. CC ID 01947 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\rsh.exe. CC ID 01948 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\runas.exe. CC ID 01949 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\sc.exe. CC ID 01950 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\subst.exe. CC ID 01951 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\telnet.exe. CC ID 01952 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\tftp.exe. CC ID 01953 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\tlntsvr.exe. CC ID 01954 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\. CC ID 01968 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\autoexec.bat. CC ID 01969 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\boot.ini. CC ID 01970 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\config.sys. CC ID 01971 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\io.sys. CC ID 01972 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\msdos.sys. CC ID 01973 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\ntbootdd.sys. CC ID 01974 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\ntdetect.com. CC ID 01975 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\ntldr. CC ID 01976 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings. CC ID 01977 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\Administrator. CC ID 01978 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users. CC ID 01979 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson. CC ID 01980 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Setting\Default User. CC ID 01981 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\System Volume Information. CC ID 01982 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Temp. CC ID 01983 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %ProgramFiles%. CC ID 01984 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Program Files\Resource Kit. CC ID 01985 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%. CC ID 01986 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\$NTServicePackUninstall$. CC ID 01987 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\CSC. CC ID 01988 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Debug. CC ID 01989 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Debug\UserMode. CC ID 01990 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Offline Web Pages. CC ID 01991 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Registration. CC ID 01992 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Repair. CC ID 01993 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\security. CC ID 01994 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32. CC ID 01995 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\Ntbackup.exe. CC ID 01996 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\secedit.exe. CC ID 01997 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\appmgmt. CC ID 01998 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\config. CC ID 01999 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\dllcache. CC ID 02000 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\DTCLog. CC ID 02001 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\GroupPolicy. CC ID 02002 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\ias. CC ID 02003 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\NTMSData. CC ID 02004 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\reinstallbackups. CC ID 02005 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\Setup. CC ID 02006 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\spool\printers. CC ID 02007 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Tasks. CC ID 02008 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Temp. CC ID 02009 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Program Files\Resource Pro Kit. CC ID 04301 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\arp.exe. CC ID 04304 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\nbstat.exe. CC ID 04305 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\netstat.exe. CC ID 04306 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\nslookup.exe. CC ID 04307 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\regini.exe. CC ID 04308 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\route.exe. CC ID 04310 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\systeminfo.exe. CC ID 04311 | System hardening through configuration management | Preventive | |
| Disable DOSFAT.NSS. CC ID 04462 | System hardening through configuration management | Preventive | |
| Enable user directory data encryption. CC ID 04467 | System hardening through configuration management | Preventive | |
| Remove the SYS:Mail directory. CC ID 04470 | System hardening through configuration management | Preventive | |
| Configure the largest folder size (storage capacity) restrictions for user directories. CC ID 04471 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config\AppEvent.evt. CC ID 04506 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config\SecEvent.evt. CC ID 04507 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config\SysEvent.evt. CC ID 04508 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDirectory%. CC ID 04532 | System hardening through configuration management | Preventive | |
| Configure the file permissions appropriately for all shell executables. CC ID 05619 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the remote copy (rcp) binary properly. CC ID 05620 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the remote login (rlogin) binary properly. CC ID 05621 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the rlogind binary properly. CC ID 05622 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the remote shell (rsh) binary properly. CC ID 05623 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the rshd binary properly. CC ID 05624 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the tftp binary properly. CC ID 05625 | System hardening through configuration management | Preventive | |
| Configure the file permissions for the tftpd binary properly. CC ID 05626 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson\drwts32.log properly. CC ID 05627 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemDrive%\My Download Files properly. CC ID 05628 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\Driver Cache\I386\Driver.cab properly. CC ID 05629 | System hardening through configuration management | Preventive | |
| Configure the permissions for the %SystemRoot%\$NtUninstall* directories properly. CC ID 05630 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemDrive%\NTDS properly. CC ID 05631 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\SYSVOL properly. CC ID 05632 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\SYSVOL\domain\Policies properly. CC ID 05633 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\repl properly. CC ID 05634 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\repl\export properly. CC ID 05635 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\repl\import properly. CC ID 05636 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %ALL% properly. CC ID 05637 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %ALL%\Program Files\MQSeries properly. CC ID 05638 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %ALL%\Program Files\MQSeries\qmggr properly. CC ID 05639 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ACL properly. CC ID 05640 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemDrive%\WINNT\SECURITY\Database\SECEDIT.SDB ACL properly. CC ID 05641 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemDrive%\perflogs properly. CC ID 05642 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemDrive%\i386 properly. CC ID 05643 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %ProgramFiles%\Common Files\SpeechEngines\TTS properly. CC ID 05644 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\_default.plf properly. CC ID 05645 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\addins properly. CC ID 05646 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\appPatch properly. CC ID 05647 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\clock.avi properly. CC ID 05648 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\Connection Wizard properly. CC ID 05649 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Driver Cache properly. CC ID 05650 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\explorer.scf properly. CC ID 05651 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\explorer.exe properly. CC ID 05652 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\Help properly. CC ID 05653 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\inf\unregmp2.exe properly. CC ID 05654 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\Java properly. CC ID 05655 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\mib.bin properly. CC ID 05656 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\msagent properly. CC ID 05657 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\msdfmap.ini properly. CC ID 05658 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\mui properly. CC ID 05659 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\security\templates properly. CC ID 05660 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\speech properly. CC ID 05661 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system.ini properly. CC ID 05662 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system\setup.inf properly. CC ID 05663 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system\stdole.tlb properly. CC ID 05664 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\twain_32 properly. CC ID 05665 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\CatRoot properly. CC ID 05666 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\configf\systemprofile properly. CC ID 05667 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\dhcp properly. CC ID 05668 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\drivers properly. CC ID 05669 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\Export properly. CC ID 05670 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\ipconfig.exe properly. CC ID 05671 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\LogFiles properly. CC ID 05672 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\mshta.exe properly. CC ID 05673 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\mui properly. CC ID 05674 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\ShellExt properly. CC ID 05675 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\wbem properly. CC ID 05676 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\mof properly. CC ID 05677 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\repository properly. CC ID 05678 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\logs properly. CC ID 05679 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile% properly. CC ID 05680 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data properly. CC ID 05681 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft properly. CC ID 05682 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys properly. CC ID 05683 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys properly. CC ID 05684 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Dr Watson properly. CC ID 05685 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log properly. CC ID 05686 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\HTML Help properly. CC ID 05687 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\MediaIndex properly. CC ID 05688 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\Documents\desktop.ini properly. CC ID 05689 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %AllUsersProfile%\DRM properly. CC ID 05690 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\Debug\UserMode\userenv.log properly. CC ID 05691 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Installer properly. CC ID 05692 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\Prefetch properly. CC ID 05693 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\Registration\CRMLog properly. CC ID 05694 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\ciadv.msc properly. CC ID 05695 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Com\comexp.msc properly. CC ID 05696 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\compmgmt.msc properly. CC ID 05697 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config properly. CC ID 05698 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\Config\*.evt properly. CC ID 05699 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\devmgmt.msc properly. CC ID 05700 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\dfrg.msc properly. CC ID 05701 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\diskmgmt.msc properly. CC ID 05702 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\system32\eventvwr.msc properly. CC ID 05703 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\fsmgmt.msc properly. CC ID 05704 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\gpedit.msc properly. CC ID 05705 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\lusrmgr.msg properly. CC ID 05706 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\System32\MSDTC properly. CC ID 05707 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\ntmsoprq.msc properly. CC ID 05708 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\ntmsmgr.msc properly. CC ID 05709 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\perfmon.msc properly. CC ID 05710 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\RSoP.msc properly. CC ID 05711 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\secpol.msc properly. CC ID 05712 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\services.msc properly. CC ID 05713 | System hardening through configuration management | Preventive | |
| Configure the file permissions for %SystemRoot%\System32\wmimgmt.msc properly. CC ID 05714 | System hardening through configuration management | Preventive | |
| Configure the directory permissions for %SystemRoot%\Web properly. CC ID 05715 | System hardening through configuration management | Preventive | |
| Configure the BitLocker setting appropriately for fixed disk drives and removable disk drives. CC ID 06064 | System hardening through configuration management | Preventive | |
| Configure the settings for fixed disk drives, removable disk drives, and operating system disk drives. CC ID 06065 | System hardening through configuration management | Preventive | |
| Configure the BitLocker identifiers. CC ID 06066 | System hardening through configuration management | Preventive | |
| Configure utility and device driver software in accordance with organizational standards. CC ID 12340 | System hardening through configuration management | Preventive | |
| Restrict utility programs from interfering with Information Technology operations. CC ID 13087 | System hardening through configuration management | Preventive | |
| Configure appropriate Partitioning schemes. CC ID 02162 | System hardening through configuration management | Preventive | |
| Verify the /home file system, /export/home file system, and /var file system each has its own partition. CC ID 02163 | System hardening through configuration management | Preventive | |
| Verify the root shell environment is located outside the /usr directory in a partitioned environment. CC ID 02158 | System hardening through configuration management | Preventive | |
| Verify the primary filesystem partition uses an appropriate filesystem. CC ID 05716 | System hardening through configuration management | Preventive | |
| Enable the OS/2 subsystem, as appropriate. CC ID 05717 | System hardening through configuration management | Preventive | |
| Configure the "nodev" option for "/run/shm" to organizational standards. CC ID 11376 | System hardening through configuration management | Preventive | |
| Configure the "nosuid" option for "/run/shm" to organizational standards. CC ID 11377 | System hardening through configuration management | Preventive | |
| Configure the "noexec" option for "/run/shm" to organizational standards. CC ID 11378 | System hardening through configuration management | Preventive | |
| Configure attached printers and shared printers. CC ID 04499 | System hardening through configuration management | Preventive | |
| Configure the IPsec security association lifetime to organizational standards. CC ID 16508 | System hardening through configuration management | Preventive | |
| Configure route filtering to organizational standards. CC ID 16359 | System hardening through configuration management | Preventive | |
| Configure security gateways to organizational standards. CC ID 16352 | System hardening through configuration management | Preventive | |
| Configure network elements to organizational standards. CC ID 16361 | System hardening through configuration management | Preventive | |
| Configure devices having access to network elements to organizational standards. CC ID 16408 | System hardening through configuration management | Preventive | |
| Configure routing tables to organizational standards. CC ID 15438 | System hardening through configuration management | Preventive | |
| Configure "NetBT NodeType configuration" to organizational standards. CC ID 15383 | System hardening through configuration management | Preventive | |
| Configure "Allow remote server management through WinRM" to organizational standards. CC ID 15364 | System hardening through configuration management | Preventive | |
| Configure "Allow network connectivity during connected-standby (on battery)" to organizational standards. CC ID 15342 | System hardening through configuration management | Preventive | |
| Configure BOOTP queries to be accepted or denied by the DHCP Server, as appropriate. CC ID 06040 | System hardening through configuration management | Preventive | |
| Enable TCP wrappers. CC ID 01567 | System hardening through configuration management | Preventive | |
| Configure TCP wrappers. CC ID 01566 | System hardening through configuration management | Preventive | |
| Configure devices to block or avoid outbound connections. CC ID 04807 | System hardening through configuration management | Preventive | |
| Configure devices to deny inbound connections. CC ID 04805 | System hardening through configuration management | Preventive | |
| Review and restrict network addresses and network protocols. CC ID 01518 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | System hardening through configuration management | Preventive | |
| Disable wireless access if it is not necessary. CC ID 12100 | System hardening through configuration management | Preventive | |
| Configure Network Address Translation to organizational standards. CC ID 16395 | System hardening through configuration management | Preventive | |
| Enable Network Address Translation or Port Address Translation for internal networks on all network access and control points. CC ID 00545 | System hardening through configuration management | Preventive | |
| Disable NIS Server Daemons unless NIS Server Daemons are absolutely necessary. CC ID 01457 | System hardening through configuration management | Preventive | |
| Disable NIS Client Daemons unless NIS Client Daemons are absolutely necessary. CC ID 01458 | System hardening through configuration management | Preventive | |
| Disable NIS+ daemons unless NIS+ daemons are absolutely necessary. CC ID 01459 | System hardening through configuration management | Preventive | |
| Disable Kerberos server daemons unless Kerberos server daemons are absolutely necessary. CC ID 01461 | System hardening through configuration management | Preventive | |
| Disable Kerberos client daemons unless Kerberos client daemons are absolutely necessary. CC ID 01462 | System hardening through configuration management | Preventive | |
| Disable Kerberos-related daemons unless Kerberos-related daemons are absolutely necessary. CC ID 01463 | System hardening through configuration management | Preventive | |
| Disable DHCP Server unless DHCP Server is absolutely necessary. CC ID 01482 | System hardening through configuration management | Preventive | |
| Disable Domain Name Server unless Domain Name Server is absolutely necessary. CC ID 01483 | System hardening through configuration management | Preventive | |
| Disable Simple Network Management Protocol unless it is absolutely necessary. CC ID 01491 | System hardening through configuration management | Preventive | |
| Enable or disable tunneling, as necessary. CC ID 15235 | System hardening through configuration management | Preventive | |
| Disable Internet Protocol version 6 unless it is absolutely necessary. CC ID 01493 | System hardening through configuration management | Preventive | |
| Disable Simple Mail Transport Protocol unless it is absolutely necessary. CC ID 01825 | System hardening through configuration management | Preventive | |
| Disable SNMP trap unless SNMP trap is absolutely necessary. CC ID 01828 | System hardening through configuration management | Preventive | |
| Disable UNIX-to-UNIX Copy Program unless it is absolutely necessary. CC ID 02169 | System hardening through configuration management | Preventive | |
| Disable the ugidd daemon unless the ugidd daemon is absolutely necessary. CC ID 02181 | System hardening through configuration management | Preventive | |
| Disable IP Routing unless it is absolutely necessary. CC ID 02170 | System hardening through configuration management | Preventive | |
| Disable Client Service for NetWare unless it is absolutely necessary. CC ID 04277 | System hardening through configuration management | Preventive | |
| Disable HyperText Transfer Protocol Secure Socket Layer unless it is absolutely necessary. CC ID 04281 | System hardening through configuration management | Preventive | |
| Disable network connections unless network connections are absolutely necessary. CC ID 04283 | System hardening through configuration management | Preventive | |
| Disable Boot Protocol unless it is absolutely necessary. CC ID 04809 | System hardening through configuration management | Preventive | |
| Disable Pre-boot eXecution Environment unless it is absolutely necessary. CC ID 04819 | System hardening through configuration management | Preventive | |
| Disable Bluetooth unless Bluetooth is absolutely necessary. CC ID 04476 | System hardening through configuration management | Preventive | |
| Disable Internetwork Packet Exchange/Sequenced Packet Exchange. CC ID 04800 | System hardening through configuration management | Preventive | |
| Disable AppleTalk. CC ID 04799 | System hardening through configuration management | Preventive | |
| Disable Network Basic Input/Output System. CC ID 01925 | System hardening through configuration management | Preventive | |
| Assign or reserve static IP addresses in Dynamic Host Configuration Protocol. CC ID 04801 | System hardening through configuration management | Preventive | |
| Disable wireless networking on Multi-Function Devices, unless absolutely necessary. CC ID 04821 | System hardening through configuration management | Preventive | |
| Configure mountd to use a static port or a dynamic portmapper port, as appropriate. CC ID 06023 | System hardening through configuration management | Preventive | |
| Configure the Avahi daemon to serve via Internet Protocol version 4, Internet Protocol version 6, as appropriate. CC ID 06024 | System hardening through configuration management | Preventive | |
| Validate and check Simple Network Management Protocol using snmpwalk. CC ID 06941 | System hardening through configuration management | Preventive | |
| Disable the XDMCP port. CC ID 01563 | System hardening through configuration management | Preventive | |
| Prevent syslog from accepting messages from the network. CC ID 01562 | System hardening through configuration management | Preventive | |
| Prevent X server from listening on port 6000/tcp. CC ID 01565 | System hardening through configuration management | Preventive | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to accept the organizational vulnerability scanning host or vendor's originating IP address. CC ID 01645 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Allow anonymous SID/Name translation" setting to organizational standards. CC ID 01717 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" setting. CC ID 01718 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting. CC ID 01719 | System hardening through configuration management | Preventive | |
| Enable Data Execution Protection for all applications. CC ID 01720 | System hardening through configuration management | Preventive | |
| Enable digital encryption or digital signatures of secure channel data. CC ID 01736 | System hardening through configuration management | Preventive | |
| Enable digital signatures of communications using the Server Message Block protocol. CC ID 01762 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network client: Send unencrypted password to connect to third-party SMB servers" setting. CC ID 01764 | System hardening through configuration management | Preventive | |
| Configure the amount of idle time required before disconnecting an idle session. CC ID 01763 | System hardening through configuration management | Preventive | |
| Configure the "Allow reconnection from original client only" setting to organizational standards. CC ID 04515 | System hardening through configuration management | Preventive | |
| Enable the disconnect clients setting (server) or force logoff setting (client) if the account's allotted logon period expire. CC ID 01765 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" setting. CC ID 01766 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Let Everyone permissions apply to anonymous users" setting. CC ID 01767 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Named pipes that can be accessed anonymously" setting. CC ID 01768 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Remotely accessible registry paths" setting. CC ID 01769 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Sharing and security model for local accounts" setting. CC ID 01771 | System hardening through configuration management | Preventive | |
| Configure the "Network security: Do not store LAN Manager hash value on next password change" setting. CC ID 01772 | System hardening through configuration management | Preventive | |
| Configure the "Network security: LAN Manager authentication level" setting. CC ID 01773 | System hardening through configuration management | Preventive | |
| Configure the "Network security: LDAP client signing requirements" setting. CC ID 01774 | System hardening through configuration management | Preventive | |
| Configure Lightweight Directory Access Protocol connections for security. CC ID 04451 | System hardening through configuration management | Preventive | |
| Configure the least session security for NT LM Security Support Provider based clients (including secure RPC) and servers settings. CC ID 01775 | System hardening through configuration management | Preventive | |
| Enable the LDAP cache manager as necessary. CC ID 01460 | System hardening through configuration management | Preventive | |
| Configure firewalls in accordance with organizational standards. CC ID 01926 | System hardening through configuration management | Preventive | |
| Control inbound connections to the firewall. CC ID 04397 | System hardening through configuration management | Preventive | |
| Control outbound connections to the firewall. CC ID 04398 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Do not allow exceptions" setting. CC ID 04318 | System hardening through configuration management | Preventive | |
| Configure the firewall to define program exceptions as necessary. CC ID 04319 | System hardening through configuration management | Preventive | |
| Configure the firewall to display notifications. CC ID 04399 | System hardening through configuration management | Preventive | |
| Configure the firewall to allow Unicast responses. CC ID 04400 | System hardening through configuration management | Preventive | |
| Configure the firewall to apply local connection security rules. CC ID 04402 | System hardening through configuration management | Preventive | |
| Review and approve the firewall rules, as necessary. CC ID 06745 | System hardening through configuration management | Preventive | |
| Disable Internet Connection Sharing. CC ID 02035 | System hardening through configuration management | Preventive | |
| Disable anonymous DDP. CC ID 02193 | System hardening through configuration management | Preventive | |
| Configure the "Set client connection encryption level" setting. CC ID 04321 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Restrict anonymous access to named pipes and shares" setting to organizational standards. CC ID 04381 | System hardening through configuration management | Preventive | |
| Configure the "Intranet Sites: Include all network paths (UNCs)" setting. CC ID 04414 | System hardening through configuration management | Preventive | |
| Configure RConsoleJ in NetWare. CC ID 04460 | System hardening through configuration management | Preventive | |
| Configure Secure Console in NetWare. CC ID 04461 | System hardening through configuration management | Preventive | |
| Disable Universal Description, Discovery, and Integration. CC ID 04466 | System hardening through configuration management | Preventive | |
| Enable encryption for connections that transfer restricted data over HyperText Transfer Protocol. CC ID 04473 | System hardening through configuration management | Preventive | |
| Use HyperText Transfer Protocol Secure to protect authenticators or other restricted data or restricted information. CC ID 04474 | System hardening through configuration management | Preventive | |
| Configure Windows Messenger to prevent access to the internet. CC ID 04518 | System hardening through configuration management | Preventive | |
| Configure the "Always wait for the network at computer startup and logon" setting to organizational standards. CC ID 04519 | System hardening through configuration management | Preventive | |
| Do not Configure anonymous File Transfer Protocol on computers located inside a defined security perimeter. CC ID 04527 | System hardening through configuration management | Preventive | |
| Create an access control list on Network Access and Control Points to restrict access. CC ID 04810 | System hardening through configuration management | Preventive | |
| Configure the Access Control List to restrict connections between untrusted networks and any system that holds restricted data or restricted information. CC ID 06077 | System hardening through configuration management | Preventive | |
| Configure the Access Control List (ACL) so that internal network addresses cannot pass from the Internet into the Demilitarized Zone (DMZ). CC ID 06421 | System hardening through configuration management | Preventive | |
| Configure the Access Control List so that outbound network traffic from protected subnets can only access IP Addresses inside the Demilitarized Zone. CC ID 06422 | System hardening through configuration management | Preventive | |
| Configure Print Services to use port 9100 and/or port 515. CC ID 04811 | System hardening through configuration management | Preventive | |
| Configure the SSH server in accordance with organizational standards. CC ID 04843 | System hardening through configuration management | Preventive | |
| Configure permissions for SSH private host key files to organizational standards. CC ID 15331 | System hardening through configuration management | Preventive | |
| Configure permissions for SSH public host key files to organizational standards. CC ID 15333 | System hardening through configuration management | Preventive | |
| Disable Secure Shell version 1 and use Secure Shell version 2. CC ID 04465 | System hardening through configuration management | Preventive | |
| Allow or deny inbound connections to the secure shell port, as appropriate. CC ID 05746 | System hardening through configuration management | Preventive | |
| Enable or disable the emulation of the rsh command through the SSH server, as appropriate. CC ID 05747 | System hardening through configuration management | Preventive | |
| Configure SSH X11 forwarding to organizational standards. CC ID 05748 | System hardening through configuration management | Preventive | |
| Set the SSH authentication log retry limit. CC ID 05750 | System hardening through configuration management | Preventive | |
| Configure SSH integration with .rhosts to organizational standards. CC ID 05751 | System hardening through configuration management | Preventive | |
| Configure SSH integration with hosts.equiv to organizational standards. CC ID 05752 | System hardening through configuration management | Preventive | |
| Enable or disable SSH Rhosts RSA Authentication, as appropriate. CC ID 05753 | System hardening through configuration management | Preventive | |
| Use Secure Shell for remote logins and file transfers. CC ID 06562 | System hardening through configuration management | Preventive | |
| Configure the "/etc/hosts.deny" file: Content to organizational standards. CC ID 09924 | System hardening through configuration management | Preventive | |
| Configure the "hosts.deny" file permissions to organizational standards. CC ID 09925 | System hardening through configuration management | Preventive | |
| Configure the "PermitEmptyPasswords" setting to organizational standards. CC ID 09926 | System hardening through configuration management | Preventive | |
| Configure the "SSH IgnoreRhosts" setting to organizational standards. CC ID 09951 | System hardening through configuration management | Preventive | |
| Configure the "allowed users and groups" setting for "SSH" to organizational standards. CC ID 09952 | System hardening through configuration management | Preventive | |
| Configure Network Time Protocol. CC ID 04844 | System hardening through configuration management | Preventive | |
| Configure multicasting. CC ID 04845 | System hardening through configuration management | Preventive | |
| Set the apache2 server's ServerTokens value properly. CC ID 05720 | System hardening through configuration management | Preventive | |
| Set the apache2 server's ServerSignature value properly. CC ID 05721 | System hardening through configuration management | Preventive | |
| Configure "Configuration of wireless settings using Windows Connect Now" to organizational standards. CC ID 05722 | System hardening through configuration management | Preventive | |
| Configure X11 forwarding via Secure Shell, as appropriate. CC ID 05723 | System hardening through configuration management | Preventive | |
| Enable the NIS passwd daemon as necessary. CC ID 05725 | System hardening through configuration management | Preventive | |
| Enable the NIS update daemon as necessary. CC ID 05726 | System hardening through configuration management | Preventive | |
| Enable the NIS xfr daemon as necessary. CC ID 05727 | System hardening through configuration management | Preventive | |
| Enable or disable strict destination multihoming, as appropriate. CC ID 05728 | System hardening through configuration management | Preventive | |
| Enable or disable IPv4 strict multihoming, as appropriate. CC ID 05729 | System hardening through configuration management | Preventive | |
| Enable the appropriate tunneling protocol for Internet Protocol version 6. CC ID 05730 | System hardening through configuration management | Preventive | |
| Enable or disable the automatic loading of the IPv6 kernel module, as appropriate. CC ID 05731 | System hardening through configuration management | Preventive | |
| Configure the router advertisements settings to organizational standards. CC ID 05732 | System hardening through configuration management | Preventive | |
| Configure IPv6 privacy extensions properly. CC ID 05733 | System hardening through configuration management | Preventive | |
| Set the default number of global unicast IPv6 addresses allowed per network interface properly. CC ID 05734 | System hardening through configuration management | Preventive | |
| Set the default number of IPv6 router solicitations for network interfaces to send properly. CC ID 05735 | System hardening through configuration management | Preventive | |
| Set the default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured network address properly. CC ID 05736 | System hardening through configuration management | Preventive | |
| Enable or disable IPv6 strict multihoming, as appropriate. CC ID 05737 | System hardening through configuration management | Preventive | |
| Enable or disable IP routing, as appropriate. CC ID 05738 | System hardening through configuration management | Preventive | |
| Enable or disable reverse source routed packets, as appropriate. CC ID 05739 | System hardening through configuration management | Preventive | |
| Restrict packet forwarding, as appropriate. CC ID 05740 | System hardening through configuration management | Preventive | |
| Set unestablished TCP connection queues and established TCP connection queues properly. CC ID 05741 | System hardening through configuration management | Preventive | |
| Enable or disable the LDAP dynamic updates feature, as appropriate. CC ID 05742 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit use of Internet Connection Firewall on your DNS domain network" setting properly. CC ID 05743 | System hardening through configuration management | Preventive | |
| Enable or disable printing services through inetd, as appropriate. CC ID 05744 | System hardening through configuration management | Preventive | |
| Enable or disable firewall access to printing services, as appropriate. CC ID 05745 | System hardening through configuration management | Preventive | |
| Set the Secure Shell largest number for authentication retries. CC ID 05749 | System hardening through configuration management | Preventive | |
| Configure the "Server SPN target name validation level" properly. CC ID 06067 | System hardening through configuration management | Preventive | |
| Configure the "Allow Local System NULL session fallback" setting properly. CC ID 06068 | System hardening through configuration management | Preventive | |
| Configure the "Restrict NTLM" settings properly. CC ID 06069 | System hardening through configuration management | Preventive | |
| Configure the "Allow Local System to use computer identity for NTLM" setting properly. CC ID 06070 | System hardening through configuration management | Preventive | |
| Configure the "Configure encryption types allowed for Kerberos" setting properly. CC ID 06071 | System hardening through configuration management | Preventive | |
| Configure the "Allow PKU2U authentication requests to this computer to use online identities" setting properly. CC ID 06072 | System hardening through configuration management | Preventive | |
| Configure wireless communication to be encrypted using strong cryptography. CC ID 06078 | System hardening through configuration management | Preventive | |
| Reserve the use of VLAN1 to in-band management. CC ID 06413 | System hardening through configuration management | Preventive | |
| Disallow Internet Protocol (IP) directed broadcasts. CC ID 06571 | System hardening through configuration management | Preventive | |
| Configure the "source-routed packets" setting to organizational standards. CC ID 08977 | System hardening through configuration management | Preventive | |
| Disable feedback on protocol format validation errors. CC ID 10646 | System hardening through configuration management | Preventive | |
| Configure the "6to4 Relay Name" setting to organizational standards. CC ID 10688 | System hardening through configuration management | Preventive | |
| Configure the "6to4 Relay Name Resolution Interval" setting to organizational standards. CC ID 10689 | System hardening through configuration management | Preventive | |
| Configure the "6to4 State" setting to organizational standards. CC ID 10690 | System hardening through configuration management | Preventive | |
| Configure the "Automated Site Coverage by the DC Locator DNS SRV Records" setting to organizational standards. CC ID 10759 | System hardening through configuration management | Preventive | |
| Configure the "Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10764 | System hardening through configuration management | Preventive | |
| Configure the "Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10765 | System hardening through configuration management | Preventive | |
| Configure the "Best effort service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10766 | System hardening through configuration management | Preventive | |
| Configure the "BranchCache for network files" setting to organizational standards. CC ID 10776 | System hardening through configuration management | Preventive | |
| Configure the "Network Options preference logging and tracing" setting to organizational standards. CC ID 10796 | System hardening through configuration management | Preventive | |
| Configure the "Network Shares preference logging and tracing" setting to organizational standards. CC ID 10797 | System hardening through configuration management | Preventive | |
| Configure the "slow-link mode" setting to organizational standards. CC ID 10820 | System hardening through configuration management | Preventive | |
| Configure the "Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10826 | System hardening through configuration management | Preventive | |
| Configure the "Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10827 | System hardening through configuration management | Preventive | |
| Configure the "Controlled load service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10828 | System hardening through configuration management | Preventive | |
| Configure the "Corporate DNS Probe Host Address" setting to organizational standards. CC ID 10829 | System hardening through configuration management | Preventive | |
| Configure the "Corporate DNS Probe Host Name" setting to organizational standards. CC ID 10830 | System hardening through configuration management | Preventive | |
| Configure the "Corporate Site Prefix List" setting to organizational standards. CC ID 10831 | System hardening through configuration management | Preventive | |
| Configure the "Corporate Website Probe URL" setting to organizational standards. CC ID 10832 | System hardening through configuration management | Preventive | |
| Configure the "DC Locator DNS records not registered by the DCs" setting to organizational standards. CC ID 10838 | System hardening through configuration management | Preventive | |
| Configure the "DNS Suffix Search List" setting to organizational standards. CC ID 10890 | System hardening through configuration management | Preventive | |
| Configure the "Do not detect slow network connections" setting to organizational standards. CC ID 10926 | System hardening through configuration management | Preventive | |
| Configure the "Do not show the "local access only" network icon" setting to organizational standards. CC ID 10936 | System hardening through configuration management | Preventive | |
| Configure the "Dynamic Registration of the DC Locator DNS Records" setting to organizational standards. CC ID 10943 | System hardening through configuration management | Preventive | |
| Configure the "Group Policy slow link detection" setting to organizational standards. CC ID 10982 | System hardening through configuration management | Preventive | |
| Configure the "Guaranteed service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10983 | System hardening through configuration management | Preventive | |
| Configure the "Guaranteed service type Layer-3 Differentiated Services Code Point for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10984 | System hardening through configuration management | Preventive | |
| Configure the "Guaranteed service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10985 | System hardening through configuration management | Preventive | |
| Configure the "Limit the maximum network bandwidth used for Peercaching" setting to organizational standards. CC ID 11017 | System hardening through configuration management | Preventive | |
| Configure the "Location of the DCs hosting a domain with single label DNS name" setting to organizational standards. CC ID 11024 | System hardening through configuration management | Preventive | |
| Configure the "Minimum Idle Connection Timeout for RPC/HTTP connections" setting to organizational standards. CC ID 11046 | System hardening through configuration management | Preventive | |
| Configure the "Network control service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 11049 | System hardening through configuration management | Preventive | |
| Configure the "Network control service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 11050 | System hardening through configuration management | Preventive | |
| Configure the "Network control service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 11051 | System hardening through configuration management | Preventive | |
| Configure the "Network Projector Port Setting" setting to organizational standards. CC ID 11052 | System hardening through configuration management | Preventive | |
| Configure the "Override the More Gadgets link" setting to organizational standards. CC ID 11060 | System hardening through configuration management | Preventive | |
| Configure the "Prevent backing up to network location" setting to organizational standards. CC ID 11070 | System hardening through configuration management | Preventive | |
| Configure the "Primary DNS Suffix" setting to organizational standards. CC ID 11094 | System hardening through configuration management | Preventive | |
| Configure the "Primary DNS Suffix Devolution" setting to organizational standards. CC ID 11095 | System hardening through configuration management | Preventive | |
| Configure the "Priority Set in the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11099 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit installation and configuration of Network Bridge on your DNS domain network" setting to organizational standards. CC ID 11102 | System hardening through configuration management | Preventive | |
| Configure the "Prompt user when a slow network connection is detected" setting to organizational standards. CC ID 11109 | System hardening through configuration management | Preventive | |
| Configure the "Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 11113 | System hardening through configuration management | Preventive | |
| Configure the "Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 11114 | System hardening through configuration management | Preventive | |
| Configure the "Qualitative service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 11115 | System hardening through configuration management | Preventive | |
| Configure the "Refresh Interval of the DC Locator DNS Records" setting to organizational standards. CC ID 11119 | System hardening through configuration management | Preventive | |
| Configure the "Register DNS records with connection-specific DNS suffix" setting to organizational standards. CC ID 11120 | System hardening through configuration management | Preventive | |
| Configure the "Require domain users to elevate when setting a network's location" setting to organizational standards. CC ID 11133 | System hardening through configuration management | Preventive | |
| Configure the "Route all traffic through the internal network" setting to organizational standards. CC ID 11149 | System hardening through configuration management | Preventive | |
| Configure the "Set a support web page link" setting to organizational standards. CC ID 11171 | System hardening through configuration management | Preventive | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Link Local" to organizational standards. CC ID 11179 | System hardening through configuration management | Preventive | |
| Configure the "Set the Seed Server" setting for "IPv6 Link Local" to organizational standards. CC ID 11190 | System hardening through configuration management | Preventive | |
| Configure the "Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers" setting to organizational standards. CC ID 11197 | System hardening through configuration management | Preventive | |
| Configure the "Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers" setting to organizational standards. CC ID 11198 | System hardening through configuration management | Preventive | |
| Configure the "Sites Covered by the Application Directory Partition Locator DNS SRV Records" setting to organizational standards. CC ID 11202 | System hardening through configuration management | Preventive | |
| Configure the "Sites Covered by the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11203 | System hardening through configuration management | Preventive | |
| Configure the "Sites Covered by the GC Locator DNS SRV Records" setting to organizational standards. CC ID 11204 | System hardening through configuration management | Preventive | |
| Configure the "Slow network connection timeout for user profiles" setting to organizational standards. CC ID 11205 | System hardening through configuration management | Preventive | |
| Configure the "TTL Set in the DC Locator DNS Records" setting to organizational standards. CC ID 11252 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Connect to a Network Projector" setting to organizational standards. CC ID 11272 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com" setting to organizational standards. CC ID 11283 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Microsoft Peer-to-Peer Networking Services" setting to organizational standards. CC ID 11289 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Link Local" to organizational standards. CC ID 11291 | System hardening through configuration management | Preventive | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Link Local" to organizational standards. CC ID 11299 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Registration if URL connection is referring to Microsoft.com" setting to organizational standards. CC ID 11305 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Network Connectivity Status Indicator active tests" setting to organizational standards. CC ID 11328 | System hardening through configuration management | Preventive | |
| Configure the "Weight Set in the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11371 | System hardening through configuration management | Preventive | |
| Configure Automated Teller Machines in accordance with organizational standards. CC ID 12542 | System hardening through configuration management | Preventive | |
| Enable or disable remote print browsing, as appropriate. CC ID 05718 | System hardening through configuration management | Preventive | |
| Allow or deny remote print browsing Common Unix Printing System the ability to listen for incoming printer information, as appropriate. CC ID 05719 | System hardening through configuration management | Preventive | |
| Configure the time server in accordance with organizational standards. CC ID 06426 | System hardening through configuration management | Preventive | |
| Configure the time server to synchronize with specifically designated hosts. CC ID 06427 | System hardening through configuration management | Preventive | |
| Restrict access to time server configuration to personnel with a business need. CC ID 06858 | System hardening through configuration management | Preventive | |
| Enable or disable the Uninterruptible Power Supply service, as appropriate. CC ID 06037 | System hardening through configuration management | Preventive | |
| Configure Private Branch Exchanges in accordance with organizational standards. CC ID 02219 | System hardening through configuration management | Preventive | |
| Enable Direct Inward System Access, only when necessary. CC ID 02220 | System hardening through configuration management | Preventive | |
| Configure voicemail security inside each Private Branch Exchange. CC ID 02221 | System hardening through configuration management | Preventive | |
| Configure Wireless Access Points in accordance with organizational standards. CC ID 12477 | System hardening through configuration management | Preventive | |
| Enable MAC address filtering for Wireless Access Points. CC ID 04592 | System hardening through configuration management | Preventive | |
| Disable Service Set Identifier broadcast. CC ID 04590 | System hardening through configuration management | Preventive | |
| Configure Service Set Identifiers in accordance with organizational standards. CC ID 16447 | System hardening through configuration management | Preventive | |
| Configure the Wireless Access Point transmit power setting to the lowest level possible. CC ID 04593 | System hardening through configuration management | Preventive | |
| Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 | System hardening through configuration management | Preventive | |
| Enable an authorized version of Wi-Fi Protected Access. CC ID 04832 | System hardening through configuration management | Preventive | |
| Synchronize the Wireless Access Points' clocks. CC ID 04834 | System hardening through configuration management | Preventive | |
| Disable unnecessary applications, ports, and protocols on Wireless Access Points. CC ID 04835 | System hardening through configuration management | Preventive | |
| Enable or disable all BIOS wireless devices, as appropriate. CC ID 05754 | System hardening through configuration management | Preventive | |
| Enable or disable all wireless interfaces, as necessary. CC ID 05755 | System hardening through configuration management | Preventive | |
| Include or exclude device drivers for wireless devices from the kernel, as appropriate. CC ID 05756 | System hardening through configuration management | Preventive | |
| Configure mobile device settings in accordance with organizational standards. CC ID 04600 | System hardening through configuration management | Preventive | |
| Configure mobile devices to enable remote wipe. CC ID 12212 | System hardening through configuration management | Preventive | |
| Configure prohibiting the circumvention of security controls on mobile devices. CC ID 12335 | System hardening through configuration management | Preventive | |
| Configure the "VPN" setting to organizational standards. CC ID 09987 | System hardening through configuration management | Preventive | |
| Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 09988 | System hardening through configuration management | Preventive | |
| Configure the "With Authentication" setting to organizational standards. CC ID 09989 | System hardening through configuration management | Preventive | |
| Configure the "Auto-Join" setting to organizational standards. CC ID 09990 | System hardening through configuration management | Preventive | |
| Configure the "AirDrop Discoverability" setting to organizational standards. CC ID 09991 | System hardening through configuration management | Preventive | |
| Configure the "Wi-Fi" setting to organizational standards. CC ID 09992 | System hardening through configuration management | Preventive | |
| Configure the "Personal Hotspot" setting to organizational standards. CC ID 09994 | System hardening through configuration management | Preventive | |
| Configure the "Notifications View" setting for "Access on Lock Screen" to organizational standards. CC ID 09995 | System hardening through configuration management | Preventive | |
| Configure the "Find My iPhone" setting to organizational standards. CC ID 09996 | System hardening through configuration management | Preventive | |
| Configure the "iPhone Unlock" setting to organizational standards. CC ID 09997 | System hardening through configuration management | Preventive | |
| Configure the "Access on Lock Screen" setting to organizational standards. CC ID 09998 | System hardening through configuration management | Preventive | |
| Configure the "Forget this Network" setting to organizational standards. CC ID 09999 | System hardening through configuration management | Preventive | |
| Configure the "Ask to Join Networks" setting to organizational standards. CC ID 10000 | System hardening through configuration management | Preventive | |
| Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 10001 | System hardening through configuration management | Preventive | |
| Configure the "Credit Cards" setting to organizational standards. CC ID 10002 | System hardening through configuration management | Preventive | |
| Configure the "Saved Credit Card Information" setting to organizational standards. CC ID 10003 | System hardening through configuration management | Preventive | |
| Configure the "Do Not Track" setting to organizational standards. CC ID 10004 | System hardening through configuration management | Preventive | |
| Configure the "With Authentication" setting to organizational standards. CC ID 10005 | System hardening through configuration management | Preventive | |
| Configure the "Allow Move" setting to organizational standards. CC ID 10006 | System hardening through configuration management | Preventive | |
| Configure the "Use Only in Mail" setting to organizational standards. CC ID 10007 | System hardening through configuration management | Preventive | |
| Configure mobile devices to organizational standards. CC ID 04639 | System hardening through configuration management | Preventive | |
| Configure mobile devices to separate organizational data from personal data. CC ID 16463 | System hardening through configuration management | Preventive | |
| Configure the mobile device properties to organizational standards. CC ID 04640 | System hardening through configuration management | Preventive | |
| Configure the mobile device menu items to organizational standards. CC ID 04641 | System hardening through configuration management | Preventive | |
| Configure the BlackBerry handheld device driver settings. CC ID 04642 | System hardening through configuration management | Preventive | |
| Configure the BlackBerry Enterprise Server with either BlackBerry DMZ Solution or the BlackBerry firewall solution. CC ID 04602 | System hardening through configuration management | Preventive | |
| Configure automatic master key generation on the BlackBerry Enterprise Server. CC ID 04608 | System hardening through configuration management | Preventive | |
| Configure e-mail messages to not display a signature line stating the message was sent from a Portable Electronic Device. CC ID 04605 | System hardening through configuration management | Preventive | |
| Verify only the specific mobile device web browser software is installed. CC ID 04606 | System hardening through configuration management | Preventive | |
| Update the software and master keys for mobile Personal Electronic Devices every 30 days. CC ID 04607 | System hardening through configuration management | Preventive | |
| Enable content protection on mobile devices. CC ID 04609 | System hardening through configuration management | Preventive | |
| Configure the application policy groups for each mobile Personal Electronic Device. CC ID 04610 | System hardening through configuration management | Preventive | |
| Configure the BlackBerry Messenger policy group settings. CC ID 04611 | System hardening through configuration management | Preventive | |
| Configure the Camera policy group settings. CC ID 04614 | System hardening through configuration management | Preventive | |
| Configure the Bluetooth policy group settings. CC ID 04612 | System hardening through configuration management | Preventive | |
| Configure the Bluetooth Smart Card Reader policy group settings. CC ID 04613 | System hardening through configuration management | Preventive | |
| Configure the Browser policy group settings. CC ID 04615 | System hardening through configuration management | Preventive | |
| Configure the Certificate Sync policy group settings. CC ID 04616 | System hardening through configuration management | Preventive | |
| Configure the CMIME policy group settings. CC ID 04617 | System hardening through configuration management | Preventive | |
| Configure the Common policy group settings. CC ID 04618 | System hardening through configuration management | Preventive | |
| Configure the Desktop-only policy group settings. CC ID 04619 | System hardening through configuration management | Preventive | |
| Configure the IOT Application policy group settings. CC ID 04620 | System hardening through configuration management | Preventive | |
| Configure the Device-only policy group settings. CC ID 04621 | System hardening through configuration management | Preventive | |
| Configure the Desktop policy group settings. CC ID 04622 | System hardening through configuration management | Preventive | |
| Configure the Global items policy group settings. CC ID 04623 | System hardening through configuration management | Preventive | |
| Configure the Location Based Services policy group settings. CC ID 04624 | System hardening through configuration management | Preventive | |
| Configure the MDS policy group settings. CC ID 04625 | System hardening through configuration management | Preventive | |
| Configure the On-Device Help policy group settings. CC ID 04626 | System hardening through configuration management | Preventive | |
| Configure the Password policy group settings. CC ID 04627 | System hardening through configuration management | Preventive | |
| Configure the PIM Sync policy group settings. CC ID 04628 | System hardening through configuration management | Preventive | |
| Configure the Secure E-mail policy group settings. CC ID 04629 | System hardening through configuration management | Preventive | |
| Configure the Memory Cleaner policy group settings. CC ID 04630 | System hardening through configuration management | Preventive | |
| Configure the Security policy group settings. CC ID 04631 | System hardening through configuration management | Preventive | |
| Configure the Service Exclusivity policy group settings. CC ID 04632 | System hardening through configuration management | Preventive | |
| Configure the SIM Application Toolkit policy group settings. CC ID 04633 | System hardening through configuration management | Preventive | |
| Configure the Smart Dialing policy group settings. CC ID 04634 | System hardening through configuration management | Preventive | |
| Configure the S/MIME policy group settings. CC ID 04635 | System hardening through configuration management | Preventive | |
| Configure the TCP policy group settings. CC ID 04636 | System hardening through configuration management | Preventive | |
| Configure the WTLS (Application) policy group settings. CC ID 04638 | System hardening through configuration management | Preventive | |
| Configure emergency and critical e-mail notifications so that they are digitally signed. CC ID 04841 | System hardening through configuration management | Preventive | |
| Enable data-at-rest encryption on mobile devices. CC ID 04842 | System hardening through configuration management | Preventive | |
| Disable the capability to automatically execute code on mobile devices absent user direction. CC ID 08705 | System hardening through configuration management | Preventive | |
| Configure environmental sensors on mobile devices. CC ID 10667 | System hardening through configuration management | Preventive | |
| Prohibit the remote activation of environmental sensors on mobile devices. CC ID 10666 | System hardening through configuration management | Preventive | |
| Configure the mobile device to explicitly show when an environmental sensor is in use. CC ID 10668 | System hardening through configuration management | Preventive | |
| Configure the environmental sensor to report collected data to designated personnel only. CC ID 10669 | System hardening through configuration management | Preventive | |
| Configure Cisco-specific applications and service in accordance with organizational standards. CC ID 06557 | System hardening through configuration management | Preventive | |
| Disable Cisco Discovery Protocol service unless the Cisco Discovery Protocol service is absolutely necessary. CC ID 06556 | System hardening through configuration management | Preventive | |
| Disable configuration autoloading unless configuration autoloading is absolutely necessary. CC ID 06558 | System hardening through configuration management | Preventive | |
| Disable exec on aux unless exec on aux is absolutely necessary. CC ID 06559 | System hardening through configuration management | Preventive | |
| Define and configure the Cisco loopback interface. CC ID 06560 | System hardening through configuration management | Preventive | |
| Configure custom Oracle-specific applications and services in accordance with organizational standards. CC ID 06565 | System hardening through configuration management | Preventive | |
| Set the Oracle Listener password. CC ID 06566 | System hardening through configuration management | Preventive | |
| Configure Oracle batch processes to not use passwords in parameters or variables. CC ID 06567 | System hardening through configuration management | Preventive | |
| Configure the Global Positioning System settings as appropriate. CC ID 06888 | System hardening through configuration management | Preventive | |
| Configure the Global Positioning System monitor carrier-to-noise density ratio to the range of 48-50 bbhrtz. CC ID 06889 | System hardening through configuration management | Preventive | |
| Configure endpoint security tools in accordance with organizational standards. CC ID 07049 | System hardening through configuration management | Preventive | |
| Secure endpoint security tool configuration settings from unauthorized change. CC ID 07050 | System hardening through configuration management | Preventive | |
| Configure e-mail security settings in accordance with organizational standards. CC ID 07055 | System hardening through configuration management | Preventive | |
| Configure e-mail to limit the number of recipients per message. CC ID 07056 | System hardening through configuration management | Preventive | |
| Configure web server security settings in accordance with organizational standards. CC ID 07059 | System hardening through configuration management | Preventive | |
| Configure the web server to hide the directory of files in a folder. CC ID 07060 | System hardening through configuration management | Preventive | |
| Certify the system before releasing it into a production environment. CC ID 06419 | System hardening through configuration management | Preventive | |
| Document the system's accreditation and residual risks. CC ID 06728 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain virtualization configuration settings. CC ID 07110 | System hardening through configuration management | Preventive | |
| Implement the security features of hypervisor to protect virtual machines. CC ID 12176 | System hardening through configuration management | Preventive | |
| Execute code in confined virtual machine environments. CC ID 10648 | System hardening through configuration management | Preventive | |
| Configure Microsoft Office to Organizational Standards. CC ID 07147 | System hardening through configuration management | Preventive | |
| Set custom Microsoft Office security options in accordance with organizational standards. CC ID 05757 | System hardening through configuration management | Preventive | |
| Configure the "Disable VBA for Office applications" setting properly. CC ID 05758 | System hardening through configuration management | Preventive | |
| Configure the "ActiveX Control Initialization" setting to organizational standards. CC ID 05759 | System hardening through configuration management | Preventive | |
| Configure the "Online content options" setting properly. CC ID 05760 | System hardening through configuration management | Preventive | |
| Configure the "VBA Macro Warning Settings" setting properly. CC ID 05761 | System hardening through configuration management | Preventive | |
| Configure the "Trust access to Visual Basic Project" setting properly. CC ID 05762 | System hardening through configuration management | Preventive | |
| Configure the "Configure Add-In Trust Level" setting properly. CC ID 05763 | System hardening through configuration management | Preventive | |
| Configure the "Minimum encryption settings" setting properly. CC ID 05764 | System hardening through configuration management | Preventive | |
| Configure the "Do not check e-mail address against address of certificates being used" setting to organizational standards. CC ID 05765 | System hardening through configuration management | Preventive | |
| Configure the "Send all signed messages as clear signed messages" setting properly. CC ID 05766 | System hardening through configuration management | Preventive | |
| Configure the "Request an S/MIME receipt for all S/MIME signed messages" setting properly. CC ID 05767 | System hardening through configuration management | Preventive | |
| Configure the "Do not display 'Publish to GAL' button" setting properly. CC ID 05768 | System hardening through configuration management | Preventive | |
| Configure the "Signature Warning" setting properly. CC ID 05769 | System hardening through configuration management | Preventive | |
| Configure the "Enable Cryptography Icons" setting properly. CC ID 05770 | System hardening through configuration management | Preventive | |
| Configure the "Retrieving CRLs (Certificate Revocation Lists)" setting properly. CC ID 05771 | System hardening through configuration management | Preventive | |
| Configure the "Warn before printing, saving, or sending a file that contains tracked changes or comments" setting properly. CC ID 05772 | System hardening through configuration management | Preventive | |
| Configure the "Underline hyperlinks" setting properly. CC ID 05773 | System hardening through configuration management | Preventive | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins" setting properly. CC ID 05774 | System hardening through configuration management | Preventive | |
| Configure the "Disable all application add-ins" setting properly. CC ID 05775 | System hardening through configuration management | Preventive | |
| Configure the "Required that application add-ins are signed by Trusted Publisher" setting properly. CC ID 05776 | System hardening through configuration management | Preventive | |
| Configure the "Disable all trusted locations" setting properly. CC ID 05777 | System hardening through configuration management | Preventive | |
| Configure the "Allow Trusted Locations not on the computer" setting properly. CC ID 05778 | System hardening through configuration management | Preventive | |
| Configure the "Modal Trust Decision Only" setting properly. CC ID 05779 | System hardening through configuration management | Preventive | |
| Configure the "Disable commands" setting properly. CC ID 05780 | System hardening through configuration management | Preventive | |
| Configure the "Database Tools | Macro | Convert Macros to Visual Basic" setting to organizational standards. CC ID 05781 | System hardening through configuration management | Preventive | |
| Configure the "Database Tools | Macro | Create Shortcut Menu from Macro" setting to organizational standards. CC ID 05782 | System hardening through configuration management | Preventive | |
| Configure the "Disable shortcut keys" setting properly. CC ID 05783 | System hardening through configuration management | Preventive | |
| Configure the "Default file format" setting properly. CC ID 05784 | System hardening through configuration management | Preventive | |
| Configure the "Do not prompt to convert older databases" setting properly. CC ID 05785 | System hardening through configuration management | Preventive | |
| Configure the "Internet and network paths as hyperlinks" setting properly. CC ID 05786 | System hardening through configuration management | Preventive | |
| Configure the "Save files" setting properly. CC ID 05787 | System hardening through configuration management | Preventive | |
| Configure the "Disable AutoRepublish" setting properly. CC ID 05788 | System hardening through configuration management | Preventive | |
| Configure the "Autorepublish warning alert" setting properly. CC ID 05789 | System hardening through configuration management | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks" setting properly. CC ID 05790 | System hardening through configuration management | Preventive | |
| Configure the "Force file extension to match file type" setting properly. CC ID 05791 | System hardening through configuration management | Preventive | |
| Configure the "Store macro in Personal Macro Workbook by default" setting properly. CC ID 05792 | System hardening through configuration management | Preventive | |
| Configure the "Ignore other applications" setting properly. CC ID 05793 | System hardening through configuration management | Preventive | |
| Configure the "Ask to update automatic links" setting properly. CC ID 05794 | System hardening through configuration management | Preventive | |
| Configure the "Save any additional data necessary to maintain formulas" setting properly. CC ID 05795 | System hardening through configuration management | Preventive | |
| Configure the "Load pictures from Web pages not created in Excel" setting properly. CC ID 05796 | System hardening through configuration management | Preventive | |
| Configure the "Do not show data extraction options when opening corrupt workbooks" setting properly. CC ID 05797 | System hardening through configuration management | Preventive | |
| Configure the "Assume structured storage format of workbook is intact when recovering data" setting to organizational standards. CC ID 05798 | System hardening through configuration management | Preventive | |
| Configure the "Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME)" setting to organizational standards. CC ID 05799 | System hardening through configuration management | Preventive | |
| Configure the "Connection File Locations" setting to organizational standards. CC ID 05800 | System hardening through configuration management | Preventive | |
| Configure the "Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh)" setting to organizational standards. CC ID 05801 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of" setting properly. CC ID 05802 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of" setting properly. CC ID 05803 | System hardening through configuration management | Preventive | |
| Configure the "Locally cache network file storages" setting to organizational standards. CC ID 05804 | System hardening through configuration management | Preventive | |
| Configure the "Locally cache PivotTable reports" setting to organizational standards. CC ID 05805 | System hardening through configuration management | Preventive | |
| Configure the "OLAP PivotTable User Defined Function (UDF) security setting" setting properly. CC ID 05806 | System hardening through configuration management | Preventive | |
| Configure the "Recognize SmartTags" setting to organizational standards. CC ID 05807 | System hardening through configuration management | Preventive | |
| Configure the "Offline Mode Status" setting properly. CC ID 05808 | System hardening through configuration management | Preventive | |
| Configure the "Control behavior for Windows SharePoint Services gradual upgrade" setting properly. CC ID 05809 | System hardening through configuration management | Preventive | |
| Configure the "Disable opening of solutions from the Internet security zone" setting properly. CC ID 05810 | System hardening through configuration management | Preventive | |
| Configure the "Allow the use of ActiveX Custom Controls in InfoPath forms" setting properly. CC ID 05811 | System hardening through configuration management | Preventive | |
| Configure the "Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1" setting to organizational standards. CC ID 05812 | System hardening through configuration management | Preventive | |
| Configure the "Allow file types as attachments to forms" setting properly. CC ID 05813 | System hardening through configuration management | Preventive | |
| Configure the "Block specific file types as attachments to forms" setting properly. CC ID 05814 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from allowing unsafe file types to be attached to forms" setting properly. CC ID 05815 | System hardening through configuration management | Preventive | |
| Configure the "Display a warning that a form is digitally signed" setting properly. CC ID 05816 | System hardening through configuration management | Preventive | |
| Configure the "Control behavior when opening forms" setting properly. CC ID 05817 | System hardening through configuration management | Preventive | |
| Configure the "Beaconing UI for forms" setting properly. CC ID 05818 | System hardening through configuration management | Preventive | |
| Configure the "Disable sending form template with e-mail forms" setting properly. CC ID 05819 | System hardening through configuration management | Preventive | |
| Configure the "Disable dynamic caching of the form template in InfoPath e-mail forms" setting properly. CC ID 05820 | System hardening through configuration management | Preventive | |
| Configure the "Disable sending InfoPath 2003 Forms as e-mail forms" setting properly. CC ID 05821 | System hardening through configuration management | Preventive | |
| Configure the "Disable e-mail forms" setting properly. CC ID 05822 | System hardening through configuration management | Preventive | |
| Configure the "Disable InfoPath e-mail forms in Outlook" setting properly. CC ID 05823 | System hardening through configuration management | Preventive | |
| Configure the "Information Rights Management" setting to organizational standards. CC ID 05824 | System hardening through configuration management | Preventive | |
| Configure the "Custom code" setting properly. CC ID 05825 | System hardening through configuration management | Preventive | |
| Configure the "E-mail forms beaconing UI" setting properly. CC ID 05826 | System hardening through configuration management | Preventive | |
| Configure the "Disable user customization of Quick Access Toolbar via UI" setting properly. CC ID 05827 | System hardening through configuration management | Preventive | |
| Configure the "Disable all user customization of Quick Access Toolar" setting properly. CC ID 05828 | System hardening through configuration management | Preventive | |
| Configure the "Disable UI extending from documents and templates" setting properly. CC ID 05829 | System hardening through configuration management | Preventive | |
| Configure the "Recognize smart tags in Excel" setting properly. CC ID 05830 | System hardening through configuration management | Preventive | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office Online website" setting properly. CC ID 05831 | System hardening through configuration management | Preventive | |
| Configure the "Disable template downloads from the client and from Office Online website" setting properly. CC ID 05832 | System hardening through configuration management | Preventive | |
| Configure the "Disable access to updates, add-ins, and patches on the Office Online website" setting properly. CC ID 05833 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from uploading document templates to the Office Online community" setting to organizational standards. CC ID 05834 | System hardening through configuration management | Preventive | |
| Configure the "Disable training practice downloads from the Office Online website" setting properly. CC ID 05835 | System hardening through configuration management | Preventive | |
| Configure the "Disable customer-submitted templates downloads from Office Online" setting properly. CC ID 05836 | System hardening through configuration management | Preventive | |
| Configure the "Open Office documents as read/write while browsing" setting properly. CC ID 05837 | System hardening through configuration management | Preventive | |
| Configure the "Rely on VML for displaying graphics in browsers" setting properly. CC ID 05838 | System hardening through configuration management | Preventive | |
| Configure the "Allow PNG as an output format" setting properly. CC ID 05839 | System hardening through configuration management | Preventive | |
| Configure the "Improve Proofing Tools" setting properly. CC ID 05840 | System hardening through configuration management | Preventive | |
| Configure the "Disable Opt-in Wizard on first run" setting properly. CC ID 05841 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Office Online" setting to organizational standards. CC ID 05842 | System hardening through configuration management | Preventive | |
| Configure the "Disable Password Caching" setting properly. CC ID 05843 | System hardening through configuration management | Preventive | |
| Configure the "Disable all Trust Bar notifications for security issues" setting properly. CC ID 05844 | System hardening through configuration management | Preventive | |
| Configure the "Protect document metadata" setting properly. CC ID 05845 | System hardening through configuration management | Preventive | |
| Configure the "Encryption type for password protected" setting properly. CC ID 05846 | System hardening through configuration management | Preventive | |
| Configure the "Load controls in Forms3" setting properly. CC ID 05847 | System hardening through configuration management | Preventive | |
| Configure the "Automation Security" setting properly. CC ID 05848 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Word and Excel from loading managed code extensions" setting properly. CC ID 05849 | System hardening through configuration management | Preventive | |
| Configure the "Disable hyperlink warnings" setting properly. CC ID 05850 | System hardening through configuration management | Preventive | |
| Configure the "Disable password to open UI" setting properly. CC ID 05851 | System hardening through configuration management | Preventive | |
| Configure the "Download Office Controls" setting to organizational standards. CC ID 05852 | System hardening through configuration management | Preventive | |
| Configure the "Disable All ActiveX" setting properly. CC ID 05853 | System hardening through configuration management | Preventive | |
| Configure the "Allow mix of policy and user locations" setting properly. CC ID 05854 | System hardening through configuration management | Preventive | |
| Configure the "Disable Smart Document's use of manifests" setting properly. CC ID 05855 | System hardening through configuration management | Preventive | |
| Configure the "Completely disable the Smart Documents feature in Word and Excel" setting to organizational standards. CC ID 05856 | System hardening through configuration management | Preventive | |
| Configure the "Disable Internet Fax feature" setting properly. CC ID 05857 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from changing permissions on rights managed content" setting properly. CC ID 05858 | System hardening through configuration management | Preventive | |
| Configure the "Allow users with earlier versions of Office to read with browsers." setting properly. CC ID 05859 | System hardening through configuration management | Preventive | |
| Configure the "Always require users to connect to verify permission" setting properly. CC ID 05860 | System hardening through configuration management | Preventive | |
| Configure the "Always expand groups in Office when restricting permission for documents" setting properly. CC ID 05861 | System hardening through configuration management | Preventive | |
| Configure the "Never allow users to specify groups when restricting permission for documents" setting properly. CC ID 05862 | System hardening through configuration management | Preventive | |
| Configure the "Disable Microsoft Passport service for content with restricted permission" setting properly. CC ID 05863 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow users to upgrade Information Rights Management configuration" setting to organizational standards. CC ID 05864 | System hardening through configuration management | Preventive | |
| Configure the "Key Usage Filtering" setting properly. CC ID 05865 | System hardening through configuration management | Preventive | |
| Configure the "EKU filtering" setting properly. CC ID 05866 | System hardening through configuration management | Preventive | |
| Configure the "Legacy format signatures" setting properly. CC ID 05867 | System hardening through configuration management | Preventive | |
| Configure the "Suppress Office Signing Providers" setting properly. CC ID 05868 | System hardening through configuration management | Preventive | |
| Configure the "Suppress external signature services menu item" setting properly. CC ID 05869 | System hardening through configuration management | Preventive | |
| Configure the "Disable Check For Solutions" setting properly. CC ID 05870 | System hardening through configuration management | Preventive | |
| Configure the "Disable inclusion of document properties in PDF and XPS output" setting properly. CC ID 05871 | System hardening through configuration management | Preventive | |
| Configure the "Disable Document Information Panel" setting properly. CC ID 05872 | System hardening through configuration management | Preventive | |
| Configure the "Document information panel beaconing UI" setting properly. CC ID 05873 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Office client from polling the Office server for published links" setting properly. CC ID 05874 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats" setting properly. CC ID 05875 | System hardening through configuration management | Preventive | |
| Configure the "Control Blogging" setting properly. CC ID 05876 | System hardening through configuration management | Preventive | |
| Configure the "Enable Smart Resume" setting to organizational standards. CC ID 05877 | System hardening through configuration management | Preventive | |
| Configure the "Do not upload media files" setting to organizational standards. CC ID 05878 | System hardening through configuration management | Preventive | |
| Configure the "Disable hyperlinks to web templates in File | New and task panes" setting properly. CC ID 05879 | System hardening through configuration management | Preventive | |
| Configure the "Prevent access to Web-based file storage" setting to organizational standards. CC ID 05880 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow attachment previewing in Outlook" setting properly. CC ID 05881 | System hardening through configuration management | Preventive | |
| Configure the "Read e-mail as plain text" setting properly. CC ID 05882 | System hardening through configuration management | Preventive | |
| Configure the "Read signed e-mail as plain text" setting properly. CC ID 05883 | System hardening through configuration management | Preventive | |
| Configure the "Prevent publishing to Office Online" setting properly. CC ID 05884 | System hardening through configuration management | Preventive | |
| Configure the "Prevent publishing to a DAV server" setting properly. CC ID 05885 | System hardening through configuration management | Preventive | |
| Configure the "Restrict level of calendar details users can publish" setting properly. CC ID 05886 | System hardening through configuration management | Preventive | |
| Configure the "Access to published calendars" setting properly. CC ID 05887 | System hardening through configuration management | Preventive | |
| Configure the "Restrict upload method" setting properly. CC ID 05888 | System hardening through configuration management | Preventive | |
| Configure the "Hide Junk Mail UI" setting properly. CC ID 05889 | System hardening through configuration management | Preventive | |
| Configure the "Junk E-mail Protection Level" setting properly. CC ID 05890 | System hardening through configuration management | Preventive | |
| Configure the "Trust E-mail from Contacts" setting properly. CC ID 05891 | System hardening through configuration management | Preventive | |
| Configure the "Add e-mail recipients to users' Safe Senders Lists" setting properly. CC ID 05892 | System hardening through configuration management | Preventive | |
| Configure the "Dial-up options" setting properly. CC ID 05893 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow creating, replying, or forwarding signatures for e-mail messages" setting properly. CC ID 05894 | System hardening through configuration management | Preventive | |
| Configure the "Send copy of pictures with HTML messages instead of reference to Internet location" setting to organizational standards. CC ID 05895 | System hardening through configuration management | Preventive | |
| Configure the "Outlook rich text options" setting properly. CC ID 05896 | System hardening through configuration management | Preventive | |
| Configure the "Plain text options" setting properly. CC ID 05897 | System hardening through configuration management | Preventive | |
| Configure the "Set message format" setting properly. CC ID 05898 | System hardening through configuration management | Preventive | |
| Configure the "Make Outlook the default program for E-mail, Contacts, and Calendar" setting properly. CC ID 05899 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow folders in non-default stores to be set as folder home pages" setting properly. CC ID 05900 | System hardening through configuration management | Preventive | |
| Configure the "Use Unicode format when dragging e-mail message to file system" setting properly. CC ID 05901 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Outlook object model scripts to run" setting properly. CC ID 05902 | System hardening through configuration management | Preventive | |
| Configure the "set maximum level of online status on a person name (do not allow | allow everywhere except to and cc field | allow everywhere)" setting properly. CC ID 05903 | System hardening through configuration management | Preventive | |
| Configure the "Display online status on a person name" setting properly. CC ID 05904 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Enable the Person Names Smart Tag option" setting properly. CC ID 05905 | System hardening through configuration management | Preventive | |
| Configure the "Outlook security mode" setting properly. CC ID 05906 | System hardening through configuration management | Preventive | |
| Configure the "Display Level 1 attachments" setting properly. CC ID 05907 | System hardening through configuration management | Preventive | |
| Configure the "Allow users to demote attachments to Level 2" setting properly. CC ID 05908 | System hardening through configuration management | Preventive | |
| Configure the "Do not prompt about Level 1 attachments" setting properly. CC ID 05909 | System hardening through configuration management | Preventive | |
| Configure the "Allow in-place activation of embedded OLE objects" setting to organizational standards. CC ID 05910 | System hardening through configuration management | Preventive | |
| Configure the "Display OLE package objects" setting properly. CC ID 05911 | System hardening through configuration management | Preventive | |
| Configure the "Add file extensions to block" setting properly. CC ID 05912 | System hardening through configuration management | Preventive | |
| Configure the "Remove file extensions blocked" setting properly. CC ID 05913 | System hardening through configuration management | Preventive | |
| Configure the "Allow scripts in one-off Outlook forms" setting properly. CC ID 05914 | System hardening through configuration management | Preventive | |
| Configure the "Set Outlook object model custom actions execution prompt" setting properly. CC ID 05915 | System hardening through configuration management | Preventive | |
| Configure the "Set control itemproperty pompt" setting properly. CC ID 05916 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook object model prompt" setting properly. CC ID 05917 | System hardening through configuration management | Preventive | |
| Configure the "Required Certificate Authority" setting properly. CC ID 05918 | System hardening through configuration management | Preventive | |
| Configure the "S/MIME interoperability with external clients:" setting properly. CC ID 05919 | System hardening through configuration management | Preventive | |
| Configure the "Always use Rich Text formatting in S/MIME messages" setting to organizational standards. CC ID 05920 | System hardening through configuration management | Preventive | |
| Configure the "S/MIME password settings" setting properly. CC ID 05921 | System hardening through configuration management | Preventive | |
| Configure the "Message Formats" setting properly. CC ID 05922 | System hardening through configuration management | Preventive | |
| Configure the "Do not provide Continue option on Encryption warning dialog boxes" setting properly for Microsoft Office 2007. CC ID 05923 | System hardening through configuration management | Preventive | |
| Configure the "Run in FIPS compliant mode" setting properly. CC ID 05925 | System hardening through configuration management | Preventive | |
| Configure the "URL for S/MIME certificates" setting properly. CC ID 05926 | System hardening through configuration management | Preventive | |
| Configure the "Ensure all S/MIME signed messages have a label" setting properly. CC ID 05927 | System hardening through configuration management | Preventive | |
| Configure the "S/MIME receipt requests" setting properly. CC ID 05954 | System hardening through configuration management | Preventive | |
| Configure the "Fortezza certificate policies" setting properly. CC ID 05928 | System hardening through configuration management | Preventive | |
| Configure the "Require SuiteB algorithms for S/MIME operations" setting properly. CC ID 05929 | System hardening through configuration management | Preventive | |
| Configure the "Missing CRLs" setting properly. CC ID 05930 | System hardening through configuration management | Preventive | |
| Configure the "Missing root certificates" setting properly. CC ID 05931 | System hardening through configuration management | Preventive | |
| Configure the "Promote Level 2 errors as errors, not warnings" setting properly. CC ID 05932 | System hardening through configuration management | Preventive | |
| Configure the "Attachment Secure Temporary Folder" setting properly. CC ID 05933 | System hardening through configuration management | Preventive | |
| Configure the "Display pictures and external content in HTML e-mail" setting properly. CC ID 05934 | System hardening through configuration management | Preventive | |
| Configure the "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" setting properly. CC ID 05935 | System hardening through configuration management | Preventive | |
| Configure the "Do not permit download of content from safe zones" setting properly. CC ID 05936 | System hardening through configuration management | Preventive | |
| Configure the "Block Trusted Zones" setting properly. CC ID 05937 | System hardening through configuration management | Preventive | |
| Configure the "Include Internet in Safe Zones for Automatic Picture Download" setting properly. CC ID 05938 | System hardening through configuration management | Preventive | |
| Configure the "Include Intranet in Safe Zones for Automatic Picture Download" setting properly. CC ID 05939 | System hardening through configuration management | Preventive | |
| Configure the "security setting for macros (always warn | never warn, disable all | warn for signed, disable unsigned | no security check)" setting properly. CC ID 05940 | System hardening through configuration management | Preventive | |
| Configure the "Enable links in e-mail messages" setting properly. CC ID 05941 | System hardening through configuration management | Preventive | |
| Configure the "Apply macro security settings to macros, add-ins, and SmartTags" setting properly. CC ID 05942 | System hardening through configuration management | Preventive | |
| Configure the "Automatically configure profile based on Active Directory Primary SMTP address" setting properly. CC ID 05943 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow users to change permissions on folders" setting properly. CC ID 05944 | System hardening through configuration management | Preventive | |
| Configure the "Enable RPC encryption" setting properly. CC ID 05945 | System hardening through configuration management | Preventive | |
| Configure the "Authentication with Exchange server" setting properly. CC ID 05946 | System hardening through configuration management | Preventive | |
| Configure the "Synchronize Outlook RSS Feeds with Common Feed List" setting properly. CC ID 05947 | System hardening through configuration management | Preventive | |
| Configure the "Turn off RSS feature" setting properly. CC ID 05948 | System hardening through configuration management | Preventive | |
| Configure the "Automatically download enclosures" setting to organizational standards. CC ID 05949 | System hardening through configuration management | Preventive | |
| Configure the "Download full text of articles as HTML attachments" setting properly. CC ID 05950 | System hardening through configuration management | Preventive | |
| Configure the "Automatically download attachments" setting properly. CC ID 05951 | System hardening through configuration management | Preventive | |
| Configure the "Do not include Internet Calendar integration in Outlook" setting properly. CC ID 05952 | System hardening through configuration management | Preventive | |
| Configure the "Disable user entries to server list" setting properly. CC ID 05953 | System hardening through configuration management | Preventive | |
| Configure the "Do not expand distribution lists" setting properly. CC ID 05955 | System hardening through configuration management | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations" setting properly. CC ID 05956 | System hardening through configuration management | Preventive | |
| Configure the "Run programs" setting properly. CC ID 05957 | System hardening through configuration management | Preventive | |
| Configure the "Make hidden markup visible" setting properly. CC ID 05958 | System hardening through configuration management | Preventive | |
| Configure the "Unblock automatic download of linked images" setting properly. CC ID 05959 | System hardening through configuration management | Preventive | |
| Configure the "Disable Slide Update" setting to organizational standards. CC ID 05960 | System hardening through configuration management | Preventive | |
| Configure the "Hidden text" setting properly. CC ID 05961 | System hardening through configuration management | Preventive | |
| Configure the "Update automatic links at Open" setting properly. CC ID 05962 | System hardening through configuration management | Preventive | |
| Configure the "Save smart tags in e-mail" setting to organizational standards. CC ID 05963 | System hardening through configuration management | Preventive | |
| Configure the "Determine where to force encrypted macros to be scanned in Microsoft Word Open XML documents" setting properly. CC ID 05964 | System hardening through configuration management | Preventive | |
| Configure the "InfoPath APTCA Assembly Whitelist" setting properly. CC ID 05965 | System hardening through configuration management | Preventive | |
| Configure the "Windows Internet Explorer Feature Control Opt-In" setting properly. CC ID 05966 | System hardening through configuration management | Preventive | |
| Configure the "Disable Package Repair" setting to organizational standards. CC ID 05967 | System hardening through configuration management | Preventive | |
| Configure the "Disable user name and password" setting properly. CC ID 05968 | System hardening through configuration management | Preventive | |
| Configure the "Bind to object" setting properly. CC ID 05969 | System hardening through configuration management | Preventive | |
| Configure the "Saved from URL" setting properly. CC ID 05970 | System hardening through configuration management | Preventive | |
| Configure the "Navigate URL" setting properly. CC ID 05971 | System hardening through configuration management | Preventive | |
| Configure the "Block popups" setting properly. CC ID 05972 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from customizing attachment security settings" setting properly. CC ID 05973 | System hardening through configuration management | Preventive | |
| Configure the "Macro Security Level" setting properly. CC ID 05974 | System hardening through configuration management | Preventive | |
| Configure the "Trust all installed add-ins and templates" setting properly. CC ID 05975 | System hardening through configuration management | Preventive | |
| Configure the "Store random number to improve merge accuracy" setting properly. CC ID 05976 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Users from Changing Office Encryption Settings" setting properly. CC ID 05977 | System hardening through configuration management | Preventive | |
| Configure Universal settings for Microsoft Office in accordance with organizational standards. CC ID 07211 | System hardening through configuration management | Preventive | |
| Configure the "Disable VBA for Office applications" to organizational standards. CC ID 07212 | System hardening through configuration management | Preventive | |
| Configure the "Navigate URL" to organizational standards. CC ID 07213 | System hardening through configuration management | Preventive | |
| Configure the "Block popups" to organizational standards. CC ID 07214 | System hardening through configuration management | Preventive | |
| Configure the "Bind to object" to organizational standards. CC ID 07215 | System hardening through configuration management | Preventive | |
| Configure the "Disable Package Repair" to organizational standards. CC ID 07216 | System hardening through configuration management | Preventive | |
| Configure the "Disable user name and password" to organizational standards. CC ID 07217 | System hardening through configuration management | Preventive | |
| Configure the "Saved from URL" to organizational standards. CC ID 07218 | System hardening through configuration management | Preventive | |
| Configure the "Allow mix of policy and user locations" to organizational standards. CC ID 07284 | System hardening through configuration management | Preventive | |
| Configure the "ActiveX Control Initialization" to organizational standards. CC ID 07285 | System hardening through configuration management | Preventive | |
| Configure the "Allow users with earlier versions of Office to read with browsers." to organizational standards CC ID 07287 | System hardening through configuration management | Preventive | |
| Configure the "Always expand groups in Office when restricting permission for documents" to organizational standards. CC ID 07288 | System hardening through configuration management | Preventive | |
| Configure the "Allow PNG as an output format" to organizational standards. CC ID 07289 | System hardening through configuration management | Preventive | |
| Configure the "Automatically receive small updates to improve reliability" to organizational standards. CC ID 07290 | System hardening through configuration management | Preventive | |
| Configure the "Always require users to connect to verify permission" to organizational standards. CC ID 07291 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter" to organizational standards. CC ID 07292 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter" to organizational standards. CC ID 07294 | System hardening through configuration management | Preventive | |
| Configure the "Block updates from the Office Update Site from applying" to organizational standards. CC ID 07295 | System hardening through configuration management | Preventive | |
| Configure the "Control Blogging" to organizational standards. CC ID 07296 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter" to organizational standards. CC ID 07297 | System hardening through configuration management | Preventive | |
| Configure the "Disable All ActiveX" to organizational standards. CC ID 07298 | System hardening through configuration management | Preventive | |
| Configure the "Disable all Trust Bar notifications for security issues" to organizational standards. CC ID 07299 | System hardening through configuration management | Preventive | |
| Configure the "Disable access to updates, add-ins, and patches on the Office Online website" to organizational standards. CC ID 07300 | System hardening through configuration management | Preventive | |
| Configure the "Disable Check For Solutions" to organizational standards. CC ID 07301 | System hardening through configuration management | Preventive | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office Online website" to organizational standards. CC ID 07302 | System hardening through configuration management | Preventive | |
| Configure the "Disable all user customization of Quick Access Toolbar" to organizational standards. CC ID 07303 | System hardening through configuration management | Preventive | |
| Configure the "Disable Document Information Panel" to organizational standards. CC ID 07304 | System hardening through configuration management | Preventive | |
| Configure the "Disable hyperlink warnings" to organizational standards. CC ID 07305 | System hardening through configuration management | Preventive | |
| Configure the "Disable customer-submitted templates downloads from Office Online" to organizational standards. CC ID 07306 | System hardening through configuration management | Preventive | |
| Configure the "Disable inclusion of document properties in PDF and XPS output" to organizational standards. CC ID 07307 | System hardening through configuration management | Preventive | |
| Configure the "Disable Internet Fax feature" to organizational standards. CC ID 07308 | System hardening through configuration management | Preventive | |
| Configure the "Disable hyperlinks to web templates in File | New and task panes" to organizational standards. CC ID 07309 | System hardening through configuration management | Preventive | |
| Configure the "Disable password to open UI" to organizational standards. CC ID 07311 | System hardening through configuration management | Preventive | |
| Configure the "Disable Microsoft Passport service for content with restricted permission" to organizational standards. CC ID 07312 | System hardening through configuration management | Preventive | |
| Configure the "Disable Smart Document's use of manifests" to organizational standards. CC ID 07313 | System hardening through configuration management | Preventive | |
| Configure the "Disable template downloads from the client and from Office Online website" to organizational standards. CC ID 07314 | System hardening through configuration management | Preventive | |
| Configure the "Automation Security" to organizational standards. CC ID 07315 | System hardening through configuration management | Preventive | |
| Configure the "Disable training practice downloads from the Office Online website" to organizational standards. CC ID 07316 | System hardening through configuration management | Preventive | |
| Configure the "Disable Update Diagnostic" to organizational standards. CC ID 07317 | System hardening through configuration management | Preventive | |
| Configure the "Disable UI extending from documents and templates" to organizational standards. CC ID 07318 | System hardening through configuration management | Preventive | |
| Configure the "Disable Opt-in Wizard on first run" to organizational standards. CC ID 07319 | System hardening through configuration management | Preventive | |
| Configure the "Document Information Panel Beaconing UI" to organizational standards. CC ID 07320 | System hardening through configuration management | Preventive | |
| Configure the "EKU filtering" to organizational standards. CC ID 07321 | System hardening through configuration management | Preventive | |
| Configure the "Encryption type for password protected Office 97-2003 files" to organizational standards. CC ID 07323 | System hardening through configuration management | Preventive | |
| Configure the "Enable Customer Experience Improvement Program" to organizational standards. CC ID 07324 | System hardening through configuration management | Preventive | |
| Configure the "Encryption type for password protected Office Open XML files" to organizational standards. CC ID 07325 | System hardening through configuration management | Preventive | |
| Configure the "Key Usage Filtering" to organizational standards. CC ID 07326 | System hardening through configuration management | Preventive | |
| Configure the "Improve Proofing Tools" to organizational standards. CC ID 07327 | System hardening through configuration management | Preventive | |
| Configure the "Never allow users to specify groups when restricting permission for documents" to organizational standards. CC ID 07328 | System hardening through configuration management | Preventive | |
| Configure the "Legacy format signatures" to organizational standards. CC ID 07329 | System hardening through configuration management | Preventive | |
| Configure the "Load Controls in Forms3" to organizational standards. CC ID 07330 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from changing permissions on rights managed content" to organizational standards. CC ID 07331 | System hardening through configuration management | Preventive | |
| Configure the "Online content options" to organizational standards. CC ID 07332 | System hardening through configuration management | Preventive | |
| Configure the "Disable user customization of Quick Access Toolbar via UI" to organizational standards. CC ID 07333 | System hardening through configuration management | Preventive | |
| Configure the "Protect document metadata for password protected files" to organizational standards. CC ID 07334 | System hardening through configuration management | Preventive | |
| Configure the "Prevents users from uploading document templates to the Office Online community." to organizational standards CC ID 07335 | System hardening through configuration management | Preventive | |
| Configure the "Recognize smart tags in Excel" to organizational standards. CC ID 07336 | System hardening through configuration management | Preventive | |
| Configure the "Rely on VML for displaying graphics in browsers" to organizational standards. CC ID 07337 | System hardening through configuration management | Preventive | |
| Configure the "Protect document metadata for rights managed Office Open XML Files" to organizational standards. CC ID 07338 | System hardening through configuration management | Preventive | |
| Configure the "Suppress Office Signing Providers" to organizational standards. CC ID 07339 | System hardening through configuration management | Preventive | |
| Configure the "Suppress external signature services menu item" to organizational standards. CC ID 07340 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Office client from polling the Office server for published links" to organizational standards. CC ID 07361 | System hardening through configuration management | Preventive | |
| Configure the "Open Office documents as read/write while browsing" to organizational standards. CC ID 07380 | System hardening through configuration management | Preventive | |
| Configure the "Specify CNG salt length" to organizational standards. CC ID 07905 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #6" to organizational standards. CC ID 07919 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #9" to organizational standards. CC ID 07920 | System hardening through configuration management | Preventive | |
| Configure the "Disable template downloads from the client and from Office.com" to organizational standards. CC ID 07942 | System hardening through configuration management | Preventive | |
| Configure the "Disable customer-submitted templates downloads from Office.com" to organizational standards. CC ID 07949 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #15" to organizational standards. CC ID 07953 | System hardening through configuration management | Preventive | |
| Configure the "Prevents users from uploading document templates to the Office.com Community." to organizational standards CC ID 08017 | System hardening through configuration management | Preventive | |
| Configure the "Disable training practice downloads from Office.com" to organizational standards. CC ID 08027 | System hardening through configuration management | Preventive | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office.com" to organizational standards. CC ID 08049 | System hardening through configuration management | Preventive | |
| Configure the "Allow Trusted Locations on the network" to organizational standards. CC ID 08053 | System hardening through configuration management | Preventive | |
| Configure the "Turn off all user customizations" to organizational standards. CC ID 08084 | System hardening through configuration management | Preventive | |
| Configure the "Disable access to updates, add-ins, and patches on Office.com" to organizational standards. CC ID 08137 | System hardening through configuration management | Preventive | |
| Configure Microsoft InfoPath settings for Microsoft Office in accordance with organizational standards. CC ID 07219 | System hardening through configuration management | Preventive | |
| Configure the "InfoPath APTCA Assembly allowable list" to organizational standards. CC ID 07220 | System hardening through configuration management | Preventive | |
| Configure the "InfoPath APTCA Assembly Allowable List Enforcement" to organizational standards. CC ID 07221 | System hardening through configuration management | Preventive | |
| Configure the "Allow file types as attachments to forms" to organizational standards. CC ID 07260 | System hardening through configuration management | Preventive | |
| Configure the "Beaconing UI for forms opened in InfoPath" to organizational standards. CC ID 07262 | System hardening through configuration management | Preventive | |
| Configure the "Control behavior for Windows SharePoint Services gradual upgrade" to organizational standards. CC ID 07264 | System hardening through configuration management | Preventive | |
| Configure the "Control behavior when opening forms in the Intranet security zone" to organizational standards. CC ID 07266 | System hardening through configuration management | Preventive | |
| Configure the "Custom code" to organizational standards. CC ID 07267 | System hardening through configuration management | Preventive | |
| Configure the "Beaconing UI for forms opened in InfoPath Editor ActiveX" to organizational standards. CC ID 07268 | System hardening through configuration management | Preventive | |
| Configure the "Control behavior when opening InfoPath e-mail forms containing code or script" to organizational standards. CC ID 07269 | System hardening through configuration management | Preventive | |
| Configure the "Disable dynamic caching of the form template in InfoPath e-mail forms" to organizational standards. CC ID 07270 | System hardening through configuration management | Preventive | |
| Configure the "Disable e-mail forms from the Full Trust security zone" to organizational standards. CC ID 07271 | System hardening through configuration management | Preventive | |
| Configure the "Control behavior when opening forms in the Trusted Site security zone" to organizational standards. CC ID 07272 | System hardening through configuration management | Preventive | |
| Configure the "Control behavior when opening forms in the Internet security zone" to organizational standards. CC ID 07273 | System hardening through configuration management | Preventive | |
| Configure the "Disable e-mail forms from the Intranet security zone" to organizational standards. CC ID 07274 | System hardening through configuration management | Preventive | |
| Configure the "Block specific file types as attachments to forms" to organizational standards. CC ID 07276 | System hardening through configuration management | Preventive | |
| Configure the "Disable e-mail forms from the Internet security zone" to organizational standards. CC ID 07277 | System hardening through configuration management | Preventive | |
| Configure the "Disable fully trusted solutions full access to computer" to organizational standards. CC ID 07278 | System hardening through configuration management | Preventive | |
| Configure the "Disable sending form template with e-mail forms" to organizational standards. CC ID 07279 | System hardening through configuration management | Preventive | |
| Configure the "Disable InfoPath e-mail forms in Outlook" to organizational standards. CC ID 07280 | System hardening through configuration management | Preventive | |
| Configure the "Email Forms Beaconing UI" to organizational standards. CC ID 07281 | System hardening through configuration management | Preventive | |
| Configure the "Disable e-mail forms running in restricted security level" to organizational standards. CC ID 07282 | System hardening through configuration management | Preventive | |
| Configure the "Disable sending InfoPath 2003 Forms as e-mail forms" to organizational standards. CC ID 07283 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from allowing unsafe file types to be attached to forms" to organizational standards. CC ID 07286 | System hardening through configuration management | Preventive | |
| Configure the "Information Rights Management" to organizational standards. CC ID 07293 | System hardening through configuration management | Preventive | |
| Configure the "Disable opening of solutions from the Internet security zone" to organizational standards. CC ID 07310 | System hardening through configuration management | Preventive | |
| Configure the "Offline Mode status" to organizational standards. CC ID 07322 | System hardening through configuration management | Preventive | |
| Configure Microsoft Access settings for Microsoft Office in accordance with organizational standards. CC ID 07222 | System hardening through configuration management | Preventive | |
| Configure the "Disable all application add-ins" to organizational standards. CC ID 07223 | System hardening through configuration management | Preventive | |
| Configure the "Allow Trusted Locations not on the computer" to organizational standards. CC ID 07224 | System hardening through configuration management | Preventive | |
| Configure the "Disable commands" to organizational standards. CC ID 07225 | System hardening through configuration management | Preventive | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins" to organizational standards. CC ID 07226 | System hardening through configuration management | Preventive | |
| Configure the "Disable all trusted locations" to organizational standards. CC ID 07227 | System hardening through configuration management | Preventive | |
| Configure the "Disable shortcut keys" to organizational standards. CC ID 07228 | System hardening through configuration management | Preventive | |
| Configure the "Do not prompt to convert older databases" to organizational standards. CC ID 07229 | System hardening through configuration management | Preventive | |
| Configure the "Modal Trust Decision Only" to organizational standards. CC ID 07230 | System hardening through configuration management | Preventive | |
| Configure the "Default file format" to organizational standards. CC ID 07231 | System hardening through configuration management | Preventive | |
| Configure the "Require that application add-ins are signed by Trusted Publisher" to organizational standards. CC ID 07233 | System hardening through configuration management | Preventive | |
| Configure the "VBA Macro Warning Settings" to organizational standards. CC ID 07234 | System hardening through configuration management | Preventive | |
| Configure the "Underline hyperlinks" to organizational standards. CC ID 07235 | System hardening through configuration management | Preventive | |
| Configure Microsoft Excel settings for Microsoft Office in accordance with organizational standards. CC ID 07232 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Binary file types" to organizational standards. CC ID 07236 | System hardening through configuration management | Preventive | |
| Configure the "AutoRepublish Warning Alert" to organizational standards. CC ID 07237 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of DIF and SYLK file types" to organizational standards. CC ID 07238 | System hardening through configuration management | Preventive | |
| Configure the "Ask to update automatic links" to organizational standards. CC ID 07239 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Open XML file types" to organizational standards. CC ID 07240 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Xll file type" to organizational standards. CC ID 07241 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Xml file types" to organizational standards. CC ID 07242 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Text file types" to organizational standards. CC ID 07243 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Binary file types" to organizational standards. CC ID 07244 | System hardening through configuration management | Preventive | |
| Configure the "Block saving DIF and SYLK file types" to organizational standards. CC ID 07245 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of files created by pre-release versions of Excel 2007" to organizational standards. CC ID 07246 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Text file types" to organizational standards. CC ID 07247 | System hardening through configuration management | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks" to organizational standards. CC ID 07248 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Html and Xmlss file types" to organizational standards. CC ID 07249 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Binary 12 file types" to organizational standards. CC ID 07250 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Open XML file types" to organizational standards. CC ID 07251 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Binary12 file types" to organizational standards. CC ID 07252 | System hardening through configuration management | Preventive | |
| Configure the "Disable AutoRepublish" to organizational standards. CC ID 07253 | System hardening through configuration management | Preventive | |
| Configure the "Do not show data extraction options when opening corrupt workbooks" to organizational standards. CC ID 07254 | System hardening through configuration management | Preventive | |
| Configure the "Internet and network paths as hyperlinks" to organizational standards. CC ID 07255 | System hardening through configuration management | Preventive | |
| Configure the "Load pictures from Web pages not created in Excel" to organizational standards. CC ID 07256 | System hardening through configuration management | Preventive | |
| Configure the "Save any additional data necessary to maintain formulas" to organizational standards. CC ID 07257 | System hardening through configuration management | Preventive | |
| Configure the "Store macro in Personal Macro Workbook by default" to organizational standards. CC ID 07258 | System hardening through configuration management | Preventive | |
| Configure the "Save Excel files as" to organizational standards. CC ID 07259 | System hardening through configuration management | Preventive | |
| Configure the "Trust access to Visual Basic Project" to organizational standards. CC ID 07261 | System hardening through configuration management | Preventive | |
| Configure the "Force file extension to match file type" to organizational standards. CC ID 07263 | System hardening through configuration management | Preventive | |
| Configure the "Ignore other applications" to organizational standards. CC ID 07265 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Html and Xmlss file types" to organizational standards. CC ID 07275 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #10" to organizational standards. CC ID 07927 | System hardening through configuration management | Preventive | |
| Configure the "Configure CNG cipher chaining mode" to organizational standards. CC ID 07934 | System hardening through configuration management | Preventive | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins and block them" to organizational standards. CC ID 07938 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #20" to organizational standards. CC ID 07947 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #18" to organizational standards. CC ID 07961 | System hardening through configuration management | Preventive | |
| Configure the "Do not show AutoRepublish warning alert" to organizational standards. CC ID 07970 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Protected View for attachments opened from Outlook" to organizational standards. CC ID 07973 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Trusted Documents on the network" to organizational standards. CC ID 07980 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #11" to organizational standards. CC ID 08006 | System hardening through configuration management | Preventive | |
| Configure the "Perform file validation on pivot caches" to organizational standards. CC ID 08022 | System hardening through configuration management | Preventive | |
| Configure the "Scan encrypted macros in Excel Open XML workbooks" to organizational standards. CC ID 08102 | System hardening through configuration management | Preventive | |
| Configure the "Open files on local Intranet UNC in Protected View" to organizational standards. CC ID 08110 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Office query files" to organizational standards. CC ID 08205 | System hardening through configuration management | Preventive | |
| Configure the "Excel 97-2003 workbooks and templates" to organizational standards. CC ID 08236 | System hardening through configuration management | Preventive | |
| Configure the "Excel 95-97 workbooks and templates" to organizational standards. CC ID 08255 | System hardening through configuration management | Preventive | |
| Configure the "XML files" to organizational standards. CC ID 08262 | System hardening through configuration management | Preventive | |
| Configure the "Excel 3 worksheets" to organizational standards. CC ID 08270 | System hardening through configuration management | Preventive | |
| Configure the "Dif and Sylk files" to organizational standards. CC ID 08284 | System hardening through configuration management | Preventive | |
| Configure the "dBase III / IV files" to organizational standards. CC ID 08300 | System hardening through configuration management | Preventive | |
| Configure the "Excel 2 macrosheets and add-in files" to organizational standards. CC ID 08303 | System hardening through configuration management | Preventive | |
| Configure the "Excel 2007 and later binary workbooks" to organizational standards. CC ID 08305 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Office Open XML converters for Excel" to organizational standards. CC ID 08308 | System hardening through configuration management | Preventive | |
| Configure the "Web pages and Excel 2003 XML spreadsheets" to organizational standards. CC ID 08314 | System hardening through configuration management | Preventive | |
| Configure the "Excel 4 workbooks" to organizational standards. CC ID 08315 | System hardening through configuration management | Preventive | |
| Configure the "Excel 2007 and later workbooks and templates" to organizational standards. CC ID 08317 | System hardening through configuration management | Preventive | |
| Configure the "Excel 95 workbooks" to organizational standards. CC ID 08319 | System hardening through configuration management | Preventive | |
| Configure the "Other data source files" to organizational standards. CC ID 08321 | System hardening through configuration management | Preventive | |
| Configure the "Excel 2007 and later macro-enabled workbooks and templates" to organizational standards. CC ID 08323 | System hardening through configuration management | Preventive | |
| Configure the "Legacy converters for Excel" to organizational standards. CC ID 08325 | System hardening through configuration management | Preventive | |
| Configure the "Excel 2 worksheets" to organizational standards. CC ID 08326 | System hardening through configuration management | Preventive | |
| Configure the "Offline cube files" to organizational standards. CC ID 08327 | System hardening through configuration management | Preventive | |
| Configure the "Excel 4 macrosheets and add-in files" to organizational standards. CC ID 08329 | System hardening through configuration management | Preventive | |
| Configure the "Excel 2007 and later add-in files" to organizational standards. CC ID 08330 | System hardening through configuration management | Preventive | |
| Configure the "Excel 3 macrosheets and add-in files" to organizational standards. CC ID 08332 | System hardening through configuration management | Preventive | |
| Configure the "OpenDocument Spreadsheet files" to organizational standards. CC ID 08335 | System hardening through configuration management | Preventive | |
| Configure the "Excel add-in files" to organizational standards. CC ID 08337 | System hardening through configuration management | Preventive | |
| Configure the "Text files" to organizational standards. CC ID 08339 | System hardening through configuration management | Preventive | |
| Configure the "Excel 97-2003 add-in files" to organizational standards. CC ID 08344 | System hardening through configuration management | Preventive | |
| Configure the "Excel 4 worksheets" to organizational standards. CC ID 08345 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Office data connection files" to organizational standards. CC ID 08346 | System hardening through configuration management | Preventive | |
| Configure Microsoft Outlook settings for Microsoft Office in accordance with organizational standards. CC ID 07341 | System hardening through configuration management | Preventive | |
| Configure the "Add file extensions to block as Level 1" to organizational standards. CC ID 07342 | System hardening through configuration management | Preventive | |
| Configure the "Access to published calendars" to organizational standards. CC ID 07343 | System hardening through configuration management | Preventive | |
| Configure the "Add e-mail recipients to users' Safe Senders Lists" to organizational standards. CC ID 07344 | System hardening through configuration management | Preventive | |
| Configure the "Allow access to e-mail attachments" to organizational standards. CC ID 07345 | System hardening through configuration management | Preventive | |
| Configure the "Allow Active X One Off Forms" to organizational standards. CC ID 07346 | System hardening through configuration management | Preventive | |
| Configure the "Add file extensions to block as Level 2" to organizational standards. CC ID 07347 | System hardening through configuration management | Preventive | |
| Configure the "Allow users to demote attachments to Level 2" to organizational standards. CC ID 07348 | System hardening through configuration management | Preventive | |
| Configure the "Apply macro security settings to macros, add-ins, and SmartTags" to organizational standards. CC ID 07349 | System hardening through configuration management | Preventive | |
| Configure the "Allow scripts in one-off Outlook forms" to organizational standards. CC ID 07350 | System hardening through configuration management | Preventive | |
| Configure the "Authentication with Exchange Server" to organizational standards. CC ID 07351 | System hardening through configuration management | Preventive | |
| Configure the "Attachment Secure Temporary Folder" to organizational standards. CC ID 07352 | System hardening through configuration management | Preventive | |
| Configure the "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" to organizational standards. CC ID 07353 | System hardening through configuration management | Preventive | |
| Configure the "Automatically configure profile based on Active Directory Primary SMTP address" to organizational standards. CC ID 07354 | System hardening through configuration management | Preventive | |
| Configure the "Block Trusted Zones" to organizational standards. CC ID 07355 | System hardening through configuration management | Preventive | |
| Configure the "Configure Add-In Trust Level" to organizational standards. CC ID 07356 | System hardening through configuration management | Preventive | |
| Configure the "Automatically download attachments" to organizational standards. CC ID 07357 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook object model prompt When accessing the Formula property of a UserProperty object" to organizational standards. CC ID 07358 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook object model prompt when accessing address information via UserProperties.Find" to organizational standards. CC ID 07359 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook object model prompt when executing Save As" to organizational standards. CC ID 07360 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook object model prompt when responding to meeting and task requests" to organizational standards. CC ID 07362 | System hardening through configuration management | Preventive | |
| Configure the "Dial-up options" to organizational standards. CC ID 07363 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook object model prompt when sending mail" to organizational standards. CC ID 07364 | System hardening through configuration management | Preventive | |
| Configure the "Configure trusted add-ins" to organizational standards. CC ID 07365 | System hardening through configuration management | Preventive | |
| Configure the "Disable user entries to server list" to organizational standards. CC ID 07366 | System hardening through configuration management | Preventive | |
| Configure the "Disable Remember Password" to organizational standards. CC ID 07367 | System hardening through configuration management | Preventive | |
| Configure the "Display Level 1 attachments" to organizational standards. CC ID 07368 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook object model prompt when reading address information" to organizational standards. CC ID 07369 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow attachment previewing in Outlook" to organizational standards. CC ID 07370 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow creating, replying, or forwarding signatures for e-mail messages" to organizational standards. CC ID 07371 | System hardening through configuration management | Preventive | |
| Configure the "Configure Outlook object model prompt when accessing an address book" to organizational standards. CC ID 07372 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow folders in non-default stores to be set as folder home pages" to organizational standards. CC ID 07373 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Outlook object model scripts to run for public folders" to organizational standards. CC ID 07374 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Outlook object model scripts to run for shared folders" to organizational standards. CC ID 07375 | System hardening through configuration management | Preventive | |
| Configure the "Do not automatically sign replies" to organizational standards. CC ID 07376 | System hardening through configuration management | Preventive | |
| Configure the "Do not check e-mail address against address of certificates being used" to organizational standards. CC ID 07377 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow users to change permissions on folders" to organizational standards. CC ID 07378 | System hardening through configuration management | Preventive | |
| Configure the "Do not expand distribution lists" to organizational standards. CC ID 07379 | System hardening through configuration management | Preventive | |
| Configure the "Do not display 'Publish to GAL' button" to organizational standards. CC ID 07381 | System hardening through configuration management | Preventive | |
| Configure the "Do not prompt about Level 1 attachments when closing an item" to organizational standards. CC ID 07382 | System hardening through configuration management | Preventive | |
| Configure the "Do not permit download of content from safe zones" to organizational standards. CC ID 07383 | System hardening through configuration management | Preventive | |
| Configure the "Download full text of articles as HTML attachments" to organizational standards. CC ID 07384 | System hardening through configuration management | Preventive | |
| Configure the "Do not prompt about Level 1 attachments when sending an item" to organizational standards. CC ID 07385 | System hardening through configuration management | Preventive | |
| Configure the "Do not provide Continue option on Encryption warning dialog boxes" to organizational standards. CC ID 07386 | System hardening through configuration management | Preventive | |
| Configure the "Enable RPC encryption" to organizational standards. CC ID 07387 | System hardening through configuration management | Preventive | |
| Configure the "Encrypt all e-mail messages" to organizational standards. CC ID 07388 | System hardening through configuration management | Preventive | |
| Configure the "Enable links in e-mail messages" to organizational standards. CC ID 07389 | System hardening through configuration management | Preventive | |
| Configure the "Display pictures and external content in HTML e-mail" to organizational standards. CC ID 07390 | System hardening through configuration management | Preventive | |
| Configure the "Hide Junk Mail UI" to organizational standards. CC ID 07391 | System hardening through configuration management | Preventive | |
| Configure the "Ensure all S/MIME signed messages have a label" to organizational standards. CC ID 07392 | System hardening through configuration management | Preventive | |
| Configure the "Include Intranet in Safe Zones for Automatic Picture Download" to organizational standards. CC ID 07393 | System hardening through configuration management | Preventive | |
| Configure the "Include Internet in Safe Zones for Automatic Picture Download" to organizational standards. CC ID 07394 | System hardening through configuration management | Preventive | |
| Configure the "Message Formats" to organizational standards. CC ID 07395 | System hardening through configuration management | Preventive | |
| Configure the "Junk E-mail protection level" to organizational standards. CC ID 07396 | System hardening through configuration management | Preventive | |
| Configure the "Make Outlook the default program for E-mail, Contacts, and Calendar" to organizational standards. CC ID 07397 | System hardening through configuration management | Preventive | |
| Configure the "Do not include Internet Calendar integration in Outlook" to organizational standards. CC ID 07398 | System hardening through configuration management | Preventive | |
| Configure the "Missing CRLs" to organizational standards. CC ID 07399 | System hardening through configuration management | Preventive | |
| Configure the "Display online status on a person name" to organizational standards. CC ID 07400 | System hardening through configuration management | Preventive | |
| Configure the "Outlook Rich Text options" to organizational standards. CC ID 07401 | System hardening through configuration management | Preventive | |
| Configure the "Outlook Security Mode" to organizational standards. CC ID 07402 | System hardening through configuration management | Preventive | |
| Configure the "Plain text options" to organizational standards. CC ID 07403 | System hardening through configuration management | Preventive | |
| Configure the "Prevent publishing to a DAV server" to organizational standards. CC ID 07404 | System hardening through configuration management | Preventive | |
| Configure the "Prevent publishing to Office Online" to organizational standards. CC ID 07405 | System hardening through configuration management | Preventive | |
| Configure the "Promote Level 2 errors as errors, not warnings" to organizational standards. CC ID 07406 | System hardening through configuration management | Preventive | |
| Configure the "Prevent users from customizing attachment security settings" to organizational standards. CC ID 07407 | System hardening through configuration management | Preventive | |
| Configure the "Prompt user to choose security settings if default settings fail" to organizational standards. CC ID 07408 | System hardening through configuration management | Preventive | |
| Configure the "Remove file extensions blocked as Level 1" to organizational standards. CC ID 07409 | System hardening through configuration management | Preventive | |
| Configure the "Remove file extensions blocked as Level 2" to organizational standards. CC ID 07410 | System hardening through configuration management | Preventive | |
| Configure the "Read e-mail as plain text" to organizational standards. CC ID 07411 | System hardening through configuration management | Preventive | |
| Configure the "Read signed e-mail as plain text" to organizational standards. CC ID 07412 | System hardening through configuration management | Preventive | |
| Configure the "Request an S/MIME receipt for all S/MIME signed messages" to organizational standards. CC ID 07413 | System hardening through configuration management | Preventive | |
| Configure the "Restrict level of calendar details users can publish" to organizational standards. CC ID 07414 | System hardening through configuration management | Preventive | |
| Configure the "Require SuiteB algorithms for S/MIME operations" to organizational standards. CC ID 07415 | System hardening through configuration management | Preventive | |
| Configure the "Minimum encryption settings" to organizational standards. CC ID 07416 | System hardening through configuration management | Preventive | |
| Configure the "Retrieving CRLs (Certificate Revocation Lists)" to organizational standards. CC ID 07417 | System hardening through configuration management | Preventive | |
| Configure the "Run in FIPS compliant mode" to organizational standards. CC ID 07418 | System hardening through configuration management | Preventive | |
| Configure the "Missing root certificates" to organizational standards. CC ID 07419 | System hardening through configuration management | Preventive | |
| Configure the "S/MIME password settings" to organizational standards. CC ID 07420 | System hardening through configuration management | Preventive | |
| Configure the "S/MIME receipt requests" to organizational standards. CC ID 07421 | System hardening through configuration management | Preventive | |
| Configure the "S/MIME interoperability with external clients:" to organizational standards. CC ID 07422 | System hardening through configuration management | Preventive | |
| Configure the "Send all signed messages as clear signed messages" to organizational standards. CC ID 07423 | System hardening through configuration management | Preventive | |
| Configure the "Security setting for macros" to organizational standards. CC ID 07424 | System hardening through configuration management | Preventive | |
| Configure the "Set control ItemProperty prompt" to organizational standards. CC ID 07425 | System hardening through configuration management | Preventive | |
| Configure the "Set maximum level of online status on a person name" to organizational standards. CC ID 07426 | System hardening through configuration management | Preventive | |
| Configure the "Set message format" to organizational standards. CC ID 07427 | System hardening through configuration management | Preventive | |
| Configure the "Sign all e-mail messages" to organizational standards. CC ID 07428 | System hardening through configuration management | Preventive | |
| Configure the "Fortezza certificate policies" to organizational standards. CC ID 07429 | System hardening through configuration management | Preventive | |
| Configure the "Synchronize Outlook RSS Feeds with Common Feed List" to organizational standards. CC ID 07430 | System hardening through configuration management | Preventive | |
| Configure the "Trust E-mail from Contacts" to organizational standards. CC ID 07431 | System hardening through configuration management | Preventive | |
| Configure the "Signature Warning" to organizational standards. CC ID 07432 | System hardening through configuration management | Preventive | |
| Configure the "Turn off RSS feature" to organizational standards. CC ID 07466 | System hardening through configuration management | Preventive | |
| Configure the "Restrict upload method" to organizational standards. CC ID 07473 | System hardening through configuration management | Preventive | |
| Configure the "Required Certificate Authority" to organizational standards. CC ID 07493 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Enable the Person Names Smart Tag option" to organizational standards. CC ID 07499 | System hardening through configuration management | Preventive | |
| Configure the "Use Unicode format when dragging e-mail message to file system" to organizational standards. CC ID 07506 | System hardening through configuration management | Preventive | |
| Configure the "URL for S/MIME certificates" to organizational standards. CC ID 07520 | System hardening through configuration management | Preventive | |
| Configure the "Set Outlook object model Custom Actions execution prompt" to organizational standards. CC ID 07539 | System hardening through configuration management | Preventive | |
| Configure the "Prevent publishing to Office.com" to organizational standards. CC ID 08243 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow signatures for e-mail messages" to organizational standards. CC ID 08318 | System hardening through configuration management | Preventive | |
| Configure Microsoft PowerPoint settings for Microsoft Office in accordance with organizational standards. CC ID 07433 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of GraphicFilters" to organizational standards. CC ID 07456 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Converters" to organizational standards. CC ID 07458 | System hardening through configuration management | Preventive | |
| Configure the "Save files in this format" to organizational standards. CC ID 07461 | System hardening through configuration management | Preventive | |
| Configure the "Disable Slide Update" to organizational standards. CC ID 07464 | System hardening through configuration management | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations" to organizational standards. CC ID 07467 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Html file types" to organizational standards. CC ID 07474 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Outlines" to organizational standards. CC ID 07485 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Outlines" to organizational standards. CC ID 07490 | System hardening through configuration management | Preventive | |
| Configure the "Make hidden markup visible" to organizational standards. CC ID 07511 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2007" to organizational standards. CC ID 07516 | System hardening through configuration management | Preventive | |
| Configure the "Run Programs" to organizational standards. CC ID 07518 | System hardening through configuration management | Preventive | |
| Configure the "Unblock automatic download of linked images" to organizational standards. CC ID 07519 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Open Xml files types" to organizational standards. CC ID 07531 | System hardening through configuration management | Preventive | |
| Configure the "Web Pages" to organizational standards. CC ID 07914 | System hardening through configuration management | Preventive | |
| Configure the "Turn off trusted documents" to organizational standards. CC ID 07925 | System hardening through configuration management | Preventive | |
| Configure the "Set CNG password spin count" to organizational standards. CC ID 07946 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #16" to organizational standards. CC ID 07956 | System hardening through configuration management | Preventive | |
| Configure the "Outline files" to organizational standards. CC ID 07958 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #3" to organizational standards. CC ID 07966 | System hardening through configuration management | Preventive | |
| Configure the "Scan encrypted macros in PowerPoint Open XML presentations" to organizational standards. CC ID 07967 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #4" to organizational standards. CC ID 07978 | System hardening through configuration management | Preventive | |
| Configure the "Set maximum number of trusted documents" to organizational standards. CC ID 08005 | System hardening through configuration management | Preventive | |
| Configure the "Legacy converters for PowerPoint" to organizational standards. CC ID 08009 | System hardening through configuration management | Preventive | |
| Configure the "Set document behavior if file validation fails" to organizational standards. CC ID 08025 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Office Open XML converters for PowerPoint" to organizational standards. CC ID 08030 | System hardening through configuration management | Preventive | |
| Configure the "PowerPoint beta converters" to organizational standards. CC ID 08047 | System hardening through configuration management | Preventive | |
| Configure the "OpenDocument Presentation files" to organizational standards. CC ID 08051 | System hardening through configuration management | Preventive | |
| Configure the "Use new key on password change" to organizational standards. CC ID 08052 | System hardening through configuration management | Preventive | |
| Configure the "Graphic Filters" to organizational standards. CC ID 08060 | System hardening through configuration management | Preventive | |
| Configure the "PowerPoint 2007 and later presentations, shows, templates, themes and add-in files" to organizational standards. CC ID 08099 | System hardening through configuration management | Preventive | |
| Configure the "PowerPoint 97-2003 presentations, shows, templates and add-in files" to organizational standards. CC ID 08106 | System hardening through configuration management | Preventive | |
| Configure the "PowerPoint beta files" to organizational standards. CC ID 08121 | System hardening through configuration management | Preventive | |
| Configure the "Set default file block behavior" to organizational standards. CC ID 08142 | System hardening through configuration management | Preventive | |
| Configure Microsoft Word settings for Microsoft Office in accordance with organizational standards. CC ID 07438 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of files before version" to organizational standards. CC ID 07462 | System hardening through configuration management | Preventive | |
| Configure the "Block open Converters" to organizational standards. CC ID 07468 | System hardening through configuration management | Preventive | |
| Configure the "Update automatic links at Open" to organizational standards. CC ID 07483 | System hardening through configuration management | Preventive | |
| Configure the "Warn before printing, saving or sending a file that contains tracked changes or comments" to organizational standards. CC ID 07494 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of RTF file types" to organizational standards. CC ID 07501 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Converters" to organizational standards. CC ID 07504 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Word 2003 XML file types" to organizational standards. CC ID 07507 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of RTF file types" to organizational standards. CC ID 07510 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of HTML file types" to organizational standards. CC ID 07512 | System hardening through configuration management | Preventive | |
| Configure the "Hidden text" to organizational standards. CC ID 07513 | System hardening through configuration management | Preventive | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents" to organizational standards. CC ID 07533 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2007" to organizational standards. CC ID 07541 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of Internal file types" to organizational standards. CC ID 07552 | System hardening through configuration management | Preventive | |
| Configure the "Block saving of Word 2003 XML file types" to organizational standards. CC ID 07567 | System hardening through configuration management | Preventive | |
| Configure the "RTF files" to organizational standards. CC ID 07911 | System hardening through configuration management | Preventive | |
| Configure the "Set maximum number of trust records to preserve" to organizational standards. CC ID 07912 | System hardening through configuration management | Preventive | |
| Configure the "Specify CNG hash algorithm" to organizational standards. CC ID 07913 | System hardening through configuration management | Preventive | |
| Configure the "VBA Macro Notification Settings" to organizational standards. CC ID 07926 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #2" to organizational standards. CC ID 07933 | System hardening through configuration management | Preventive | |
| Configure the "Do not open files in unsafe locations in Protected View" to organizational standards. CC ID 07939 | System hardening through configuration management | Preventive | |
| Configure the "Set parameters for CNG context" to organizational standards. CC ID 07948 | System hardening through configuration management | Preventive | |
| Configure the "Store random number to improve merge accuracy" to organizational standards. CC ID 07972 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #19" to organizational standards. CC ID 07975 | System hardening through configuration management | Preventive | |
| Configure the "Legacy converters for Word" to organizational standards. CC ID 07985 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #5" to organizational standards. CC ID 07987 | System hardening through configuration management | Preventive | |
| Configure the "Word 6.0 binary documents and templates" to organizational standards. CC ID 07995 | System hardening through configuration management | Preventive | |
| Configure the "Word 2000 binary documents and templates" to organizational standards. CC ID 08012 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #13" to organizational standards. CC ID 08013 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #17" to organizational standards. CC ID 08015 | System hardening through configuration management | Preventive | |
| Configure the "Word 97 binary documents and templates" to organizational standards. CC ID 08024 | System hardening through configuration management | Preventive | |
| Configure the "Do not open files from the Internet zone in Protected View" to organizational standards. CC ID 08029 | System hardening through configuration management | Preventive | |
| Configure the "Turn off file validation" to organizational standards. CC ID 08048 | System hardening through configuration management | Preventive | |
| Configure the "Office Open XML converters for Word" to organizational standards. CC ID 08055 | System hardening through configuration management | Preventive | |
| Configure the "Word 95 binary documents and templates" to organizational standards. CC ID 08065 | System hardening through configuration management | Preventive | |
| Configure the "Word beta converters" to organizational standards. CC ID 08080 | System hardening through configuration management | Preventive | |
| Configure the "Word 2007 and later binary documents and templates" to organizational standards. CC ID 08082 | System hardening through configuration management | Preventive | |
| Configure the "Word beta files" to organizational standards. CC ID 08092 | System hardening through configuration management | Preventive | |
| Configure the "Word 2003 binary documents and templates" to organizational standards. CC ID 08093 | System hardening through configuration management | Preventive | |
| Configure the "Word XP binary documents and templates" to organizational standards. CC ID 08095 | System hardening through configuration management | Preventive | |
| Configure the "Word 2007 and later documents and templates" to organizational standards. CC ID 08097 | System hardening through configuration management | Preventive | |
| Configure the "Word 2 and earlier binary documents and templates" to organizational standards. CC ID 08112 | System hardening through configuration management | Preventive | |
| Configure the "Plain text files" to organizational standards. CC ID 08125 | System hardening through configuration management | Preventive | |
| Configure the "Word 2003 and plain XML documents" to organizational standards. CC ID 08134 | System hardening through configuration management | Preventive | |
| Configure the "OpenDocument Text files" to organizational standards. CC ID 08141 | System hardening through configuration management | Preventive | |
| Configure the "Scan encrypted macros in Word Open XML documents" to organizational standards. CC ID 08147 | System hardening through configuration management | Preventive | |
| Configure Microsoft OneNote settings for Microsoft Office in accordance with organizational standards. CC ID 07908 | System hardening through configuration management | Preventive | |
| Configure the "Specify encryption compatibility" to organizational standards. CC ID 07909 | System hardening through configuration management | Preventive | |
| Configure the "Specify CNG random number generator algorithm" to organizational standards. CC ID 07916 | System hardening through configuration management | Preventive | |
| Configure the "Set CNG cipher algorithm" to organizational standards. CC ID 07944 | System hardening through configuration management | Preventive | |
| Configure the "Set CNG cipher key length" to organizational standards. CC ID 07974 | System hardening through configuration management | Preventive | |
| Configure User Interface settings for Microsoft Office in accordance with organizational standards. CC ID 07923 | System hardening through configuration management | Preventive | |
| Configure Signing settings for Microsoft Office in accordance with organizational standards. CC ID 07929 | System hardening through configuration management | Preventive | |
| Configure Email Form settings for Microsoft Office in accordance with organizational standards. CC ID 07930 | System hardening through configuration management | Preventive | |
| Configure Security settings for Microsoft Office in accordance with organizational standards. CC ID 07932 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #8" to organizational standards. CC ID 07935 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #12" to organizational standards. CC ID 07940 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #20" to organizational standards. CC ID 07943 | System hardening through configuration management | Preventive | |
| Configure the "Check the XAdES portions of a digital signature" to organizational standards. CC ID 07955 | System hardening through configuration management | Preventive | |
| Configure the "Check OLE objects" to organizational standards. CC ID 07957 | System hardening through configuration management | Preventive | |
| Configure the "Consistent Mime Handling" to organizational standards. CC ID 07959 | System hardening through configuration management | Preventive | |
| Configure the "Protection From Zone Elevation" to organizational standards. CC ID 07964 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #14" to organizational standards. CC ID 07965 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Data Execution Prevention" to organizational standards. CC ID 07968 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #12" to organizational standards. CC ID 07976 | System hardening through configuration management | Preventive | |
| Configure the "Set password hash format as ISO-compliant" to organizational standards. CC ID 07977 | System hardening through configuration management | Preventive | |
| Configure the "Prompt to allow fatally corrupt files to open instead of blocking them" to organizational standards. CC ID 07982 | System hardening through configuration management | Preventive | |
| Configure the "Encrypt document properties" to organizational standards. CC ID 07991 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Word and Excel from loading managed code extensions" to organizational standards. CC ID 07999 | System hardening through configuration management | Preventive | |
| Configure the "Apply macro security settings to macros, add-ins and additional actions" to organizational standards. CC ID 08002 | System hardening through configuration management | Preventive | |
| Configure the "Add-on Management" to organizational standards. CC ID 08007 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #7" to organizational standards. CC ID 08008 | System hardening through configuration management | Preventive | |
| Configure the "Trusted Location #1" to organizational standards. CC ID 08016 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #13" to organizational standards. CC ID 08023 | System hardening through configuration management | Preventive | |
| Configure the "S/MIME receipt requests behavior" to organizational standards. CC ID 08026 | System hardening through configuration management | Preventive | |
| Configure the "Do not include XAdES reference object in the manifest" to organizational standards. CC ID 08031 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #11" to organizational standards. CC ID 08032 | System hardening through configuration management | Preventive | |
| Configure the "Windows Internet Explorer Feature Control Opt-In" to organizational standards. CC ID 08033 | System hardening through configuration management | Preventive | |
| Configure the "Allow hyperlinks in suspected phishing e-mail messages" to organizational standards. CC ID 08034 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #5" to organizational standards. CC ID 08038 | System hardening through configuration management | Preventive | |
| Configure the "Specify minimum XAdES level for digital signature generation" to organizational standards. CC ID 08040 | System hardening through configuration management | Preventive | |
| Configure the "Check OWC data source providers" to organizational standards. CC ID 08041 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #10" to organizational standards. CC ID 08044 | System hardening through configuration management | Preventive | |
| Configure the "Set password rules domain timeout" to organizational standards. CC ID 08045 | System hardening through configuration management | Preventive | |
| Configure the "Object Caching Protection" to organizational standards. CC ID 08046 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #18" to organizational standards. CC ID 08056 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #8" to organizational standards. CC ID 08057 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #3" to organizational standards. CC ID 08059 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #6" to organizational standards. CC ID 08063 | System hardening through configuration management | Preventive | |
| Configure the "Replies or forwards to signed/encrypted messages are signed/encrypted" to organizational standards. CC ID 08064 | System hardening through configuration management | Preventive | |
| Configure the "Set timestamp server timeout" to organizational standards. CC ID 08068 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #16" to organizational standards. CC ID 08071 | System hardening through configuration management | Preventive | |
| Configure the "Previous-version file formats" to organizational standards. CC ID 08072 | System hardening through configuration management | Preventive | |
| Configure the "Turn off PDF encryption setting UI" to organizational standards. CC ID 08074 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #2" to organizational standards. CC ID 08075 | System hardening through configuration management | Preventive | |
| Configure the "Restrict File Download" to organizational standards. CC ID 08076 | System hardening through configuration management | Preventive | |
| Configure the "Require OCSP at signature generation time" to organizational standards. CC ID 08077 | System hardening through configuration management | Preventive | |
| Configure the "Disable Password Caching" to organizational standards. CC ID 08079 | System hardening through configuration management | Preventive | |
| Configure the "Message when Outlook cannot find the digital ID to decode a message" to organizational standards. CC ID 08083 | System hardening through configuration management | Preventive | |
| Configure the "Enable Cryptography Icons" to organizational standards. CC ID 08086 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #14" to organizational standards. CC ID 08091 | System hardening through configuration management | Preventive | |
| Configure the "Disable 'Remember password' for Internet e-mail accounts" to organizational standards. CC ID 08096 | System hardening through configuration management | Preventive | |
| Configure the "Suppress hyperlink warnings" to organizational standards. CC ID 08100 | System hardening through configuration management | Preventive | |
| Configure the "Use Protected View for attachments received from internal senders" to organizational standards. CC ID 08104 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #9" to organizational standards. CC ID 08108 | System hardening through configuration management | Preventive | |
| Configure the "Display OLE package objects" to organizational standards. CC ID 08109 | System hardening through configuration management | Preventive | |
| Configure the "Configure time stamping hashing algorithm" to organizational standards. CC ID 08111 | System hardening through configuration management | Preventive | |
| Configure the "Scripted Window Security Restrictions" to organizational standards. CC ID 08113 | System hardening through configuration management | Preventive | |
| Configure the "Set password rules level" to organizational standards. CC ID 08117 | System hardening through configuration management | Preventive | |
| Configure the "Information Bar" to organizational standards. CC ID 08118 | System hardening through configuration management | Preventive | |
| Configure the "Mime Sniffing Safety Feature" to organizational standards. CC ID 08119 | System hardening through configuration management | Preventive | |
| Configure the "Publisher Automation Security Level" to organizational standards. CC ID 08123 | System hardening through configuration management | Preventive | |
| Configure the "Check Excel RTD servers" to organizational standards. CC ID 08127 | System hardening through configuration management | Preventive | |
| Configure the "Path to shared Workgroup information file for secured MDB files" to organizational standards. CC ID 08128 | System hardening through configuration management | Preventive | |
| Configure the "Check ActiveX objects" to organizational standards. CC ID 08131 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #15" to organizational standards. CC ID 08132 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #19" to organizational standards. CC ID 08135 | System hardening through configuration management | Preventive | |
| Configure the "Always use TNEF formatting in S/MIME messages" to organizational standards. CC ID 08136 | System hardening through configuration management | Preventive | |
| Configure the "Restrict ActiveX Install" to organizational standards. CC ID 08138 | System hardening through configuration management | Preventive | |
| Configure the "Set signature verification level" to organizational standards. CC ID 08140 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #17" to organizational standards. CC ID 08143 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow expired certificates when validating signatures" to organizational standards. CC ID 08144 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #4" to organizational standards. CC ID 08145 | System hardening through configuration management | Preventive | |
| Configure the "Requested XAdES level for signature generation" to organizational standards. CC ID 08146 | System hardening through configuration management | Preventive | |
| Configure the "Specify timestamp server name" to organizational standards. CC ID 08148 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #7" to organizational standards. CC ID 08149 | System hardening through configuration management | Preventive | |
| Configure the "Select digital signature hashing algorithm" to organizational standards. CC ID 08150 | System hardening through configuration management | Preventive | |
| Configure the "Local Machine Zone Lockdown Security" to organizational standards. CC ID 08151 | System hardening through configuration management | Preventive | |
| Configure the "Graphics filter import" to organizational standards. CC ID 08152 | System hardening through configuration management | Preventive | |
| Configure the "Unsafe Location #1" to organizational standards. CC ID 08153 | System hardening through configuration management | Preventive | |
| Configure the "Security Level" to organizational standards. CC ID 08157 | System hardening through configuration management | Preventive | |
| Configure the "Turn off error reporting for files that fail file validation" to organizational standards. CC ID 08159 | System hardening through configuration management | Preventive | |
| Configure the "Block application add-ins loading" to organizational standards. CC ID 08160 | System hardening through configuration management | Preventive | |
| Configure the "Allow the use of ActiveX Custom Controls in InfoPath forms" to organizational standards. CC ID 08171 | System hardening through configuration management | Preventive | |
| Configure the "Control behavior for Microsoft SharePoint Foundation gradual upgrade" to organizational standards. CC ID 08181 | System hardening through configuration management | Preventive | |
| Configure the "Block cross-domain data form retrieval" to organizational standards. CC ID 08238 | System hardening through configuration management | Preventive | |
| Configure the "Display a warning that a form is digitally signed" to organizational standards. CC ID 08307 | System hardening through configuration management | Preventive | |
| Configure the "Beaconing UI for forms opened in InfoPath Filler ActiveX" to organizational standards. CC ID 08333 | System hardening through configuration management | Preventive | |
| Configure the "Disable opening forms with managed code from the Internet security zone" to organizational standards. CC ID 08340 | System hardening through configuration management | Preventive | |
| Configure Restricted Permissions settings for Microsoft Office in accordance with organizational standards. CC ID 07937 | System hardening through configuration management | Preventive | |
| Configure Account settings for Microsoft Office in accordance with organizational standards. CC ID 07951 | System hardening through configuration management | Preventive | |
| Configure Add-In settings for Microsoft Office in accordance with organizational standards. CC ID 07962 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow on-demand activity synchronization" to organizational standards. CC ID 07963 | System hardening through configuration management | Preventive | |
| Configure the "Do not show social network info-bars" to organizational standards. CC ID 07988 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Outlook Social Connector" to organizational standards. CC ID 07989 | System hardening through configuration management | Preventive | |
| Configure the "Set GAL contact synchronization interval" to organizational standards. CC ID 08039 | System hardening through configuration management | Preventive | |
| Configure the "Do not download photos from Active Directory" to organizational standards. CC ID 08043 | System hardening through configuration management | Preventive | |
| Configure the "Specify activity feed synchronization interval" to organizational standards. CC ID 08058 | System hardening through configuration management | Preventive | |
| Configure the "Block social network contact synchronization" to organizational standards. CC ID 08062 | System hardening through configuration management | Preventive | |
| Configure the "Block network activity synchronization" to organizational standards. CC ID 08103 | System hardening through configuration management | Preventive | |
| Configure the "Block specific social network providers" to organizational standards. CC ID 08114 | System hardening through configuration management | Preventive | |
| Configure the "Specify list of social network providers to load" to organizational standards. CC ID 08122 | System hardening through configuration management | Preventive | |
| Configure the "Block Global Address List synchronization" to organizational standards. CC ID 08139 | System hardening through configuration management | Preventive | |
| Configure the "Prevent social network connectivity" to organizational standards. CC ID 08156 | System hardening through configuration management | Preventive | |
| Configure File Format Converter settings for Microsoft Office in accordance with organizational standards. CC ID 07983 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Excel 2010 through the Compatibility Pack for Office 2010 and Excel 2010 Converter" to organizational standards. CC ID 07984 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter" to organizational standards. CC ID 08004 | System hardening through configuration management | Preventive | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2010 through the Compatibility Pack for Office 2010 and PowerPoint 2010 Converter" to organizational standards. CC ID 08124 | System hardening through configuration management | Preventive | |
| Configure Microsoft Project settings for Microsoft Office in accordance with organizational standards. CC ID 08036 | System hardening through configuration management | Preventive | |
| Configure the "Enable untrusted intranet zone access to Project server" to organizational standards. CC ID 08037 | System hardening through configuration management | Preventive | |
| Configure Meeting Workspace settings for Microsoft Office in accordance with organizational standards. CC ID 08050 | System hardening through configuration management | Preventive | |
| Configure Miscellaneous settings for Microsoft Office in accordance with organizational standards. CC ID 08054 | System hardening through configuration management | Preventive | |
| Configure the "OLAP PivotTable User Defined Function (UDF) security setting" to organizational standards. CC ID 08133 | System hardening through configuration management | Preventive | |
| Configure the "Do not expand Contact Groups" to organizational standards. CC ID 08343 | System hardening through configuration management | Preventive | |
| Configure Data Backup and Recovery settings for Microsoft Office in accordance with organizational standards. CC ID 08098 | System hardening through configuration management | Preventive | |
| Configure Privacy settings for Microsoft Office in accordance with organizational standards. CC ID 08101 | System hardening through configuration management | Preventive | |
| Configure Server Settings settings for Microsoft Office in accordance with organizational standards. CC ID 08154 | System hardening through configuration management | Preventive | |
| Configure the "Disable the Office client from polling the SharePoint Server for published links" to organizational standards. CC ID 08155 | System hardening through configuration management | Preventive | |
| Configure Smart Documents settings for Microsoft Office in accordance with organizational standards. CC ID 08158 | System hardening through configuration management | Preventive | |
| Configure Fax settings for Microsoft Office in accordance with organizational standards. CC ID 08310 | System hardening through configuration management | Preventive | |
| Configure the "Date Format" setting to organizational standards. CC ID 09400 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow printing to Journal Note Writer" setting to organizational standards. CC ID 10911 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow Windows Journal to be run" setting to organizational standards. CC ID 10922 | System hardening through configuration management | Preventive | |
| Configure Services settings to organizational standards. CC ID 07434 | System hardening through configuration management | Preventive | |
| Configure Active Directory in accordance with organizational standards. CC ID 16434 | System hardening through configuration management | Preventive | |
| Configure SID filtering in accordance with organizational standards. CC ID 16435 | System hardening through configuration management | Preventive | |
| Configure AWS Config to organizational standards. CC ID 15440 | System hardening through configuration management | Preventive | |
| Configure "Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service" to organizational standards. CC ID 15343 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_X64" to organizational standards CC ID 07435 | System hardening through configuration management | Preventive | |
| Configure the "namespace" to organizational standards. CC ID 14654 | System hardening through configuration management | Preventive | |
| Configure the "Smart Card" to organizational standards. CC ID 07436 | System hardening through configuration management | Preventive | |
| Configure the "File Server Storage Reports Manager" to organizational standards. CC ID 07437 | System hardening through configuration management | Preventive | |
| Configure the "IP Helper" to organizational standards. CC ID 07439 | System hardening through configuration management | Preventive | |
| Configure the "ipc" argument to organizational standards. CC ID 14524 | System hardening through configuration management | Preventive | |
| Configure the "AD RMS Logging Service" to organizational standards. CC ID 07440 | System hardening through configuration management | Preventive | |
| Configure the "Windows Time" to organizational standards. CC ID 07441 | System hardening through configuration management | Preventive | |
| Configure the "Protected Storage" to organizational standards. CC ID 07442 | System hardening through configuration management | Preventive | |
| Configure the "Windows License Monitoring Service" to organizational standards. CC ID 07443 | System hardening through configuration management | Preventive | |
| Configure the "Portable Device Enumerator Service" to organizational standards. CC ID 07444 | System hardening through configuration management | Preventive | |
| Configure the "Software Licensing" to organizational standards. CC ID 07445 | System hardening through configuration management | Preventive | |
| Configure the "Offline Files" to organizational standards. CC ID 07446 | System hardening through configuration management | Preventive | |
| Configure the "Peer Networking Identity Manager" to organizational standards. CC ID 07447 | System hardening through configuration management | Preventive | |
| Configure the "Human Interface Device Access" to organizational standards. CC ID 07448 | System hardening through configuration management | Preventive | |
| Configure the "Link-Layer Topology Discovery Mapper" to organizational standards. CC ID 07449 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_I64" to organizational standards CC ID 07450 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall" to organizational standards. CC ID 07451 | System hardening through configuration management | Preventive | |
| Configure the "networkpolicy" to organizational standards. CC ID 14655 | System hardening through configuration management | Preventive | |
| Configure the "Net.Tcp Port Sharing Service" to organizational standards. CC ID 07452 | System hardening through configuration management | Preventive | |
| Configure the "pid" argument to organizational standards. CC ID 14532 | System hardening through configuration management | Preventive | |
| Configure the "Secondary Logon" to organizational standards. CC ID 07453 | System hardening through configuration management | Preventive | |
| Configure the "Remote Access Connection Manager" to organizational standards. CC ID 07454 | System hardening through configuration management | Preventive | |
| Configure the "Function Discovery Provider Host" to organizational standards. CC ID 07455 | System hardening through configuration management | Preventive | |
| Configure the "Windows Process Activation Service" to organizational standards. CC ID 07457 | System hardening through configuration management | Preventive | |
| Configure the "Task Scheduler" to organizational standards. CC ID 07459 | System hardening through configuration management | Preventive | |
| Configure the "Intersite Messaging" to organizational standards. CC ID 07460 | System hardening through configuration management | Preventive | |
| Configure the "Special Administration Console Helper" to organizational standards. CC ID 07463 | System hardening through configuration management | Preventive | |
| Configure the "Security Accounts Manager" to organizational standards. CC ID 07465 | System hardening through configuration management | Preventive | |
| Configure the "Kerberos Key Distribution Center" to organizational standards. CC ID 07469 | System hardening through configuration management | Preventive | |
| Configure the "COM+ System Application" to organizational standards. CC ID 07470 | System hardening through configuration management | Preventive | |
| Configure the "RPC Endpoint Mapper" to organizational standards. CC ID 07471 | System hardening through configuration management | Preventive | |
| Configure the "UPnP Device Host" to organizational standards. CC ID 07472 | System hardening through configuration management | Preventive | |
| Configure the "DHCP Client" to organizational standards. CC ID 07475 | System hardening through configuration management | Preventive | |
| Configure the "Extensible Authentication Protocol" to organizational standards. CC ID 07476 | System hardening through configuration management | Preventive | |
| Configure the "SNMP Service" to organizational standards. CC ID 07477 | System hardening through configuration management | Preventive | |
| Configure the "Message Queuing Down Level Clients" to organizational standards. CC ID 07478 | System hardening through configuration management | Preventive | |
| Configure the "TPM Base Services" to organizational standards. CC ID 07479 | System hardening through configuration management | Preventive | |
| Configure the "Windows Deployment Services server" to organizational standards. CC ID 07480 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft iSNS Server" to organizational standards. CC ID 07481 | System hardening through configuration management | Preventive | |
| Configure the "Multimedia Class Scheduler" to organizational standards. CC ID 07482 | System hardening through configuration management | Preventive | |
| Configure the "uts" argument to organizational standards. CC ID 14526 | System hardening through configuration management | Preventive | |
| Configure the "Performance Counter DLL Host" to organizational standards. CC ID 07484 | System hardening through configuration management | Preventive | |
| Configure the "pids-limit" argument to organizational standards. CC ID 14537 | System hardening through configuration management | Preventive | |
| Configure the "Windows Search" to organizational standards. CC ID 07486 | System hardening through configuration management | Preventive | |
| Configure the "DFS Replication" to organizational standards. CC ID 07487 | System hardening through configuration management | Preventive | |
| Configure the "Superfetch" to organizational standards. CC ID 07488 | System hardening through configuration management | Preventive | |
| Configure the "Power" to organizational standards. CC ID 07489 | System hardening through configuration management | Preventive | |
| Configure the "Remote Access Quarantine Agent" to organizational standards. CC ID 07491 | System hardening through configuration management | Preventive | |
| Configure the "Windows Audio" to organizational standards. CC ID 07492 | System hardening through configuration management | Preventive | |
| Configure the "Windows Event Log" to organizational standards. CC ID 07495 | System hardening through configuration management | Preventive | |
| Configure the "Performance Logs & Alerts" to organizational standards. CC ID 07496 | System hardening through configuration management | Preventive | |
| Configure the "File Replication" to organizational standards. CC ID 07497 | System hardening through configuration management | Preventive | |
| Configure the "Encrypting File System (EFS)" to organizational standards. CC ID 07498 | System hardening through configuration management | Preventive | |
| Configure the "userns" argument to organizational standards. CC ID 14530 | System hardening through configuration management | Preventive | |
| Configure the "Quality Windows Audio Video Experience" to organizational standards. CC ID 07500 | System hardening through configuration management | Preventive | |
| Configure the "TCP/IP NetBIOS Helper" to organizational standards. CC ID 07502 | System hardening through configuration management | Preventive | |
| Configure the "Windows System Resource Manager" to organizational standards. CC ID 07503 | System hardening through configuration management | Preventive | |
| Configure the "Interactive Services Detection" to organizational standards. CC ID 07505 | System hardening through configuration management | Preventive | |
| Configure the "Software Protection" to organizational standards. CC ID 07508 | System hardening through configuration management | Preventive | |
| Configure the "ASP .NET State Service" to organizational standards CC ID 07509 | System hardening through configuration management | Preventive | |
| Configure the "Distributed Transaction Coordinator" to organizational standards. CC ID 07514 | System hardening through configuration management | Preventive | |
| Configure the "Telnet" to organizational standards. CC ID 07515 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Image Management Service" to organizational standards. CC ID 07517 | System hardening through configuration management | Preventive | |
| Configure the "Server" to organizational standards. CC ID 07521 | System hardening through configuration management | Preventive | |
| Configure the "Group Policy Client" to organizational standards. CC ID 07522 | System hardening through configuration management | Preventive | |
| Configure the "Desktop Window Manager Session Manager" to organizational standards. CC ID 07523 | System hardening through configuration management | Preventive | |
| Configure the "Windows Management Instrumentation" to organizational standards. CC ID 07524 | System hardening through configuration management | Preventive | |
| Configure the "World Wide Web Publishing Service" to organizational standards. CC ID 07525 | System hardening through configuration management | Preventive | |
| Configure the "Function Discovery Resource Publication" to organizational standards. CC ID 07526 | System hardening through configuration management | Preventive | |
| Configure the "Simple Mail Transport Protocol (SMTP)" to organizational standards. CC ID 07527 | System hardening through configuration management | Preventive | |
| Configure the "Resultant Set of Policy Provider" to organizational standards. CC ID 07528 | System hardening through configuration management | Preventive | |
| Configure the "WMI Performance Adapter" to organizational standards. CC ID 07529 | System hardening through configuration management | Preventive | |
| Configure the "Disk Defragmenter" to organizational standards. CC ID 07530 | System hardening through configuration management | Preventive | |
| Configure the "IIS Admin Service" to organizational standards. CC ID 07532 | System hardening through configuration management | Preventive | |
| Configure the "Volume Shadow Copy" to organizational standards. CC ID 07534 | System hardening through configuration management | Preventive | |
| Configure the "Network Location Awareness" to organizational standards. CC ID 07535 | System hardening through configuration management | Preventive | |
| Configure the "Windows Presentation Foundation Font Cache 3.0.0.0" to organizational standards. CC ID 07536 | System hardening through configuration management | Preventive | |
| Configure the "WinHTTP Web Proxy Auto-Discovery Service" to organizational standards. CC ID 07537 | System hardening through configuration management | Preventive | |
| Configure the "Network List Service" to organizational standards. CC ID 07538 | System hardening through configuration management | Preventive | |
| Configure the "Application Experience" to organizational standards. CC ID 07540 | System hardening through configuration management | Preventive | |
| Configure the "Active Directory Web Services" to organizational standards. CC ID 07542 | System hardening through configuration management | Preventive | |
| Configure the "SSDP Discovery" to organizational standards. CC ID 07543 | System hardening through configuration management | Preventive | |
| Configure the "TCP/IP Print Server" to organizational standards. CC ID 07544 | System hardening through configuration management | Preventive | |
| Configure "Netlogon" to organizational standards. CC ID 07545 | System hardening through configuration management | Preventive | |
| Configure the "Windows Error Reporting Service" to organizational standards. CC ID 07546 | System hardening through configuration management | Preventive | |
| Configure the "IKE and AuthIP IPsec Keying Modules" to organizational standards. CC ID 07547 | System hardening through configuration management | Preventive | |
| Configure the "DFS Namespace" to organizational standards. CC ID 07548 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server VSS Writer" to organizational standards. CC ID 07549 | System hardening through configuration management | Preventive | |
| Configure the "Network Policy Server" to organizational standards. CC ID 07550 | System hardening through configuration management | Preventive | |
| Configure the "Windows Driver Foundation - User-mode Driver Framework" to organizational standards. CC ID 07551 | System hardening through configuration management | Preventive | |
| Configure the "Server For NIS" to organizational standards. CC ID 07553 | System hardening through configuration management | Preventive | |
| Configure the "User Profile Service" to organizational standards. CC ID 07554 | System hardening through configuration management | Preventive | |
| Configure the "SNMP Trap" to organizational standards. CC ID 07555 | System hardening through configuration management | Preventive | |
| Configure the "Net.Tcp Listener Adapter" to organizational standards. CC ID 07556 | System hardening through configuration management | Preventive | |
| Configure the "Network Access Protection Agent" to organizational standards. CC ID 07557 | System hardening through configuration management | Preventive | |
| Configure the "Remote Access Auto Connection Manager" to organizational standards. CC ID 07558 | System hardening through configuration management | Preventive | |
| Configure the "Server for NFS" to organizational standards. CC ID 07559 | System hardening through configuration management | Preventive | |
| Configure the "Credential Manager" to organizational standards. CC ID 07560 | System hardening through configuration management | Preventive | |
| Configure the "Workstation" to organizational standards. CC ID 07561 | System hardening through configuration management | Preventive | |
| Configure the "PNRP Machine Name Publication Service" to organizational standards. CC ID 07562 | System hardening through configuration management | Preventive | |
| Configure the "Print Spooler" to organizational standards. CC ID 07563 | System hardening through configuration management | Preventive | |
| Configure the "Windows Internet Name Service (WINS)" to organizational standards. CC ID 07564 | System hardening through configuration management | Preventive | |
| Configure the "Net.Msmq Listener Adapter" to organizational standards. CC ID 07565 | System hardening through configuration management | Preventive | |
| Configure the "COM+ Event System" to organizational standards. CC ID 07566 | System hardening through configuration management | Preventive | |
| Configure the "Windows Update" to organizational standards. CC ID 07568 | System hardening through configuration management | Preventive | |
| Configure the "Windows Installer" to organizational standards. CC ID 07569 | System hardening through configuration management | Preventive | |
| Configure the "Windows Color System" to organizational standards. CC ID 07570 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_X86" to organizational standards CC ID 07571 | System hardening through configuration management | Preventive | |
| Configure the "Block Level Backup Engine Service" to organizational standards. CC ID 07572 | System hardening through configuration management | Preventive | |
| Configure the "Windows CardSpace" to organizational standards. CC ID 07573 | System hardening through configuration management | Preventive | |
| Configure the "webclient" to organizational standards. CC ID 07574 | System hardening through configuration management | Preventive | |
| Configure the "Diagnostic Service Host" to organizational standards. CC ID 07575 | System hardening through configuration management | Preventive | |
| Configure the "Active Directory Certificate Services" to organizational standards. CC ID 07576 | System hardening through configuration management | Preventive | |
| Configure the "File Server Resource Manager" to organizational standards. CC ID 07577 | System hardening through configuration management | Preventive | |
| Configure the "Secure Socket Tunneling Protocol Service" to organizational standards. CC ID 07578 | System hardening through configuration management | Preventive | |
| Configure the "Cluster Service" to organizational standards. CC ID 07579 | System hardening through configuration management | Preventive | |
| Configure the "Application Management" to organizational standards. CC ID 07580 | System hardening through configuration management | Preventive | |
| Configure the "Remote Procedure Call (RPC) Locator" to organizational standards. CC ID 07581 | System hardening through configuration management | Preventive | |
| Configure the "Thread Ordering Server" to organizational standards. CC ID 07582 | System hardening through configuration management | Preventive | |
| Configure the "FTP Publishing Service" to organizational standards. CC ID 07583 | System hardening through configuration management | Preventive | |
| Configure the "System Event Notification Service" to organizational standards. CC ID 07584 | System hardening through configuration management | Preventive | |
| Configure the "Remote Procedure Call (RPC)" to organizational standards. CC ID 07585 | System hardening through configuration management | Preventive | |
| Configure the "Net.Pipe Listener Adapter" to organizational standards. CC ID 07586 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Licensing" to organizational standards. CC ID 07587 | System hardening through configuration management | Preventive | |
| Configure the "Message Queuing Triggers" to organizational standards. CC ID 07588 | System hardening through configuration management | Preventive | |
| Configure the "Windows Modules Installer" to organizational standards. CC ID 07589 | System hardening through configuration management | Preventive | |
| Configure the "Application Layer Gateway Service" to organizational standards. CC ID 07590 | System hardening through configuration management | Preventive | |
| Configure the "DNS Server" to organizational standards. CC ID 07591 | System hardening through configuration management | Preventive | |
| Configure the "Web Management Service" to organizational standards. CC ID 07592 | System hardening through configuration management | Preventive | |
| Configure the "Windows Remote Management (WS-Management)" to organizational standards. CC ID 07593 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Gateway" to organizational standards. CC ID 07594 | System hardening through configuration management | Preventive | |
| Configure the "Network Connections" to organizational standards. CC ID 07595 | System hardening through configuration management | Preventive | |
| Configure the "Background Intelligent Transfer Service" to organizational standards. CC ID 07596 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Session Broker" to organizational standards. CC ID 07597 | System hardening through configuration management | Preventive | |
| Configure the "Removable Storage" to organizational standards. CC ID 07598 | System hardening through configuration management | Preventive | |
| Configure the "KtmRm for Distributed Transaction Coordinator" to organizational standards. CC ID 07614 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Software Shadow Copy Provider" to organizational standards. CC ID 07615 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Services" to organizational standards. CC ID 07616 | System hardening through configuration management | Preventive | |
| Configure the "Peer Name Resolution Protocol" to organizational standards. CC ID 07617 | System hardening through configuration management | Preventive | |
| Configure the "Online Responder Service" to organizational standards. CC ID 07618 | System hardening through configuration management | Preventive | |
| Configure the "Message Queuing" to organizational standards. CC ID 07619 | System hardening through configuration management | Preventive | |
| Configure the "Telephony" to organizational standards. CC ID 07620 | System hardening through configuration management | Preventive | |
| Configure the "Plug and Play" to organizational standards. CC ID 07624 | System hardening through configuration management | Preventive | |
| Configure the "DHCP Server" to organizational standards. CC ID 07627 | System hardening through configuration management | Preventive | |
| Configure the "Remote Registry" to organizational standards. CC ID 07628 | System hardening through configuration management | Preventive | |
| Configure the "Cryptographic Services" to organizational standards. CC ID 07630 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Configuration" to organizational standards. CC ID 07631 | System hardening through configuration management | Preventive | |
| Configure the "CNG Key Isolation" to organizational standards. CC ID 07634 | System hardening through configuration management | Preventive | |
| Configure the "Active Directory Domain Services" to organizational standards. CC ID 07636 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Networking Management Service" to organizational standards. CC ID 07637 | System hardening through configuration management | Preventive | |
| Configure the "Problem Reports and Solutions Control Panel Support" to organizational standards. CC ID 07640 | System hardening through configuration management | Preventive | |
| Configure the "Certificate Propagation" to organizational standards. CC ID 07641 | System hardening through configuration management | Preventive | |
| Configure the "Health Key and Certificate Management" to organizational standards. CC ID 07644 | System hardening through configuration management | Preventive | |
| Configure the "DNS Client" to organizational standards. CC ID 07645 | System hardening through configuration management | Preventive | |
| Configure the "Shell Hardware Detection" to organizational standards. CC ID 07647 | System hardening through configuration management | Preventive | |
| Configure the "DCOM Server Process Launcher" to organizational standards. CC ID 07649 | System hardening through configuration management | Preventive | |
| Configure the "Distributed Link Tracking Client" to organizational standards. CC ID 07651 | System hardening through configuration management | Preventive | |
| Configure the "IPsec Policy Agent" to organizational standards. CC ID 07654 | System hardening through configuration management | Preventive | |
| Configure the "Application Information" to organizational standards. CC ID 07656 | System hardening through configuration management | Preventive | |
| Configure the "Windows Audio Endpoint Builder" to organizational standards. CC ID 07661 | System hardening through configuration management | Preventive | |
| Configure the "SL UI Notification Service" to organizational standards. CC ID 07665 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Virtual Machine Management Service" to organizational standards. CC ID 07668 | System hardening through configuration management | Preventive | |
| Configure the "Windows Internal Database (MICROSOFT**SSEE)" to organizational standards. CC ID 07670 | System hardening through configuration management | Preventive | |
| Configure the "Themes" to organizational standards. CC ID 07672 | System hardening through configuration management | Preventive | |
| Configure the "Base Filtering Engine" to organizational standards. CC ID 07673 | System hardening through configuration management | Preventive | |
| Configure the "Simple TCP/IP Services" to organizational standards. CC ID 07674 | System hardening through configuration management | Preventive | |
| Configure Transmission Control Protocol/Internet Protocol (TCP/IP) to organizational standards. CC ID 16358 | System hardening through configuration management | Preventive | |
| Configure the "Fax" to organizational standards. CC ID 07675 | System hardening through configuration management | Preventive | |
| Configure the "Diagnostic System Host" to organizational standards. CC ID 07686 | System hardening through configuration management | Preventive | |
| Configure the "Routing and Remote Access" to organizational standards. CC ID 07692 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Fibre Channel Platform Registration Service" to organizational standards. CC ID 07696 | System hardening through configuration management | Preventive | |
| Configure the "Windows Event Collector" to organizational standards. CC ID 07700 | System hardening through configuration management | Preventive | |
| Configure the "Internet Connection Sharing (ICS)" to organizational standards. CC ID 07702 | System hardening through configuration management | Preventive | |
| Configure the "IAS Jet Database Access" to organizational standards. CC ID 07709 | System hardening through configuration management | Preventive | |
| Configure the "Wired AutoConfig" to organizational standards. CC ID 07725 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop UserMode Port Redirector" to organizational standards. CC ID 07727 | System hardening through configuration management | Preventive | |
| Configure the "Application Identity" to organizational standards. CC ID 07731 | System hardening through configuration management | Preventive | |
| Configure the "Network Store Interface Service" to organizational standards. CC ID 07740 | System hardening through configuration management | Preventive | |
| Configure the "PnP-X IP Bus Enumerator" to organizational standards. CC ID 07761 | System hardening through configuration management | Preventive | |
| Configure the "Diagnostic Policy Service" to organizational standards. CC ID 07766 | System hardening through configuration management | Preventive | |
| Configure the "Virtual Disk" to organizational standards. CC ID 07767 | System hardening through configuration management | Preventive | |
| Configure the "AD FS Web Agent Authentication Service" to organizational standards. CC ID 07768 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft iSCSI Initiator Service" to organizational standards. CC ID 07780 | System hardening through configuration management | Preventive | |
| Configure the "Computer Browser" to organizational standards. CC ID 07794 | System hardening through configuration management | Preventive | |
| Configure the "Smart Card Removal Policy" to organizational standards. CC ID 07795 | System hardening through configuration management | Preventive | |
| Configure the "Windows Font Cache Service" to organizational standards. CC ID 07797 | System hardening through configuration management | Preventive | |
| Configure the "Application Host Helper Service" to organizational standards. CC ID 07855 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Help Session Manager" to organizational standards. CC ID 08163 | System hardening through configuration management | Preventive | |
| Configure the "Network DDE" to organizational standards. CC ID 08164 | System hardening through configuration management | Preventive | |
| Configure the "Upload Manager" to organizational standards. CC ID 08165 | System hardening through configuration management | Preventive | |
| Configure the "Event Log" to organizational standards. CC ID 08166 | System hardening through configuration management | Preventive | |
| Configure the "Client for NFS" to organizational standards. CC ID 08168 | System hardening through configuration management | Preventive | |
| Configure the "Fax Service" to organizational standards. CC ID 08172 | System hardening through configuration management | Preventive | |
| Configure the "Virtual Disk Service" to organizational standards. CC ID 08174 | System hardening through configuration management | Preventive | |
| Configure the "Uninterruptable Power Supply" to organizational standards. CC ID 08175 | System hardening through configuration management | Preventive | |
| Configure the "Network DDE DSDM" to organizational standards. CC ID 08176 | System hardening through configuration management | Preventive | |
| Configure the "Portable Media Serial Number Service" to organizational standards. CC ID 08177 | System hardening through configuration management | Preventive | |
| Configure the "Windows Management Instrumentation Driver Extensions" to organizational standards. CC ID 08179 | System hardening through configuration management | Preventive | |
| Configure the "License Logging" to organizational standards. CC ID 08180 | System hardening through configuration management | Preventive | |
| Configure the "Windows Image Acquisition (WIA)" to organizational standards. CC ID 08183 | System hardening through configuration management | Preventive | |
| Configure the "Terminal Server Licensing" to organizational standards. CC ID 08185 | System hardening through configuration management | Preventive | |
| Configure the "Virtual Machine Additions Shared Folder Service" to organizational standards. CC ID 08189 | System hardening through configuration management | Preventive | |
| Configure the "Net Logon" to organizational standards. CC ID 08191 | System hardening through configuration management | Preventive | |
| Configure the "HTTP SSL" to organizational standards. CC ID 08194 | System hardening through configuration management | Preventive | |
| Configure the "Alerter" to organizational standards. CC ID 08196 | System hardening through configuration management | Preventive | |
| Configure the "User Name Mapping" to organizational standards. CC ID 08203 | System hardening through configuration management | Preventive | |
| Configure the "Error Reporting Service" to organizational standards. CC ID 08206 | System hardening through configuration management | Preventive | |
| Configure the "Windows User Mode Driver Framework" to organizational standards. CC ID 08207 | System hardening through configuration management | Preventive | |
| Configure the "NetMeeting Remote Desktop Sharing" to organizational standards. CC ID 08209 | System hardening through configuration management | Preventive | |
| Configure the "Terminal Services UserMode Port Redirector" to organizational standards. CC ID 08212 | System hardening through configuration management | Preventive | |
| Configure the "File Replication Service" to organizational standards. CC ID 08213 | System hardening through configuration management | Preventive | |
| Configure the "NT LM Security Support Provider" to organizational standards. CC ID 08223 | System hardening through configuration management | Preventive | |
| Configure the "Messenger" to organizational standards. CC ID 08227 | System hardening through configuration management | Preventive | |
| Configure the "Logical Disk Manager" to organizational standards. CC ID 08230 | System hardening through configuration management | Preventive | |
| Configure the "Network Location Awareness (NLA)" to organizational standards. CC ID 08231 | System hardening through configuration management | Preventive | |
| Configure the "Certificate Services" to organizational standards. CC ID 08232 | System hardening through configuration management | Preventive | |
| Configure the "IPSEC Services" to organizational standards. CC ID 08233 | System hardening through configuration management | Preventive | |
| Configure the "Terminal Services Gateway" to organizational standards. CC ID 08235 | System hardening through configuration management | Preventive | |
| Configure the "Clipbook" to organizational standards. CC ID 08237 | System hardening through configuration management | Preventive | |
| Configure the "Indexing Service" to organizational standards. CC ID 08239 | System hardening through configuration management | Preventive | |
| Configure the "File Server for Macintosh" to organizational standards. CC ID 08242 | System hardening through configuration management | Preventive | |
| Configure the "Virtual Machine Additions Service Application" to organizational standards. CC ID 08245 | System hardening through configuration management | Preventive | |
| Configure the "Network Provisioning Service" to organizational standards. CC ID 08250 | System hardening through configuration management | Preventive | |
| Configure the "Terminal Services" to organizational standards. CC ID 08252 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall/Internet Connection Sharing (ICS)" to organizational standards. CC ID 08254 | System hardening through configuration management | Preventive | |
| Configure the ".NET Runtime Optimization Service v2.0.50727_x86" to organizational standards CC ID 08256 | System hardening through configuration management | Preventive | |
| Configure the "Terminal Services Session Directory" to organizational standards. CC ID 08261 | System hardening through configuration management | Preventive | |
| Configure the "Application Experience Lookup Service" to organizational standards. CC ID 08267 | System hardening through configuration management | Preventive | |
| Configure the "Distributed File System" to organizational standards. CC ID 08268 | System hardening through configuration management | Preventive | |
| Configure the "Help and Support" to organizational standards. CC ID 08271 | System hardening through configuration management | Preventive | |
| Configure the "Automatic Updates" to organizational standards. CC ID 08273 | System hardening through configuration management | Preventive | |
| Configure the "Distributed Link Tracking Server" to organizational standards. CC ID 08276 | System hardening through configuration management | Preventive | |
| Configure the "IMAPI CD-Burning Service" to organizational standards. CC ID 08277 | System hardening through configuration management | Preventive | |
| Configure the "Terminal Services Configuration" to organizational standards. CC ID 08287 | System hardening through configuration management | Preventive | |
| Configure the "Logical Disk Manager Administrative Service" to organizational standards. CC ID 08290 | System hardening through configuration management | Preventive | |
| Configure the "Wireless Configuration" to organizational standards. CC ID 08292 | System hardening through configuration management | Preventive | |
| Configure the "System Event Notification" to organizational standards. CC ID 08306 | System hardening through configuration management | Preventive | |
| Configure the "Internet Authentication Service" to organizational standards. CC ID 08313 | System hardening through configuration management | Preventive | |
| Configure the "Terminal Services Licensing" to organizational standards. CC ID 08320 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange ADAM" to organizational standards. CC ID 08349 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Server Extension for Windows Server Backup" to organizational standards. CC ID 08351 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Search Indexer" to organizational standards. CC ID 08355 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Connection Broker" to organizational standards. CC ID 08356 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Service Host" to organizational standards. CC ID 08358 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Transport" to organizational standards. CC ID 08359 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Transport Log Search" to organizational standards. CC ID 08364 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Time Synchronization Service" to organizational standards. CC ID 08365 | System hardening through configuration management | Preventive | |
| Configure the "DS Role Server" to organizational standards. CC ID 08366 | System hardening through configuration management | Preventive | |
| Configure the "RemoteApp and Desktop Connection Management" to organizational standards. CC ID 08367 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Guest Shutdown Service" to organizational standards. CC ID 08368 | System hardening through configuration management | Preventive | |
| Configure the "Optimize drives" to organizational standards. CC ID 08369 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Management" to organizational standards. CC ID 08371 | System hardening through configuration management | Preventive | |
| Configure the "Background Tasks Infrastructure Service" to organizational standards. CC ID 08373 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Forms-Based Authentication service" to organizational standards. CC ID 08375 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange POP3" to organizational standards. CC ID 08376 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Information Store" to organizational standards. CC ID 08377 | System hardening through configuration management | Preventive | |
| Configure the "LPD Service" to organizational standards. CC ID 08378 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Mailbox Assistants" to organizational standards. CC ID 08379 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Monitoring" to organizational standards. CC ID 08380 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Unified Messaging" to organizational standards. CC ID 08381 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Search (Exchange)" to organizational standards. CC ID 08384 | System hardening through configuration management | Preventive | |
| Configure the "Windows All-User Install Agent" to organizational standards. CC ID 08386 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange EdgeSync Service" to organizational standards. CC ID 08388 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft FTP Service" to organizational standards. CC ID 08389 | System hardening through configuration management | Preventive | |
| Configure the "Device Install Service" to organizational standards. CC ID 08390 | System hardening through configuration management | Preventive | |
| Configure the "Device Association Service" to organizational standards. CC ID 08393 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Heartbeat Service" to organizational standards. CC ID 08400 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Speech Engine Service" to organizational standards. CC ID 08402 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Data Exchange Service" to organizational standards. CC ID 08403 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Mail Submission Service" to organizational standards. CC ID 08408 | System hardening through configuration management | Preventive | |
| Configure the "Windows Presentation Foundation Font Cache 4.0.0.0" to organizational standards. CC ID 08409 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Replication Service" to organizational standards. CC ID 08414 | System hardening through configuration management | Preventive | |
| Configure the "Windows Internal Database" to organizational standards. CC ID 08416 | System hardening through configuration management | Preventive | |
| Configure the "Device Setup Manager" to organizational standards. CC ID 08417 | System hardening through configuration management | Preventive | |
| Configure the "User Access Logging Service" to organizational standards. CC ID 08418 | System hardening through configuration management | Preventive | |
| Configure the "Windows Internal Database VSS Writer" to organizational standards. CC ID 08423 | System hardening through configuration management | Preventive | |
| Configure the "Remote Desktop Services UserMode Port Redirector" to organizational standards. CC ID 08424 | System hardening through configuration management | Preventive | |
| Configure the "Remote Access Management service" to organizational standards. CC ID 08425 | System hardening through configuration management | Preventive | |
| Configure the "Data Deduplication Volume Shadow Copy Service" to organizational standards. CC ID 08428 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Remote Desktop Virtualization Service" to organizational standards. CC ID 08440 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Anti-spam Update" to organizational standards. CC ID 08442 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange System Attendant" to organizational standards. CC ID 08448 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange File Distribution" to organizational standards. CC ID 08449 | System hardening through configuration management | Preventive | |
| Configure the "Printer Extensions and Notifications" to organizational standards. CC ID 08451 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Key Distribution Service" to organizational standards. CC ID 08452 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft File Server Shadow Copy Agent Service" to organizational standards. CC ID 08455 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Address Book" to organizational standards. CC ID 08458 | System hardening through configuration management | Preventive | |
| Configure the "Data Deduplication Service" to organizational standards. CC ID 08459 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Active Directory Topology" to organizational standards. CC ID 08465 | System hardening through configuration management | Preventive | |
| Configure the "Windows Store Service (WSService)" to organizational standards. CC ID 08467 | System hardening through configuration management | Preventive | |
| Configure the "Local Session Manager" to organizational standards. CC ID 08468 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft iSCSI Software Target" to organizational standards. CC ID 08470 | System hardening through configuration management | Preventive | |
| Configure the "Network Connectivity Assistant" to organizational standards. CC ID 08474 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange IMAP4" to organizational standards. CC ID 08479 | System hardening through configuration management | Preventive | |
| Configure the "Distributed Scan Server service" to organizational standards. CC ID 08482 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Protected Service Host" to organizational standards. CC ID 08488 | System hardening through configuration management | Preventive | |
| Configure the "KDC Proxy Server service (KPS)" to organizational standards. CC ID 08497 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange RPC Client Access" to organizational standards. CC ID 08500 | System hardening through configuration management | Preventive | |
| Configure the "Hyper-V Volume Shadow Copy Requestor" to organizational standards. CC ID 08512 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Credential Service (Exchange 2010)" to organizational standards. CC ID 08514 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Throttling" to organizational standards. CC ID 08525 | System hardening through configuration management | Preventive | |
| Configure the "Spot Verifier" to organizational standards. CC ID 08538 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Mailbox Replication" to organizational standards. CC ID 08539 | System hardening through configuration management | Preventive | |
| Configure the "Terminal Services Session Broker" to organizational standards. CC ID 08586 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange Credential Service (Exchange 2007)" to organizational standards. CC ID 08590 | System hardening through configuration management | Preventive | |
| Configure the "Network News Transport Protocol (NNTP) service" setting to organizational standards. CC ID 10221 | System hardening through configuration management | Preventive | |
| Configure the "Telephony service" setting to organizational standards. CC ID 10223 | System hardening through configuration management | Preventive | |
| Configure the "ATI hotkey poller service" setting to organizational standards. CC ID 10237 | System hardening through configuration management | Preventive | |
| Configure the "IP Version 6 Helper service" setting to organizational standards. CC ID 10239 | System hardening through configuration management | Preventive | |
| Configure the "Client Service for Netware service" setting to organizational standards. CC ID 10240 | System hardening through configuration management | Preventive | |
| Configure the "Utility Manager service" setting to organizational standards. CC ID 10241 | System hardening through configuration management | Preventive | |
| Configure the "Remote Administration Service service" setting to organizational standards. CC ID 10242 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft POP3 Service service" setting to organizational standards. CC ID 10243 | System hardening through configuration management | Preventive | |
| Configure the "Windows System Resource Manager (WSRM) service" setting to organizational standards. CC ID 10244 | System hardening through configuration management | Preventive | |
| Configure the "Services for Unix Trivial FTP Daemon (TFTP) service" setting to organizational standards. CC ID 10245 | System hardening through configuration management | Preventive | |
| Configure the "Services for Unix Server for PCNFS service" setting to organizational standards. CC ID 10246 | System hardening through configuration management | Preventive | |
| Configure the "Print Server for Macintosh service" setting to organizational standards. CC ID 10249 | System hardening through configuration management | Preventive | |
| Configure the "Remote Installation Services service" setting to organizational standards. CC ID 10250 | System hardening through configuration management | Preventive | |
| Configure the "Remote Server Manager service" setting to organizational standards. CC ID 10251 | System hardening through configuration management | Preventive | |
| Configure the "Remote Server Monitor service" setting to organizational standards. CC ID 10252 | System hardening through configuration management | Preventive | |
| Configure the "Remote Storage Notification service" setting to organizational standards. CC ID 10253 | System hardening through configuration management | Preventive | |
| Configure the "Remote Storage Server service" setting to organizational standards. CC ID 10254 | System hardening through configuration management | Preventive | |
| Configure the "Windows Media Services service" setting to organizational standards. CC ID 10255 | System hardening through configuration management | Preventive | |
| Configure the "Web Element Manager service" setting to organizational standards. CC ID 10256 | System hardening through configuration management | Preventive | |
| Configure the "Infrared Monitor service service" setting to organizational standards. CC ID 10257 | System hardening through configuration management | Preventive | |
| Configure the "QoS Admission Control (RSVP) service" setting to organizational standards. CC ID 10258 | System hardening through configuration management | Preventive | |
| Configure the "Allow CredSSP authentication" setting for the "WinRM service" to organizational standards. CC ID 10715 | System hardening through configuration management | Preventive | |
| Configure the "Disallow Kerberos authentication" setting for the "WinRM service" to organizational standards. CC ID 10873 | System hardening through configuration management | Preventive | |
| Configure the "Disallow Negotiate authentication" setting for the "WinRM service" to organizational standards. CC ID 10876 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Federation Service" setting to organizational standards. CC ID 11278 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Internet File Association service" setting to organizational standards. CC ID 11284 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Smart Card Plug and Play service" setting to organizational standards. CC ID 11351 | System hardening through configuration management | Preventive | |
| Configure the "rsyncd service" setting to organizational standards. CC ID 11382 | System hardening through configuration management | Preventive | |
| Configure network protection settings to organizational standards. CC ID 07601 | System hardening through configuration management | Preventive | |
| Configure the "CNI" plugin to organizational standards. CC ID 14659 | System hardening through configuration management | Preventive | |
| Configure the "data-path-addr" argument to organizational standards. CC ID 14546 | System hardening through configuration management | Preventive | |
| Configure the "advertise-addr" argument to organizational standards. CC ID 14544 | System hardening through configuration management | Preventive | |
| Configure the "nftables" to organizational standards. CC ID 15320 | System hardening through configuration management | Preventive | |
| Configure the "iptables" to organizational standards. CC ID 14463 | System hardening through configuration management | Preventive | |
| Configure the "ip6tables" settings to organizational standards. CC ID 15322 | System hardening through configuration management | Preventive | |
| Configure the "insecure registries" to organizational standards. CC ID 14455 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" to organizational standards. CC ID 07602 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" to organizational standards. CC ID 07648 | System hardening through configuration management | Preventive | |
| Configure the "net-host" argument to organizational standards. CC ID 14529 | System hardening through configuration management | Preventive | |
| Configure the "firewalld" to organizational standards. CC ID 15321 | System hardening through configuration management | Preventive | |
| Configure the "network bridge" to organizational standards. CC ID 14501 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Firewall state" to organizational standards. CC ID 07667 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)" to organizational standards. CC ID 07680 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Outbound connections" to organizational standards. CC ID 07695 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." to organizational standards CC ID 07703 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" to organizational standards. CC ID 07733 | System hardening through configuration management | Preventive | |
| Configure the "publish" argument to organizational standards. CC ID 14500 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Inbound connections" to organizational standards. CC ID 07747 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Apply local firewall rules" to organizational standards. CC ID 07777 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" to organizational standards. CC ID 07801 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Firewall state" to organizational standards. CC ID 07803 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Apply local connection security rules" to organizational standards. CC ID 07805 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Apply local firewall rules" to organizational standards. CC ID 07833 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Display a notification" to organizational standards. CC ID 07836 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Outbound connections" to organizational standards. CC ID 07839 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Apply local firewall rules" to organizational standards. CC ID 07850 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Inbound connections" to organizational standards. CC ID 07851 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Outbound connections" to organizational standards. CC ID 07858 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Firewall state" to organizational standards. CC ID 07861 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Display a notification" to organizational standards. CC ID 07868 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Inbound connections" to organizational standards. CC ID 07872 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Allow unicast response" to organizational standards. CC ID 07873 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Allow unicast response" to organizational standards. CC ID 07885 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Apply local connection security rules" to organizational standards. CC ID 07890 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Allow unicast response" to organizational standards. CC ID 07893 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Apply local connection security rules" to organizational standards. CC ID 07896 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Display a notification" to organizational standards. CC ID 07902 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Protect all network connections" to organizational standards. CC ID 08161 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Allow inbound UPnP framework exceptions" to organizational standards. CC ID 08170 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Allow local program exceptions" to organizational standards. CC ID 08173 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Do not allow exceptions" to organizational standards. CC ID 08184 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended)" to organizational standards. CC ID 08208 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" to organizational standards. CC ID 08210 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Allow local port exceptions" to organizational standards. CC ID 08214 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Define inbound port exceptions" to organizational standards. CC ID 08215 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Prohibit unicast response to multicast or broadcast requests" to organizational standards. CC ID 08217 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Prohibit notifications" to organizational standards. CC ID 08249 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Allow inbound file and printer sharing exception" to organizational standards. CC ID 08275 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" to organizational standards. CC ID 08279 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Define inbound program exceptions" to organizational standards. CC ID 08282 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Allow ICMP exceptions" to organizational standards. CC ID 08289 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Allow inbound Remote Desktop exceptions" to organizational standards. CC ID 08295 | System hardening through configuration management | Preventive | |
| Configure the "Allow unencrypted traffic" to organizational standards. CC ID 08383 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Logging: Log successful connections" to organizational standards. CC ID 08466 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Logging: Size limit (KB)" to organizational standards. CC ID 08494 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Logging: Log successful connections" to organizational standards. CC ID 08544 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Logging: Name" to organizational standards. CC ID 08595 | System hardening through configuration management | Preventive | |
| Configure Account settings in accordance with organizational standards. CC ID 07603 | System hardening through configuration management | Preventive | |
| Configure the "Account lockout threshold" to organizational standards. CC ID 07604 | System hardening through configuration management | Preventive | |
| Configure the "Account lockout duration" to organizational standards. CC ID 07771 | System hardening through configuration management | Preventive | |
| Configure the "Reset account lockout counter after" to organizational standards. CC ID 07853 | System hardening through configuration management | Preventive | |
| Configure system integrity settings to organizational standards. CC ID 07605 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" to organizational standards. CC ID 07606 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" to organizational standards. CC ID 07642 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" to organizational standards. CC ID 07681 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" to organizational standards. CC ID 07690 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Only elevate executables that are signed and validated" to organizational standards. CC ID 07723 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Run all administrators in Admin Approval Mode" to organizational standards. CC ID 07726 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Do not require CTRL+ALT+DEL" to organizational standards. CC ID 07775 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" to organizational standards. CC ID 07800 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Detect application installations and prompt for elevation" to organizational standards. CC ID 07815 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" to organizational standards. CC ID 07834 | System hardening through configuration management | Preventive | |
| Configure the "User Account Control: Behavior of the elevation prompt for standard users" to organizational standards. CC ID 07874 | System hardening through configuration management | Preventive | |
| Configure the "Do not process the legacy run list" to organizational standards. CC ID 08167 | System hardening through configuration management | Preventive | |
| Configure the "Configure Automatic Updates" to organizational standards. CC ID 08192 | System hardening through configuration management | Preventive | |
| Configure the "Reschedule Automatic Updates scheduled installations" to organizational standards. CC ID 08195 | System hardening through configuration management | Preventive | |
| Configure the "No auto-restart with logged on users for scheduled automatic updates installations" to organizational standards. CC ID 08216 | System hardening through configuration management | Preventive | |
| Configure the "Specify intranet Microsoft update service location" to organizational standards. CC ID 08224 | System hardening through configuration management | Preventive | |
| Configure the "Devices: Unsigned driver installation behavior" to organizational standards. CC ID 08225 | System hardening through configuration management | Preventive | |
| Configure the "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" to organizational standards. CC ID 08281 | System hardening through configuration management | Preventive | |
| Configure the "Allow unmanaged devices" to organizational standards. CC ID 08391 | System hardening through configuration management | Preventive | |
| Configure the "Allow all trusted apps to install" to organizational standards. CC ID 08392 | System hardening through configuration management | Preventive | |
| Configure the "Turn on script execution" to organizational standards. CC ID 08411 | System hardening through configuration management | Preventive | |
| Configure the "Configure registry policy processing" to organizational standards. CC ID 08426 | System hardening through configuration management | Preventive | |
| Configure the "Specify the search server for device driver updates" to organizational standards. CC ID 08481 | System hardening through configuration management | Preventive | |
| Configure the "Configure Windows SmartScreen" to organizational standards. CC ID 08485 | System hardening through configuration management | Preventive | |
| Configure the "Detect compatibility issues for applications and drivers" to organizational standards. CC ID 08489 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Automatic Download of updates" to organizational standards. CC ID 08498 | System hardening through configuration management | Preventive | |
| Configure the "Allow deployment operations in special profiles" to organizational standards. CC ID 08529 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Data Execution Prevention for Explorer" to organizational standards. CC ID 08531 | System hardening through configuration management | Preventive | |
| Configure the "Specify settings for optional component installation and component repair" to organizational standards. CC ID 08550 | System hardening through configuration management | Preventive | |
| Configure the "Refresh interval" to organizational standards. CC ID 08559 | System hardening through configuration management | Preventive | |
| Configure the "Boot-Start Driver Initialization Policy" to organizational standards. CC ID 08571 | System hardening through configuration management | Preventive | |
| Configure the "Turn off the Store application" to organizational standards. CC ID 08596 | System hardening through configuration management | Preventive | |
| Configure the "Periodic Execution of File Integrity" setting to organizational standards. CC ID 09935 | System hardening through configuration management | Preventive | |
| Prohibit the use of binary code or machine code from sources with limited or no warranty absent the source code. CC ID 10681 | System hardening through configuration management | Preventive | |
| Do not allow processes to execute absent supervision. CC ID 10683 | System hardening through configuration management | Preventive | |
| Configure the "Disk Quota policy processing" setting to organizational standards. CC ID 10884 | System hardening through configuration management | Preventive | |
| Configure the "EFS recovery policy processing" setting to organizational standards. CC ID 10945 | System hardening through configuration management | Preventive | |
| Configure the "Enable disk quotas" setting to organizational standards. CC ID 10947 | System hardening through configuration management | Preventive | |
| Configure the "Folder Redirection policy processing" setting to organizational standards. CC ID 10972 | System hardening through configuration management | Preventive | |
| Configure the "Group Policy refresh interval for computers" setting to organizational standards. CC ID 10980 | System hardening through configuration management | Preventive | |
| Configure the "Group Policy refresh interval for domain controllers" setting to organizational standards. CC ID 10981 | System hardening through configuration management | Preventive | |
| Configure the "Internet Explorer Maintenance policy processing" setting to organizational standards. CC ID 10998 | System hardening through configuration management | Preventive | |
| Configure the "IP Security policy processing" setting to organizational standards. CC ID 10999 | System hardening through configuration management | Preventive | |
| Configure the "Leave Windows Installer and Group Policy Software Installation Data" setting to organizational standards. CC ID 11004 | System hardening through configuration management | Preventive | |
| Configure the "Maximum wait time for Group Policy scripts" setting to organizational standards. CC ID 11042 | System hardening through configuration management | Preventive | |
| Configure the "Scripts policy processing" setting to organizational standards. CC ID 11159 | System hardening through configuration management | Preventive | |
| Configure the "Security policy processing" setting to organizational standards. CC ID 11160 | System hardening through configuration management | Preventive | |
| Configure the "Software Installation policy processing" setting to organizational standards. CC ID 11206 | System hardening through configuration management | Preventive | |
| Configure the "Startup policy processing wait time" setting to organizational standards. CC ID 11229 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Local Group Policy objects processing" setting to organizational standards. CC ID 11286 | System hardening through configuration management | Preventive | |
| Configure the "User Group Policy loopback processing mode" setting to organizational standards. CC ID 11367 | System hardening through configuration management | Preventive | |
| Configure the "Wired policy processing" setting to organizational standards. CC ID 11373 | System hardening through configuration management | Preventive | |
| Configure the "Wireless policy processing" setting to organizational standards. CC ID 11374 | System hardening through configuration management | Preventive | |
| Configure Protocol Configuration settings to organizational standards. CC ID 07607 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds" to organizational standards. CC ID 07608 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network client: Send unencrypted password to third-party SMB servers" to organizational standards. CC ID 07623 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Remotely accessible registry paths and sub-paths" to organizational standards. CC ID 07632 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network server: Digitally sign communications (if client agrees)" to organizational standards. CC ID 07643 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Let Everyone permissions apply to anonymous users" to organizational standards. CC ID 07646 | System hardening through configuration management | Preventive | |
| Configure the "Network security: Allow LocalSystem NULL session fallback" to organizational standards. CC ID 07650 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" to organizational standards. CC ID 07682 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Do not allow storage of passwords and credentials for network authentication" to organizational standards. CC ID 07694 | System hardening through configuration management | Preventive | |
| Configure the "Network security: LAN Manager authentication level" to organizational standards. CC ID 07704 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" to organizational standards. CC ID 07705 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Sharing and security model for local accounts" to organizational standards. CC ID 07712 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to organizational standards. CC ID 07719 | System hardening through configuration management | Preventive | |
| Configure the "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" to organizational standards. CC ID 07721 | System hardening through configuration management | Preventive | |
| Configure the "Domain member: Digitally encrypt secure channel data (when possible)" to organizational standards. CC ID 07728 | System hardening through configuration management | Preventive | |
| Configure the "Network security: Do not store LAN Manager hash value on next password change" to organizational standards. CC ID 07732 | System hardening through configuration management | Preventive | |
| Configure the "Domain member: Require strong (Windows 2000 or later) session key" to organizational standards. CC ID 07741 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Shares that can be accessed anonymously" to organizational standards. CC ID 07748 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Allow anonymous SID/Name translation" to organizational standards. CC ID 07749 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network client: Digitally sign communications (if server agrees)" to organizational standards. CC ID 07750 | System hardening through configuration management | Preventive | |
| Configure the "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" to organizational standards. CC ID 07754 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network client: Digitally sign communications (always)" to organizational standards. CC ID 07759 | System hardening through configuration management | Preventive | |
| Configure the "Network security: LDAP client signing requirements" to organizational standards. CC ID 07760 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" to organizational standards. CC ID 07772 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" to organizational standards. CC ID 07773 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Restrict anonymous access to Named Pipes and Shares" to organizational standards. CC ID 07798 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication" to organizational standards. CC ID 07837 | System hardening through configuration management | Preventive | |
| Configure the "Domain controller: LDAP server signing requirements" to organizational standards. CC ID 07857 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Remotely accessible registry paths" to organizational standards. CC ID 07863 | System hardening through configuration management | Preventive | |
| Configure the "Set client connection encryption level" to organizational standards. CC ID 07881 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Allow inbound remote administration exception" to organizational standards. CC ID 08182 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" to organizational standards. CC ID 08198 | System hardening through configuration management | Preventive | |
| Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" to organizational standards CC ID 08200 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Internet download for Web publishing and online ordering wizards" to organizational standards. CC ID 08259 | System hardening through configuration management | Preventive | |
| Configure the "Maximum tolerance for computer clock synchronization" to organizational standards. CC ID 08260 | System hardening through configuration management | Preventive | |
| Configure the "Maximum lifetime for user ticket" to organizational standards. CC ID 08299 | System hardening through configuration management | Preventive | |
| Configure the "Maximum lifetime for service ticket" to organizational standards. CC ID 08301 | System hardening through configuration management | Preventive | |
| Configure the "Set IP Stateless Autoconfiguration Limits State" to organizational standards. CC ID 08348 | System hardening through configuration management | Preventive | |
| Configure the "Prohibit connection to non-domain networks when connected to domain authenticated network" to organizational standards. CC ID 08420 | System hardening through configuration management | Preventive | |
| Configure the "Restrict Unauthenticated RPC clients" to organizational standards. CC ID 08437 | System hardening through configuration management | Preventive | |
| Configure the "Enable RPC Endpoint Mapper Client Authentication" to organizational standards. CC ID 08526 | System hardening through configuration management | Preventive | |
| Configure the "Minimize the number of simultaneous connections to the Internet or a Windows Domain" to organizational standards. CC ID 08603 | System hardening through configuration management | Preventive | |
| Configure Logging settings in accordance with organizational standards. CC ID 07611 | System hardening through configuration management | Preventive | |
| Configure "CloudTrail" to organizational standards. CC ID 15443 | System hardening through configuration management | Preventive | |
| Configure "CloudTrail log file validation" to organizational standards. CC ID 15437 | System hardening through configuration management | Preventive | |
| Configure "VPC flow logging" to organizational standards. CC ID 15436 | System hardening through configuration management | Preventive | |
| Configure "object-level logging" to organizational standards. CC ID 15433 | System hardening through configuration management | Preventive | |
| Configure "Turn on PowerShell Transcription" to organizational standards. CC ID 15415 | System hardening through configuration management | Preventive | |
| Configure "Turn on PowerShell Script Block Logging" to organizational standards. CC ID 15413 | System hardening through configuration management | Preventive | |
| Configure "Audit PNP Activity" to organizational standards. CC ID 15393 | System hardening through configuration management | Preventive | |
| Configure "Include command line in process creation events" to organizational standards. CC ID 15358 | System hardening through configuration management | Preventive | |
| Configure "Audit Group Membership" to organizational standards. CC ID 15341 | System hardening through configuration management | Preventive | |
| Configure the "audit_backlog_limit" setting to organizational standards. CC ID 15324 | System hardening through configuration management | Preventive | |
| Configure the "/etc/docker/daemon.json" files and directories auditing to organizational standards. CC ID 14467 | System hardening through configuration management | Detective | |
| Configure the "systemd-journald" to organizational standards. CC ID 15326 | System hardening through configuration management | Preventive | |
| Configure the "/etc/docker" files and directories auditing to organizational standards. CC ID 14459 | System hardening through configuration management | Detective | |
| Configure the "docker.socket" files and directories auditing to organizational standards. CC ID 14458 | System hardening through configuration management | Detective | |
| Configure the "docker.service" files and directories auditing to organizational standards. CC ID 14454 | System hardening through configuration management | Detective | |
| Configure the "/var/lib/docker" files and directories auditing to organizational standards. CC ID 14453 | System hardening through configuration management | Detective | |
| Configure the "/usr/sbin/runc" files and directories auditing to organizational standards. CC ID 14452 | System hardening through configuration management | Detective | |
| Configure the "/usr/bin/containerd" files and directories auditing to organizational standards. CC ID 14451 | System hardening through configuration management | Detective | |
| Configure the "/etc/default/docker" files and directories auditing to organizational standards. CC ID 14450 | System hardening through configuration management | Detective | |
| Configure the "/etc/sysconfig/docker" files and directories auditing to organizational standards. CC ID 14449 | System hardening through configuration management | Detective | |
| Configure the "Audit Policy: Object Access: SAM" to organizational standards. CC ID 07612 | System hardening through configuration management | Preventive | |
| Configure the storage parameters for all logs. CC ID 06330 | System hardening through configuration management | Preventive | |
| Configure sufficient log storage capacity and prevent the capacity from being exceeded. CC ID 01425 | System hardening through configuration management | Preventive | |
| Configure the log retention method. CC ID 01715 | System hardening through configuration management | Preventive | |
| Configure the log retention size. CC ID 01716 | System hardening through configuration management | Preventive | |
| Configure syslogd to send logs to a Remote LogHost. CC ID 01526 | System hardening through configuration management | Preventive | |
| Configure the security parameters for all logs. CC ID 01712 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Management: User Account Management" to organizational standards. CC ID 07613 | System hardening through configuration management | Preventive | |
| Configure the log so that it cannot be disabled. CC ID 00595 | System hardening through configuration management | Preventive | |
| Configure the event log size capacity limits for the application log, the security log, and the system log. CC ID 01713 | System hardening through configuration management | Preventive | |
| Configure the application log, the security log, and the system log to restrict guest access. CC ID 01714 | System hardening through configuration management | Preventive | |
| Configure the "mss: (warninglevel) percentage threshold for the security event log at which the system will generate a warning" setting. CC ID 04275 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: System: System Integrity" to organizational standards. CC ID 07652 | System hardening through configuration management | Preventive | |
| Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 | System hardening through configuration management | Preventive | |
| Configure the log to capture the user's identification. CC ID 01334 | System hardening through configuration management | Preventive | |
| Configure the log to capture a date and time stamp. CC ID 01336 | System hardening through configuration management | Preventive | |
| Configure the log to uniquely identify each asset. CC ID 01339 | System hardening through configuration management | Preventive | |
| Configure the log to capture remote access information. CC ID 05596 | System hardening through configuration management | Detective | |
| Configure the log to capture the type of each event. CC ID 06423 | System hardening through configuration management | Preventive | |
| Configure the log to capture each event's success or failure indication. CC ID 06424 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: File Share" to organizational standards. CC ID 07655 | System hardening through configuration management | Preventive | |
| Configure all logs to capture auditable events or actionable events. CC ID 06332 | System hardening through configuration management | Preventive | |
| Configure the log to capture account lockouts. CC ID 16470 | System hardening through configuration management | Preventive | |
| Configure the log to capture execution events. CC ID 16469 | System hardening through configuration management | Preventive | |
| Configure the log to capture AWS Organizations changes. CC ID 15445 | System hardening through configuration management | Preventive | |
| Configure the log to capture Identity and Access Management policy changes. CC ID 15442 | System hardening through configuration management | Preventive | |
| Configure the log to capture management console sign-in without multi-factor authentication. CC ID 15441 | System hardening through configuration management | Preventive | |
| Configure the log to capture route table changes. CC ID 15439 | System hardening through configuration management | Preventive | |
| Configure the log to capture virtual private cloud changes. CC ID 15435 | System hardening through configuration management | Preventive | |
| Configure the log to capture changes to encryption keys. CC ID 15432 | System hardening through configuration management | Preventive | |
| Configure the log to capture unauthorized API calls. CC ID 15429 | System hardening through configuration management | Preventive | |
| Configure the log to capture changes to network gateways. CC ID 15421 | System hardening through configuration management | Preventive | |
| Configure the log to capture all spoofed addresses. CC ID 01313 | System hardening through configuration management | Preventive | |
| Configure the "logging level" to organizational standards. CC ID 14456 | System hardening through configuration management | Detective | |
| Configure inetd tracing. CC ID 01523 | System hardening through configuration management | Preventive | |
| Configure the system to capture messages sent to the syslog AUTH facility. CC ID 01525 | System hardening through configuration management | Preventive | |
| Configure Cron logging. CC ID 01528 | System hardening through configuration management | Preventive | |
| Configure the kernel level auditing setting. CC ID 01530 | System hardening through configuration management | Preventive | |
| Configure the "audit successful file system mounts" setting to organizational standards. CC ID 09923 | System hardening through configuration management | Preventive | |
| Configure system accounting/system events. CC ID 01529 | System hardening through configuration management | Preventive | |
| Configure the privilege use auditing setting. CC ID 01699 | System hardening through configuration management | Preventive | |
| Configure the log to record the Denial of Access that results from an excessive number of unsuccessful logon attempts. CC ID 01919 | System hardening through configuration management | Preventive | |
| Configure the Audit Process Tracking setting. CC ID 01700 | System hardening through configuration management | Preventive | |
| Configure the EEPROM security-mode accesses and EEPROM log-failed accesses. CC ID 01575 | System hardening through configuration management | Preventive | |
| Configure the log to capture user identifier, address, port blocking or blacklisting. CC ID 01918 | System hardening through configuration management | Preventive | |
| Enable directory service access events, as appropriate. CC ID 05616 | System hardening through configuration management | Preventive | |
| Configure the log to capture failed transactions. CC ID 06334 | System hardening through configuration management | Preventive | |
| Configure the log to capture successful transactions. CC ID 06335 | System hardening through configuration management | Preventive | |
| Audit non attributable events (na class). CC ID 05604 | System hardening through configuration management | Preventive | |
| Configure the log to capture configuration changes. CC ID 06881 | System hardening through configuration management | Preventive | |
| Log, monitor, and review all changes to time settings on critical systems. CC ID 11608 | System hardening through configuration management | Preventive | |
| Configure the log to capture all changes to certificates. CC ID 05595 | System hardening through configuration management | Preventive | |
| Configure the "inetd logging" setting to organizational standards. CC ID 08970 | System hardening through configuration management | Preventive | |
| Configure the "audit sudoers" setting to organizational standards. CC ID 09950 | System hardening through configuration management | Preventive | |
| Configure the event log settings for specific Operating System functions. CC ID 06337 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Registry" to organizational standards. CC ID 07658 | System hardening through configuration management | Preventive | |
| Configure the "Audit: Audit the use of Backup and Restore privilege" setting. CC ID 01724 | System hardening through configuration management | Preventive | |
| Configure the "Audit: Shut down the system immediately if unable to log security audits" setting. CC ID 01725 | System hardening through configuration management | Preventive | |
| Configure "Audit account management" to organizational standards. CC ID 02039 | System hardening through configuration management | Preventive | |
| Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later)" setting. CC ID 04387 | System hardening through configuration management | Preventive | |
| Configure console logging. CC ID 04454 | System hardening through configuration management | Preventive | |
| Configure boot error logging. CC ID 04455 | System hardening through configuration management | Preventive | |
| Disable the "Audit password" setting in NetWare. CC ID 04456 | System hardening through configuration management | Preventive | |
| Configure the "Disable Logging" setting. CC ID 05590 | System hardening through configuration management | Preventive | |
| Enable BIN mode auditing. CC ID 05591 | System hardening through configuration management | Preventive | |
| Enable or disable the BSM auditing setting, as appropriate. CC ID 05592 | System hardening through configuration management | Preventive | |
| Set the X server audit level appropriately. CC ID 05600 | System hardening through configuration management | Preventive | |
| Configure the "Turn on session logging" properly. CC ID 05618 | System hardening through configuration management | Preventive | |
| Configure Sendmail with the appropriate logging levels. CC ID 06028 | System hardening through configuration management | Preventive | |
| Enable or disable auditing in the runcontrol scripts, as appropriate. CC ID 06029 | System hardening through configuration management | Preventive | |
| Enable or disable auditing for user accounts, as appropriate. CC ID 06030 | System hardening through configuration management | Preventive | |
| Enable or disable auditing at boot time, as appropriate. CC ID 06031 | System hardening through configuration management | Preventive | |
| Enable or disable the auditing of chgrp usage, as appropriate. CC ID 06033 | System hardening through configuration management | Preventive | |
| Enable or disable the auditing of mkgroup usage, as appropriate. CC ID 06034 | System hardening through configuration management | Preventive | |
| Enable or disable the auditing of rmgroup usage, as appropriate. CC ID 06035 | System hardening through configuration management | Preventive | |
| Enable or disable the auditing of the exit function, as appropriate. CC ID 06036 | System hardening through configuration management | Preventive | |
| Generate an alert when an audit log failure occurs. CC ID 06737 | System hardening through configuration management | Preventive | |
| Configure additional log settings. CC ID 06333 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Logoff" to organizational standards. CC ID 07662 | System hardening through configuration management | Preventive | |
| Configure additional logging for the FTP daemon. CC ID 01524 | System hardening through configuration management | Preventive | |
| Configure additional log file parameters appropriately. CC ID 06338 | System hardening through configuration management | Preventive | |
| Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" to organizational standards. CC ID 07664 | System hardening through configuration management | Preventive | |
| Create the /var/adm/loginlog file. CC ID 01527 | System hardening through configuration management | Preventive | |
| Verify the audit config file contains only accounts that should be present. CC ID 05594 | System hardening through configuration management | Preventive | |
| Specify the PRI audit file properly. CC ID 05597 | System hardening through configuration management | Preventive | |
| Specify the SEC audit file properly. CC ID 05598 | System hardening through configuration management | Preventive | |
| Verify the user audit file contains the appropriate never-audit flags. CC ID 05605 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: File System" to organizational standards. CC ID 07666 | System hardening through configuration management | Preventive | |
| Configure the "Background upload of a roaming user profile's registry file while user is logged on" setting to organizational standards. CC ID 10761 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Logon" to organizational standards. CC ID 07669 | System hardening through configuration management | Preventive | |
| Configure the "Backup log automatically when full" setting for the "setup log" to organizational standards. CC ID 10762 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Logon: Kerberos Authentication Service" to organizational standards. CC ID 07679 | System hardening through configuration management | Preventive | |
| Configure the "Applications preference logging and tracing" setting to organizational standards. CC ID 10774 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Extended Mode" to organizational standards. CC ID 07683 | System hardening through configuration management | Preventive | |
| Configure the "Data Sources preference logging and tracing" setting to organizational standards. CC ID 10779 | System hardening through configuration management | Preventive | |
| Configure the "Devices preference logging and tracing" setting to organizational standards. CC ID 10782 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Handle Manipulation" to organizational standards. CC ID 07684 | System hardening through configuration management | Preventive | |
| Configure the "Drive Maps preference logging and tracing" setting to organizational standards. CC ID 10783 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Detailed File Share" to organizational standards. CC ID 07687 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Network Policy Server" to organizational standards. CC ID 07701 | System hardening through configuration management | Preventive | |
| Configure the "Environment preference logging and tracing" setting to organizational standards. CC ID 10784 | System hardening through configuration management | Preventive | |
| Configure the "Files preference logging and tracing" setting to organizational standards. CC ID 10785 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Detailed Tracking: Process Creation" to organizational standards. CC ID 07707 | System hardening through configuration management | Preventive | |
| Configure the "Folder Options preference logging and tracing" setting to organizational standards. CC ID 10786 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: System: IPsec Driver" to organizational standards. CC ID 07708 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Account Lockout" to organizational standards. CC ID 07713 | System hardening through configuration management | Preventive | |
| Configure the "Folders preference logging and tracing" setting to organizational standards. CC ID 10787 | System hardening through configuration management | Preventive | |
| Configure the "Ini Files preference logging and tracing" setting to organizational standards. CC ID 10788 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Kernel Object" to organizational standards. CC ID 07720 | System hardening through configuration management | Preventive | |
| Configure the "Internet Settings preference logging and tracing" setting to organizational standards. CC ID 10789 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Other Object Access Events" to organizational standards. CC ID 07724 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: DS Access: Directory Service Replication" to organizational standards. CC ID 07734 | System hardening through configuration management | Preventive | |
| Configure the "Local Users and Groups preference logging and tracing" setting to organizational standards. CC ID 10793 | System hardening through configuration management | Preventive | |
| Configure the "Regional Options preference logging and tracing" setting to organizational standards. CC ID 10802 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Policy Change: Audit Policy Change" to organizational standards. CC ID 07735 | System hardening through configuration management | Preventive | |
| Configure the "Registry preference logging and tracing" setting to organizational standards. CC ID 10803 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: DS Access: Directory Service Changes" to organizational standards. CC ID 07736 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Certification Services" to organizational standards. CC ID 07742 | System hardening through configuration management | Preventive | |
| Configure the "Scheduled Tasks preference logging and tracing" setting to organizational standards. CC ID 10815 | System hardening through configuration management | Preventive | |
| Configure the "Maximum Log Size (KB)" to organizational standards. CC ID 07744 | System hardening through configuration management | Preventive | |
| Configure the "Services preference logging and tracing" setting to organizational standards. CC ID 10818 | System hardening through configuration management | Preventive | |
| Configure the "Shortcuts preference logging and tracing" setting to organizational standards. CC ID 10819 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Detailed Tracking: DPAPI Activity" to organizational standards. CC ID 07746 | System hardening through configuration management | Preventive | |
| Configure the "Start Menu preference logging and tracing" setting to organizational standards. CC ID 10821 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Management: Other Account Management Events" to organizational standards. CC ID 07751 | System hardening through configuration management | Preventive | |
| Configure the "Delete data from devices running Microsoft firmware when a user logs off from the computer." setting to organizational standards. CC ID 10846 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Management: Computer Account Management" to organizational standards. CC ID 07752 | System hardening through configuration management | Preventive | |
| Configure the "Disable logging via package settings" setting to organizational standards. CC ID 10864 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Privilege Use: Non Sensitive Privilege Use" to organizational standards. CC ID 07756 | System hardening through configuration management | Preventive | |
| Configure the "Do not forcefully unload the users registry at user logoff" setting to organizational standards. CC ID 10930 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Application Generated" to organizational standards. CC ID 07757 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: DS Access: Detailed Directory Service Replication" to organizational standards. CC ID 07764 | System hardening through configuration management | Preventive | |
| Configure the "Do not log users on with temporary profiles" setting to organizational standards. CC ID 10931 | System hardening through configuration management | Preventive | |
| Configure the "Log Access" setting for the "application log" to organizational standards. CC ID 11026 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Privilege Use: Other Privilege Use Events" to organizational standards. CC ID 07776 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Logon: Kerberos Service Ticket Operations" to organizational standards. CC ID 07786 | System hardening through configuration management | Preventive | |
| Configure the "Log Access" setting for the "setup log" to organizational standards. CC ID 11027 | System hardening through configuration management | Preventive | |
| Configure the "Log Access" setting for the "system log" to organizational standards. CC ID 11028 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: DS Access: Directory Service Access" to organizational standards. CC ID 07790 | System hardening through configuration management | Preventive | |
| Configure the "Log directory pruning retry events" setting to organizational standards. CC ID 11029 | System hardening through configuration management | Preventive | |
| Configure the "Retain old events" to organizational standards. CC ID 07791 | System hardening through configuration management | Preventive | |
| Configure the "Audit: Audit the use of Backup and Restore privilege" to organizational standards. CC ID 07792 | System hardening through configuration management | Preventive | |
| Configure the "Log event when quota limit exceeded" setting to organizational standards. CC ID 11030 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change" to organizational standards. CC ID 07793 | System hardening through configuration management | Preventive | |
| Configure the "Log File Path" setting for the "application log" to organizational standards. CC ID 11033 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Policy Change: Other Policy Change Events" to organizational standards. CC ID 07810 | System hardening through configuration management | Preventive | |
| Configure the "Log File Path" setting for the "setup log" to organizational standards. CC ID 11034 | System hardening through configuration management | Preventive | |
| Configure the "Log File Path" setting for the "system log" to organizational standards. CC ID 11035 | System hardening through configuration management | Preventive | |
| Configure the "Audit: Shut down system immediately if unable to log security audits" to organizational standards. CC ID 07812 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: System: Other System Events" to organizational standards. CC ID 07817 | System hardening through configuration management | Preventive | |
| Configure the "Logging" setting to organizational standards. CC ID 11036 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Management: Application Group Management" to organizational standards. CC ID 07819 | System hardening through configuration management | Preventive | |
| Configure the "Remove "Disconnect" option from Shut Down dialog" setting to organizational standards. CC ID 11126 | System hardening through configuration management | Preventive | |
| Configure the "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" to organizational standards. CC ID 07820 | System hardening through configuration management | Preventive | |
| Configure the "Remove browse dialog box for new source" setting to organizational standards. CC ID 11127 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Logon: Other Account Logon Events" to organizational standards. CC ID 07825 | System hardening through configuration management | Preventive | |
| Configure the "Restricts the UI language Windows uses for all logged users" setting to organizational standards. CC ID 11147 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Management: Distribution Group Management" to organizational standards. CC ID 07828 | System hardening through configuration management | Preventive | |
| Configure the "Set roaming profile path for all users logging onto this computer" setting to organizational standards. CC ID 11182 | System hardening through configuration management | Preventive | |
| Configure the "Audit: Audit the access of global system objects" to organizational standards. CC ID 07831 | System hardening through configuration management | Preventive | |
| Configure the "Set the Time interval in minutes for logging accounting data" setting to organizational standards. CC ID 11193 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Special Logon" to organizational standards. CC ID 07835 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Resultant Set of Policy logging" setting to organizational standards. CC ID 11307 | System hardening through configuration management | Preventive | |
| Configure the "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" setting to organizational standards. CC ID 11343 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Detailed Tracking: RPC Events" to organizational standards. CC ID 07840 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Policy Change: Authentication Policy Change" to organizational standards. CC ID 07846 | System hardening through configuration management | Preventive | |
| Configure the "Turn on extensive logging for Password Synchronization" setting to organizational standards. CC ID 11344 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Detailed Tracking: Process Termination" to organizational standards. CC ID 07849 | System hardening through configuration management | Preventive | |
| Configure the "Turn on logging" setting to organizational standards. CC ID 11345 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Quick Mode" to organizational standards. CC ID 07852 | System hardening through configuration management | Preventive | |
| Configure the "Turn on session logging" setting to organizational standards. CC ID 11350 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Filtering Platform Packet Drop" to organizational standards. CC ID 07856 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Filtering Platform Connection" to organizational standards. CC ID 07864 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Policy Change: Authorization Policy Change" to organizational standards. CC ID 07875 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Management: Security Group Management" to organizational standards. CC ID 07880 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Privilege Use: Sensitive Privilege Use" to organizational standards. CC ID 07887 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Main Mode" to organizational standards. CC ID 07888 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Account Logon: Credential Validation" to organizational standards. CC ID 07892 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Policy Change: Filtering Platform Policy Change" to organizational standards. CC ID 07895 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Logon-Logoff: Other Logon/Logoff Events" to organizational standards. CC ID 07899 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: System: Security State Change" to organizational standards. CC ID 07903 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: System: Security System Extension" to organizational standards. CC ID 07904 | System hardening through configuration management | Preventive | |
| Configure the "Audit account logon events" to organizational standards. CC ID 08188 | System hardening through configuration management | Preventive | |
| Configure the "Retention method for security log" to organizational standards. CC ID 08197 | System hardening through configuration management | Preventive | |
| Configure the "Retention method for system log" to organizational standards. CC ID 08211 | System hardening through configuration management | Preventive | |
| Configure the "Audit logon events" to organizational standards. CC ID 08221 | System hardening through configuration management | Preventive | |
| Configure the "Retention method for application log" to organizational standards. CC ID 08226 | System hardening through configuration management | Preventive | |
| Configure the "Retain security log" to organizational standards. CC ID 08241 | System hardening through configuration management | Preventive | |
| Configure the "Audit system events" to organizational standards. CC ID 08244 | System hardening through configuration management | Preventive | |
| Configure the "Retain application log" to organizational standards. CC ID 08246 | System hardening through configuration management | Preventive | |
| Configure the "Prevent local guests group from accessing application log" to organizational standards. CC ID 08248 | System hardening through configuration management | Preventive | |
| Configure the "Maximum security log size" to organizational standards. CC ID 08251 | System hardening through configuration management | Preventive | |
| Configure the "Retain system log" to organizational standards. CC ID 08258 | System hardening through configuration management | Preventive | |
| Configure the "Audit privilege use" to organizational standards. CC ID 08266 | System hardening through configuration management | Preventive | |
| Configure the "Audit policy change" to organizational standards. CC ID 08272 | System hardening through configuration management | Preventive | |
| Configure the "Audit object access" to organizational standards. CC ID 08278 | System hardening through configuration management | Preventive | |
| Configure the "Audit process tracking" to organizational standards. CC ID 08283 | System hardening through configuration management | Preventive | |
| Configure the "Maximum system log size" to organizational standards. CC ID 08286 | System hardening through configuration management | Preventive | |
| Configure the "Maximum application log size" to organizational standards. CC ID 08296 | System hardening through configuration management | Preventive | |
| Configure the "Prevent local guests group from accessing security log" to organizational standards. CC ID 08297 | System hardening through configuration management | Preventive | |
| Configure the "Audit directory service access" to organizational standards. CC ID 08304 | System hardening through configuration management | Preventive | |
| Configure the "Audit account management" to organizational standards. CC ID 08316 | System hardening through configuration management | Preventive | |
| Configure the "Prevent local guests group from accessing system log" to organizational standards. CC ID 08336 | System hardening through configuration management | Preventive | |
| Configure the "Specify the maximum log file size (KB)" to organizational standards. CC ID 08352 | System hardening through configuration management | Preventive | |
| Configure the "Message tracking logging - Mailbox" to organizational standards. CC ID 08360 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Connectivity logging" to organizational standards. CC ID 08398 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Logging: Size limit (KB)" to organizational standards. CC ID 08405 | System hardening through configuration management | Preventive | |
| Configure the "Control Event Log behavior when the log file reaches its maximum size" to organizational standards. CC ID 08444 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Logging: Log dropped packets" to organizational standards. CC ID 08445 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Logging: Log dropped packets" to organizational standards. CC ID 08454 | System hardening through configuration management | Preventive | |
| Configure the "Configure Protocol logging" to organizational standards. CC ID 08463 | System hardening through configuration management | Preventive | |
| Configure the "Message tracking logging - Transport" to organizational standards. CC ID 08477 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Logging: Log dropped packets" to organizational standards. CC ID 08501 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Removable Storage" to organizational standards. CC ID 08504 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Domain: Logging: Name" to organizational standards. CC ID 08543 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Logging: Log successful connections" to organizational standards. CC ID 08545 | System hardening through configuration management | Preventive | |
| Configure the "Audit Policy: Object Access: Central Access Policy Staging" to organizational standards. CC ID 08558 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Public: Logging: Name" to organizational standards. CC ID 08565 | System hardening through configuration management | Preventive | |
| Configure the "Windows Firewall: Private: Logging: Size limit (KB)" to organizational standards. CC ID 08606 | System hardening through configuration management | Preventive | |
| Configure the "audit change user functions" setting to organizational standards. CC ID 08982 | System hardening through configuration management | Preventive | |
| Configure the "audit the use of chmod command" setting to organizational standards. CC ID 08983 | System hardening through configuration management | Preventive | |
| Configure the "audit the chown command" setting to organizational standards. CC ID 08984 | System hardening through configuration management | Preventive | |
| Configure the "Collect Session Initiation Information" setting to organizational standards. CC ID 09948 | System hardening through configuration management | Preventive | |
| Configure the "Collect Discretionary Access Control Permission Modification Events" setting to organizational standards. CC ID 09949 | System hardening through configuration management | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Fault Tolerant Heap" to organizational standards. CC ID 10808 | System hardening through configuration management | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Boot Performance Diagnostics" to organizational standards. CC ID 10809 | System hardening through configuration management | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Memory Leak Diagnosis" to organizational standards. CC ID 10810 | System hardening through configuration management | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Resource Exhaustion Detection and Resolution" to organizational standards. CC ID 10811 | System hardening through configuration management | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Shutdown Performance Diagnostics" to organizational standards. CC ID 10812 | System hardening through configuration management | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Standby/Resume Performance Diagnostics" to organizational standards. CC ID 10813 | System hardening through configuration management | Preventive | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows System Responsiveness Diagnostics" to organizational standards. CC ID 10814 | System hardening through configuration management | Preventive | |
| Configure the "Default quota limit and warning level" setting to organizational standards. CC ID 10840 | System hardening through configuration management | Preventive | |
| Configure the "Detect application failures caused by deprecated COM objects" setting to organizational standards. CC ID 10851 | System hardening through configuration management | Preventive | |
| Configure the "Detect application failures caused by deprecated Windows DLLs" setting to organizational standards. CC ID 10852 | System hardening through configuration management | Preventive | |
| Configure the "Detect application install failures" setting to organizational standards. CC ID 10853 | System hardening through configuration management | Preventive | |
| Configure the "Detect application installers that need to be run as administrator" setting to organizational standards. CC ID 10854 | System hardening through configuration management | Preventive | |
| Configure the "Detect applications unable to launch installers under UAC" setting to organizational standards. CC ID 10855 | System hardening through configuration management | Preventive | |
| Configure the "Diagnostics: Configure scenario execution level" setting to organizational standards. CC ID 10856 | System hardening through configuration management | Preventive | |
| Configure the "Disk Diagnostic: Configure execution level" setting to organizational standards. CC ID 10883 | System hardening through configuration management | Preventive | |
| Configure the "Log event when quota warning level exceeded" setting to organizational standards. CC ID 11031 | System hardening through configuration management | Preventive | |
| Configure the "Log File Debug Output Level" setting to organizational standards. CC ID 11032 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Support Diagnostic Tool: Configure execution level" setting to organizational standards. CC ID 11043 | System hardening through configuration management | Preventive | |
| Configure the "Primary DNS Suffix Devolution Level" setting to organizational standards. CC ID 11096 | System hardening through configuration management | Preventive | |
| Configure the "Require user authentication for remote connections by using Network Level Authentication" setting to organizational standards. CC ID 11138 | System hardening through configuration management | Preventive | |
| Configure the "Specify channel binding token hardening level" setting to organizational standards. CC ID 11209 | System hardening through configuration management | Preventive | |
| Configure the "Update Security Level" setting to organizational standards. CC ID 11357 | System hardening through configuration management | Preventive | |
| Configure the "Update Top Level Domain Zones" setting to organizational standards. CC ID 11358 | System hardening through configuration management | Preventive | |
| Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621 | System hardening through configuration management | Preventive | |
| Configure Kerberos pre-authentication to organizational standards. CC ID 16480 | System hardening through configuration management | Preventive | |
| Configure time-based user access restrictions in accordance with organizational standards. CC ID 16436 | System hardening through configuration management | Preventive | |
| Configure "MFA Delete" to organizational standards. CC ID 15430 | System hardening through configuration management | Preventive | |
| Configure Identity and Access Management policies to organizational standards. CC ID 15422 | System hardening through configuration management | Preventive | |
| Configure the Identity and Access Management Access analyzer to organizational standards. CC ID 15420 | System hardening through configuration management | Preventive | |
| Configure "Support device authentication using certificate" to organizational standards. CC ID 15410 | System hardening through configuration management | Preventive | |
| Install LAPS AdmPwd GPO Extension, as necessary. CC ID 15409 | System hardening through configuration management | Preventive | |
| Configure "Require pin for pairing" to organizational standards. CC ID 15395 | System hardening through configuration management | Preventive | |
| Configure "Do not allow password expiration time longer than required by policy" to organizational standards. CC ID 15390 | System hardening through configuration management | Preventive | |
| Configure "Enable Local Admin Password Management" to organizational standards. CC ID 15387 | System hardening through configuration management | Preventive | |
| Configure "Allow Microsoft accounts to be optional" to organizational standards. CC ID 15368 | System hardening through configuration management | Preventive | |
| Configure "Turn off picture password sign-in" to organizational standards. CC ID 15347 | System hardening through configuration management | Preventive | |
| Configure "Enable insecure guest logons" to organizational standards. CC ID 15344 | System hardening through configuration management | Preventive | |
| Configure the "cert-expiry" argument to organizational standards. CC ID 14541 | System hardening through configuration management | Preventive | |
| Configure "client certificate authentication" to organizational standards. CC ID 14608 | System hardening through configuration management | Preventive | |
| Configure the "client certificate bundles" to organizational standards. CC ID 14518 | System hardening through configuration management | Preventive | |
| Configure the "external-server-cert" argument to organizational standards. CC ID 14522 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Restrict NTLM: Incoming NTLM traffic" to organizational standards. CC ID 07622 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" to organizational standards. CC ID 07638 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Require Domain Controller authentication to unlock workstation" to organizational standards. CC ID 07639 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" to organizational standards. CC ID 07663 | System hardening through configuration management | Preventive | |
| Configure the "Maximum password age" to organizational standards. CC ID 07688 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Restrict NTLM: Add server exceptions in this domain" to organizational standards. CC ID 07693 | System hardening through configuration management | Preventive | |
| Configure "Accounts: Limit local account use of blank passwords to console logon only" to organizational standards. CC ID 07697 | System hardening through configuration management | Preventive | |
| Configure the "Minimum password length" to organizational standards. CC ID 07711 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network server: Server SPN target name validation level" to organizational standards. CC ID 07714 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" to organizational standards. CC ID 07730 | System hardening through configuration management | Preventive | |
| Configure the "Domain member: Maximum machine account password age" to organizational standards. CC ID 07737 | System hardening through configuration management | Preventive | |
| Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 | System hardening through configuration management | Preventive | |
| Configure the "Service Account Tokens" to organizational standards. CC ID 14646 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Require smart card" to organizational standards. CC ID 07753 | System hardening through configuration management | Preventive | |
| Configure the "System cryptography: Force strong key protection for user keys stored on the computer" to organizational standards. CC ID 07763 | System hardening through configuration management | Preventive | |
| Configure the "rotate" argument to organizational standards. CC ID 14548 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" to organizational standards. CC ID 07769 | System hardening through configuration management | Preventive | |
| Configure the "Domain controller: Refuse machine account password changes" to organizational standards. CC ID 07827 | System hardening through configuration management | Preventive | |
| Configure the "Store passwords using reversible encryption" to organizational standards. CC ID 07829 | System hardening through configuration management | Preventive | |
| Configure the "Network security: Allow Local System to use computer identity for NTLM" to organizational standards. CC ID 07830 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Prompt user to change password before expiration" to organizational standards. CC ID 07844 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Restrict NTLM: NTLM authentication in this domain" to organizational standards. CC ID 07859 | System hardening through configuration management | Preventive | |
| Configure the "Enforce password history" to organizational standards. CC ID 07877 | System hardening through configuration management | Preventive | |
| Configure the "Domain member: Disable machine account password changes" to organizational standards. CC ID 07883 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Smart card removal behavior" to organizational standards. CC ID 07884 | System hardening through configuration management | Preventive | |
| Configure the "Logon options" to organizational standards. CC ID 07917 | System hardening through configuration management | Preventive | |
| Configure the "Prevent ignoring certificate errors" to organizational standards. CC ID 07924 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Encryption Support" to organizational standards. CC ID 08028 | System hardening through configuration management | Preventive | |
| Configure the "Disable changing certificate settings" to organizational standards. CC ID 08042 | System hardening through configuration management | Preventive | |
| Configure the "Check for server certificate revocation" to organizational standards. CC ID 08120 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow passwords to be saved" to organizational standards. CC ID 08178 | System hardening through configuration management | Preventive | |
| Configure the "RPC Endpoint Mapper Client Authentication" to organizational standards. CC ID 08202 | System hardening through configuration management | Preventive | |
| Configure the "Restrictions for Unauthenticated RPC clients" to organizational standards. CC ID 08240 | System hardening through configuration management | Preventive | |
| Configure the "Maximum lifetime for user ticket renewal" to organizational standards. CC ID 08257 | System hardening through configuration management | Preventive | |
| Configure the "System objects: Default owner for objects created by members of the Administrators group" to organizational standards. CC ID 08269 | System hardening through configuration management | Preventive | |
| Configure the "Enforce user logon restrictions" to organizational standards. CC ID 08274 | System hardening through configuration management | Preventive | |
| Configure the "Require a Password When a Computer Wakes (Plugged In)" to organizational standards. CC ID 08404 | System hardening through configuration management | Preventive | |
| Configure the "Configure login authentication for POP3" to organizational standards. CC ID 08413 | System hardening through configuration management | Preventive | |
| Configure the "Turn on PIN sign-in" to organizational standards. CC ID 08415 | System hardening through configuration management | Preventive | |
| Configure the "Interactive logon: Machine account lockout threshold" to organizational standards. CC ID 08419 | System hardening through configuration management | Preventive | |
| Configure the "Allow the use of biometrics" to organizational standards. CC ID 08435 | System hardening through configuration management | Preventive | |
| Configure the "Configure login authentication for IMAP4" to organizational standards. CC ID 08443 | System hardening through configuration management | Preventive | |
| Configure the "Allow simple passwords" to organizational standards. CC ID 08476 | System hardening through configuration management | Preventive | |
| Configure the "Require a Password When a Computer Wakes (On Battery)" to organizational standards. CC ID 08487 | System hardening through configuration management | Preventive | |
| Configure the "Require password" to organizational standards. CC ID 08511 | System hardening through configuration management | Preventive | |
| Configure the "Time without user input before password must be re-entered" to organizational standards. CC ID 08518 | System hardening through configuration management | Preventive | |
| Configure the "Allow basic authentication" to organizational standards. CC ID 08522 | System hardening through configuration management | Preventive | |
| Configure the "External send connector authentication: Domain Security" to organizational standards. CC ID 08527 | System hardening through configuration management | Preventive | |
| Configure the "External send connector authentication: Ignore Start TLS" to organizational standards. CC ID 08530 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Basic feed authentication over HTTP" to organizational standards. CC ID 08548 | System hardening through configuration management | Preventive | |
| Configure the "Number of attempts allowed" to organizational standards. CC ID 08569 | System hardening through configuration management | Preventive | |
| Configure the "Password Expiration" to organizational standards. CC ID 08576 | System hardening through configuration management | Preventive | |
| Configure the "External send connector authentication: DNS Routing" to organizational standards. CC ID 08579 | System hardening through configuration management | Preventive | |
| Configure the "Require alphanumeric password" to organizational standards. CC ID 08582 | System hardening through configuration management | Preventive | |
| Configure the "Allow access to voicemail without requiring a PIN" to organizational standards. CC ID 08585 | System hardening through configuration management | Preventive | |
| Configure the "Require Client Certificates" to organizational standards. CC ID 08597 | System hardening through configuration management | Preventive | |
| Configure the "Disallow Digest authentication" to organizational standards. CC ID 08602 | System hardening through configuration management | Preventive | |
| Configure the "Accounts: Block Microsoft accounts" to organizational standards. CC ID 08613 | System hardening through configuration management | Preventive | |
| Configure Encryption settings in accordance with organizational standards. CC ID 07625 | System hardening through configuration management | Preventive | |
| Configure "Elastic Block Store volume encryption" to organizational standards. CC ID 15434 | System hardening through configuration management | Preventive | |
| Configure "Encryption Oracle Remediation" to organizational standards. CC ID 15366 | System hardening through configuration management | Preventive | |
| Configure the "encryption provider" to organizational standards. CC ID 14591 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft network server: Digitally sign communications (always)" to organizational standards. CC ID 07626 | System hardening through configuration management | Preventive | |
| Configure the "Domain member: Digitally encrypt or sign secure channel data (always)" to organizational standards. CC ID 07657 | System hardening through configuration management | Preventive | |
| Configure the "Domain member: Digitally sign secure channel data (when possible)" to organizational standards. CC ID 07678 | System hardening through configuration management | Preventive | |
| Configure the "Network Security: Configure encryption types allowed for Kerberos" to organizational standards. CC ID 07799 | System hardening through configuration management | Preventive | |
| Configure the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" to organizational standards. CC ID 07822 | System hardening through configuration management | Preventive | |
| Configure the "Configure use of smart cards on fixed data drives" to organizational standards. CC ID 08361 | System hardening through configuration management | Preventive | |
| Configure the "Enforce drive encryption type on removable data drives" to organizational standards. CC ID 08363 | System hardening through configuration management | Preventive | |
| Configure the "Configure TPM platform validation profile for BIOS-based firmware configurations" to organizational standards. CC ID 08370 | System hardening through configuration management | Preventive | |
| Configure the "Configure use of passwords for removable data drives" to organizational standards. CC ID 08394 | System hardening through configuration management | Preventive | |
| Configure the "Configure use of hardware-based encryption for removable data drives" to organizational standards. CC ID 08401 | System hardening through configuration management | Preventive | |
| Configure the "Require additional authentication at startup" to organizational standards. CC ID 08422 | System hardening through configuration management | Preventive | |
| Configure the "Deny write access to fixed drives not protected by BitLocker" to organizational standards. CC ID 08429 | System hardening through configuration management | Preventive | |
| Configure the "Configure startup mode" to organizational standards. CC ID 08430 | System hardening through configuration management | Preventive | |
| Configure the "Require client MAPI encryption" to organizational standards. CC ID 08446 | System hardening through configuration management | Preventive | |
| Configure the "Configure dial plan security" to organizational standards. CC ID 08453 | System hardening through configuration management | Preventive | |
| Configure the "Allow access to BitLocker-protected removable data drives from earlier versions of Windows" to organizational standards. CC ID 08457 | System hardening through configuration management | Preventive | |
| Configure the "Enforce drive encryption type on fixed data drives" to organizational standards. CC ID 08460 | System hardening through configuration management | Preventive | |
| Configure the "Allow Secure Boot for integrity validation" to organizational standards. CC ID 08461 | System hardening through configuration management | Preventive | |
| Configure the "Configure use of passwords for operating system drives" to organizational standards. CC ID 08478 | System hardening through configuration management | Preventive | |
| Configure the "Choose how BitLocker-protected removable drives can be recovered" to organizational standards. CC ID 08484 | System hardening through configuration management | Preventive | |
| Configure the "Validate smart card certificate usage rule compliance" to organizational standards. CC ID 08492 | System hardening through configuration management | Preventive | |
| Configure the "Allow enhanced PINs for startup" to organizational standards. CC ID 08495 | System hardening through configuration management | Preventive | |
| Configure the "Choose how BitLocker-protected operating system drives can be recovered" to organizational standards. CC ID 08499 | System hardening through configuration management | Preventive | |
| Configure the "Allow access to BitLocker-protected fixed data drives from earlier versions of Windows" to organizational standards. CC ID 08505 | System hardening through configuration management | Preventive | |
| Configure the "Choose how BitLocker-protected fixed drives can be recovered" to organizational standards. CC ID 08509 | System hardening through configuration management | Preventive | |
| Configure the "Configure use of passwords for fixed data drives" to organizational standards. CC ID 08513 | System hardening through configuration management | Preventive | |
| Configure the "Choose drive encryption method and cipher strength" to organizational standards. CC ID 08537 | System hardening through configuration management | Preventive | |
| Configure the "Choose default folder for recovery password" to organizational standards. CC ID 08541 | System hardening through configuration management | Preventive | |
| Configure the "Prevent memory overwrite on restart" to organizational standards. CC ID 08542 | System hardening through configuration management | Preventive | |
| Configure the "Deny write access to removable drives not protected by BitLocker" to organizational standards. CC ID 08549 | System hardening through configuration management | Preventive | |
| Configure the "opt encrypted" flag to organizational standards. CC ID 14534 | System hardening through configuration management | Preventive | |
| Configure the "Provide the unique identifiers for your organization" to organizational standards. CC ID 08552 | System hardening through configuration management | Preventive | |
| Configure the "Enable use of BitLocker authentication requiring preboot keyboard input on slates" to organizational standards. CC ID 08556 | System hardening through configuration management | Preventive | |
| Configure the "Require encryption on device" to organizational standards. CC ID 08563 | System hardening through configuration management | Preventive | |
| Configure the "Enable S/MIME for OWA 2007" to organizational standards. CC ID 08564 | System hardening through configuration management | Preventive | |
| Configure the "Control use of BitLocker on removable drives" to organizational standards. CC ID 08566 | System hardening through configuration management | Preventive | |
| Configure the "Configure use of hardware-based encryption for fixed data drives" to organizational standards. CC ID 08568 | System hardening through configuration management | Preventive | |
| Configure the "Configure use of smart cards on removable data drives" to organizational standards. CC ID 08570 | System hardening through configuration management | Preventive | |
| Configure the "Enforce drive encryption type on operating system drives" to organizational standards. CC ID 08573 | System hardening through configuration management | Preventive | |
| Configure the "Disallow standard users from changing the PIN or password" to organizational standards. CC ID 08574 | System hardening through configuration management | Preventive | |
| Configure the "Use enhanced Boot Configuration Data validation profile" to organizational standards. CC ID 08578 | System hardening through configuration management | Preventive | |
| Configure the "Allow network unlock at startup" to organizational standards. CC ID 08588 | System hardening through configuration management | Preventive | |
| Configure the "Enable S/MIME for OWA 2010" to organizational standards. CC ID 08592 | System hardening through configuration management | Preventive | |
| Configure the "Configure minimum PIN length for startup" to organizational standards. CC ID 08594 | System hardening through configuration management | Preventive | |
| Configure the "Configure TPM platform validation profile" to organizational standards. CC ID 08598 | System hardening through configuration management | Preventive | |
| Configure the "Configure use of hardware-based encryption for operating system drives" to organizational standards. CC ID 08601 | System hardening through configuration management | Preventive | |
| Configure the "Reset platform validation data after BitLocker recovery" to organizational standards. CC ID 08607 | System hardening through configuration management | Preventive | |
| Configure the "Configure TPM platform validation profile for native UEFI firmware configurations" to organizational standards. CC ID 08614 | System hardening through configuration management | Preventive | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives" setting to organizational standards. CC ID 10039 | System hardening through configuration management | Preventive | |
| Configure the "Save BitLocker recovery information to AD DS for fixed data drives" setting to organizational standards. CC ID 10040 | System hardening through configuration management | Preventive | |
| Configure the "Omit recovery options from the BitLocker setup wizard" setting to organizational standards. CC ID 10041 | System hardening through configuration management | Preventive | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for operating system drives" setting to organizational standards. CC ID 10042 | System hardening through configuration management | Preventive | |
| Configure the "Save BitLocker recovery information to AD DS for operating system drives" setting to organizational standards. CC ID 10043 | System hardening through configuration management | Preventive | |
| Configure the "Allow BitLocker without a compatible TPM" setting to organizational standards. CC ID 10044 | System hardening through configuration management | Preventive | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for removable data drives" setting to organizational standards. CC ID 10045 | System hardening through configuration management | Preventive | |
| Configure the "Save BitLocker recovery information to AD DS for removable data drives" setting to organizational standards. CC ID 10046 | System hardening through configuration management | Preventive | |
| Configure File Retention, Impact Level, and Classification Settings settings in accordance with organizational standards. CC ID 07715 | System hardening through configuration management | Preventive | |
| Configure the "Classification of files based on Discoverability" to organizational standards. CC ID 07716 | System hardening through configuration management | Preventive | |
| Configure the "Classification of files based on Intellectual Property" to organizational standards. CC ID 07765 | System hardening through configuration management | Preventive | |
| Configure the "Classification of files based on Confidentiality" to organizational standards. CC ID 07782 | System hardening through configuration management | Preventive | |
| Configure the "Classification of files based on PHI" to organizational standards. CC ID 07785 | System hardening through configuration management | Preventive | |
| Configure the "Classification of files based on Impact Level" to organizational standards. CC ID 07789 | System hardening through configuration management | Preventive | |
| Configure the "Classification of files based on Retention" to organizational standards. CC ID 07860 | System hardening through configuration management | Preventive | |
| Configure the "Classification of files based on PII" to organizational standards. CC ID 07865 | System hardening through configuration management | Preventive | |
| Configure System settings in accordance with organizational standards. CC ID 07806 | System hardening through configuration management | Preventive | |
| Configure the "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)" to organizational standards CC ID 07807 | System hardening through configuration management | Preventive | |
| Configure the "Accounts: Rename guest account" to organizational standards. CC ID 07816 | System hardening through configuration management | Preventive | |
| Configure the "Accounts: Rename administrator account" to organizational standards. CC ID 07843 | System hardening through configuration management | Preventive | |
| Configure the "Accounts: Guest account status" to organizational standards. CC ID 07971 | System hardening through configuration management | Preventive | |
| Configure the "Accounts: Administrator account status" to organizational standards. CC ID 07996 | System hardening through configuration management | Preventive | |
| Configure the "Prompt for password on resume from hibernate / suspend" to organizational standards. CC ID 08342 | System hardening through configuration management | Preventive | |
| Configure Virus and Malware Protection settings in accordance with organizational standards. CC ID 07906 | System hardening through configuration management | Preventive | |
| Configure "Turn on behavior monitoring" to organizational standards. CC ID 15407 | System hardening through configuration management | Preventive | |
| Configure "Turn off real-time protection" to organizational standards. CC ID 15406 | System hardening through configuration management | Preventive | |
| Configure "Scan all downloaded files and attachments" to organizational standards. CC ID 15404 | System hardening through configuration management | Preventive | |
| Configure "Scan removable drives" to organizational standards. CC ID 15401 | System hardening through configuration management | Preventive | |
| Configure "Configure Attack Surface Reduction rules: Set the state for each ASR rule" to organizational standards. CC ID 15392 | System hardening through configuration management | Preventive | |
| Configure "Join Microsoft MAPS" to organizational standards. CC ID 15384 | System hardening through configuration management | Preventive | |
| Configure "Configure detection for potentially unwanted applications" to organizational standards. CC ID 15375 | System hardening through configuration management | Preventive | |
| Configure "Turn off Microsoft Defender AntiVirus" to organizational standards. CC ID 15371 | System hardening through configuration management | Preventive | |
| Configure "Enable file hash computation feature" to organizational standards. CC ID 15340 | System hardening through configuration management | Preventive | |
| Configure the "Internet Explorer Processes" to organizational standards. CC ID 07907 | System hardening through configuration management | Preventive | |
| Configure the "Turn on the auto-complete feature for user names and passwords on forms" to organizational standards. CC ID 07941 | System hardening through configuration management | Preventive | |
| Configure the "Automatic prompting for file downloads" to organizational standards. CC ID 07950 | System hardening through configuration management | Preventive | |
| Configure the "Use SmartScreen Filter" to organizational standards. CC ID 07952 | System hardening through configuration management | Preventive | |
| Configure the "Run ActiveX controls and plugins" to organizational standards. CC ID 07954 | System hardening through configuration management | Preventive | |
| Configure the "Java permissions" to organizational standards. CC ID 07969 | System hardening through configuration management | Preventive | |
| Configure the "Use Pop-up Blocker" to organizational standards. CC ID 07990 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Bypassing SmartScreen Filter Warnings" to organizational standards. CC ID 07994 | System hardening through configuration management | Preventive | |
| Configure the "Allow cut, copy or paste operations from the clipboard via script" to organizational standards. CC ID 07997 | System hardening through configuration management | Preventive | |
| Configure the "Allow software to run or install even if the signature is invalid" to organizational standards. CC ID 08019 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow users to enable or disable add-ons" to organizational standards. CC ID 08035 | System hardening through configuration management | Preventive | |
| Configure the "Disable AutoComplete for forms" to organizational standards. CC ID 08066 | System hardening through configuration management | Preventive | |
| Configure the "Download unsigned ActiveX controls" to organizational standards. CC ID 08073 | System hardening through configuration management | Preventive | |
| Configure the "Scripting of Java applets" to organizational standards. CC ID 08105 | System hardening through configuration management | Preventive | |
| Configure the "Allow only approved domains to use ActiveX controls without prompt" to organizational standards. CC ID 08374 | System hardening through configuration management | Preventive | |
| Configure the "Prevent per-user installation of ActiveX controls" to organizational standards. CC ID 08382 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Cross-Site Scripting Filter" to organizational standards. CC ID 08395 | System hardening through configuration management | Preventive | |
| Configure the "Turn on certificate address mismatch warning" to organizational standards. CC ID 08410 | System hardening through configuration management | Preventive | |
| Configure the "Show security warning for potentially unsafe files" to organizational standards. CC ID 08412 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Protected Mode" to organizational standards. CC ID 08471 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled" to organizational standards. CC ID 08510 | System hardening through configuration management | Preventive | |
| Configure the "Check for signatures on downloaded programs" to organizational standards. CC ID 08584 | System hardening through configuration management | Preventive | |
| Configure the "Specify use of ActiveX Installer Service for installation of ActiveX controls" to organizational standards. CC ID 08587 | System hardening through configuration management | Preventive | |
| Configure the "Prevent changing the URL for checking updates to Internet Explorer and Internet Tools" to organizational standards. CC ID 08589 | System hardening through configuration management | Preventive | |
| Configure the "Enable MIME Sniffing" to organizational standards. CC ID 08591 | System hardening through configuration management | Preventive | |
| Configure "Prevent downloading of enclosures" to organizational standards. CC ID 08612 | System hardening through configuration management | Preventive | |
| Configure User Notification settings in accordance with organizational standards. CC ID 08201 | System hardening through configuration management | Preventive | |
| Configure the "Display Error Notification" to organizational standards. CC ID 08280 | System hardening through configuration management | Preventive | |
| Configure the "Customize Warning Messages" to organizational standards. CC ID 08599 | System hardening through configuration management | Preventive | |
| Configure Windows Components settings in accordance with organizational standards. CC ID 08263 | System hardening through configuration management | Preventive | |
| Configure the "Notify antivirus programs when opening attachments" to organizational standards. CC ID 08264 | System hardening through configuration management | Preventive | |
| Configure the "Do not preserve zone information in file attachments" to organizational standards. CC ID 08309 | System hardening through configuration management | Preventive | |
| Configure the "Remove CD Burning features" to organizational standards. CC ID 08324 | System hardening through configuration management | Preventive | |
| Configure the "Remove Security tab" to organizational standards. CC ID 08328 | System hardening through configuration management | Preventive | |
| Configure the "Hide mechanisms to remove zone information" to organizational standards. CC ID 08338 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Codec Download" to organizational standards. CC ID 08554 | System hardening through configuration management | Preventive | |
| Configure File System settings in accordance with organizational standards. CC ID 08294 | System hardening through configuration management | Preventive | |
| Configure Control Panel settings in accordance with organizational standards. CC ID 08311 | System hardening through configuration management | Preventive | |
| Configure the "Screen saver timeout" to organizational standards. CC ID 08312 | System hardening through configuration management | Preventive | |
| Configure the "Enable screen saver" to organizational standards. CC ID 08322 | System hardening through configuration management | Preventive | |
| Configure the "Force specific screen saver" to organizational standards. CC ID 08334 | System hardening through configuration management | Preventive | |
| Configure the "Password protect the screen saver" to organizational standards. CC ID 08341 | System hardening through configuration management | Preventive | |
| Configure the "Prevent changing screen saver" to organizational standards. CC ID 08560 | System hardening through configuration management | Preventive | |
| Configure Capacity and Performance Management settings in accordance with organizational standards. CC ID 08353 | System hardening through configuration management | Preventive | |
| Configure the "Maximum receive size - organization level" to organizational standards. CC ID 08354 | System hardening through configuration management | Preventive | |
| Configure the "Maximum send size - connector level" to organizational standards. CC ID 08399 | System hardening through configuration management | Preventive | |
| Configure the "Maximum number of recipients - organization level" to organizational standards. CC ID 08431 | System hardening through configuration management | Preventive | |
| Configure the "Enable Sender ID agent" to organizational standards. CC ID 08450 | System hardening through configuration management | Preventive | |
| Configure the "Maximum receive size - connector level" to organizational standards. CC ID 08480 | System hardening through configuration management | Preventive | |
| Configure the "Maximum send size - organization level" to organizational standards. CC ID 08483 | System hardening through configuration management | Preventive | |
| Configure the "Mount database at startup" to organizational standards. CC ID 08493 | System hardening through configuration management | Preventive | |
| Configure the "Enable Sender reputation" to organizational standards. CC ID 08503 | System hardening through configuration management | Preventive | |
| Configure the "Mailbox quotas: Issue warning at" to organizational standards. CC ID 08508 | System hardening through configuration management | Preventive | |
| Configure the "Mailbox quotas: Prohibit send and receive at" to organizational standards. CC ID 08532 | System hardening through configuration management | Preventive | |
| Configure the "Mailbox quotas: Prohibit send at" to organizational standards. CC ID 08610 | System hardening through configuration management | Preventive | |
| Configure Personal Information Handling settings in accordance with organizational standards. CC ID 08396 | System hardening through configuration management | Preventive | |
| Configure the "Enable OOF messages to remote domains" to organizational standards. CC ID 08397 | System hardening through configuration management | Preventive | |
| Configure the "Enable automatic forwards to remote domains" to organizational standards. CC ID 08462 | System hardening through configuration management | Preventive | |
| Configure the "Enable non-delivery reports to remote domains" to organizational standards. CC ID 08506 | System hardening through configuration management | Preventive | |
| Configure Data Backup and Recovery settings in accordance with organizational standards. CC ID 08406 | System hardening through configuration management | Preventive | |
| Configure the "Retain deleted items for the specified number of days" to organizational standards. CC ID 08407 | System hardening through configuration management | Preventive | |
| Configure the "Do not permanently delete items until the database has been backed up" to organizational standards. CC ID 08490 | System hardening through configuration management | Preventive | |
| Configure the "Keep deleted mailboxes for the specified number of days" to organizational standards. CC ID 08600 | System hardening through configuration management | Preventive | |
| Configure Nonrepudiation Configuration settings in accordance with organizational standards. CC ID 08432 | System hardening through configuration management | Preventive | |
| Configure the "Configure Sender Filtering" to organizational standards. CC ID 08433 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Administrator Audit Logging" to organizational standards. CC ID 08528 | System hardening through configuration management | Preventive | |
| Configure Device Installation settings in accordance with organizational standards. CC ID 08438 | System hardening through configuration management | Preventive | |
| Configure the "Prevent installation of devices using drivers that match these device setup classes" to organizational standards. CC ID 08439 | System hardening through configuration management | Preventive | |
| Configure the "device installation time-out" setting to organizational standards. CC ID 10781 | System hardening through configuration management | Preventive | |
| Configure the "list of Enhanced Storage devices usable on your computer" setting to organizational standards. CC ID 10791 | System hardening through configuration management | Preventive | |
| Configure the "Display a custom message title when device installation is prevented by a policy setting" setting to organizational standards. CC ID 10885 | System hardening through configuration management | Preventive | |
| Configure the "Do not send a Windows error report when a generic driver is installed on a device" setting to organizational standards. CC ID 10933 | System hardening through configuration management | Preventive | |
| Configure the "Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point" setting to organizational standards. CC ID 11072 | System hardening through configuration management | Preventive | |
| Configure the "Prevent device metadata retrieval from the Internet" setting to organizational standards. CC ID 11073 | System hardening through configuration management | Preventive | |
| Configure the "Prevent installation of devices not described by other policy settings" setting to organizational standards. CC ID 11078 | System hardening through configuration management | Preventive | |
| Configure the "Prevent installation of devices that match any of these device IDs" setting to organizational standards. CC ID 11079 | System hardening through configuration management | Preventive | |
| Configure the "Prevent installation of removable devices" setting to organizational standards. CC ID 11080 | System hardening through configuration management | Preventive | |
| Configure the "Prevent Windows from sending an error report when a device driver requests additional software during installation" setting to organizational standards. CC ID 11093 | System hardening through configuration management | Preventive | |
| Configure the "Require a PIN to access data on devices running Microsoft firmware" setting to organizational standards. CC ID 11132 | System hardening through configuration management | Preventive | |
| Configure the "Specify search order for device driver source locations" setting to organizational standards. CC ID 11214 | System hardening through configuration management | Preventive | |
| Configure the "Turn off "Found New Hardware" balloons during device installation" setting to organizational standards. CC ID 11253 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Autoplay for non-volume devices" setting to organizational standards. CC ID 11268 | System hardening through configuration management | Preventive | |
| Configure the "Turn off Windows Update device driver search prompt" setting to organizational standards. CC ID 11332 | System hardening through configuration management | Preventive | |
| Configure Security settings in accordance with organizational standards. CC ID 08469 | System hardening through configuration management | Preventive | |
| Configure the "Enable automatic replies to remote domains" to organizational standards. CC ID 08534 | System hardening through configuration management | Preventive | |
| Configure Power Management settings in accordance with organizational standards. CC ID 08515 | System hardening through configuration management | Preventive | |
| Configure the "Allow Standby States (S1-S3) When Sleeping (Plugged In)" to organizational standards. CC ID 08516 | System hardening through configuration management | Preventive | |
| Configure the "Allow Standby States (S1-S3) When Sleeping (On Battery)" to organizational standards. CC ID 08581 | System hardening through configuration management | Preventive | |
| Configure the "Allow Applications to Prevent Automatic Sleep (Plugged In)" setting to organizational standards. CC ID 10703 | System hardening through configuration management | Preventive | |
| Configure the "Allow Automatic Sleep with Open Network Files (Plugged In)" setting to organizational standards. CC ID 10709 | System hardening through configuration management | Preventive | |
| Configure the "Allow remote access to the Plug and Play interface" setting to organizational standards. CC ID 10742 | System hardening through configuration management | Preventive | |
| Configure the "Power Options preference logging and tracing" setting to organizational standards. CC ID 10798 | System hardening through configuration management | Preventive | |
| Configure the "Critical Battery Notification Action" setting to organizational standards. CC ID 10833 | System hardening through configuration management | Preventive | |
| Configure the "Critical Battery Notification Level" setting to organizational standards. CC ID 10834 | System hardening through configuration management | Preventive | |
| Configure the "Do not allow supported Plug and Play device redirection" setting to organizational standards. CC ID 10917 | System hardening through configuration management | Preventive | |
| Configure the "Do not turn off system power after a Windows system shutdown has occurred." setting to organizational standards. CC ID 10937 | System hardening through configuration management | Preventive | |
| Configure the "Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates" setting to organizational standards. CC ID 10954 | System hardening through configuration management | Preventive | |
| Configure the "Low Battery Notification Action" setting to organizational standards. CC ID 11037 | System hardening through configuration management | Preventive | |
| Configure the "Low Battery Notification Level" setting to organizational standards. CC ID 11038 | System hardening through configuration management | Preventive | |
| Configure the "Reduce Display Brightness (On Battery)" setting to organizational standards. CC ID 11117 | System hardening through configuration management | Preventive | |
| Configure the "Reduce Display Brightness (Plugged In)" setting to organizational standards. CC ID 11118 | System hardening through configuration management | Preventive | |
| Configure the "Reserve Battery Notification Level" setting to organizational standards. CC ID 11139 | System hardening through configuration management | Preventive | |
| Configure Powershell to organizational standards. CC ID 15233 | System hardening through configuration management | Preventive | |
| Configure the "Run Windows PowerShell scripts first at computer startup, shutdown" setting to organizational standards. CC ID 11156 | System hardening through configuration management | Preventive | |
| Configure the "Run Windows PowerShell scripts first at user logon, logoff" setting to organizational standards. CC ID 11157 | System hardening through configuration management | Preventive | |
| Configure the "Select an Active Power Plan" setting to organizational standards. CC ID 11161 | System hardening through configuration management | Preventive | |
| Configure the "Select the Lid Switch Action (On Battery)" setting to organizational standards. CC ID 11162 | System hardening through configuration management | Preventive | |
| Configure the "Select the Lid Switch Action (Plugged In)" setting to organizational standards. CC ID 11163 | System hardening through configuration management | Preventive | |
| Configure the "Select the Power Button Action (On Battery)" setting to organizational standards. CC ID 11165 | System hardening through configuration management | Preventive | |
| Configure the "Select the Power Button Action (Plugged In)" setting to organizational standards. CC ID 11166 | System hardening through configuration management | Preventive | |
| Configure the "Select the Sleep Button Action (On Battery)" setting to organizational standards. CC ID 11167 | System hardening through configuration management | Preventive | |
| Configure the "Select the Sleep Button Action (Plugged In)" setting to organizational standards. CC ID 11168 | System hardening through configuration management | Preventive | |
| Configure the "Specify a Custom Active Power Plan" setting to organizational standards. CC ID 11207 | System hardening through configuration management | Preventive | |
| Configure the "Specify the Display Dim Brightness (On Battery)" setting to organizational standards. CC ID 11217 | System hardening through configuration management | Preventive | |
| Configure the "Specify the Display Dim Brightness (Plugged In)" setting to organizational standards. CC ID 11218 | System hardening through configuration management | Preventive | |
| Configure the "Specify the System Hibernate Timeout (On Battery)" setting to organizational standards. CC ID 11219 | System hardening through configuration management | Preventive | |
| Configure the "Specify the System Hibernate Timeout (Plugged In)" setting to organizational standards. CC ID 11220 | System hardening through configuration management | Preventive | |
| Configure the "Specify the System Sleep Timeout (On Battery)" setting to organizational standards. CC ID 11221 | System hardening through configuration management | Preventive | |
| Configure the "Specify the System Sleep Timeout (Plugged In)" setting to organizational standards. CC ID 11222 | System hardening through configuration management | Preventive | |
| Configure the "Specify the Unattended Sleep Timeout (On Battery)" setting to organizational standards. CC ID 11223 | System hardening through configuration management | Preventive | |
| Configure the "Specify the Unattended Sleep Timeout (Plugged In)" setting to organizational standards. CC ID 11224 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Adaptive Display Timeout (On Battery)" setting to organizational standards. CC ID 11259 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Adaptive Display Timeout (Plugged In)" setting to organizational standards. CC ID 11260 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Cache Power Mode" setting to organizational standards. CC ID 11270 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Hybrid Sleep (On Battery)" setting to organizational standards. CC ID 11281 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Hybrid Sleep (Plugged In)" setting to organizational standards. CC ID 11282 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off Low Battery User Notification" setting to organizational standards. CC ID 11288 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off the Hard Disk (On Battery)" setting to organizational standards. CC ID 11318 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off the Hard Disk (Plugged In)" setting to organizational standards. CC ID 11319 | System hardening through configuration management | Preventive | |
| Configure the "Turn On Desktop Background Slideshow (On Battery)" setting to organizational standards. CC ID 11340 | System hardening through configuration management | Preventive | |
| Configure the "Turn On Desktop Background Slideshow (Plugged In)" setting to organizational standards. CC ID 11341 | System hardening through configuration management | Preventive | |
| Configure the "Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery)" setting to organizational standards. CC ID 11353 | System hardening through configuration management | Preventive | |
| Configure the "Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In)" setting to organizational standards. CC ID 11354 | System hardening through configuration management | Preventive | |
| Configure Patch Management settings in accordance with organizational standards. CC ID 08519 | System hardening through configuration management | Preventive | |
| Configure "Select when Preview Builds and Feature Updates are received" to organizational standards. CC ID 15399 | System hardening through configuration management | Preventive | |
| Configure "Select when Quality Updates are received" to organizational standards. CC ID 15355 | System hardening through configuration management | Preventive | |
| Configure the "Check for missing Windows Updates" to organizational standards. CC ID 08520 | System hardening through configuration management | Preventive | |
| Configure Start Menu and Task Bar settings in accordance with organizational standards. CC ID 08615 | System hardening through configuration management | Preventive | |
| Configure the "Turn off toast notifications on the lock screen" to organizational standards. CC ID 08616 | System hardening through configuration management | Preventive | |
| Configure "Turn off notifications network usage" to organizational standards. CC ID 15337 | System hardening through configuration management | Preventive | |
| Configure the proxy server to organizational standards. CC ID 12115 | System hardening through configuration management | Preventive | |
| Configure the proxy server to log Transmission Control Protocol sessions. CC ID 12123 | System hardening through configuration management | Preventive | |
| Configure the "duplicate UIDs" setting to organizational standards. CC ID 09930 | System hardening through configuration management | Preventive | |
| Configure the "duplicate GIDs" setting to organizational standards. CC ID 09931 | System hardening through configuration management | Preventive | |
| Configure the "duplicate group names" setting to organizational standards. CC ID 09932 | System hardening through configuration management | Preventive | |
| Configure the "Connection to the Red Hat Network RPM Repositories" setting to organizational standards. CC ID 09933 | System hardening through configuration management | Preventive | |
| Configure the "Obtain Software Package Updates with yum" setting to organizational standards. CC ID 09934 | System hardening through configuration management | Preventive | |
| Configure the "Check for Unconfined Daemons" setting to organizational standards. CC ID 09936 | System hardening through configuration management | Preventive | |
| Configure the "/etc/hosts.allow" file to organizational standards. CC ID 09944 | System hardening through configuration management | Preventive | |
| Configure the "disable system when on audit log is full" setting to organizational standards. CC ID 09945 | System hardening through configuration management | Preventive | |
| Configure the "max_log_file" setting to organizational standards. CC ID 15323 | System hardening through configuration management | Preventive | |
| Configure the "max_log_file_action" setting to organizational standards. CC ID 09946 | System hardening through configuration management | Preventive | |
| Configure the "audit processes that start prior to auditd" setting to organizational standards. CC ID 09947 | System hardening through configuration management | Preventive | |
| Configure the "Password Creation Requirement" settings for "pam_cracklib" to organizational standards. CC ID 09953 | System hardening through configuration management | Preventive | |
| Configure the "System Accounts" setting to organizational standards. CC ID 09954 | System hardening through configuration management | Preventive | |
| Configure the "Verify That Reserved UIDs Are Assigned to System Accounts" setting to organizational standards. CC ID 09955 | System hardening through configuration management | Preventive | |
| Configure the "Check for Duplicate User Names" setting to organizational standards. CC ID 09956 | System hardening through configuration management | Preventive | |
| Configure the "User .forward" files to organizational standards. CC ID 09957 | System hardening through configuration management | Preventive | |
| Configure Polycom HDX to Organizational Standards. CC ID 08986 | System hardening through configuration management | Preventive | |
| Configure the "echo cancellation" setting to organizational standards. CC ID 09359 | System hardening through configuration management | Preventive | |
| Configure the "keyboard noise reduction" setting to organizational standards. CC ID 09360 | System hardening through configuration management | Preventive | |
| Configure the "live music mode" setting to organizational standards. CC ID 09361 | System hardening through configuration management | Preventive | |
| Configure the "VCR audio out always on" setting to organizational standards. CC ID 09362 | System hardening through configuration management | Preventive | |
| Configure the "user alert tone" setting to organizational standards. CC ID 09363 | System hardening through configuration management | Preventive | |
| Configure the "incoming call ring tone" setting to organizational standards. CC ID 09364 | System hardening through configuration management | Preventive | |
| Configure the "keypad audio confirmation" setting to organizational standards. CC ID 09365 | System hardening through configuration management | Preventive | |
| Configure the "allow Microsoft Exchange calendar integration" setting to organizational standards. CC ID 09366 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange calendar domain" setting to organizational standards. CC ID 09367 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange calendar password" setting to organizational standards. CC ID 09368 | System hardening through configuration management | Preventive | |
| Configure the "mailbox to be monitored by Microsoft Exchange calendar service" setting to organizational standards. CC ID 09369 | System hardening through configuration management | Preventive | |
| Configure the "Microsoft Exchange calendar server address" setting to organizational standards. CC ID 09370 | System hardening through configuration management | Preventive | |
| Configure the "allow Microsoft Exchange calendar service to display private meetings" setting to organizational standards. CC ID 09371 | System hardening through configuration management | Preventive | |
| Configure the "number of minutes before the meeting to display a reminder" setting to organizational standards. CC ID 09372 | System hardening through configuration management | Preventive | |
| Configure the "play a sound along with the text reminder when the system is not in a call" setting to organizational standards. CC ID 09373 | System hardening through configuration management | Preventive | |
| Configure the "backlight compensation" setting to organizational standards. CC ID 09374 | System hardening through configuration management | Preventive | |
| Configure the "camera pan direction" setting to organizational standards. CC ID 09375 | System hardening through configuration management | Preventive | |
| Configure the "camera presets" setting to organizational standards. CC ID 09376 | System hardening through configuration management | Preventive | |
| Configure the "camera video input type" setting to organizational standards. CC ID 09377 | System hardening through configuration management | Preventive | |
| Configure the "camera input aspect ratio" setting to organizational standards. CC ID 09378 | System hardening through configuration management | Preventive | |
| Configure the "camera input name" setting to organizational standards. CC ID 09379 | System hardening through configuration management | Preventive | |
| Configure the "camera input video quality type" setting to organizational standards. CC ID 09380 | System hardening through configuration management | Preventive | |
| Configure the "primary camera" setting to organizational standards. CC ID 09381 | System hardening through configuration management | Preventive | |
| Configure the "camera quality preference" setting to organizational standards. CC ID 09382 | System hardening through configuration management | Preventive | |
| Configure the "camera power frequency" setting to organizational standards. CC ID 09383 | System hardening through configuration management | Preventive | |
| Configure the "allow camera tracking" setting to organizational standards. CC ID 09384 | System hardening through configuration management | Preventive | |
| Configure the "foreground source for Polycom people on content" setting to organizational standards. CC ID 09385 | System hardening through configuration management | Preventive | |
| Configure the "background source for Polycom people on content" setting to organizational standards. CC ID 09386 | System hardening through configuration management | Preventive | |
| Configure the "country name for the system" setting to organizational standards. CC ID 09387 | System hardening through configuration management | Preventive | |
| Configure the "language for the system local GUI" setting to organizational standards. CC ID 09388 | System hardening through configuration management | Preventive | |
| Configure the "NTP" setting to organizational standards. CC ID 09389 | System hardening through configuration management | Preventive | |
| Configure the "primary NTP server" setting to organizational standards. CC ID 09390 | System hardening through configuration management | Preventive | |
| Configure the "secondary NTP server" setting to organizational standards. CC ID 09391 | System hardening through configuration management | Preventive | |
| Configure the "system day" setting to organizational standards. CC ID 09392 | System hardening through configuration management | Preventive | |
| Configure the "system month" setting to organizational standards. CC ID 09393 | System hardening through configuration management | Preventive | |
| Configure the "system year" setting to organizational standards. CC ID 09394 | System hardening through configuration management | Preventive | |
| Configure the "system hour" setting to organizational standards. CC ID 09395 | System hardening through configuration management | Preventive | |
| Configure the "system minutes" setting to organizational standards. CC ID 09396 | System hardening through configuration management | Preventive | |
| Configure the "system AM or PM" setting to organizational standards. CC ID 09397 | System hardening through configuration management | Preventive | |
| Configure the "system time zone" setting to organizational standards. CC ID 09398 | System hardening through configuration management | Preventive | |
| Configure the "automatically adjust for daylight savings time" setting to organizational standards. CC ID 09399 | System hardening through configuration management | Preventive | |
| Configure the "time format" setting to organizational standards. CC ID 09401 | System hardening through configuration management | Preventive | |
| Configure the "LDAP authentication type" setting to organizational standards. CC ID 09402 | System hardening through configuration management | Preventive | |
| Configure the "LDAP SSL encryption state" setting to organizational standards. CC ID 09403 | System hardening through configuration management | Preventive | |
| Configure the "LDAP base DN" setting to organizational standards. CC ID 09404 | System hardening through configuration management | Preventive | |
| Configure the "LDAP NTLM domain" setting to organizational standards. CC ID 09405 | System hardening through configuration management | Preventive | |
| Configure the "LDAP bind DN" setting to organizational standards. CC ID 09406 | System hardening through configuration management | Preventive | |
| Configure the "LDAP password" setting to organizational standards. CC ID 09407 | System hardening through configuration management | Preventive | |
| Configure the "LDAP server address" setting to organizational standards. CC ID 09408 | System hardening through configuration management | Preventive | |
| Configure the "LDAP server port" setting to organizational standards. CC ID 09409 | System hardening through configuration management | Preventive | |
| Configure the "LDAP user name" setting to organizational standards. CC ID 09410 | System hardening through configuration management | Preventive | |
| Configure the "allow access to a Polycom Global Directory Server" setting to organizational standards. CC ID 09411 | System hardening through configuration management | Preventive | |
| Configure the "server address of a Polycom Global Directory Server" setting to organizational standards. CC ID 09412 | System hardening through configuration management | Preventive | |
| Configure the "maximum international call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09413 | System hardening through configuration management | Preventive | |
| Configure the "maximum internet call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09414 | System hardening through configuration management | Preventive | |
| Configure the "maximum ISDN transmit call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09415 | System hardening through configuration management | Preventive | |
| Configure the "display the system address in a Polycom Global Directory Server" setting to organizational standards. CC ID 09416 | System hardening through configuration management | Preventive | |
| Configure the "retrieval and display of contacts from a Microsoft Lync (Office Communications/OCS) Server" setting to organizational standards. CC ID 09417 | System hardening through configuration management | Preventive | |
| Configure the "prompt the user to add a local address book entry for a far site upon call disconnection" setting to organizational standards. CC ID 09418 | System hardening through configuration management | Preventive | |
| Configure the "prompt the user before allowing a local address book entry to be deleted" setting to organizational standards. CC ID 09419 | System hardening through configuration management | Preventive | |
| Configure the "preview of local address book entries" setting to organizational standards. CC ID 09420 | System hardening through configuration management | Preventive | |
| Configure the "content video adjustment" setting to organizational standards. CC ID 09421 | System hardening through configuration management | Preventive | |
| Configure the "people video adjustment" setting to organizational standards. CC ID 09422 | System hardening through configuration management | Preventive | |
| Configure the "display type" setting to organizational standards. CC ID 09423 | System hardening through configuration management | Preventive | |
| Configure the "display aspect ratio" setting to organizational standards. CC ID 09424 | System hardening through configuration management | Preventive | |
| Configure the "display resolution" setting to organizational standards. CC ID 09425 | System hardening through configuration management | Preventive | |
| Configure the "splash screen on the content monitor" setting to organizational standards. CC ID 09426 | System hardening through configuration management | Preventive | |
| Configure the "VCR/DVD record source" setting to organizational standards. CC ID 09427 | System hardening through configuration management | Preventive | |
| Configure the "screen saver text" setting to organizational standards. CC ID 09428 | System hardening through configuration management | Preventive | |
| Configure the "picture in picture (PIP) placement" setting to organizational standards. CC ID 09429 | System hardening through configuration management | Preventive | |
| Configure the "how to display the time in a call" setting to organizational standards. CC ID 09430 | System hardening through configuration management | Preventive | |
| Configure the "far site name display time in a call" setting to organizational standards. CC ID 09431 | System hardening through configuration management | Preventive | |
| Configure the "allow display of the system name on the home screen" setting to organizational standards. CC ID 09432 | System hardening through configuration management | Preventive | |
| Configure the "allow display of the system date time on the home screen" setting to organizational standards. CC ID 09433 | System hardening through configuration management | Preventive | |
| Configure the "allow display of the system IPv4 address on the home screen" setting to organizational standards. CC ID 09434 | System hardening through configuration management | Preventive | |
| Configure the "allow display of the system H.323 extension (E.164) on the home screen" setting to organizational standards CC ID 09435 | System hardening through configuration management | Preventive | |
| Configure the "allow display of the system do not disturb control on the home screen" setting to organizational standards. CC ID 09436 | System hardening through configuration management | Preventive | |
| Configure the "allow display of the system SIP address on the home screen" setting to organizational standards. CC ID 09437 | System hardening through configuration management | Preventive | |
| Configure the "allow display of the system call quality menu on the home screen" setting to organizational standards. CC ID 09438 | System hardening through configuration management | Preventive | |
| Configure the "output upon screen saver activation for monitor 1" setting to organizational standards. CC ID 09439 | System hardening through configuration management | Preventive | |
| Configure the "output upon screen saver activation for monitor 2" setting to organizational standards. CC ID 09440 | System hardening through configuration management | Preventive | |
| Configure the "QoS type" setting to organizational standards. CC ID 09441 | System hardening through configuration management | Preventive | |
| Configure the "value for DiffServ for video" setting to organizational standards. CC ID 09442 | System hardening through configuration management | Preventive | |
| Configure the "value for DiffServ for audio" setting to organizational standards. CC ID 09443 | System hardening through configuration management | Preventive | |
| Configure the "value for DiffServ for fecc" setting to organizational standards. CC ID 09444 | System hardening through configuration management | Preventive | |
| Configure the "value for IP Precedence for video" setting to organizational standards. CC ID 09445 | System hardening through configuration management | Preventive | |
| Configure the "value for IP Precedence for audio" setting to organizational standards. CC ID 09446 | System hardening through configuration management | Preventive | |
| Configure the "value for IP Precedence for fecc" setting to organizational standards. CC ID 09447 | System hardening through configuration management | Preventive | |
| Configure the "SIP transport protocol" setting to organizational standards. CC ID 09448 | System hardening through configuration management | Preventive | |
| Configure the "SIP registrar server" setting to organizational standards. CC ID 09449 | System hardening through configuration management | Preventive | |
| Configure the "SIP proxy server" setting to organizational standards. CC ID 09450 | System hardening through configuration management | Preventive | |
| Configure the "SIP password" setting to organizational standards. CC ID 09451 | System hardening through configuration management | Preventive | |
| Configure the "allow EAP/802.1X" setting to organizational standards. CC ID 09452 | System hardening through configuration management | Preventive | |
| Configure the "allow 802.1p/Q" setting to organizational standards. CC ID 09453 | System hardening through configuration management | Preventive | |
| Configure the "fixed ports" setting to organizational standards. CC ID 09454 | System hardening through configuration management | Preventive | |
| Configure the "Transmission Control Protocol ports" setting to organizational standards. CC ID 09455 | System hardening through configuration management | Preventive | |
| Configure the "UDP ports" setting to organizational standards. CC ID 09456 | System hardening through configuration management | Preventive | |
| Configure the "system hostname" setting to organizational standards. CC ID 09457 | System hardening through configuration management | Preventive | |
| Configure the "H.323" setting to organizational standards CC ID 09458 | System hardening through configuration management | Preventive | |
| Configure the "allow display of the H.323 extension (E.164) on the local GUI" setting to organizational standards CC ID 09459 | System hardening through configuration management | Preventive | |
| Configure the "H.323 extension (E.164)" setting to organizational standards CC ID 09460 | System hardening through configuration management | Preventive | |
| Configure the "maximum IP call speed to place calls" setting to organizational standards. CC ID 09461 | System hardening through configuration management | Preventive | |
| Configure the "maximum IP call speed to receive calls" setting to organizational standards. CC ID 09462 | System hardening through configuration management | Preventive | |
| Configure the "use Polycom PathNavigator" setting to organizational standards. CC ID 09463 | System hardening through configuration management | Preventive | |
| Configure the "gatekeeper" setting to organizational standards. CC ID 09464 | System hardening through configuration management | Preventive | |
| Configure the "gatekeeper authentication" setting to organizational standards. CC ID 09465 | System hardening through configuration management | Preventive | |
| Configure the "gatekeeper authentication user name" setting to organizational standards. CC ID 09466 | System hardening through configuration management | Preventive | |
| Configure the "gatekeeper authentication password" setting to organizational standards. CC ID 09467 | System hardening through configuration management | Preventive | |
| Configure the "primary gatekeeper address" setting to organizational standards. CC ID 09468 | System hardening through configuration management | Preventive | |
| Configure the "IP gateway" setting to organizational standards. CC ID 09469 | System hardening through configuration management | Preventive | |
| Configure the "ISDN gateway" setting to organizational standards. CC ID 09470 | System hardening through configuration management | Preventive | |
| Configure the "gateway country code" setting to organizational standards. CC ID 09471 | System hardening through configuration management | Preventive | |
| Configure the "gateway area code" setting to organizational standards. CC ID 09472 | System hardening through configuration management | Preventive | |
| Configure the "gateway number" setting to organizational standards. CC ID 09473 | System hardening through configuration management | Preventive | |
| Configure the "gateway extension number" setting to organizational standards. CC ID 09474 | System hardening through configuration management | Preventive | |
| Configure the "gateway dial prefix" setting to organizational standards. CC ID 09475 | System hardening through configuration management | Preventive | |
| Configure the "gateway dial suffix" setting to organizational standards. CC ID 09476 | System hardening through configuration management | Preventive | |
| Configure the "gateway number type" setting to organizational standards. CC ID 09477 | System hardening through configuration management | Preventive | |
| Configure the "number of digits in the DID gateway number (if set to number+extension)" setting to organizational standards. CC ID 09478 | System hardening through configuration management | Preventive | |
| Configure the "gateway dial speed" setting to organizational standards. CC ID 09479 | System hardening through configuration management | Preventive | |
| Configure the "MTU mode assignment type" setting to organizational standards. CC ID 09480 | System hardening through configuration management | Preventive | |
| Configure the "MTU size manually" setting to organizational standards. CC ID 09481 | System hardening through configuration management | Preventive | |
| Configure the "Polycom Video Error Concealment (PVEC)" setting to organizational standards. CC ID 09482 | System hardening through configuration management | Preventive | |
| Configure the "RSVP" setting to organizational standards. CC ID 09483 | System hardening through configuration management | Preventive | |
| Configure the "dynamic bandwidth" setting to organizational standards. CC ID 09484 | System hardening through configuration management | Preventive | |
| Configure the "maximum transmit bandwidth" setting to organizational standards. CC ID 09485 | System hardening through configuration management | Preventive | |
| Configure the "maximum receive bandwidth" setting to organizational standards. CC ID 09486 | System hardening through configuration management | Preventive | |
| Configure the "NAT configuration type" setting to organizational standards. CC ID 09487 | System hardening through configuration management | Preventive | |
| Configure the "NAT public WAN address" setting to organizational standards. CC ID 09488 | System hardening through configuration management | Preventive | |
| Configure the "NAT to be H.323 compatible" setting to organizational standards CC ID 09489 | System hardening through configuration management | Preventive | |
| Configure the "which NAT address to be displayed in the Polycom Global Directory Server" setting to organizational standards. CC ID 09490 | System hardening through configuration management | Preventive | |
| Configure the "ISDN interface" setting to organizational standards. CC ID 09491 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI switch type" setting to organizational standards. CC ID 09492 | System hardening through configuration management | Preventive | |
| Configure the "all ISDN BRI lines" setting to organizational standards. CC ID 09493 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI line 1" setting to organizational standards. CC ID 09494 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI line 2" setting to organizational standards. CC ID 09495 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI line 3" setting to organizational standards. CC ID 09496 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI line 4" setting to organizational standards. CC ID 09497 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI country code" setting to organizational standards. CC ID 09498 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI area code" setting to organizational standards. CC ID 09499 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI number 1a" setting to organizational standards. CC ID 09500 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI number 1b" setting to organizational standards. CC ID 09501 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI number 2a" setting to organizational standards. CC ID 09502 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI number 2b" setting to organizational standards. CC ID 09503 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI number 3a" setting to organizational standards. CC ID 09504 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI number 3b" setting to organizational standards. CC ID 09505 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI number 4a" setting to organizational standards. CC ID 09506 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI number 4b" setting to organizational standards. CC ID 09507 | System hardening through configuration management | Preventive | |
| Configure the "auto BRI setting that allows SPID numbers to be assigned in NI1 or NI2" setting to organizational standards. CC ID 09508 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI SPID number 1a" setting to organizational standards. CC ID 09509 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI SPID number 1b" setting to organizational standards. CC ID 09510 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI SPID number 2a" setting to organizational standards. CC ID 09511 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI SPID number 2b" setting to organizational standards. CC ID 09512 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI SPID number 3a" setting to organizational standards. CC ID 09513 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI SPID number 3b" setting to organizational standards. CC ID 09514 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI SPID number 4a" setting to organizational standards. CC ID 09515 | System hardening through configuration management | Preventive | |
| Configure the "ISDN BRI SPID number 4b" setting to organizational standards. CC ID 09516 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI switch type" setting to organizational standards. CC ID 09517 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI call by call value" setting to organizational standards. CC ID 09518 | System hardening through configuration management | Preventive | |
| Configure the "each ISDN PRI channels" setting to organizational standards. CC ID 09519 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI T1 CSU mode type" setting to organizational standards. CC ID 09520 | System hardening through configuration management | Preventive | |
| Configure the "number of ISDN PRI channels allowed to be dialed in parallel" setting to organizational standards. CC ID 09521 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI international prefix" setting to organizational standards. CC ID 09522 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI T1 line buildout for internal CSUs" setting to organizational standards. CC ID 09523 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI T1 line buildout for external CSUs" setting to organizational standards. CC ID 09524 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI line signal" setting to organizational standards. CC ID 09525 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI numbering plan" setting to organizational standards. CC ID 09526 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI outside line number" setting to organizational standards. CC ID 09527 | System hardening through configuration management | Preventive | |
| Configure the "ISDN PRI number" setting to organizational standards. CC ID 09528 | System hardening through configuration management | Preventive | |
| Configure the "V.35" setting to organizational standards CC ID 09529 | System hardening through configuration management | Preventive | |
| Configure the "V.35 number for port 1" setting to organizational standards CC ID 09530 | System hardening through configuration management | Preventive | |
| Configure the "V.35 number for port 2" setting to organizational standards CC ID 09531 | System hardening through configuration management | Preventive | |
| Configure the "V.35 prefix" setting to organizational standards CC ID 09532 | System hardening through configuration management | Preventive | |
| Configure the "V.35 suffix" setting to organizational standards CC ID 09533 | System hardening through configuration management | Preventive | |
| Configure the "V.35 CTS" setting to organizational standards CC ID 09534 | System hardening through configuration management | Preventive | |
| Configure the "V.35 DCD filter" setting to organizational standards CC ID 09535 | System hardening through configuration management | Preventive | |
| Configure the "V.35 DCD" setting to organizational standards CC ID 09536 | System hardening through configuration management | Preventive | |
| Configure the "V.35 DSR answer" setting to organizational standards CC ID 09537 | System hardening through configuration management | Preventive | |
| Configure the "V.35 DSR" setting to organizational standards CC ID 09538 | System hardening through configuration management | Preventive | |
| Configure the "V.35 DTR" setting to organizational standards CC ID 09539 | System hardening through configuration management | Preventive | |
| Configure the "V.35 RT" setting to organizational standards CC ID 09540 | System hardening through configuration management | Preventive | |
| Configure the "V.35 RTS" setting to organizational standards CC ID 09541 | System hardening through configuration management | Preventive | |
| Configure the "V.35 ST" setting to organizational standards CC ID 09542 | System hardening through configuration management | Preventive | |
| Configure the "V.35 broadcast mode" setting to organizational standards CC ID 09543 | System hardening through configuration management | Preventive | |
| Configure the "RS-366 dialing" setting to organizational standards. CC ID 09544 | System hardening through configuration management | Preventive | |
| Configure the "V.35 protocol used " setting to organizational standards CC ID 09545 | System hardening through configuration management | Preventive | |
| Configure the "V.35 profile used " setting to organizational standards CC ID 09546 | System hardening through configuration management | Preventive | |
| Configure the "V.35 H.331 audio mode" setting to organizational standards CC ID 09547 | System hardening through configuration management | Preventive | |
| Configure the "V.35 H.331 dual stream" setting to organizational standards CC ID 09548 | System hardening through configuration management | Preventive | |
| Configure the "V.35 H.331 frame rate" setting to organizational standards CC ID 09549 | System hardening through configuration management | Preventive | |
| Configure the "V.35 H.331 video format" setting to organizational standards CC ID 09550 | System hardening through configuration management | Preventive | |
| Configure the "V.35 H.331 video protocol" setting to organizational standards CC ID 09551 | System hardening through configuration management | Preventive | |
| Configure the "IPv4 address assignment method" setting to organizational standards. CC ID 09552 | System hardening through configuration management | Preventive | |
| Configure the "IPv4 address" setting to organizational standards. CC ID 09553 | System hardening through configuration management | Preventive | |
| Configure the "default gateway" setting to organizational standards. CC ID 09554 | System hardening through configuration management | Preventive | |
| Configure the "IPv4 subnet mask" setting to organizational standards. CC ID 09555 | System hardening through configuration management | Preventive | |
| Configure IPv6 extension headers to organizational standards. CC ID 16398 | System hardening through configuration management | Preventive | |
| Configure the "IPv6 address assignment method" setting to organizational standards. CC ID 09556 | System hardening through configuration management | Preventive | |
| Configure the "IPv6 link-local address" setting to organizational standards. CC ID 09557 | System hardening through configuration management | Preventive | |
| Configure the "IPv6 site-local address" setting to organizational standards. CC ID 09558 | System hardening through configuration management | Preventive | |
| Configure the "IPv6 global address" setting to organizational standards. CC ID 09559 | System hardening through configuration management | Preventive | |
| Configure the "default gateway" setting for "IPv6" to organizational standards. CC ID 09560 | System hardening through configuration management | Preventive | |
| Configure the "system domain name" setting to organizational standards. CC ID 09561 | System hardening through configuration management | Preventive | |
| Configure the "primary DNS server address" setting to organizational standards. CC ID 09562 | System hardening through configuration management | Preventive | |
| Configure the "secondary DNS server address" setting to organizational standards. CC ID 09563 | System hardening through configuration management | Preventive | |
| Configure the "third DNS server address" setting to organizational standards. CC ID 09564 | System hardening through configuration management | Preventive | |
| Configure the "fourth DNS server address" setting to organizational standards. CC ID 09565 | System hardening through configuration management | Preventive | |
| Configure the "system LAN speed" setting to organizational standards. CC ID 09566 | System hardening through configuration management | Preventive | |
| Configure the "system duplex mode" setting to organizational standards. CC ID 09567 | System hardening through configuration management | Preventive | |
| Configure the "system to ignore redirect messages" setting to organizational standards. CC ID 09568 | System hardening through configuration management | Preventive | |
| Configure the "system ICMP transmission rate limit (in milliseconds)" setting to organizational standards. CC ID 09569 | System hardening through configuration management | Preventive | |
| Configure the "generate destination unreachable messages" setting to organizational standards. CC ID 09570 | System hardening through configuration management | Preventive | |
| Configure the "respond to broadcast and multicast echo requests" setting to organizational standards. CC ID 09571 | System hardening through configuration management | Preventive | |
| Configure the "IPv6 DAD transmit count" setting to organizational standards. CC ID 09572 | System hardening through configuration management | Preventive | |
| Configure the "phone number of the room where the system is located" setting to organizational standards. CC ID 09573 | System hardening through configuration management | Preventive | |
| Configure the "GMS tech support contact name" setting to organizational standards. CC ID 09574 | System hardening through configuration management | Preventive | |
| Configure the "GMS tech support contact email" setting to organizational standards. CC ID 09575 | System hardening through configuration management | Preventive | |
| Configure the "GMS tech support contact phone number" setting to organizational standards. CC ID 09576 | System hardening through configuration management | Preventive | |
| Configure the "GMS tech support contact fax number" setting to organizational standards. CC ID 09577 | System hardening through configuration management | Preventive | |
| Configure the "GMS tech support contact city" setting to organizational standards. CC ID 09578 | System hardening through configuration management | Preventive | |
| Configure the "GMS tech support contact state" setting to organizational standards. CC ID 09579 | System hardening through configuration management | Preventive | |
| Configure the "GMS tech support contact country" setting to organizational standards. CC ID 09580 | System hardening through configuration management | Preventive | |
| Configure the "security profile" setting to organizational standards. CC ID 09581 | System hardening through configuration management | Preventive | |
| Configure the "allow PC LAN port access" setting to organizational standards. CC ID 09582 | System hardening through configuration management | Preventive | |
| Configure the "require certificate validation for web server" setting to organizational standards. CC ID 09583 | System hardening through configuration management | Preventive | |
| Configure the "require certificate validation for peer client applications" setting to organizational standards. CC ID 09584 | System hardening through configuration management | Preventive | |
| Configure the "maximum peer certificate chain depth" setting to organizational standards. CC ID 09585 | System hardening through configuration management | Preventive | |
| Configure the "certificate revocation method" setting to organizational standards. CC ID 09586 | System hardening through configuration management | Preventive | |
| Configure the "allow incomplete revocation checks" setting to organizational standards. CC ID 09587 | System hardening through configuration management | Preventive | |
| Configure the "the global responder specified in the certificate" setting to organizational standards. CC ID 09588 | System hardening through configuration management | Preventive | |
| Configure the "require login for system access" setting to organizational standards. CC ID 09589 | System hardening through configuration management | Preventive | |
| Configure the "allow the local password to be used for remote access" setting to organizational standards. CC ID 09590 | System hardening through configuration management | Preventive | |
| Configure the "allow remote access via web" setting to organizational standards. CC ID 09591 | System hardening through configuration management | Preventive | |
| Configure the "web access port number" setting to organizational standards. CC ID 09592 | System hardening through configuration management | Preventive | |
| Configure the "require whitelist" setting to organizational standards. CC ID 09593 | System hardening through configuration management | Preventive | |
| Configure the "allow remote access via telnet" setting to organizational standards. CC ID 09594 | System hardening through configuration management | Preventive | |
| Configure the "allow remote access via SNMP" setting to organizational standards. CC ID 09595 | System hardening through configuration management | Preventive | |
| Configure the "allow video display on the web" setting to organizational standards. CC ID 09596 | System hardening through configuration management | Preventive | |
| Configure the "require display of a security banner upon login" setting to organizational standards. CC ID 09597 | System hardening through configuration management | Preventive | |
| Configure the "custom text for the local security banner" setting to organizational standards. CC ID 09598 | System hardening through configuration management | Preventive | |
| Configure the "custom text for the web security banner" setting to organizational standards. CC ID 09599 | System hardening through configuration management | Preventive | |
| Configure the "allow a non-admin user to make changes to the local system address book" setting to organizational standards. CC ID 09600 | System hardening through configuration management | Preventive | |
| Configure the "allow a non-admin user to make changes to the camera presets" setting to organizational standards. CC ID 09601 | System hardening through configuration management | Preventive | |
| Configure the "allow mixed protocol (IP and ISDN) multipoint calls" setting to organizational standards. CC ID 09602 | System hardening through configuration management | Preventive | |
| Configure the "require Active Directory authentication" setting to organizational standards. CC ID 09603 | System hardening through configuration management | Preventive | |
| Configure the "Active Directory server address" setting to organizational standards. CC ID 09604 | System hardening through configuration management | Preventive | |
| Configure the "Active Directory admin group" setting to organizational standards. CC ID 09605 | System hardening through configuration management | Preventive | |
| Configure the "Active Directory user group" setting to organizational standards. CC ID 09606 | System hardening through configuration management | Preventive | |
| Configure the "require admin password for remote login" setting to organizational standards. CC ID 09607 | System hardening through configuration management | Preventive | |
| Configure the "RS-232 serial port access mode" setting to organizational standards. CC ID 09608 | System hardening through configuration management | Preventive | |
| Configure the "RS-232 serial port baud rate" setting to organizational standards. CC ID 09609 | System hardening through configuration management | Preventive | |
| Configure the "require AES encryption" setting to organizational standards. CC ID 09610 | System hardening through configuration management | Preventive | |
| Configure the "SIP" setting to organizational standards. CC ID 09611 | System hardening through configuration management | Preventive | |
| Configure the "allow recent call list to be accessible" setting to organizational standards. CC ID 09612 | System hardening through configuration management | Preventive | |
| Configure the "allow the last number dialed to be accessible" setting to organizational standards. CC ID 09613 | System hardening through configuration management | Preventive | |
| Configure the "allow far end control of the near camera" setting to organizational standards. CC ID 09614 | System hardening through configuration management | Preventive | |
| Configure the "allow a call detail report to be created and maintained" setting to organizational standards. CC ID 09615 | System hardening through configuration management | Preventive | |
| Configure the "Availability Control (Do Not Disturb) for all calls" setting to organizational standards. CC ID 09616 | System hardening through configuration management | Preventive | |
| Configure the "Do Not Disturb only for point to point calls" setting to organizational standards. CC ID 09617 | System hardening through configuration management | Preventive | |
| Configure the "Do Not Disturb only for multipoint calls" setting to organizational standards. CC ID 09618 | System hardening through configuration management | Preventive | |
| Configure the "require the admin account to be locked after a certain number of failed login attempts" setting to organizational standards. CC ID 09619 | System hardening through configuration management | Preventive | |
| Configure the "admin account lock duration (in minutes)" setting to organizational standards. CC ID 09620 | System hardening through configuration management | Preventive | |
| Configure the "require the user account to be locked after a certain number of unsuccessful logon attempts" setting to organizational standards. CC ID 09621 | System hardening through configuration management | Preventive | |
| Configure the "user account lock duration (in minutes)" setting to organizational standards. CC ID 09622 | System hardening through configuration management | Preventive | |
| Configure the "idle session timeout (in minutes)" setting to organizational standards. CC ID 09623 | System hardening through configuration management | Preventive | |
| Configure the "monitoring of inactive web sessions " setting to organizational standards. CC ID 09624 | System hardening through configuration management | Preventive | |
| Configure the "list of all sessions (local, web and serial) visible on the local or web GUI" setting to organizational standards. CC ID 09625 | System hardening through configuration management | Preventive | |
| Configure the "maximum number of concurrent active web sessions" setting to organizational standards. CC ID 09626 | System hardening through configuration management | Preventive | |
| Configure the "number of failed login attempts on the web interface and serial port (port lockout) after which the interface will be locked" setting to organizational standards. CC ID 09627 | System hardening through configuration management | Preventive | |
| Configure the "web interface and serial port (port lockout) lock duration should (in minutes) be configured" setting to organizational standards. CC ID 09628 | System hardening through configuration management | Preventive | |
| Configure the "local (room) admin password" setting to organizational standards. CC ID 09629 | System hardening through configuration management | Preventive | |
| Configure the "remote access admin password" setting to organizational standards. CC ID 09630 | System hardening through configuration management | Preventive | |
| Configure the "local (room) user password" setting to organizational standards. CC ID 09631 | System hardening through configuration management | Preventive | |
| Configure the "meeting password" setting to organizational standards. CC ID 09632 | System hardening through configuration management | Preventive | |
| Configure the "MCU password" setting to organizational standards. CC ID 09633 | System hardening through configuration management | Preventive | |
| Configure the "minimum length required for a local (room) admin password" setting to organizational standards. CC ID 09634 | System hardening through configuration management | Preventive | |
| Configure the "require that the local (room) admin password contain lower case characters" setting to organizational standards. CC ID 09635 | System hardening through configuration management | Preventive | |
| Configure the "require that the local (room) admin password contain upper case characters" setting to organizational standards. CC ID 09636 | System hardening through configuration management | Preventive | |
| Configure the "require that the local (room) admin password contain numbers" setting to organizational standards. CC ID 09637 | System hardening through configuration management | Preventive | |
| Configure the "require that the local (room) admin password contain special characters" setting to organizational standards. CC ID 09638 | System hardening through configuration management | Preventive | |
| Configure the "reject a certain number of previous local (room) admin passwords when creating a new password" setting to organizational standards. CC ID 09639 | System hardening through configuration management | Preventive | |
| Configure the "minimum age for the local (room) admin password before it can be changed" setting to organizational standards. CC ID 09640 | System hardening through configuration management | Preventive | |
| Configure the "maximum age for the local (room) admin password after which it must be changed" setting to organizational standards. CC ID 09641 | System hardening through configuration management | Preventive | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the local (room) admin password is about to expire" setting to organizational standards. CC ID 09642 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of characters that must be changed when creating a new local (room) admin password" setting to organizational standards. CC ID 09643 | System hardening through configuration management | Preventive | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new local (room) admin password" setting to organizational standards. CC ID 09644 | System hardening through configuration management | Preventive | |
| Configure the "the local (room) admin password can contain the admin account name or the reverse of the account name" setting to organizational standards. CC ID 09645 | System hardening through configuration management | Preventive | |
| Configure the "minimum length required for a remote admin password" setting to organizational standards. CC ID 09646 | System hardening through configuration management | Preventive | |
| Configure the "require that the remote admin password contain lower case characters" setting to organizational standards. CC ID 09647 | System hardening through configuration management | Preventive | |
| Configure the "require that the remote admin password contain upper case characters" setting to organizational standards. CC ID 09648 | System hardening through configuration management | Preventive | |
| Configure the "require that the remote admin password contain numbers" setting to organizational standards. CC ID 09649 | System hardening through configuration management | Preventive | |
| Configure the "require that the remote admin password contain special characters" setting to organizational standards. CC ID 09650 | System hardening through configuration management | Preventive | |
| Configure the "reject a certain number of previous remote admin passwords when creating a new password" setting to organizational standards. CC ID 09651 | System hardening through configuration management | Preventive | |
| Configure the "minimum age for the remote admin password before it can be changed" setting to organizational standards. CC ID 09652 | System hardening through configuration management | Preventive | |
| Configure the "maximum age for the remote admin password after which it must be changed" setting to organizational standards. CC ID 09653 | System hardening through configuration management | Preventive | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the remote admin password is about to expire" setting to organizational standards. CC ID 09654 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of characters that must be changed when creating a new remote admin password" setting to organizational standards. CC ID 09655 | System hardening through configuration management | Preventive | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new remote admin password" setting to organizational standards. CC ID 09656 | System hardening through configuration management | Preventive | |
| Configure the "remote admin password can contain the admin account name or the reverse of the account name" setting to organizational standards. CC ID 09657 | System hardening through configuration management | Preventive | |
| Configure the "minimum length required for a local (room) user password" setting to organizational standards. CC ID 09658 | System hardening through configuration management | Preventive | |
| Configure the "require that the local (room) user password contain lower case characters" setting to organizational standards. CC ID 09659 | System hardening through configuration management | Preventive | |
| Configure the "require that the local (room) user password contain upper case characters" setting to organizational standards. CC ID 09660 | System hardening through configuration management | Preventive | |
| Configure the "require that the local (room) user password contain numbers" setting to organizational standards. CC ID 09661 | System hardening through configuration management | Preventive | |
| Configure the "require that the local (room) user password contain special characters" setting to organizational standards. CC ID 09662 | System hardening through configuration management | Preventive | |
| Configure the "reject a certain number of previous local (room) user passwords when creating a new password" setting to organizational standards. CC ID 09663 | System hardening through configuration management | Preventive | |
| Configure the "minimum age for the local (room) user password before it can be changed" setting to organizational standards. CC ID 09664 | System hardening through configuration management | Preventive | |
| Configure the "maximum age for the local (room) user password after which it must be changed" setting to organizational standards. CC ID 09665 | System hardening through configuration management | Preventive | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the local (room) user password is about to expire" setting to organizational standards. CC ID 09666 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of characters that must be changed when creating a new local (room) user password" setting to organizational standards. CC ID 09667 | System hardening through configuration management | Preventive | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new local (room) user password" setting to organizational standards. CC ID 09668 | System hardening through configuration management | Preventive | |
| Configure the "the local (room) user password can contain the user account name or the reverse of the account name" setting to organizational standards. CC ID 09669 | System hardening through configuration management | Preventive | |
| Configure the "minimum length required for a meeting password" setting to organizational standards. CC ID 09670 | System hardening through configuration management | Preventive | |
| Configure the "require that the meeting password contain lower case characters" setting to organizational standards. CC ID 09671 | System hardening through configuration management | Preventive | |
| Configure the "require that the meeting password contain upper case characters" setting to organizational standards. CC ID 09672 | System hardening through configuration management | Preventive | |
| Configure the "require that the meeting password contain numbers" setting to organizational standards. CC ID 09673 | System hardening through configuration management | Preventive | |
| Configure the "require that the meeting password contain special characters" setting to organizational standards. CC ID 09674 | System hardening through configuration management | Preventive | |
| Configure the "reject a certain number of previous meeting passwords when creating a new meeting password" setting to organizational standards. CC ID 09675 | System hardening through configuration management | Preventive | |
| Configure the "minimum age for the meeting password before it can be changed" setting to organizational standards. CC ID 09676 | System hardening through configuration management | Preventive | |
| Configure the "maximum age for the meeting password after which it must be changed" setting to organizational standards. CC ID 09677 | System hardening through configuration management | Preventive | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the meeting password is about to expire" setting to organizational standards. CC ID 09678 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of characters that must be changed when creating a new meeting password" setting to organizational standards. CC ID 09679 | System hardening through configuration management | Preventive | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new meeting password" setting to organizational standards. CC ID 09680 | System hardening through configuration management | Preventive | |
| Configure the "allow access to security related settings by non-admin users" setting to organizational standards. CC ID 09681 | System hardening through configuration management | Preventive | |
| Configure the "NTLM version" setting to organizational standards. CC ID 09682 | System hardening through configuration management | Preventive | |
| Configure the "folder name to be used when downloading log files" setting to organizational standards. CC ID 09683 | System hardening through configuration management | Preventive | |
| Configure the "percent filled threshold above which a warning will be provided if log files exceed it" setting to organizational standards. CC ID 09684 | System hardening through configuration management | Preventive | |
| Configure the "frequency of transferring logs to a storage device then deleting the logs from the system" setting to organizational standards. CC ID 09685 | System hardening through configuration management | Preventive | |
| Configure the "show content immediately upon connecting a computer to the system" setting to organizational standards. CC ID 09686 | System hardening through configuration management | Preventive | |
| Configure the "require an account number to dial a call" setting to organizational standards. CC ID 09687 | System hardening through configuration management | Preventive | |
| Configure the "require validation of an account number before allowing a call to be dialed" setting to organizational standards. CC ID 09688 | System hardening through configuration management | Preventive | |
| Configure the "maximum time that a call can be connected" setting to organizational standards. CC ID 09689 | System hardening through configuration management | Preventive | |
| Configure the "mute a call that is auto answered" setting to organizational standards. CC ID 09690 | System hardening through configuration management | Preventive | |
| Configure the "H.460 firewall traversal" setting to organizational standards CC ID 09691 | System hardening through configuration management | Preventive | |
| Configure the "POTS" setting to organizational standards. CC ID 09692 | System hardening through configuration management | Preventive | |
| Configure the "POTS area code manually" setting to organizational standards. CC ID 09693 | System hardening through configuration management | Preventive | |
| Configure the "POTS number manually" setting to organizational standards. CC ID 09694 | System hardening through configuration management | Preventive | |
| Configure the "allow a Polycom Touch Control panel to pair with the system" setting to organizational standards. CC ID 09695 | System hardening through configuration management | Preventive | |
| Configure the "screen saver wait time" setting to organizational standards. CC ID 09696 | System hardening through configuration management | Preventive | |
| Configure the "video call dial order" setting to organizational standards. CC ID 09697 | System hardening through configuration management | Preventive | |
| Configure the "voice call dial order" setting to organizational standards. CC ID 09698 | System hardening through configuration management | Preventive | |
| Configure the "diagnostic (basic) mode" setting to organizational standards. CC ID 09699 | System hardening through configuration management | Preventive | |
| Configure the "dual monitor emulation" setting to organizational standards. CC ID 09700 | System hardening through configuration management | Preventive | |
| Configure the "H.239" setting to organizational standards CC ID 09701 | System hardening through configuration management | Preventive | |
| Configure the "VGA quality preference" setting to organizational standards. CC ID 09702 | System hardening through configuration management | Preventive | |
| Configure the "power button on the IR remote control" setting to organizational standards. CC ID 09703 | System hardening through configuration management | Preventive | |
| Configure the "numeric keypad function on the IR remote control" setting to organizational standards. CC ID 09704 | System hardening through configuration management | Preventive | |
| Configure the "allow use of a non-Polycom IR remote control" setting to organizational standards. CC ID 09705 | System hardening through configuration management | Preventive | |
| Configure the "channel ID for the IR remote control" setting to organizational standards. CC ID 09706 | System hardening through configuration management | Preventive | |
| Configure the "transcoding" setting to organizational standards. CC ID 09707 | System hardening through configuration management | Preventive | |
| Configure the "allow the system to dial any calls" setting to organizational standards. CC ID 09708 | System hardening through configuration management | Preventive | |
| Configure the "preferred dialing method" setting to organizational standards. CC ID 09709 | System hardening through configuration management | Preventive | |
| Configure the "domain of the provisioning server" setting to organizational standards. CC ID 09710 | System hardening through configuration management | Preventive | |
| Configure the "user name to connect to the provisioning server" setting to organizational standards. CC ID 09711 | System hardening through configuration management | Preventive | |
| Configure the "password to connect to the provisioning server" setting to organizational standards. CC ID 09712 | System hardening through configuration management | Preventive | |
| Configure the "server address of the provisioning server" setting to organizational standards. CC ID 09713 | System hardening through configuration management | Preventive | |
| Configure the "SNMP admin name" setting to organizational standards. CC ID 09714 | System hardening through configuration management | Preventive | |
| Configure the "SNMP community name" setting to organizational standards. CC ID 09715 | System hardening through configuration management | Preventive | |
| Configure the "SNMP console address" setting to organizational standards. CC ID 09716 | System hardening through configuration management | Preventive | |
| Configure the "SNMP location" setting to organizational standards. CC ID 09717 | System hardening through configuration management | Preventive | |
| Configure the "SNMP system description" setting to organizational standards. CC ID 09718 | System hardening through configuration management | Preventive | |
| Configure the "SNMP trap version" setting to organizational standards. CC ID 09719 | System hardening through configuration management | Preventive | |
| Configure Apache and Tomcat to Organizational Standards. CC ID 08987 | System hardening through configuration management | Preventive | |
| Configure the "demo CGI printenv.pl" setting to organizational standards. CC ID 08993 | System hardening through configuration management | Preventive | |
| Configure the "testcgi" setting to organizational standards. CC ID 08994 | System hardening through configuration management | Preventive | |
| Configure the "FollowSymLinks" setting for the "DocumentRoot" to organizational standards. CC ID 08995 | System hardening through configuration management | Preventive | |
| Configure the "IncludesNOEXEC" setting for the "DocumentRoot" to organizational standards. CC ID 08996 | System hardening through configuration management | Preventive | |
| Configure the "Indexes" setting for the "DocumentRoot" to organizational standards. CC ID 08997 | System hardening through configuration management | Preventive | |
| Configure the "Allow" setting for the "OS root" to organizational standards. CC ID 08998 | System hardening through configuration management | Preventive | |
| Configure the "Allow" setting to organizational standards. CC ID 08999 | System hardening through configuration management | Preventive | |
| Configure the "KeepAlive" setting to organizational standards. CC ID 09000 | System hardening through configuration management | Preventive | |
| Configure the "KeepAliveTimeout" setting to organizational standards. CC ID 09001 | System hardening through configuration management | Preventive | |
| Configure the "LimitRequestBody" setting to organizational standards. CC ID 09002 | System hardening through configuration management | Preventive | |
| Configure the "LimitRequestFields" setting to organizational standards. CC ID 09003 | System hardening through configuration management | Preventive | |
| Configure the "LimitRequestFieldSizeBody" setting to organizational standards. CC ID 09004 | System hardening through configuration management | Preventive | |
| Configure the "LimitRequestline" setting to organizational standards. CC ID 09005 | System hardening through configuration management | Preventive | |
| Configure the "loglevel" setting to organizational standards. CC ID 09006 | System hardening through configuration management | Preventive | |
| Configure the "MaxClients" setting to organizational standards. CC ID 09007 | System hardening through configuration management | Preventive | |
| Configure the "ServerTokens" setting to organizational standards. CC ID 09008 | System hardening through configuration management | Preventive | |
| Configure the "Timeout" setting to organizational standards. CC ID 09009 | System hardening through configuration management | Preventive | |
| Configure the "apache access log file" setting to organizational standards. CC ID 09010 | System hardening through configuration management | Preventive | |
| Configure the "AllowOverride" for "OS root" to organizational standards. CC ID 09011 | System hardening through configuration management | Preventive | |
| Configure the "AllowOverride" setting for "web site root directories" to organizational standards. CC ID 09012 | System hardening through configuration management | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 400 errors" to organizational standards. CC ID 09013 | System hardening through configuration management | Preventive | |
| Configure the "Group" setting to organizational standards. CC ID 09014 | System hardening through configuration management | Preventive | |
| Configure the "runtime rewriting engine" setting to organizational standards. CC ID 09015 | System hardening through configuration management | Preventive | |
| Configure the "ServerSignature" setting to organizational standards. CC ID 09016 | System hardening through configuration management | Preventive | |
| Configure the "apache system logging" setting to organizational standards. CC ID 09017 | System hardening through configuration management | Preventive | |
| Configure the "User" setting to organizational standards. CC ID 09019 | System hardening through configuration management | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 401 errors" to organizational standards. CC ID 09020 | System hardening through configuration management | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 403 errors" to organizational standards. CC ID 09021 | System hardening through configuration management | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 404 errors" to organizational standards. CC ID 09022 | System hardening through configuration management | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 405 errors" to organizational standards. CC ID 09023 | System hardening through configuration management | Preventive | |
| Configure the "ErrorDocument" setting for "HTTP 500 errors" to organizational standards. CC ID 09024 | System hardening through configuration management | Preventive | |
| Configure the "Deny" setting for the "OS root" to organizational standards. CC ID 09025 | System hardening through configuration management | Preventive | |
| Configure the "Deny" setting to organizational standards. CC ID 09026 | System hardening through configuration management | Preventive | |
| Configure the "error log file" setting to organizational standards. CC ID 09040 | System hardening through configuration management | Preventive | |
| Configure the "Includes" setting for the "DocumentRoot" to organizational standards. CC ID 09046 | System hardening through configuration management | Preventive | |
| Configure the "MultiViews" setting for the "DocumentRoot" to organizational standards. CC ID 09047 | System hardening through configuration management | Preventive | |
| Configure the "Order" setting for the "OS root" to organizational standards. CC ID 09048 | System hardening through configuration management | Preventive | |
| Configure the "permitted HTTP request methods" setting to organizational standards. CC ID 09049 | System hardening through configuration management | Preventive | |
| Configure the "httpd.conf" file to organizational standards. CC ID 09050 | System hardening through configuration management | Preventive | |
| Configure the "htpasswd" file to organizational standards. CC ID 09053 | System hardening through configuration management | Preventive | |
| Configure the "Server Administrator email address" setting to organizational standards. CC ID 09054 | System hardening through configuration management | Preventive | |
| Configure the "StartServers" setting to organizational standards. CC ID 09060 | System hardening through configuration management | Preventive | |
| Configure the "MinSpareServers" setting to organizational standards. CC ID 09061 | System hardening through configuration management | Preventive | |
| Configure the "MaxSpareServers" setting to organizational standards. CC ID 09062 | System hardening through configuration management | Preventive | |
| Configure the "ExecCGI" setting for the "DocumentRoot" to organizational standards. CC ID 09063 | System hardening through configuration management | Preventive | |
| Configure the "Order" setting for "all DocumentRoots" to organizational standards. CC ID 09064 | System hardening through configuration management | Preventive | |
| Configure the "Order" setting to organizational standards. CC ID 09065 | System hardening through configuration management | Preventive | |
| Configure the "action directive" setting to organizational standards. CC ID 09066 | System hardening through configuration management | Preventive | |
| Configure the "AddHandler directive" setting to organizational standards. CC ID 09067 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous sharing of Apache's web content directories with nfs" setting to organizational standards. CC ID 09068 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous sharing of Apache's web content directories with smb" setting to organizational standards. CC ID 09069 | System hardening through configuration management | Preventive | |
| Configure the "MaxKeepAliveRequests" setting to organizational standards. CC ID 09070 | System hardening through configuration management | Preventive | |
| Configure the "log_config_module" setting to organizational standards. CC ID 09072 | System hardening through configuration management | Preventive | |
| Configure the "disallow paths and files" setting for "robots.txt" to organizational standards. CC ID 09105 | System hardening through configuration management | Preventive | |
| Configure the "ssl_module" setting to organizational standards. CC ID 09106 | System hardening through configuration management | Preventive | |
| Configure the "SSLProtocol" setting to organizational standards. CC ID 09107 | System hardening through configuration management | Preventive | |
| Configure the "SSLEngine" setting to organizational standards. CC ID 09108 | System hardening through configuration management | Preventive | |
| Configure the "apache online manual" setting to organizational standards. CC ID 09109 | System hardening through configuration management | Preventive | |
| Configure the "FollowSymLinks" setting for "all options directives" to organizational standards. CC ID 09110 | System hardening through configuration management | Preventive | |
| Configure the "Includes" setting for "all options directives" to organizational standards. CC ID 09111 | System hardening through configuration management | Preventive | |
| Configure the "IncludesNoExec" setting for "all options directives" to organizational standards. CC ID 09112 | System hardening through configuration management | Preventive | |
| Configure the "MultiViews" setting for "all options directives" to organizational standards. CC ID 09113 | System hardening through configuration management | Preventive | |
| Configure the "Indexes" setting for "all options directives" to organizational standards. CC ID 09114 | System hardening through configuration management | Preventive | |
| Configure the "dav_module" setting to organizational standards. CC ID 09115 | System hardening through configuration management | Preventive | |
| Configure the "dav_fs_module" setting to organizational standards. CC ID 09116 | System hardening through configuration management | Preventive | |
| Configure the "info_module" setting to organizational standards. CC ID 09117 | System hardening through configuration management | Preventive | |
| Configure the "status_module" setting to organizational standards. CC ID 09118 | System hardening through configuration management | Preventive | |
| Configure the "proxy_module" setting to organizational standards. CC ID 09119 | System hardening through configuration management | Preventive | |
| Configure the "proxy_ftp_module" setting to organizational standards. CC ID 09120 | System hardening through configuration management | Preventive | |
| Configure the "proxy_http_module" setting to organizational standards. CC ID 09121 | System hardening through configuration management | Preventive | |
| Configure the "proxy_connect_module" setting to organizational standards. CC ID 09122 | System hardening through configuration management | Preventive | |
| Configure the "ExecCGI" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09130 | System hardening through configuration management | Preventive | |
| Configure the "FollowSymLinks" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09131 | System hardening through configuration management | Preventive | |
| Configure the "Includes" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09132 | System hardening through configuration management | Preventive | |
| Configure the "IncludesNoExec" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09133 | System hardening through configuration management | Preventive | |
| Configure the "Indexes" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09134 | System hardening through configuration management | Preventive | |
| Configure the "MultiViews" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09135 | System hardening through configuration management | Preventive | |
| Configure the "SymLinksIfOwnerMatch" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09136 | System hardening through configuration management | Preventive | |
| Configure the "TraceEnable" setting to organizational standards. CC ID 09137 | System hardening through configuration management | Preventive | |
| Configure the "listening IP address" setting to organizational standards. CC ID 09138 | System hardening through configuration management | Preventive | |
| Configure the "listening port" setting to organizational standards. CC ID 09139 | System hardening through configuration management | Preventive | |
| Configure the "ScriptAlias" setting to organizational standards. CC ID 09140 | System hardening through configuration management | Preventive | |
| Configure the "automatic directory indexing" setting to organizational standards. CC ID 09141 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous sharing of Apache's web content directories" setting to organizational standards. CC ID 09142 | System hardening through configuration management | Preventive | |
| Configure the "apache web server" setting to organizational standards. CC ID 09147 | System hardening through configuration management | Preventive | |
| Configure the "dav_lock_module" setting to organizational standards. CC ID 09150 | System hardening through configuration management | Preventive | |
| Configure the "proxy_ajp_module" setting to organizational standards. CC ID 09151 | System hardening through configuration management | Preventive | |
| Configure the "proxy_balancer_module" setting to organizational standards. CC ID 09152 | System hardening through configuration management | Preventive | |
| Configure the "CGI scripts for Apache Tomcat" setting to organizational standards. CC ID 09720 | System hardening through configuration management | Preventive | |
| Configure the "Access to Apache Tomcat's interactive scripts" setting to organizational standards. CC ID 09721 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.bak" files to organizational standards CC ID 09722 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.old" files to organizational standards CC ID 09723 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.temp" files to organizational standards CC ID 09724 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.tmp" files to organizational standards CC ID 09725 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Apache's backup CGI *.backup" files to organizational standards CC ID 09726 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Apache's backup CGI copy of*.*" files to organizational standards CC ID 09727 | System hardening through configuration management | Preventive | |
| Configure the "maxProcessors attribute" setting to organizational standards. CC ID 09728 | System hardening through configuration management | Preventive | |
| Configure the "access log valve" setting for the "tomcat Engine container" to organizational standards. CC ID 09730 | System hardening through configuration management | Preventive | |
| Configure the "access log valve" setting for the "tomcat Host container" to organizational standards. CC ID 09731 | System hardening through configuration management | Preventive | |
| Configure the "access log valve" setting for the "tomcat Context container" to organizational standards. CC ID 09732 | System hardening through configuration management | Preventive | |
| Configure the "disallow paths and files" setting for the "tomcat site robots.txt" file to organizational standards. CC ID 09745 | System hardening through configuration management | Preventive | |
| Configure the "tomcat SSLProtocol atribute" setting to organizational standards. CC ID 09746 | System hardening through configuration management | Preventive | |
| Configure the "tomcat Connector SSLEngine attribute" setting to organizational standards. CC ID 09747 | System hardening through configuration management | Preventive | |
| Configure the "tomcat Listener SSLEngine attribute" setting to organizational standards. CC ID 09748 | System hardening through configuration management | Preventive | |
| Configure the "tomcat server attribute" setting to organizational standards. CC ID 09749 | System hardening through configuration management | Preventive | |
| Configure the "account running the tomcat service" setting to organizational standards. CC ID 09750 | System hardening through configuration management | Preventive | |
| Configure the "tomcat server documentation" setting to organizational standards. CC ID 09751 | System hardening through configuration management | Preventive | |
| Configure the "tomcat js examples" setting to organizational standards. CC ID 09752 | System hardening through configuration management | Preventive | |
| Configure the "tomcat servlet examples" setting to organizational standards. CC ID 09753 | System hardening through configuration management | Preventive | |
| Configure the "tomcat webdav" folder to organizational standards. CC ID 09754 | System hardening through configuration management | Preventive | |
| Configure the "tomcat examples" folder to organizational standards. CC ID 09755 | System hardening through configuration management | Preventive | |
| Configure the "tomcat balancer" folder to organizational standards. CC ID 09756 | System hardening through configuration management | Preventive | |
| Configure the "tomcat pattern attribute" setting to organizational standards. CC ID 09757 | System hardening through configuration management | Preventive | |
| Configure the "Java Security Manager (JSM)" setting to organizational standards. CC ID 09758 | System hardening through configuration management | Preventive | |
| Configure the "run with the Java Security Manager upon startup" setting to organizational standards. CC ID 09759 | System hardening through configuration management | Preventive | |
| Configure the "shutdown port number" for the "tomcat server" to organizational standards. CC ID 09760 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Legacy JK AJP 1.3 connector" setting to organizational standards. CC ID 09761 | System hardening through configuration management | Preventive | |
| Configure the "port number" setting for the "Tomcat Legacy JK AJP 1.3 connector" to organizational standards. CC ID 09762 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Legacy HTTP/1.1 connector" setting to organizational standards. CC ID 09763 | System hardening through configuration management | Preventive | |
| Configure the "port number" for the "Tomcat Legacy HTTP/1.1 connector" to organizational standards. CC ID 09764 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat login authentication method" setting to organizational standards. CC ID 09765 | System hardening through configuration management | Preventive | |
| Configure the "security roles" for the "Tomcat manager app" to organizational standards. CC ID 09766 | System hardening through configuration management | Preventive | |
| Configure the "security roles" setting for the "tomcat admin app" to organizational standards. CC ID 09767 | System hardening through configuration management | Preventive | |
| Configure the "deny access to the Tomcat Admin app" setting to organizational standards. CC ID 09768 | System hardening through configuration management | Preventive | |
| Configure the "allow access to the Tomcat Admin app" setting to organizational standards. CC ID 09769 | System hardening through configuration management | Preventive | |
| Configure the "deny access to the Tomcat manager app" setting to organizational standards. CC ID 09770 | System hardening through configuration management | Preventive | |
| Configure the "allow access to the Tomcat manager app" setting to organizational standards. CC ID 09771 | System hardening through configuration management | Preventive | |
| Configure the "password digest algorithm" setting for "JDBCRealm (database) connections" to organizational standards. CC ID 09779 | System hardening through configuration management | Preventive | |
| Configure the "JDBCRealm (database) password digest algorithm" setting to organizational standards. CC ID 09780 | System hardening through configuration management | Preventive | |
| Configure the "password digest algorithm" setting for "JNDIRealm (LDAP) connections" to organizational standards. CC ID 09781 | System hardening through configuration management | Preventive | |
| Configure the "JNDIRealm (LDAP) password digest" setting to organizational standards. CC ID 09782 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat HTTP/1.1 connector" setting to organizational standards. CC ID 09783 | System hardening through configuration management | Preventive | |
| Configure the "port number" setting for the "Tomcat HTTP/1.1 connector" to organizational standards. CC ID 09784 | System hardening through configuration management | Preventive | |
| Configure the "secure attribute" for the "Tomcat HTTP/1.1 connectors" to organizational standards. CC ID 09785 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat Legacy JK/JK2 AJP 1.3 connector" setting to organizational standards. CC ID 09786 | System hardening through configuration management | Preventive | |
| Configure the "port number" setting for the "JK/JK2 AJP 1.3 connector" to organizational standards. CC ID 09787 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat WARP connector" setting to organizational standards. CC ID 09788 | System hardening through configuration management | Preventive | |
| Configure the "port number" setting for the "WARP connector" to organizational standards. CC ID 09789 | System hardening through configuration management | Preventive | |
| Configure the "location of the log files directory" setting for the "Logger element" to organizational standards. CC ID 09790 | System hardening through configuration management | Preventive | |
| Configure the "example server.xml" file to organizational standards. CC ID 09791 | System hardening through configuration management | Preventive | |
| Configure the "file prefix" setting for the "Logger element" to organizational standards. CC ID 09794 | System hardening through configuration management | Preventive | |
| Configure the "verbosity" setting for the "Logger element" to organizational standards. CC ID 09795 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat server port number" setting to organizational standards. CC ID 09797 | System hardening through configuration management | Preventive | |
| Configure the "secure attribute" for the "Tomcat JK/JK2 AJP 1.3 connectors" to organizational standards. CC ID 09803 | System hardening through configuration management | Preventive | |
| Configure the "JULI container level logging" setting to organizational standards. CC ID 09804 | System hardening through configuration management | Preventive | |
| Configure the "JULI FileHandler threshold level " setting to organizational standards. CC ID 09805 | System hardening through configuration management | Preventive | |
| Configure the "JULI FileHandler save directory " setting to organizational standards. CC ID 09806 | System hardening through configuration management | Preventive | |
| Configure the "JULI FileHandlerlog file name prefix " setting to organizational standards. CC ID 09807 | System hardening through configuration management | Preventive | |
| Configure the "grant of all permissions to Tomcat web applications" setting to organizational standards. CC ID 09808 | System hardening through configuration management | Preventive | |
| Configure the "example" files to organizational standards. CC ID 09809 | System hardening through configuration management | Preventive | |
| Configure the "WebDAV app" setting to organizational standards. CC ID 09810 | System hardening through configuration management | Preventive | |
| Configure the "Tomcat-docs" setting to organizational standards. CC ID 09811 | System hardening through configuration management | Preventive | |
| Configure the "Balancer app" setting to organizational standards. CC ID 09812 | System hardening through configuration management | Preventive | |
| Configure the "save directory for log files" setting to organizational standards. CC ID 09816 | System hardening through configuration management | Preventive | |
| Configure the "verify passwords in tomcat-users.xml are stored using an authorized digest" setting to organizational standards. CC ID 09817 | System hardening through configuration management | Preventive | |
| Configure IIS to Organizational Standards. CC ID 08988 | System hardening through configuration management | Preventive | |
| Configure the "IIS Web Root folder path" setting to organizational standards. CC ID 09153 | System hardening through configuration management | Preventive | |
| Configure the "IIS Web Root" directory to organizational standards. CC ID 09154 | System hardening through configuration management | Preventive | |
| Configure the "use the appropriate network interface" setting to organizational standards. CC ID 09155 | System hardening through configuration management | Preventive | |
| Configure the "Enable Logging" setting to organizational standards. CC ID 09167 | System hardening through configuration management | Preventive | |
| Configure the "Integrated Windows Authentication" setting to organizational standards. CC ID 09176 | System hardening through configuration management | Preventive | |
| Configure the "Special Characters In Shells" setting for the "WWW service" to organizational standards. CC ID 09177 | System hardening through configuration management | Preventive | |
| Configure the "IIS WWW service SSL error logging" setting to organizational standards. CC ID 09178 | System hardening through configuration management | Preventive | |
| Configure the "RDSServer.DataFactory object" setting to organizational standards. CC ID 09179 | System hardening through configuration management | Preventive | |
| Configure the "AdvancedDataFactory object" setting to organizational standards. CC ID 09180 | System hardening through configuration management | Preventive | |
| Configure the "VbBusObj.VbBusObjCls object" setting to organizational standards. CC ID 09181 | System hardening through configuration management | Preventive | |
| Configure the ".printer extension mapping" setting to organizational standards CC ID 09182 | System hardening through configuration management | Preventive | |
| Configure the ".htw extension mapping" setting to organizational standards CC ID 09183 | System hardening through configuration management | Preventive | |
| Configure the ".ida extension mapping" setting to organizational standards CC ID 09184 | System hardening through configuration management | Preventive | |
| Configure the ".idq extension mapping" setting to organizational standards CC ID 09185 | System hardening through configuration management | Preventive | |
| Configure the ".idc extension mapping" setting to organizational standards CC ID 09186 | System hardening through configuration management | Preventive | |
| Configure the ".shtm extension mapping" setting to organizational standards CC ID 09187 | System hardening through configuration management | Preventive | |
| Configure the ".stm extension mapping" setting to organizational standards CC ID 09188 | System hardening through configuration management | Preventive | |
| Configure the ".shtml extension mapping" setting to organizational standards CC ID 09189 | System hardening through configuration management | Preventive | |
| Configure the "Relative path traversal" setting to organizational standards. CC ID 09190 | System hardening through configuration management | Preventive | |
| Configure the "HTTP protocol logging" setting to organizational standards. CC ID 09199 | System hardening through configuration management | Preventive | |
| Configure the "Date logging" setting to organizational standards. CC ID 09200 | System hardening through configuration management | Preventive | |
| Configure the "Time logging" setting to organizational standards. CC ID 09201 | System hardening through configuration management | Preventive | |
| Configure the "Client IP Address logging" setting to organizational standards. CC ID 09202 | System hardening through configuration management | Preventive | |
| Configure the "User name logging" setting to organizational standards. CC ID 09203 | System hardening through configuration management | Preventive | |
| Configure the "User agent logging" setting to organizational standards. CC ID 09204 | System hardening through configuration management | Preventive | |
| Configure the "Method logging" setting to organizational standards. CC ID 09205 | System hardening through configuration management | Preventive | |
| Configure the "URI stem logging" setting to organizational standards. CC ID 09206 | System hardening through configuration management | Preventive | |
| Configure the "URL query logging" setting to organizational standards. CC ID 09207 | System hardening through configuration management | Preventive | |
| Configure the "Server IP address logging" setting to organizational standards. CC ID 09208 | System hardening through configuration management | Preventive | |
| Configure the "Server port logging" setting to organizational standards. CC ID 09209 | System hardening through configuration management | Preventive | |
| Configure the "Protocol status logging" setting to organizational standards. CC ID 09210 | System hardening through configuration management | Preventive | |
| Configure the "Win32 status logging" setting to organizational standards. CC ID 09211 | System hardening through configuration management | Preventive | |
| Configure the "HTTP Log folder path" setting to organizational standards. CC ID 09212 | System hardening through configuration management | Preventive | |
| Configure the "Web-based password reset IIS application mappings (.htr)" setting to organizational standards CC ID 09215 | System hardening through configuration management | Preventive | |
| Configure the "IIS Sample files" setting to organizational standards. CC ID 09216 | System hardening through configuration management | Preventive | |
| Configure the "sample Data Access files" setting to organizational standards. CC ID 09217 | System hardening through configuration management | Preventive | |
| Configure the "IIS Help files" setting to organizational standards. CC ID 09218 | System hardening through configuration management | Preventive | |
| Configure the "Remote Account password changes" setting to organizational standards. CC ID 09219 | System hardening through configuration management | Preventive | |
| Configure the "execution context of the IIS CGI processes" setting to organizational standards. CC ID 09220 | System hardening through configuration management | Preventive | |
| Configure the "Server Side Includes command shell" setting to organizational standards. CC ID 09229 | System hardening through configuration management | Preventive | |
| Configure the "IIS sample Web Printing files" setting to organizational standards. CC ID 09230 | System hardening through configuration management | Preventive | |
| Configure the "AllowRestrictedChars" setting to organizational standards. CC ID 09231 | System hardening through configuration management | Preventive | |
| Configure the "EnableNonUTF8" setting to organizational standards. CC ID 09232 | System hardening through configuration management | Preventive | |
| Configure the "FavorUTF8" setting to organizational standards. CC ID 09233 | System hardening through configuration management | Preventive | |
| Configure the "maximum possible size of request headers" setting to organizational standards. CC ID 09234 | System hardening through configuration management | Preventive | |
| Configure the "maximum possible combined size of request line and headers" setting to organizational standards. CC ID 09235 | System hardening through configuration management | Preventive | |
| Configure the "maximum number of characters in a URL path setting" setting to organizational standards. CC ID 09236 | System hardening through configuration management | Preventive | |
| Configure the "maximum number of URL path segments" setting to organizational standards. CC ID 09237 | System hardening through configuration management | Preventive | |
| Configure the "allowance of %U notation in request URLs" setting to organizational standards. CC ID 09238 | System hardening through configuration management | Preventive | |
| Configure the "maximum response size that can be cached in the kernel" setting to organizational standards. CC ID 09239 | System hardening through configuration management | Preventive | |
| Configure the "maximum size of the entire request body" setting to organizational standards. CC ID 09240 | System hardening through configuration management | Preventive | |
| Configure the "URLScan ISAPI filters" setting to organizational standards. CC ID 09241 | System hardening through configuration management | Preventive | |
| Configure the "HTTP SSL (HTTPFilter) service" setting to organizational standards. CC ID 09242 | System hardening through configuration management | Preventive | |
| Configure the "identity" setting for the "IIS Application Pools service" to organizational standards. CC ID 09243 | System hardening through configuration management | Preventive | |
| Configure the "worker process isolation" setting to organizational standards. CC ID 09244 | System hardening through configuration management | Preventive | |
| Configure the "Recycle worker process (in minutes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09245 | System hardening through configuration management | Preventive | |
| Configure the "Recycle worker process (number of requests)" setting for the "IIS Application Pool" to organizational standards. CC ID 09246 | System hardening through configuration management | Preventive | |
| Configure the "Maximum virtual memory (in megabytes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09247 | System hardening through configuration management | Preventive | |
| Configure the "Maximum used memory (in megabytes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09248 | System hardening through configuration management | Preventive | |
| Configure the "Shutdown worker processes after being idle (time in minutes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09249 | System hardening through configuration management | Preventive | |
| Configure the "Limit the kernel request queue (number of requests)" setting for the "IIS Application Pool" to organizational standards. CC ID 09250 | System hardening through configuration management | Preventive | |
| Configure the "Enable pinging" setting for the "IIS Application Pool" to organizational standards. CC ID 09251 | System hardening through configuration management | Preventive | |
| Configure the "Ping worker process every (frequency in seconds)" setting for the "IIS Application Pool" to organizational standards. CC ID 09252 | System hardening through configuration management | Preventive | |
| Configure the "Enable rapid-fail protection" setting for the "IIS Application Pool" to organizational standards. CC ID 09253 | System hardening through configuration management | Preventive | |
| Configure the "Enable rapid-fail protection - Failures" setting for the "IIS Application Pool" to organizational standards. CC ID 09254 | System hardening through configuration management | Preventive | |
| Configure the "Enable rapid-fail protection - Time Period" setting for the "IIS Application Pool" to organizational standards. CC ID 09255 | System hardening through configuration management | Preventive | |
| Configure the "auditing" setting for the "MetaBase.xml" file to organizational standards. CC ID 09256 | System hardening through configuration management | Preventive | |
| Configure Microsoft SQL Server to Organizational Standards. CC ID 08989 | System hardening through configuration management | Preventive | |
| Configure the "allowing DDL statements to modify the application schema" permissions for the "Database application" to organizational standards. CC ID 09258 | System hardening through configuration management | Preventive | |
| Configure the "encrypt custom and GOTS application source code" setting to organizational standards. CC ID 09259 | System hardening through configuration management | Preventive | |
| Configure the "Access to DBMS software files and directories" setting to organizational standards. CC ID 09264 | System hardening through configuration management | Preventive | |
| Configure the "Default demonstration and sample database objects and applications" setting to organizational standards. CC ID 09265 | System hardening through configuration management | Preventive | |
| Configure the "auditing parameters" for "database auditing" to organizational standards. CC ID 09266 | System hardening through configuration management | Preventive | |
| Configure the "DBMS login account password complexity requirements" setting to organizational standards. CC ID 09268 | System hardening through configuration management | Preventive | |
| Configure the "Passwords for DBMS default accounts" setting to organizational standards. CC ID 09269 | System hardening through configuration management | Preventive | |
| Configure the "Remote DBMS administration" setting to organizational standards. CC ID 09270 | System hardening through configuration management | Preventive | |
| Configure the "C2 Audit records" setting to organizational standards. CC ID 09271 | System hardening through configuration management | Preventive | |
| Configure the "SQL Mail XPs" setting to organizational standards. CC ID 09272 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server Service" setting to organizational standards. CC ID 09275 | System hardening through configuration management | Preventive | |
| Configure the "Access extended stored procedure xp_cmdshell" setting to organizational standards. CC ID 09277 | System hardening through configuration management | Preventive | |
| Configure the "xp_cmdshell" setting to organizational standards. CC ID 09278 | System hardening through configuration management | Preventive | |
| Configure the "OLE Automation extended stored procedures" setting to organizational standards. CC ID 09279 | System hardening through configuration management | Preventive | |
| Configure the "Access to registry extended stored procedures" setting to organizational standards. CC ID 09280 | System hardening through configuration management | Preventive | |
| Configure the "Remote access" setting to organizational standards. CC ID 09281 | System hardening through configuration management | Preventive | |
| Configure "Set time limit for active but idle Remote Desktop Services sessions" to organizational standards. CC ID 15382 | System hardening through configuration management | Preventive | |
| Configure the "Always show desktop on connection" setting to organizational standards. CC ID 10753 | System hardening through configuration management | Preventive | |
| Configure the "Automatic reconnection" setting to organizational standards. CC ID 10760 | System hardening through configuration management | Preventive | |
| Configure the "keep-alive connection interval" setting to organizational standards. CC ID 10790 | System hardening through configuration management | Preventive | |
| Configure the "RD Connection Broker farm name" setting to organizational standards. CC ID 10800 | System hardening through configuration management | Preventive | |
| Configure the "RD Connection Broker server name" setting to organizational standards. CC ID 10801 | System hardening through configuration management | Preventive | |
| Configure the "server authentication for client" setting for "Remote Desktop Connection Client" to organizational standards. CC ID 10817 | System hardening through configuration management | Preventive | |
| Configure the "Do not use Remote Desktop Session Host server IP address when virtual IP address is not available" setting to organizational standards. CC ID 10938 | System hardening through configuration management | Preventive | |
| Configure the "Enforce Removal of Remote Desktop Wallpaper" setting to organizational standards. CC ID 10957 | System hardening through configuration management | Preventive | |
| Configure the "Hide previous versions list for remote files" setting to organizational standards. CC ID 10990 | System hardening through configuration management | Preventive | |
| Configure the "Join RD Connection Broker" setting to organizational standards. CC ID 11003 | System hardening through configuration management | Preventive | |
| Configure the "Limit number of connections" setting to organizational standards. CC ID 11011 | System hardening through configuration management | Preventive | |
| Configure the "Optimize visual experience for Remote Desktop Services sessions" setting to organizational standards. CC ID 11058 | System hardening through configuration management | Preventive | |
| Configure the "Prevent restoring remote previous versions" setting to organizational standards. CC ID 11089 | System hardening through configuration management | Preventive | |
| Configure the "Require strict target SPN match on remote procedure calls" setting to organizational standards. CC ID 11136 | System hardening through configuration management | Preventive | |
| Configure the "Require use of specific security layer for remote (RDP) connections" setting to organizational standards. CC ID 11137 | System hardening through configuration management | Preventive | |
| Configure the "Restrict Remote Desktop Services users to a single Remote Desktop Services session" setting to organizational standards. CC ID 11142 | System hardening through configuration management | Preventive | |
| Configure the "Select the network adapter to be used for Remote Desktop IP Virtualization" setting to organizational standards. CC ID 11164 | System hardening through configuration management | Preventive | |
| Configure the "Set maximum wait time for the network if a user has a roaming user profile or remote home directory" setting to organizational standards. CC ID 11175 | System hardening through configuration management | Preventive | |
| Configure the "Set path for Remote Desktop Services Roaming User Profile" setting to organizational standards. CC ID 11176 | System hardening through configuration management | Preventive | |
| Configure the "Set Remote Desktop Services User Home Directory" setting to organizational standards. CC ID 11181 | System hardening through configuration management | Preventive | |
| Configure the "Set rules for remote control of Remote Desktop Services user sessions" setting to organizational standards. CC ID 11183 | System hardening through configuration management | Preventive | |
| Configure the "Set the Remote Desktop licensing mode" setting to organizational standards. CC ID 11188 | System hardening through configuration management | Preventive | |
| Configure the "Set time limit for active Remote Desktop Services sessions" setting to organizational standards. CC ID 11194 | System hardening through configuration management | Preventive | |
| Configure the "Set time limit for logoff of RemoteApp sessions" setting to organizational standards. CC ID 11195 | System hardening through configuration management | Preventive | |
| Configure the "Specify maximum number of remote shells per user" setting to organizational standards. CC ID 11213 | System hardening through configuration management | Preventive | |
| Configure the "Start a program on connection" setting to organizational standards. CC ID 11228 | System hardening through configuration management | Preventive | |
| Configure the "Turn off desktop gadgets" setting to organizational standards. CC ID 11275 | System hardening through configuration management | Preventive | |
| Configure the "Turn off legacy remote shutdown interface" setting to organizational standards. CC ID 11285 | System hardening through configuration management | Preventive | |
| Configure the "Turn Off user-installed desktop gadgets" setting to organizational standards. CC ID 11322 | System hardening through configuration management | Preventive | |
| Configure the "Turn on Remote Desktop IP Virtualization" setting to organizational standards. CC ID 11348 | System hardening through configuration management | Preventive | |
| Configure the "Use RD Connection Broker load balancing" setting to organizational standards. CC ID 11364 | System hardening through configuration management | Preventive | |
| Configure the "Use the specified Remote Desktop license servers" setting to organizational standards. CC ID 11366 | System hardening through configuration management | Preventive | |
| Configure the "Wait for remote user profile" setting to organizational standards. CC ID 11370 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server authentication" setting to organizational standards. CC ID 09282 | System hardening through configuration management | Preventive | |
| Configure the "Access to CmdExec and ActiveScripting jobs" setting to organizational standards. CC ID 09283 | System hardening through configuration management | Preventive | |
| Configure the "Error log retention" setting to organizational standards. CC ID 09284 | System hardening through configuration management | Preventive | |
| Configure the "Trace rollover" setting to organizational standards. CC ID 09285 | System hardening through configuration management | Preventive | |
| Configure the "Named Pipes network protocol" setting to organizational standards. CC ID 09286 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server event forwarding" setting to organizational standards. CC ID 09287 | System hardening through configuration management | Preventive | |
| Configure the "Access to manage the database master key" setting to organizational standards. CC ID 09288 | System hardening through configuration management | Preventive | |
| Configure the "Encryption of the asymmetric keys" setting to organizational standards. CC ID 09290 | System hardening through configuration management | Preventive | |
| Configure the "audit unauthorized access to the asymmetric keys" setting to organizational standards. CC ID 09291 | System hardening through configuration management | Preventive | |
| Configure the "Database Master key encryption password" setting to organizational standards. CC ID 09292 | System hardening through configuration management | Preventive | |
| Configure the "encrypt Database Master Key" setting to organizational standards. CC ID 09293 | System hardening through configuration management | Preventive | |
| Configure the "store the database master key password" setting to organizational standards. CC ID 09294 | System hardening through configuration management | Preventive | |
| Configure the "protect symmetric keys" setting to organizational standards. CC ID 09295 | System hardening through configuration management | Preventive | |
| Configure the "clear residual data from memory, data objects or files, or other storage locations" setting to organizational standards. CC ID 09296 | System hardening through configuration management | Preventive | |
| Configure the "DBMS account passwords expiration" setting to organizational standards. CC ID 09297 | System hardening through configuration management | Preventive | |
| Configure the "audit attempts to bypass access controls" setting to organizational standards. CC ID 09310 | System hardening through configuration management | Preventive | |
| Configure the "default audit trace" setting to organizational standards. CC ID 09311 | System hardening through configuration management | Preventive | |
| Configure the "Audit records contents" setting to organizational standards. CC ID 09312 | System hardening through configuration management | Preventive | |
| Configure the "port" setting for "Sql Server Analysis Services" to organizational standards. CC ID 09313 | System hardening through configuration management | Preventive | |
| Configure the "port" setting for the "DBMS" to organizational standards. CC ID 09314 | System hardening through configuration management | Preventive | |
| Configure the "Fixed server roll membership" setting to organizational standards. CC ID 09315 | System hardening through configuration management | Preventive | |
| Configure the "Database Mail XPs" setting to organizational standards. CC ID 09316 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server Agent Email" setting to organizational standards. CC ID 09317 | System hardening through configuration management | Preventive | |
| Configure the "scan for startup procs" setting to organizational standards. CC ID 09331 | System hardening through configuration management | Preventive | |
| Configure the "Access to SQL Server Agent CmdExec" setting to organizational standards. CC ID 09332 | System hardening through configuration management | Preventive | |
| Configure the "Access to ActiveScripting jobs" setting to organizational standards. CC ID 09333 | System hardening through configuration management | Preventive | |
| Configure the "SQL Server Agent proxies" setting to organizational standards. CC ID 09334 | System hardening through configuration management | Preventive | |
| Configure the "Replication snapshot folders" setting to organizational standards. CC ID 09335 | System hardening through configuration management | Preventive | |
| Configure the "Ad hoc data mining queries configuration" setting to organizational standards. CC ID 09336 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services Anonymous Connections" setting to organizational standards. CC ID 09337 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services Links to Objects" setting to organizational standards. CC ID 09338 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services Links From Objects" setting to organizational standards. CC ID 09339 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services user-defined COM functions" setting to organizational standards. CC ID 09340 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services Required Protection Levels" setting to organizational standards. CC ID 09341 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services Security Package List" setting to organizational standards. CC ID 09342 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services server role" setting to organizational standards. CC ID 09343 | System hardening through configuration management | Preventive | |
| Configure the "Analysis Services database roles" setting to organizational standards. CC ID 09344 | System hardening through configuration management | Preventive | |
| Configure the "Reporting Services Web service requests and HTTP" setting to organizational standards. CC ID 09345 | System hardening through configuration management | Preventive | |
| Configure the "Reporting Services scheduled events and report delivery" setting to organizational standards. CC ID 09346 | System hardening through configuration management | Preventive | |
| Configure the "Command Language Runtime objects" setting to organizational standards. CC ID 09348 | System hardening through configuration management | Preventive | |
| Configure the "XML Web Services endpoints" setting to organizational standards. CC ID 09349 | System hardening through configuration management | Preventive | |
| Configure the "db_owner role members" setting to organizational standards. CC ID 09350 | System hardening through configuration management | Preventive | |
| Configure the "Web Assistant procedures configuration" setting to organizational standards. CC ID 09351 | System hardening through configuration management | Preventive | |
| Configure the "Disallow adhoc access" setting for "linked servers" to organizational standards. CC ID 09353 | System hardening through configuration management | Preventive | |
| Configure the "Ad Hoc distributed queries" setting to organizational standards. CC ID 09354 | System hardening through configuration management | Preventive | |
| Configure the "Access to Analysis Services data sources" setting to organizational standards. CC ID 09355 | System hardening through configuration management | Preventive | |
| Configure the "Database TRUSTWORTHY status" setting to organizational standards. CC ID 09356 | System hardening through configuration management | Preventive | |
| Configure the "Agent XPs" setting to organizational standards. CC ID 09357 | System hardening through configuration management | Preventive | |
| Configure the "SMO and DMO XPs" setting to organizational standards. CC ID 09358 | System hardening through configuration management | Preventive | |
| Configure Oracle WebLogic Server to Organizational Standards. CC ID 08990 | System hardening through configuration management | Preventive | |
| Configure the "Complete Message Timeout" setting to organizational standards. CC ID 09818 | System hardening through configuration management | Preventive | |
| Configure the "FIPS- compliant cryptographic module" setting to organizational standards. CC ID 09819 | System hardening through configuration management | Preventive | |
| Configure the "Allow Unencrypted Null Cipher" setting to organizational standards. CC ID 09820 | System hardening through configuration management | Preventive | |
| Configure the "Maximum Message Size" setting to organizational standards. CC ID 09821 | System hardening through configuration management | Preventive | |
| Configure the "Security Interoperability Mode" setting to organizational standards. CC ID 09822 | System hardening through configuration management | Preventive | |
| Configure the "Severity field" setting to organizational standards. CC ID 09824 | System hardening through configuration management | Preventive | |
| Configure the "servlet.HttpServletResponse" setting for "Active Context Handler" to organizational standards. CC ID 09825 | System hardening through configuration management | Preventive | |
| Configure the "wli.Message" setting for "Active Context Handler" to organizational standards. CC ID 09826 | System hardening through configuration management | Preventive | |
| Configure the "channel.Port" setting for "Active Context Handler" to organizational standards. CC ID 09827 | System hardening through configuration management | Preventive | |
| Configure the "channel.PublicPort" setting for "Active Context Handler" to organizational standards. CC ID 09828 | System hardening through configuration management | Preventive | |
| Configure the "channel.RemotePort" setting for "Active Context Handler" to organizational standards. CC ID 09829 | System hardening through configuration management | Preventive | |
| Configure the "channel.Protocol" setting for "Active Context Handler" to organizational standards. CC ID 09830 | System hardening through configuration management | Preventive | |
| Configure the "channel.Address" setting for "Active Context Handler" to organizational standards. CC ID 09831 | System hardening through configuration management | Preventive | |
| Configure the "channel.PublicAddress" setting for "Active Context Handler" to organizational standards. CC ID 09832 | System hardening through configuration management | Preventive | |
| Configure the "channel.RemoteAddress" setting for "Active Context Handler" to organizational standards. CC ID 09833 | System hardening through configuration management | Preventive | |
| Configure the "channel.ChannelName" setting for "Active Context Handler" to organizational standards. CC ID 09834 | System hardening through configuration management | Preventive | |
| Configure the "channel.Secure" setting for "Active Context Handler" to organizational standards. CC ID 09835 | System hardening through configuration management | Preventive | |
| Configure the "ejb20.Parameter" setting for "Active Context Handler" to organizational standards CC ID 09836 | System hardening through configuration management | Preventive | |
| Configure the "wsee.SOAPmessage" setting for "Active Context Handler" to organizational standards. CC ID 09837 | System hardening through configuration management | Preventive | |
| Configure the "entitlement.EAuxilaryID" setting for "Active Context Handler" to organizational standards. CC ID 09838 | System hardening through configuration management | Preventive | |
| Configure the "security.ChainPrevalidatedBySSL" setting for "Active Context Handler" to organizational standards. CC ID 09839 | System hardening through configuration management | Preventive | |
| Configure the "xml.SecurityToken" setting for "Active Context Handler" to organizational standards. CC ID 09840 | System hardening through configuration management | Preventive | |
| Configure the "webservice.Integrity" setting for "Active Context Handler" to organizational standards. CC ID 09841 | System hardening through configuration management | Preventive | |
| Configure the "saml.SSLClientCertificateChain" setting for "Active Context Handler" to organizational standards. CC ID 09842 | System hardening through configuration management | Preventive | |
| Configure the "saml.MessageSignerCerficate" setting for "Active Context Handler" to organizational standards. CC ID 09843 | System hardening through configuration management | Preventive | |
| Configure the "saml.subject.ConfirmationMethod" setting for "Active Context Handler" to organizational standards. CC ID 09844 | System hardening through configuration management | Preventive | |
| Configure the "saml.subject.dom.KeyInfo" setting for "Active Context Handler" to organizational standards. CC ID 09845 | System hardening through configuration management | Preventive | |
| Configure the "jmx.ObjectName" setting for "Active Context Handler" to organizational standards. CC ID 09846 | System hardening through configuration management | Preventive | |
| Configure the "jmx.ShortName" setting for "Active Context Handler" to organizational standards. CC ID 09847 | System hardening through configuration management | Preventive | |
| Configure the "jmx.Parameters" setting for "Active Context Handler" to organizational standards. CC ID 09848 | System hardening through configuration management | Preventive | |
| Configure the "jmx.Signature" setting for "Active Context Handler" to organizational standards. CC ID 09849 | System hardening through configuration management | Preventive | |
| Configure the "jmx.AuditProtectedArgInfo" setting for "Active Context Handler" to organizational standards. CC ID 09850 | System hardening through configuration management | Preventive | |
| Configure the "jmx.OldAttributeValue" setting for "Active Context Handler" to organizational standards. CC ID 09851 | System hardening through configuration management | Preventive | |
| Configure the "Reject if Password Contains the User Name" setting to organizational standards. CC ID 09852 | System hardening through configuration management | Preventive | |
| Configure the "Reject if Password Contains the User Name Reversed" setting to organizational standards. CC ID 09853 | System hardening through configuration management | Preventive | |
| Configure the "maximum instances of any character field" setting to organizational standards. CC ID 09854 | System hardening through configuration management | Preventive | |
| Configure the "maximum consecutive characters field" setting to organizational standards. CC ID 09855 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of alphabetic characters field" setting to organizational standards. CC ID 09856 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of numeric characters field" setting to organizational standards. CC ID 09857 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of non-alphanumeric characters field" setting to organizational standards. CC ID 09858 | System hardening through configuration management | Preventive | |
| Configure the "Lockout Threshold" setting in the "Security Realm" to organizational standards. CC ID 09861 | System hardening through configuration management | Preventive | |
| Configure the "Lockout Duration" setting in the "Security Realm" to organizational standards. CC ID 09862 | System hardening through configuration management | Preventive | |
| Configure the "Lockout Reset Duration" setting in the "Security Realm" to organizational standards. CC ID 09863 | System hardening through configuration management | Preventive | |
| Configure the "Require Unanimous Permit" setting to organizational standards. CC ID 09864 | System hardening through configuration management | Preventive | |
| Configure the "Host Name Verification" setting on the "Administration Server" to organizational standards. CC ID 09865 | System hardening through configuration management | Preventive | |
| Configure the "Minimum Number of Non-Alphabetic Characters" setting to organizational standards. CC ID 09866 | System hardening through configuration management | Preventive | |
| Configure the "SSL Enabled" setting for "LDAP Server connections" to organizational standards. CC ID 09867 | System hardening through configuration management | Preventive | |
| Configure the "Host Name Verification" setting to organizational standards. CC ID 09868 | System hardening through configuration management | Preventive | |
| Configure the "Domain Credentials" setting to organizational standards. CC ID 09869 | System hardening through configuration management | Preventive | |
| Configure the "Configuration Archive Enabled" setting to organizational standards. CC ID 09870 | System hardening through configuration management | Preventive | |
| Configure the "Archive Configuration Count" setting to organizational standards. CC ID 09871 | System hardening through configuration management | Preventive | |
| Configure the "Default Administrator field" setting to organizational standards. CC ID 09872 | System hardening through configuration management | Preventive | |
| Configure the "SSL Listen Port" setting to organizational standards. CC ID 09873 | System hardening through configuration management | Preventive | |
| Configure the "Administration Console Session Timeout field" setting to organizational standards. CC ID 09874 | System hardening through configuration management | Preventive | |
| Configure the "Production Mode" setting to organizational standards. CC ID 09875 | System hardening through configuration management | Preventive | |
| Configure the "WebLogic Auditing provider" setting to organizational standards. CC ID 09876 | System hardening through configuration management | Preventive | |
| Configure the "Invocation Timeout Seconds" setting to organizational standards. CC ID 09877 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous Admin Lookup Enabled" setting to organizational standards. CC ID 09878 | System hardening through configuration management | Preventive | |
| Configure the "Web App Files Case Insensitive" setting to organizational standards. CC ID 09879 | System hardening through configuration management | Preventive | |
| Configure the "Enable Administration Port" setting to organizational standards. CC ID 09880 | System hardening through configuration management | Preventive | |
| Configure the "SSL Rejection Logging Enabled" setting to organizational standards. CC ID 09881 | System hardening through configuration management | Preventive | |
| Configure the "Export Key Lifespan" setting to organizational standards. CC ID 09882 | System hardening through configuration management | Preventive | |
| Configure the "Client Cert Proxy Enabled" setting for the "Administration Server" to organizational standards. CC ID 09883 | System hardening through configuration management | Preventive | |
| Configure the "Client Cert Proxy Enabled" setting for the "managed server" to organizational standards. CC ID 09884 | System hardening through configuration management | Preventive | |
| Configure the "Frontend Host" setting to organizational standards. CC ID 09885 | System hardening through configuration management | Preventive | |
| Configure the "Check Roles and Policies" setting to organizational standards. CC ID 09886 | System hardening through configuration management | Preventive | |
| Configure the "Security Model Default" setting to organizational standards. CC ID 09887 | System hardening through configuration management | Preventive | |
| Configure the "When Deploying Web Applications or EJBS" setting to organizational standards. CC ID 09888 | System hardening through configuration management | Preventive | |
| Configure the "Configuration Audit Type field" setting to organizational standards. CC ID 09889 | System hardening through configuration management | Preventive | |
| Configure the "EditMBeanServerEnabled" setting for the "Administration Server" to organizational standards. CC ID 09890 | System hardening through configuration management | Preventive | |
| Configure the "two-way SSL" setting to organizational standards. CC ID 09891 | System hardening through configuration management | Preventive | |
| Configure the "Embedded LDAP Timeout" setting to organizational standards. CC ID 09892 | System hardening through configuration management | Preventive | |
| Configure the "Anonymous Bind Allowed" setting to organizational standards. CC ID 09893 | System hardening through configuration management | Preventive | |
| Configure the "Post Timeout field" setting to organizational standards. CC ID 09894 | System hardening through configuration management | Preventive | |
| Configure the "HTTP Duration" setting to organizational standards. CC ID 09895 | System hardening through configuration management | Preventive | |
| Configure the "HTTPS Duration" setting to organizational standards. CC ID 09896 | System hardening through configuration management | Preventive | |
| Configure the "HTTP Maximum Message Size" setting to organizational standards. CC ID 09897 | System hardening through configuration management | Preventive | |
| Configure the "Connection Filter" setting for the "managed server" to organizational standards. CC ID 09898 | System hardening through configuration management | Preventive | |
| Configure the "connection filter" setting to organizational standards. CC ID 09899 | System hardening through configuration management | Preventive | |
| Configure the "Client Cert Proxy Enabled" setting to organizational standards. CC ID 09904 | System hardening through configuration management | Preventive | |
| Configure the "Auth Cookie Enabled" setting to organizational standards. CC ID 09905 | System hardening through configuration management | Preventive | |
| Configure the "Maximum Open Sockets" setting on the "Administration server" to organizational standards. CC ID 09906 | System hardening through configuration management | Preventive | |
| Configure the "Complete Message Timeout" setting for "each custom channel" to organizational standards. CC ID 09908 | System hardening through configuration management | Preventive | |
| Configure the "Idle Connection Timeout" setting for "each custom channel" to organizational standards. CC ID 09909 | System hardening through configuration management | Preventive | |
| Configure the "Maximum Message Size" setting for "each custom channel" to organizational standards. CC ID 09910 | System hardening through configuration management | Preventive | |
| Configure the "Node Manager Listen Address" setting to organizational standards. CC ID 09911 | System hardening through configuration management | Preventive | |
| Configure the "Node Manager Type" setting to organizational standards. CC ID 09912 | System hardening through configuration management | Preventive | |
| Configure the "Policy Selection Preference" setting to organizational standards. CC ID 09913 | System hardening through configuration management | Preventive | |
| Configure the "Maximum Open Sockets" setting for "all Managed Servers" to organizational standards. CC ID 09914 | System hardening through configuration management | Preventive | |
| Configure the "Enforce Constraints" setting for "digital certificates" to organizational standards. CC ID 09915 | System hardening through configuration management | Preventive | |
| Configure the "Keystores field" setting to organizational standards. CC ID 09916 | System hardening through configuration management | Preventive | |
| Configure the "HTTP Access Log File" setting to organizational standards. CC ID 09917 | System hardening through configuration management | Preventive | |
| Configure the "Custom Hostname Verifier field" setting to organizational standards. CC ID 09918 | System hardening through configuration management | Preventive | |
| Configure the "SSL port enabled" setting to organizational standards. CC ID 09919 | System hardening through configuration management | Preventive | |
| Configure the "Listen Port Enabled" setting to organizational standards. CC ID 09920 | System hardening through configuration management | Preventive | |
| Configure security and protection software according to Organizational Standards. CC ID 11917 | System hardening through configuration management | Preventive | |
| Configure security and protection software to automatically run at startup. CC ID 12443 | System hardening through configuration management | Preventive | |
| Configure security and protection software to enable automatic updates. CC ID 11945 | System hardening through configuration management | Preventive | |
| Configure security and protection software to check e-mail attachments. CC ID 11860 | System hardening through configuration management | Preventive | |
| Configure Windows Defender Remote Credential Guard to organizational standards. CC ID 16515 | System hardening through configuration management | Preventive | |
| Configure Windows Defender Credential Guard to organizational standards. CC ID 16514 | System hardening through configuration management | Preventive | |
| Configure dedicated systems used for system management according to organizational standards. CC ID 12132 | System hardening through configuration management | Preventive | |
| Configure dedicated systems used for system management to prohibit them from composing documents. CC ID 12161 | System hardening through configuration management | Preventive | |
| Configure dedicated systems used for system management so they are prohibited from accessing e-mail. CC ID 12160 | System hardening through configuration management | Preventive | |
| Configure Application Programming Interfaces in accordance with organizational standards. CC ID 12170 | System hardening through configuration management | Preventive | |
| Configure Application Programming Interfaces to enforce authentication. CC ID 12172 | System hardening through configuration management | Preventive | |
| Configure Application Programming Interfaces to employ strong cryptography. CC ID 12171 | System hardening through configuration management | Preventive | |
| Configure the Domain Name System in accordance with organizational standards. CC ID 12202 | System hardening through configuration management | Preventive | |
| Configure the Domain Name System query logging to organizational standards. CC ID 12210 | System hardening through configuration management | Preventive | |
| Configure the secure name/address resolution service (recursive or caching resolver). CC ID 01625 | System hardening through configuration management | Preventive | |
| Configure the secure name/address resolution service (authoritative source). CC ID 01624 | System hardening through configuration management | Preventive | |
| Configure payment systems in accordance with organizational standards. CC ID 12217 | System hardening through configuration management | Preventive | |
| Configure payment systems to disable storing transactions when offline. CC ID 12220 | System hardening through configuration management | Preventive | |
| Configure payment systems to disable authorizing transactions when offline. CC ID 12219 | System hardening through configuration management | Preventive | |
| Configure payment applications to become disabled when suspicious activity is detected. CC ID 12221 | System hardening through configuration management | Corrective | |
| Configure File Integrity Monitoring Software to Organizational Standards. CC ID 11923 | System hardening through configuration management | Preventive | |
| Configure the file integrity monitoring software to perform critical file comparisons, as necessary. CC ID 11924 | System hardening through configuration management | Preventive | |
| Configure Bluetooth settings according to organizational standards. CC ID 12422 | System hardening through configuration management | Preventive | |
| Unpair Bluetooth devices when the pairing is no longer required. CC ID 15232 | System hardening through configuration management | Preventive | |
| Use authorized versions of Bluetooth to pair Bluetooth devices. CC ID 15231 | System hardening through configuration management | Preventive | |
| Refrain from using unit keys on Bluetooth devices. CC ID 12541 | System hardening through configuration management | Preventive | |
| Configure link keys to be based on combination keys in Bluetooth devices. CC ID 12539 | System hardening through configuration management | Preventive | |
| Refrain from using the "Just Works" model of Secure Simple Pairing in Bluetooth settings. CC ID 12538 | System hardening through configuration management | Preventive | |
| Disable all Bluetooth profiles other than the Serial Port Profile. CC ID 12536 | System hardening through configuration management | Preventive | |
| Lock Bluetooth profiles to prevent them being altered by end users. CC ID 12535 | System hardening through configuration management | Preventive | |
| Configure Bluetooth to refrain from allowing multiple profiles of Bluetooth stacks. CC ID 12433 | System hardening through configuration management | Preventive | |
| Remove backup files after initializing and hardening is complete. CC ID 01602 | System hardening through configuration management | Preventive | |
| Configure systems to protect against unauthorized data mining. CC ID 10095 | System hardening through configuration management | Preventive | |
| Implement safeguards to prevent unauthorized code execution. CC ID 10686 | System hardening through configuration management | Preventive | |
| Configure network switches to organizational standards. CC ID 12120 | System hardening through configuration management | Preventive | |
| Enable Virtual Local Area Networks on network switches, as necessary. CC ID 12129 | System hardening through configuration management | Preventive | |
| Include passwords, Personal Identification Numbers, and card security codes in the personal data definition. CC ID 04699 | Privacy protection for information and data | Preventive | |
| Store payment card data in secure chips, if possible. CC ID 13065 | Privacy protection for information and data | Preventive | |
| Refrain from storing data elements containing sensitive authentication data after authorization is approved. CC ID 04758 | Privacy protection for information and data | Preventive | |
| Terminate an individual's restriction agreement under specific circumstances. CC ID 06260 | Privacy protection for information and data | Preventive | |
Data and Information Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Take into account the accessibility to and location of the data or information when establishing information impact levels. CC ID 04787 | Leadership and high level objectives | Preventive | |
| Take into account the organization's obligation to protect data or information when establishing information impact levels. CC ID 04786 | Leadership and high level objectives | Preventive | |
| Take into account the context of use for data or information when establishing information impact levels. CC ID 04785 | Leadership and high level objectives | Preventive | |
| Take into account the potential aggregation of restricted data fields when establishing information impact levels. CC ID 04784 | Leadership and high level objectives | Preventive | |
| Classify the sensitivity to unauthorized disclosure or modification of information in the information classification standard. CC ID 11997 [The entity has a process for classifying PI according to applicable regulation and risks associated with unauthorized disclosure or misuse. M1.3 Data and information classification] | Leadership and high level objectives | Preventive | |
| Take into account the distinguishability factor when establishing information impact levels. CC ID 04783 | Leadership and high level objectives | Preventive | |
| Classify the criticality to unauthorized disclosure or modification of information in the information classification standard. CC ID 11996 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Leadership and high level objectives | Preventive | |
| Classify the value of information in the information classification standard. CC ID 11995 | Leadership and high level objectives | Preventive | |
| Classify the legal requirements of information in the information classification standard. CC ID 11994 [The entity has a process for classifying PI according to applicable regulation and risks associated with unauthorized disclosure or misuse. M1.3 Data and information classification] | Leadership and high level objectives | Preventive | |
| Take into account the characteristics of the geographical, behavioral and functional setting for all datasets. CC ID 15046 | Leadership and high level objectives | Preventive | |
| Address Information Security during the business planning processes. CC ID 06495 | Leadership and high level objectives | Preventive | |
| Establish and maintain contact information for user accounts, as necessary. CC ID 15418 | Technical security | Preventive | |
| Enforce access restrictions for restricted data. CC ID 01921 | Technical security | Preventive | |
| Include the date and time that access was reviewed in the system record. CC ID 16416 | Technical security | Preventive | |
| Disseminate and communicate user identifiers and authenticators using secure communication protocols. CC ID 06791 | Technical security | Preventive | |
| Include virtual systems in the network diagram. CC ID 16324 | Technical security | Preventive | |
| Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285 | Technical security | Preventive | |
| Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 | Technical security | Preventive | |
| Protect data stored at external locations. CC ID 16333 | Technical security | Preventive | |
| Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295 | Technical security | Preventive | |
| Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271 | Technical security | Preventive | |
| Constrain the information flow of restricted data or restricted information. CC ID 06763 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Technical security | Preventive | |
| Quarantine data that fails security tests. CC ID 16500 | Technical security | Corrective | |
| Restrict access to restricted data and restricted information on a need to know basis. CC ID 12453 | Technical security | Preventive | |
| Prohibit restricted data or restricted information from being sent to mobile devices. CC ID 04725 | Technical security | Preventive | |
| Prohibit restricted data or restricted information from being copied or moved absent approval of system boundaries for information flow control. CC ID 06310 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Technical security | Preventive | |
| Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923 | Technical security | Preventive | |
| Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242 | Technical security | Preventive | |
| Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243 | Technical security | Preventive | |
| Perform content sanitization on data-in-transit. CC ID 16512 | Technical security | Preventive | |
| Perform content conversion on data-in-transit. CC ID 16510 | Technical security | Preventive | |
| Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499 | Technical security | Preventive | |
| Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554 | Technical security | Preventive | |
| Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859 | Technical security | Preventive | |
| Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234 | Technical security | Preventive | |
| Implement the documented cryptographic module security functions. CC ID 06755 | Technical security | Preventive | |
| Establish, implement, and maintain digital signatures. CC ID 13828 | Technical security | Preventive | |
| Include the expiration date in digital signatures. CC ID 13833 | Technical security | Preventive | |
| Include audience restrictions in digital signatures. CC ID 13834 | Technical security | Preventive | |
| Include the subject in digital signatures. CC ID 13832 | Technical security | Preventive | |
| Include the issuer in digital signatures. CC ID 13831 | Technical security | Preventive | |
| Include identifiers in the digital signature. CC ID 13829 | Technical security | Preventive | |
| Encrypt in scope data or in scope information, as necessary. CC ID 04824 | Technical security | Preventive | |
| Digitally sign records and data, as necessary. CC ID 16507 | Technical security | Preventive | |
| Decrypt restricted data for the minimum time required. CC ID 12308 | Technical security | Preventive | |
| Decrypt personal data only on dedicated networks, not on public networks. CC ID 12309 | Technical security | Preventive | |
| Establish, implement, and maintain cryptographic key creation domain parameter requirements. CC ID 06575 | Technical security | Preventive | |
| Protect salt values and hash values in accordance with organizational standards. CC ID 16471 | Technical security | Preventive | |
| Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301 | Technical security | Preventive | |
| Generate strong cryptographic keys. CC ID 01299 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Preventive | |
| Use approved random number generators for creating cryptographic keys. CC ID 06574 | Technical security | Preventive | |
| Disseminate and communicate cryptographic keys securely. CC ID 01300 | Technical security | Preventive | |
| Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541 | Technical security | Preventive | |
| Store cryptographic keys securely. CC ID 01298 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Preventive | |
| Restrict access to cryptographic keys. CC ID 01297 | Technical security | Preventive | |
| Store cryptographic keys in encrypted format. CC ID 06084 | Technical security | Preventive | |
| Change cryptographic keys in accordance with organizational standards. CC ID 01302 | Technical security | Preventive | |
| Destroy cryptographic keys promptly after the retention period. CC ID 01303 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Preventive | |
| Control cryptographic keys with split knowledge and dual control. CC ID 01304 | Technical security | Preventive | |
| Prevent the unauthorized substitution of cryptographic keys. CC ID 01305 | Technical security | Preventive | |
| Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307 | Technical security | Corrective | |
| Replace known or suspected compromised cryptographic keys immediately. CC ID 01306 | Technical security | Corrective | |
| Archive outdated cryptographic keys. CC ID 06884 | Technical security | Preventive | |
| Archive revoked cryptographic keys. CC ID 11819 | Technical security | Preventive | |
| Manage the digital signature cryptographic key pair. CC ID 06576 | Technical security | Preventive | |
| Track restricted storage media while it is in transit. CC ID 00967 | Physical and environmental protection | Detective | |
| Establish, implement, and maintain removable storage media controls. CC ID 06680 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Physical and environmental protection | Preventive | |
| Control access to restricted storage media. CC ID 04889 | Physical and environmental protection | Preventive | |
| Encrypt information stored on devices in publicly accessible areas. CC ID 16410 | Physical and environmental protection | Preventive | |
| Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242 | Physical and environmental protection | Preventive | |
| Encrypt information stored on mobile devices. CC ID 01422 | Physical and environmental protection | Preventive | |
| Post all required information on organizational websites and ensure all hyperlinks are working. CC ID 04579 | Operational and Systems Continuity | Preventive | |
| Determine which data elements to back up. CC ID 13483 | Operational and Systems Continuity | Detective | |
| Store backup media at an off-site electronic media storage facility. CC ID 01332 | Operational and Systems Continuity | Preventive | |
| Transport backup media in lockable electronic media storage containers. CC ID 01264 | Operational and Systems Continuity | Preventive | |
| Identify the access methods for backup media at both the primary facility and the off-site electronic media storage facility. CC ID 01257 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain security controls to protect offsite data. CC ID 16259 | Operational and Systems Continuity | Preventive | |
| Perform full backups in accordance with organizational standards. CC ID 16376 | Operational and Systems Continuity | Preventive | |
| Perform incremental backups in accordance with organizational standards. CC ID 16375 | Operational and Systems Continuity | Preventive | |
| Use virtual machine snapshots for full backups and changed block tracking (CBT) for incremental backups. CC ID 16374 | Operational and Systems Continuity | Preventive | |
| Include a removable storage media use policy in the Acceptable Use Policy. CC ID 06772 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Operational management | Preventive | |
| Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289 [The types of PI and sensitive PI and the related processes, systems and third parties involved in the handling of such information are identified. D6.7 Identifies types of PI and handling processes] | Operational management | Preventive | |
| Record a unique name for each asset in the asset inventory. CC ID 16305 | Operational management | Preventive | |
| Record the status of information systems in the asset inventory. CC ID 16304 | Operational management | Preventive | |
| Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301 | Operational management | Preventive | |
| Record software license information for each asset in the asset inventory. CC ID 11736 | Operational management | Preventive | |
| Record the operating system version for applicable assets in the asset inventory. CC ID 11748 | Operational management | Preventive | |
| Record rooms at external locations in the asset inventory. CC ID 16302 | Operational management | Preventive | |
| Record trusted keys and certificates in the asset inventory. CC ID 15486 | Operational management | Preventive | |
| Record cipher suites and protocols in the asset inventory. CC ID 15489 | Operational management | Preventive | |
| Wipe all data on systems prior to when the system is redeployed or the system is disposed. CC ID 06401 | Operational management | Preventive | |
| Share incident information with interested personnel and affected parties. CC ID 01212 | Operational management | Corrective | |
| Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036 | Operational management | Preventive | |
| Report data loss event information to breach notification organizations. CC ID 01210 | Operational management | Corrective | |
| Include a description of the restored data that was restored manually in the restoration log. CC ID 15463 | Operational management | Preventive | |
| Include a description of the restored data in the restoration log. CC ID 15462 | Operational management | Preventive | |
| Approve tested change requests. CC ID 11783 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Operational management | Preventive | |
| Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain a repository of authenticators. CC ID 16372 | System hardening through configuration management | Preventive | |
| Ensure the root account is the first entry in password files. CC ID 16323 | System hardening through configuration management | Detective | |
| Ensure data sets have the appropriate characteristics. CC ID 15000 | Records management | Detective | |
| Ensure data sets are complete, are accurate, and are relevant. CC ID 14999 | Records management | Detective | |
| Sanitize electronic storage media in accordance with organizational standards. CC ID 16464 | Records management | Preventive | |
| Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Records management | Preventive | |
| Automate a programmatic process to remove stored data and records that exceed retention requirements. CC ID 06082 | Records management | Preventive | |
| Classify restricted data or restricted information in Records Management systems according to the data or information's sensitivity. CC ID 04720 [The types of PI and sensitive PI and the related processes, systems and third parties involved in the handling of such information are identified. D6.7 Identifies types of PI and handling processes {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Records management | Detective | |
| Establish, implement, and maintain a personal data transparency program. CC ID 00375 | Privacy protection for information and data | Preventive | |
| Notify statutory authorities about how restricted data will be handled following withdrawal from the privacy program. CC ID 16819 | Privacy protection for information and data | Preventive | |
| Deliver notices to the intended parties. CC ID 06240 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain adequate openness procedures. CC ID 00377 | Privacy protection for information and data | Preventive | |
| Provide legal authorities access to personal data, upon request. CC ID 06818 | Privacy protection for information and data | Preventive | |
| Document the countries where restricted data may be stored. CC ID 12750 | Privacy protection for information and data | Preventive | |
| Protect the rights of students and their parents or legal representatives. CC ID 00222 | Privacy protection for information and data | Preventive | |
| Disclose educational data, as necessary. CC ID 00223 | Privacy protection for information and data | Preventive | |
| Obtain explicit consent from students or their parent or legal representative prior to using or disclosing educational data. CC ID 00220 | Privacy protection for information and data | Preventive | |
| Disclose education records when written consent is received. CC ID 00224 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent to other school officials. CC ID 00226 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent to another institution's school officials. CC ID 00227 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent in connection with financial aid. CC ID 00229 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent to organizations conducting studies on tests. CC ID 00230 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent to accrediting organizations. CC ID 00231 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent to a dependent student's parent or legal representative. CC ID 00232 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent in order to comply with a judicial order. CC ID 00233 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent for a health and safety emergency. CC ID 00234 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent when it is merely directory information. CC ID 00235 | Privacy protection for information and data | Preventive | |
| Disclose educational data absent consent to a crime victim. CC ID 00236 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the means of gaining access to personal data held by the organization. CC ID 00396 [Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Privacy protection for information and data | Preventive | |
| Provide the data subject with what personal data is made available to related organizations or subsidiaries. CC ID 00399 [{disclosure accounting record} Requests for an accounting of PI held and disclosures of the data subjects' PI are captured, and information related to the requests is identified and communicated to data subjects to meet the entity's objectives related to privacy. D6.7 Captures, Identifies and Communicates Requests for Information] | Privacy protection for information and data | Preventive | |
| Include the types of third parties to whom restricted data may be disclosed in the disclosure accounting record. CC ID 16860 | Privacy protection for information and data | Preventive | |
| Allow data subjects to opt out and refrain from granting an authorization of consent to use personal data. CC ID 00391 [The entity has a process to allow data subjects with the option of not providing their PI, according to the data privacy agreement, including notifying the data subjects of the consequences of not agreeing to its provision and use by the entity. C3.1 Ability to opt-out The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain an opt-out method in accordance with organizational standards. CC ID 16526 | Privacy protection for information and data | Preventive | |
| Refrain from requiring consent to collect, use, or disclose personal data beyond specified, legitimate reasons in order to receive products and services. CC ID 13605 | Privacy protection for information and data | Preventive | |
| Refrain from obtaining consent through deception. CC ID 13556 | Privacy protection for information and data | Preventive | |
| Give individuals the ability to change the uses of their personal data. CC ID 00469 | Privacy protection for information and data | Preventive | |
| Notify data subjects of the implications of withdrawing consent. CC ID 13551 [The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Privacy protection for information and data | Preventive | |
| Cooperate with Data Protection Authorities. CC ID 06870 | Privacy protection for information and data | Preventive | |
| Display or print the least amount of personal data necessary. CC ID 04643 | Privacy protection for information and data | Preventive | |
| Redact confidential information from public information, as necessary. CC ID 06872 | Privacy protection for information and data | Preventive | |
| Refrain from using restricted data collected for research and statistics for other purposes. CC ID 00096 | Privacy protection for information and data | Preventive | |
| Dispose of media and restricted data in a timely manner. CC ID 00125 [{be secure} The entity securely disposes of PI consistent with its objectives related to privacy. U4.3 PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI Policies and procedures are implemented to erase or otherwise destroy PI that has been identified for destruction. U4.3 Destroys PI] | Privacy protection for information and data | Preventive | |
| Provide individuals with information about where their personal data was processed. CC ID 00415 | Privacy protection for information and data | Preventive | |
| Provide individuals with information about the processing purpose of their personal data. CC ID 00416 | Privacy protection for information and data | Preventive | |
| Provide individuals with information about disclosure of their personal data. CC ID 00417 | Privacy protection for information and data | Preventive | |
| Allow guardians and legal representatives access to personal data about the individual for whom they are guardians or legal representatives. CC ID 00418 | Privacy protection for information and data | Preventive | |
| Provide assistance to requesters in preparing data access requests. CC ID 13588 | Privacy protection for information and data | Preventive | |
| Delay responding to data access requests, as necessary. CC ID 15504 | Privacy protection for information and data | Preventive | |
| Expedite the processing of data access requests, as necessary. CC ID 15496 | Privacy protection for information and data | Preventive | |
| Provide individuals with an estimate of how much data was withheld from the data access request. CC ID 15503 | Privacy protection for information and data | Preventive | |
| Document the outcome of the personal data access request review procedure. CC ID 00455 | Privacy protection for information and data | Preventive | |
| Identify any adverse effects the processing of personal data will have on the data subject. CC ID 15299 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it is likely to cause unlawful discrimination or arbitrary discrimination. CC ID 00197 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data when it is used for behavioral monitoring. CC ID 16528 | Privacy protection for information and data | Preventive | |
| Process personal data pertaining to a patient's health in order to treat those patients. CC ID 00200 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for a covered entity's own use. CC ID 00211 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for a healthcare provider's treatment activities by a covered entity. CC ID 00212 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for payment activities between covered entities or healthcare providers. CC ID 00213 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for Treatment, Payment, and Health Care Operations activities when both covered entities have a relationship with the data subject. CC ID 00214 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for Treatment, Payment, and Health Care Operations activities between a covered entity and a participating healthcare provider when the information is collected from the data subject and a third party. CC ID 00215 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information in accordance with agreed upon restrictions. CC ID 06249 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information in accordance with the privacy notice. CC ID 06250 | Privacy protection for information and data | Preventive | |
| Disclose permitted Individually Identifiable Health Information for facility directories. CC ID 06251 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for cadaveric organ donation purposes, eye donation purposes, or tissue donation purposes. CC ID 06252 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for medical suitability determinations. CC ID 06253 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for armed forces personnel appropriately. CC ID 06254 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information in order to provide public benefits by government agencies. CC ID 06255 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for fundraising. CC ID 06256 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information when the data subject cannot physically or legally provide consent and the disclosing organization is a healthcare provider. CC ID 00202 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information to provide appropriate treatment to the data subject when the disclosing organization is a healthcare provider. CC ID 00203 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information when it is not contrary to the data subject's wish prior to becoming unable to provide consent and the disclosing organization is a healthcare provider. CC ID 00204 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information that is reasonable or necessary for the disclosure purpose when the disclosing organization is a healthcare provider. CC ID 00205 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information consistent with the law when the disclosing organization is a healthcare provider. CC ID 00206 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the disclosing organization is a healthcare provider. CC ID 00207 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the data subject has provided consent and the disclosing organization is a healthcare provider. CC ID 00208 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the data subject's guardian or representative has provided consent and the disclosing organization is a healthcare provider. CC ID 00209 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information when the disclosing organization is a healthcare provider that supports public health and safety activities. CC ID 06248 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information in order to report abuse or neglect when the disclosing organization is a healthcare provider. CC ID 06819 | Privacy protection for information and data | Preventive | |
| Obtain explicit consent for authorization to release Individually Identifiable Health Information. CC ID 00217 | Privacy protection for information and data | Preventive | |
| Obtain explicit consent for authorization to release psychotherapy notes. CC ID 00218 | Privacy protection for information and data | Preventive | |
| Refrain from using Individually Identifiable Health Information to determine eligibility or continued eligibility for credit. CC ID 00219 | Privacy protection for information and data | Preventive | |
| Process personal data after the data subject has granted explicit consent. CC ID 00180 [{implicit consent} PI is used only for the intended purposes for which it was collected and only when implicit or explicit consent has been obtained unless a law or regulation specifically requires otherwise. U4.1 Only uses PI for intended purposes] | Privacy protection for information and data | Preventive | |
| Process personal data in order to perform a legal obligation or exercise a legal right. CC ID 00182 | Privacy protection for information and data | Preventive | |
| Process personal data relating to criminal offenses when required by law. CC ID 00237 | Privacy protection for information and data | Preventive | |
| Process personal data in order to prevent personal injury or damage to the data subject's health. CC ID 00183 | Privacy protection for information and data | Preventive | |
| Process personal data in order to prevent personal injury or damage to a third party's health. CC ID 00184 | Privacy protection for information and data | Preventive | |
| Process personal data for statistical purposes or scientific purposes. CC ID 00256 | Privacy protection for information and data | Preventive | |
| Process personal data during legitimate activities with safeguards for the data subject's legal rights. CC ID 00185 | Privacy protection for information and data | Preventive | |
| Process traffic data in a controlled manner. CC ID 00130 | Privacy protection for information and data | Preventive | |
| Process personal data for health insurance, social insurance, state social benefits, social welfare, or child protection. CC ID 00186 | Privacy protection for information and data | Preventive | |
| Process personal data when it is publicly accessible. CC ID 00187 | Privacy protection for information and data | Preventive | |
| Process personal data for direct marketing and other personalized mail programs. CC ID 00188 | Privacy protection for information and data | Preventive | |
| Process personal data for the purposes of employment. CC ID 16527 | Privacy protection for information and data | Preventive | |
| Process personal data for justice administration, lawsuits, judicial decisions, and investigations. CC ID 00189 | Privacy protection for information and data | Preventive | |
| Process personal data for debt collection or benefit payments. CC ID 00190 | Privacy protection for information and data | Preventive | |
| Process personal data in order to advance the public interest. CC ID 00191 | Privacy protection for information and data | Preventive | |
| Process personal data for surveys, archives, or scientific research. CC ID 00192 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00193 | Privacy protection for information and data | Preventive | |
| Process personal data for academic purposes or religious purposes. CC ID 00194 | Privacy protection for information and data | Preventive | |
| Process personal data when it is used by a public authority for National Security policy or criminal policy. CC ID 00195 | Privacy protection for information and data | Preventive | |
| Refrain from storing data in newly created files or registers which directly or indirectly reveals the restricted data. CC ID 00196 | Privacy protection for information and data | Preventive | |
| Follow legal obligations while processing personal data. CC ID 04794 | Privacy protection for information and data | Preventive | |
| Start personal data processing only after the needed notifications are submitted. CC ID 04791 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent for specific and well-documented circumstances. CC ID 13537 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when the data subject has been notified the personal data may be collected, used, or disclosed. CC ID 13617 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13615 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when the data subject is notified that the business transaction is completed and their information was disclosed. CC ID 13612 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when the disclosure concerns the data subject's products and services obtained from the organization. CC ID 13611 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when it is impracticable to obtain consent. CC ID 13580 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when it is in the data subject's interest and consent cannot be obtained in a timely manner. CC ID 15282 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent to determine whether to proceed with business transactions. CC ID 13587 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent in order to perform a contract. CC ID 13586 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when the privacy commissioner is notified before the information is used. CC ID 13581 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent to perform obligations in the field of employment law. CC ID 16814 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 15294 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when it is used in a manner to ensure confidentiality. CC ID 13579 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when it is used for statistical research, scientific research, or scholarly research. CC ID 13578 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when it is needed by law. CC ID 13577 | Privacy protection for information and data | Preventive | |
| Process personal data for public interests absent consent in order to protect historical records or archival records. CC ID 15296 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when it is from publicly available information. CC ID 13576 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent to create a credit report. CC ID 15288 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent if its use is consistent with the intended purpose. CC ID 13575 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent to administer a trust fund or benefit plan. CC ID 15291 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when produced for business purposes. CC ID 13563 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent for handling insurance claims. CC ID 13561 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent when it is necessary for corporate restructuring. CC ID 16533 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent if the information is contained in a witness statement. CC ID 13560 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent for life-threatening emergencies. CC ID 13558 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent for reasonable investigative purposes. CC ID 13557 | Privacy protection for information and data | Preventive | |
| Disclose restricted data when the data subject has given unambiguous and implicit consent. CC ID 00157 [The entity discloses PI to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity's objectives related to privacy. D6.1 PI is disclosed to third parties for new purposes or uses only with the prior implicit or explicit consent of data subjects. D6.1 Discloses information to third parties for new purposes and uses PI is disclosed to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject, unless a law or regulation specifically requires otherwise. D6.1 Discloses PI only when appropriate] | Privacy protection for information and data | Preventive | |
| Disclose personal data when the data subject has consented and has the ability to opt out. CC ID 00158 | Privacy protection for information and data | Detective | |
| Disclose Personal Identification Numbers absent consent in order to update address information. CC ID 04793 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when the law does not require consent. CC ID 00136 | Privacy protection for information and data | Preventive | |
| Disclose data absent consent if its disclosure is consistent with the intended purpose. CC ID 15270 | Privacy protection for information and data | Preventive | |
| Disclose restricted data when a relevant connection exists between the data subject and the data controller's operations. CC ID 00137 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if the disclosure with the consent or knowledge of the data subject would compromise the ability to prevent, detect, or suppress fraud. CC ID 13594 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent when it is in the data subject's interest and consent cannot be obtained in a timely manner. CC ID 15284 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13616 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent when the data subject is notified that the business transaction is completed and their information was disclosed. CC ID 13613 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent when the data subject has been notified the personal data may be collected, used, or disclosed. CC ID 13603 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if disclosure is made a predetermined number of years after the death of the data subject. CC ID 13598 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent when disclosure is made a predetermined number of years after the information was created. CC ID 13597 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if the data subject is notified of the disclosure. CC ID 13596 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent to detect, suppress, or prevent fraud. CC ID 13592 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent to create a credit report. CC ID 15297 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if it is necessary to identify an individual who is injured, ill or deceased. CC ID 13595 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent if the disclosure is to a government institution. CC ID 13583 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent for reasonable investigative purposes. CC ID 13593 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent to determine whether to proceed with business transactions. CC ID 15285 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent for handling insurance claims. CC ID 13585 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if the information is contained in a witness statement. CC ID 13584 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if the data subject is believed to be a victim of financial abuse. CC ID 13555 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent for transactions related to the consumer. CC ID 14853 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent to a government institution that has requested the information. CC ID 13582 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 13554 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when it is for the data controller's legitimate interest or third party's legitimate interest and it prevails over individual rights. CC ID 00138 [PI is disclosed to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject, unless a law or regulation specifically requires otherwise. D6.1 Discloses PI only when appropriate] | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if the organization notifies the privacy commissioner before disclosing the information. CC ID 13553 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent if it is impracticable to obtain consent. CC ID 13552 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent in order to perform a contract. CC ID 00139 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent in order to assist Telecommunications Ombudsmen in resolving complaints. CC ID 00140 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent to administer a trust fund or benefit plan. CC ID 15290 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent for research purposes and the data subject is not identified. CC ID 15286 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent when the personal data is disclosed by calling an emergency service number. CC ID 00141 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when the restricted data prevents life-threatening emergencies to third parties. CC ID 00142 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when the restricted data preserves human life at sea. CC ID 00143 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent in order to process the restricted data for public interests. CC ID 00144 | Privacy protection for information and data | Preventive | |
| Disclose restricted data for public interests absent consent in order to provide social work assistance services. CC ID 00145 | Privacy protection for information and data | Preventive | |
| Disclose restricted data for public interests absent consent if confidentiality is assured and the disclosure is for statistical research, scientific research, or scholarly research. CC ID 00146 | Privacy protection for information and data | Preventive | |
| Disclose restricted data for public interests absent consent in order to protect historical records or archival records. CC ID 00147 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent for public economic interests. CC ID 00148 | Privacy protection for information and data | Preventive | |
| Disclose restricted data for public interests absent consent for National Security reasons. CC ID 00149 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00150 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when it is publicly accessible. CC ID 00151 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when it is related to publicly available information. CC ID 00152 | Privacy protection for information and data | Preventive | |
| Disclose publicly accessible restricted data absent consent when the data subject has already published it. CC ID 00153 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent in order to protect the data subject's vital interests. CC ID 00154 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent in order to protect the data subject's vital interests when there is a life-threatening emergency. CC ID 00155 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when it is for judicial decisions, lawsuits, and investigations. CC ID 00161 | Privacy protection for information and data | Preventive | |
| Disclose restricted data absent consent when it is needed by law. CC ID 00163 | Privacy protection for information and data | Preventive | |
| Disclose personal data required by law absent consent for special cases involving security or law enforcement. CC ID 04796 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent when it is being disclosed to the data subject. CC ID 00164 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent for direct marketing or other personalized mail programs. CC ID 14855 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent in order to collect a debt owed by the data subject. CC ID 00165 | Privacy protection for information and data | Preventive | |
| Disclose personal data absent consent when the data subject or data owner is anonymous. CC ID 00166 | Privacy protection for information and data | Preventive | |
| Limit the redisclosure and reuse of restricted data. CC ID 00168 | Privacy protection for information and data | Preventive | |
| Refrain from redisclosing or reusing restricted data. CC ID 00169 | Privacy protection for information and data | Preventive | |
| Redisclose restricted data when the data subject consents. CC ID 00171 | Privacy protection for information and data | Preventive | |
| Redisclose restricted data when it is for criminal law enforcement. CC ID 00172 | Privacy protection for information and data | Preventive | |
| Redisclose restricted data in order to protect public revenue. CC ID 00173 | Privacy protection for information and data | Preventive | |
| Redisclose restricted data in order to assist a Telecommunications Ombudsman. CC ID 00174 | Privacy protection for information and data | Preventive | |
| Redisclose restricted data in order to prevent a life-threatening emergency. CC ID 00175 | Privacy protection for information and data | Preventive | |
| Redisclose restricted data when it deals with installing, maintaining, operating, or providing access to a Public Telecommunications Network or a telecommunication facility. CC ID 00176 | Privacy protection for information and data | Preventive | |
| Redisclose restricted data in order to preserve human life at sea. CC ID 00177 | Privacy protection for information and data | Preventive | |
| Obtain explicit consent directly from the data subject prior to the use of that person's sensitive data. CC ID 00178 [The entity discloses PI to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity's objectives related to privacy. D6.1 {explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2 The entity's policies and procedures require data subjects to explicitly agree and consent to the provision and collection of the data subject's PI. In some circumstances where the entity is unable to confirm explicit consent directly with a data subject, the entity's policies and procedures require the entity to formally document its rationale and basis for determining that it has obtained the data subject's implicit consent. C3.2 Explicit and implicit consent Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Privacy protection for information and data | Preventive | |
| Obtain consent from a parent or legal representative in order to use or disclose a child's data. CC ID 00198 | Privacy protection for information and data | Preventive | |
| Obtain opt-in consent from teenagers prior to the collection, use, or disclosure of personal data. CC ID 00199 | Privacy protection for information and data | Preventive | |
| Obtain explicit consent prior to using the data subject's Personal Identification Number. CC ID 00238 | Privacy protection for information and data | Preventive | |
| Process Personal Identification Numbers with consent. CC ID 00239 | Privacy protection for information and data | Preventive | |
| Obtain consent prior to selling a Personal Identification Number. CC ID 00240 | Privacy protection for information and data | Preventive | |
| Obtain consent prior to displaying a Personal Identification Number. CC ID 00241 | Privacy protection for information and data | Preventive | |
| Refrain from displaying Personal Identification Numbers on government-issued checks or other paperwork. CC ID 00254 | Privacy protection for information and data | Preventive | |
| Refrain from displaying Personal Identification Numbers on identification cards or badges. CC ID 00255 | Privacy protection for information and data | Preventive | |
| Use Personal Identification Numbers absent consent for granting credit or collecting a debt. CC ID 00252 | Privacy protection for information and data | Preventive | |
| Use Personal Identification Numbers absent consent for research purposes. CC ID 00247 | Privacy protection for information and data | Preventive | |
| Refrain from requiring consent to use a Personal Identification Number when protecting the public health and safety or an individual's safety in an emergency. CC ID 00244 | Privacy protection for information and data | Preventive | |
| Use Personal Identification Numbers absent consent when a federal law mandates its use. CC ID 00243 | Privacy protection for information and data | Preventive | |
| Allow data subjects the ability to restrict the use and disclosure of personal data. CC ID 06821 | Privacy protection for information and data | Preventive | |
| Identify any adverse effects the disclosure of personal data will have on the data subject. CC ID 15298 | Privacy protection for information and data | Preventive | |
| Review personal data disclosure requests. CC ID 07129 | Privacy protection for information and data | Preventive | |
| Include frivolous requests or vexatious requests as a reason for denial in the personal data request denial procedures. CC ID 00435 | Privacy protection for information and data | Preventive | |
| Include when the required information is unavailable as a reason for denial in the personal data request denial procedures. CC ID 00436 | Privacy protection for information and data | Preventive | |
| Include when the disclosure of personal data constitutes contempt of court or contempt of House of Representatives as a reason for denial in the personal data request denial procedures. CC ID 00437 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would identify suppliers or breaches an express promise of privacy or implied promise of privacy as a reason for denial in the personal data request denial procedures. CC ID 00438 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would compromise National Security as a reason for denial in the personal data request denial procedures. CC ID 00439 | Privacy protection for information and data | Preventive | |
| Include information that is protected by attorney-client privilege as a reason for denial in the personal data request denial procedures. CC ID 00440 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would reveal trade secrets, commercial information, or harmful financial information as a reason for denial in the personal data request denial procedures. CC ID 00441 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would threaten an individual's life or an individual's security as a reason for denial in the personal data request denial procedures. CC ID 00442 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would have an unreasonable impact on another individual's privacy as a reason for denial in the personal data request denial procedures. CC ID 00443 | Privacy protection for information and data | Preventive | |
| Include responding to access requests after the time limit as a reason for denial in the personal data request denial procedures. CC ID 13600 | Privacy protection for information and data | Preventive | |
| Include information that was generated from a formal dispute as a reason for denial in the personal data request denial procedures. CC ID 00444 | Privacy protection for information and data | Preventive | |
| Include personal data that is used solely for scientific research, scholarly research, statistical research, library purposes, museum purposes, or archival purposes as a reason for denial in the personal data request denial procedures. CC ID 00445 | Privacy protection for information and data | Preventive | |
| Include personal data that is for the state's economic interest as a reason for denial in the personal data request denial procedures. CC ID 00446 | Privacy protection for information and data | Detective | |
| Include personal data that is for protecting the civil rights or other's freedoms as a reason for denial in the personal data request denial procedures. CC ID 00447 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that constitutes a state secret as a reason for denial in the personal data request denial procedures. CC ID 00448 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would result in interference with the operation of public functions as a reason for denial in the personal data request denial procedures. CC ID 00449 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would interrupt criminal investigation and surveillance or other legal purposes as a reason for denial in the personal data request denial procedures. CC ID 00450 | Privacy protection for information and data | Preventive | |
| Include when a country's laws prevent disclosure as a reason for denial in the personal data request denial procedures. CC ID 00451 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would interfere with grievance proceeding or employee security investigations as a reason for denial in the personal data request denial procedures. CC ID 06873 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would interfere with commercial acquisitions or reorganizations as a reason for denial in the personal data request denial procedures. CC ID 06874 | Privacy protection for information and data | Preventive | |
| Include if the cost or burden of disclosing the personal data is disproportionate as a reason for denial in the personal data request denial procedures. CC ID 06875 | Privacy protection for information and data | Preventive | |
| Notify interested personnel and affected parties of the reasons the data access request was refused. CC ID 00453 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1 When data subjects are denied access to their PI, the entity informs them of the denial and the reasons for the denial in a timely manner, unless prohibited by law or regulation. A5.1 Informs data subjects when access is denied Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Privacy protection for information and data | Preventive | |
| Notify individuals of their right to challenge a refusal to a data access request. CC ID 00454 [Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Privacy protection for information and data | Preventive | |
| Disseminate and communicate personal data to the individual that it relates to. CC ID 00428 | Privacy protection for information and data | Preventive | |
| Provide personal data to an individual after the individual's identity has been confirmed. CC ID 06876 [The identity of data subjects who request access to their PI is authenticated before they are given access to that information. A5.1 Authenticates data subjects’ identities The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1] | Privacy protection for information and data | Preventive | |
| Provide data or records in a reasonable time frame. CC ID 00429 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Privacy protection for information and data | Preventive | |
| Extend the time limit for providing personal data in order to convert it to an alternative format. CC ID 13591 | Privacy protection for information and data | Preventive | |
| Extend the time limit for providing personal data if the time is impracticable to respond to the access request. CC ID 13590 | Privacy protection for information and data | Preventive | |
| Extend the time limit for providing data if it would unreasonably interfere with the organization's activities. CC ID 13589 | Privacy protection for information and data | Preventive | |
| Provide data at a cost that is not excessive. CC ID 00430 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Privacy protection for information and data | Preventive | |
| Provide records or data in a reasonable manner. CC ID 00431 | Privacy protection for information and data | Preventive | |
| Provide personal data in a form that is intelligible. CC ID 00432 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Privacy protection for information and data | Preventive | |
| Provide restricted data that would threaten the life or security of another individual after that information has been redacted. CC ID 13604 | Privacy protection for information and data | Preventive | |
| Provide restricted data that would reveal confidential commercial information after that information has been redacted. CC ID 13602 | Privacy protection for information and data | Preventive | |
| Remove data pertaining to third parties before giving the requestor access to the information. CC ID 13601 | Privacy protection for information and data | Preventive | |
| Identify any adverse effects the collection of personal data will have on the data subject. CC ID 15279 | Privacy protection for information and data | Preventive | |
| Refrain from collecting personal data, as necessary. CC ID 15269 | Privacy protection for information and data | Preventive | |
| Use personal data for specified purposes. CC ID 11831 [The entity limits the use of PI to the purposes identified in its objectives related to privacy. U4.1 {implicit consent} PI is used only for the intended purposes for which it was collected and only when implicit or explicit consent has been obtained unless a law or regulation specifically requires otherwise. U4.1 Only uses PI for intended purposes {explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2] | Privacy protection for information and data | Preventive | |
| Obtain the data subject's consent and acknowledgment before collecting data. CC ID 00012 [Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information] | Privacy protection for information and data | Preventive | |
| Provide explicit consent that is clear and unambiguous. CC ID 00181 | Privacy protection for information and data | Preventive | |
| Allow individuals to change their personal data collection consent preferences. CC ID 06946 | Privacy protection for information and data | Preventive | |
| Adhere to each individual's personal data collection consent preferences. CC ID 06947 | Privacy protection for information and data | Preventive | |
| Furnish disclosure of information and usage of information to data subjects when oral consent is given. CC ID 04717 | Privacy protection for information and data | Preventive | |
| Disclose the direct marketing purpose before obtaining consent for collecting information. CC ID 04718 | Privacy protection for information and data | Preventive | |
| Include an individual's name in the personal data definition. CC ID 04710 | Privacy protection for information and data | Preventive | |
| Include an individual's name combined with other personal data in the personal data definition. CC ID 04709 | Privacy protection for information and data | Preventive | |
| Include the legal surname of the parent or legal representative prior to marriage in the personal data definition. CC ID 04686 | Privacy protection for information and data | Preventive | |
| Include an individual's signature in the personal data definition. CC ID 04711 | Privacy protection for information and data | Preventive | |
| Include an individual's date of birth in the personal data definition. CC ID 04770 | Privacy protection for information and data | Preventive | |
| Include an individual's physical characteristics or description in the personal data definition. CC ID 04712 | Privacy protection for information and data | Preventive | |
| Include an individual's biometric data in the personal data definition. CC ID 04698 | Privacy protection for information and data | Preventive | |
| Include an individual's photographic image in the personal data definition. CC ID 04779 | Privacy protection for information and data | Preventive | |
| Include an individual's fingerprints in the personal data definition. CC ID 04689 | Privacy protection for information and data | Preventive | |
| Include an individual's address in the personal data definition. CC ID 04687 | Privacy protection for information and data | Preventive | |
| Include an individual's telephone number in the personal data definition. CC ID 04688 | Privacy protection for information and data | Preventive | |
| Include an individual's fax number in the personal data definition. CC ID 07120 | Privacy protection for information and data | Preventive | |
| Include an individual's financial account number in the personal data definition. CC ID 04692 | Privacy protection for information and data | Preventive | |
| Include stock numbers, bond numbers, and other security certificate numbers in the personal data definition. CC ID 04768 | Privacy protection for information and data | Preventive | |
| Include an individual's electronic identification name or number in the personal data definition. CC ID 04694 | Privacy protection for information and data | Preventive | |
| Include an individual's Alien Registration Number in the personal data definition. CC ID 04743 | Privacy protection for information and data | Preventive | |
| Include an individual's passport number in the personal data definition. CC ID 04713 | Privacy protection for information and data | Preventive | |
| Include an individual's driver's license number or an individual's state identification card number in the personal data definition. CC ID 04691 | Privacy protection for information and data | Preventive | |
| Include an individual's Social Security Number or Personal Identification Number in the personal data definition. CC ID 04690 | Privacy protection for information and data | Preventive | |
| Include an individual's e-mail address in the personal data definition. CC ID 04696 | Privacy protection for information and data | Preventive | |
| Include electronic signatures in the personal data definition. CC ID 04697 | Privacy protection for information and data | Preventive | |
| Include an individual's payment card information in the personal data definition. CC ID 04751 | Privacy protection for information and data | Preventive | |
| Include an individual's credit card number or an individual's debit card number in the personal data definition. CC ID 04693 | Privacy protection for information and data | Preventive | |
| Include an individual's payment card service code in the personal data definition. CC ID 04753 | Privacy protection for information and data | Preventive | |
| Include an individual's payment card expiration date in the personal data definition. CC ID 04755 | Privacy protection for information and data | Preventive | |
| Include the payment transaction data and transaction authentication data in the personal data definition. CC ID 04825 | Privacy protection for information and data | Preventive | |
| Include an individual's Individually Identifiable Health Information in the personal data definition. CC ID 04700 | Privacy protection for information and data | Preventive | |
| Include an individual's medical history in the personal data definition. CC ID 04701 | Privacy protection for information and data | Preventive | |
| Include an individual's medical treatment in the personal data definition. CC ID 04702 | Privacy protection for information and data | Preventive | |
| Include an individual's medical diagnosis in the personal data definition. CC ID 04703 | Privacy protection for information and data | Preventive | |
| Include an individual's mental condition or an individual's physical condition in the personal data definition. CC ID 04704 | Privacy protection for information and data | Preventive | |
| Include an individual's medical record numbers in the personal data definition. CC ID 07121 | Privacy protection for information and data | Preventive | |
| Include an individual's health insurance information in the personal data definition. CC ID 04705 | Privacy protection for information and data | Preventive | |
| Include an individual's health insurance policy number in the personal data definition. CC ID 04706 | Privacy protection for information and data | Preventive | |
| Include an individual's health insurance application and health insurance claims history (including appeals) in the personal data definition. CC ID 04707 | Privacy protection for information and data | Preventive | |
| Include an individual's education information in the personal data definition. CC ID 04714 | Privacy protection for information and data | Preventive | |
| Include an individual's professional certification numbers or an individual's professional license numbers in the personal data definition. CC ID 07122 | Privacy protection for information and data | Preventive | |
| Include an individual's employment information in the personal data definition. CC ID 04715 | Privacy protection for information and data | Preventive | |
| Include an employer's Taxpayer Identification Number in the personal data definition. CC ID 04767 | Privacy protection for information and data | Preventive | |
| Include an individual's Taxpayer Identification Number in the personal data definition. CC ID 04763 | Privacy protection for information and data | Preventive | |
| Include an individual's employment history in the personal data definition. CC ID 04716 | Privacy protection for information and data | Preventive | |
| Include an individual's place of employment in the personal data definition. CC ID 04765 | Privacy protection for information and data | Preventive | |
| Include an individual's Employee Identification Number in the personal data definition. CC ID 04766 | Privacy protection for information and data | Preventive | |
| Include an individual's property information in the personal data definition. CC ID 04780 | Privacy protection for information and data | Preventive | |
| Include an individual's property title in the personal data definition. CC ID 04781 | Privacy protection for information and data | Preventive | |
| Include an individual's vehicle registration in the personal data definition. CC ID 04782 | Privacy protection for information and data | Preventive | |
| Include hardware asset identification information in the personal data definition. CC ID 07123 | Privacy protection for information and data | Preventive | |
| Include MAC addresses in the personal data definition. CC ID 04778 | Privacy protection for information and data | Preventive | |
| Include Internet Protocol addresses in the personal data definition. CC ID 04777 | Privacy protection for information and data | Preventive | |
| Include asset serial numbers in the personal data definition. CC ID 07124 | Privacy protection for information and data | Preventive | |
| Include Uniform Resource Locators in the personal data definition. CC ID 07125 | Privacy protection for information and data | Preventive | |
| Define specially restricted data. CC ID 00037 | Privacy protection for information and data | Preventive | |
| Protect an individual's civil rights during personal data collection and personal data processing. CC ID 00079 | Privacy protection for information and data | Preventive | |
| Refrain from compiling data that is likely to give rise to unlawful discrimination or arbitrary discrimination. CC ID 00075 | Privacy protection for information and data | Preventive | |
| Refrain from subjecting an individual to a solely automated decision process that produces legal effects based on the evaluation of certain characteristics. CC ID 00080 | Privacy protection for information and data | Preventive | |
| Implement a nondiscrimination principle. CC ID 00081 | Privacy protection for information and data | Preventive | |
| Include the collection and use of personal data in the nondiscrimination principle. CC ID 11799 | Privacy protection for information and data | Preventive | |
| Preserve each individual's right to human dignity. CC ID 00082 | Privacy protection for information and data | Preventive | |
| Manage Personal Identification Numbers and PIN verification code numbers. CC ID 00058 | Privacy protection for information and data | Preventive | |
| Collect Personal Identification Numbers with the individual's consent. CC ID 00059 | Privacy protection for information and data | Preventive | |
| Collect Personal Identification Numbers absent consent when the law mandates. CC ID 00061 | Privacy protection for information and data | Preventive | |
| Collect Personal Identification Numbers absent consent for research purposes. CC ID 00065 | Privacy protection for information and data | Preventive | |
| Collect Personal Identification Numbers absent consent to realize the rights or duties of the data subject or data controller. CC ID 04792 | Privacy protection for information and data | Preventive | |
| Manage health data collection. CC ID 00050 | Privacy protection for information and data | Preventive | |
| Collect Individually Identifiable Health Information to provide health care services. CC ID 00052 | Privacy protection for information and data | Preventive | |
| Collect Individually Identifiable Health Information when the law dictates. CC ID 00053 | Privacy protection for information and data | Preventive | |
| Collect Individually Identifiable Health Information for research. CC ID 00054 | Privacy protection for information and data | Preventive | |
| Remove personal data before disclosing health data. CC ID 00055 | Privacy protection for information and data | Preventive | |
| Give special attention to collecting children's data. CC ID 00038 | Privacy protection for information and data | Preventive | |
| Obtain consent from a parent or legal representative before collecting information from children. CC ID 00041 | Privacy protection for information and data | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to collect online contact information for a one-time only response to a specific request. CC ID 00043 | Privacy protection for information and data | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to request the parent or legal representative's information to obtain consent. CC ID 00044 | Privacy protection for information and data | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to additional requests which do not go beyond the scope of the request. CC ID 00045 | Privacy protection for information and data | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to protect the child's safety. CC ID 00046 | Privacy protection for information and data | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to take liability precautions. CC ID 00047 | Privacy protection for information and data | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to a judicial process. CC ID 00048 | Privacy protection for information and data | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to a request for law enforcement purposes. CC ID 00049 | Privacy protection for information and data | Preventive | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to protect the website's security or integrity or the online service's security or integrity. CC ID 06199 | Privacy protection for information and data | Preventive | |
| Collect personal data directly from the data subject. CC ID 00011 | Privacy protection for information and data | Preventive | |
| Create and manage user account aliases to maintain pseudonymity. CC ID 04549 | Privacy protection for information and data | Preventive | |
| Provide unlinkability for users and resources. CC ID 04550 | Privacy protection for information and data | Preventive | |
| Collect restricted data in a fair and lawful manner. CC ID 00010 | Privacy protection for information and data | Preventive | |
| Collect restricted data absent consent for specific and well-documented circumstances. CC ID 00013 | Privacy protection for information and data | Preventive | |
| Collect restricted data absent consent when the data collection is in the individual's interests and consent can not be obtained in a timely manner. CC ID 00014 | Privacy protection for information and data | Preventive | |
| Collect restricted data absent consent when consent compromises data accuracy. CC ID 00015 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent in order to make a disclosure. CC ID 13550 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent for reasonable investigative purposes. CC ID 11801 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent if the collection is consistent with the intended purpose. CC ID 13548 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent when the personal data was produced by the data subject in the course of employment, business, or profession. CC ID 13544 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent for handling insurance claims. CC ID 13543 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent when the data subject has authorized the collection through another individual. CC ID 00016 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 15295 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13614 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent in order to protect the data subject's vital interests. CC ID 15277 | Privacy protection for information and data | Preventive | |
| Collect personal data for public interests absent consent in order to protect historical records or archival records. CC ID 15289 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent to administer a trust fund or benefit plan. CC ID 15292 | Privacy protection for information and data | Preventive | |
| Collect restricted data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00017 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent in order to collect a debt owed by the data subject. CC ID 15293 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent for statistical purposes or research purposes and the data subject is not identified. CC ID 00018 | Privacy protection for information and data | Preventive | |
| Collect restricted data absent consent from publicly available information. CC ID 00019 | Privacy protection for information and data | Preventive | |
| Collect restricted data absent consent when needed by law. CC ID 00020 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent to create a credit report. CC ID 15287 | Privacy protection for information and data | Preventive | |
| Collect restricted data absent consent when no potential harm can come to the data subject. CC ID 00021 | Privacy protection for information and data | Preventive | |
| Collect personal data absent consent when collecting personal data from the data subject is impossible or the data collection involves a disproportionate effort. CC ID 00022 | Privacy protection for information and data | Preventive | |
| Collect the minimum amount of restricted data necessary. CC ID 00078 | Privacy protection for information and data | Preventive | |
| Collect restricted data in a proper information framework. CC ID 00009 | Privacy protection for information and data | Preventive | |
| Collect and record restricted data for specific, explicit, and legitimate purposes. CC ID 00027 [PI is relevant for the purposes for which it is to be used. Q8.1 Ensures relevance of PI] | Privacy protection for information and data | Preventive | |
| Collect restricted data when required by law. CC ID 00031 | Privacy protection for information and data | Preventive | |
| Collect restricted data to prevent life-threatening emergencies. CC ID 00032 | Privacy protection for information and data | Preventive | |
| Collect restricted data relating solely to nonprofit organization members or individuals who are in regular contact during the nonprofit organization's activities. CC ID 00034 | Privacy protection for information and data | Preventive | |
| Collect restricted data for legal purposes. CC ID 00036 | Privacy protection for information and data | Preventive | |
| Prohibit personal data from being sent by e-mail or instant messaging. CC ID 00565 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain record structures to support information confidentiality. CC ID 00360 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Privacy protection for information and data | Preventive | |
| Automate the disposition process for records that contain "do not store" data or "delete after transaction process" data. CC ID 06083 | Privacy protection for information and data | Preventive | |
| Limit data leakage. CC ID 00356 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain suspicious personal data procedures. CC ID 04853 | Privacy protection for information and data | Detective | |
| Compare certain personal data such as name, date of birth, address, driver's license, or other identification against personal data on file for the applicant. CC ID 04855 | Privacy protection for information and data | Detective | |
| Match consumer reports with current accounts on file to ensure account misuse or information misuse has not occurred. CC ID 04873 | Privacy protection for information and data | Detective | |
| Send change notices for change of address requests to the old address and the new address. CC ID 04877 | Privacy protection for information and data | Detective | |
| Include text about data ownership in the data handling policy. CC ID 15720 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain de-identifying and re-identifying procedures. CC ID 07126 | Privacy protection for information and data | Preventive | |
| Use de-identifying code and re-identifying code that is not derived from or related to information about the data subject. CC ID 07127 | Privacy protection for information and data | Preventive | |
| Store de-identifying code and re-identifying code separately. CC ID 16535 | Privacy protection for information and data | Preventive | |
| Prevent the disclosure of de-identifying code and re-identifying code. CC ID 07128 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's name combined with account numbers or other identifying information as personal data that falls under the breach notification rules. CC ID 04662 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's legal surname prior to marriage as personal data that falls under the breach notification rules. CC ID 04669 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's date of birth as personal data that falls under the breach notification rules. CC ID 04771 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's address as personal data that falls under the breach notification rules. CC ID 04671 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's telephone number as personal data that falls under the breach notification rules. CC ID 04672 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's fingerprints as personal data that falls under the breach notification rules. CC ID 04670 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's Social Security Number or Personal Identification Number as personal data that falls under the breach notification rules. CC ID 04656 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's driver's license number or an individual's state identification card number as personal data that falls under the breach notification rules. CC ID 04657 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's passport number as personal data that falls under the breach notification rules. CC ID 04774 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's Alien Registration Number as personal data that falls under the breach notification rules. CC ID 04775 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's Taxpayer Identification Number as personal data that falls under the breach notification rules. CC ID 04764 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's financial account number as personal data that falls under the breach notification rules. CC ID 04658 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's financial account number with associated password or password hint as personal data that falls under the breach notification rules. CC ID 04660 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's electronic identification name or number as personal data that falls under the breach notification rules. CC ID 04663 | Privacy protection for information and data | Preventive | |
| Include data elements that contain electronic signatures as personal data that falls under the breach notification rules. CC ID 04666 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's biometric data as personal data that falls under the breach notification rules. CC ID 04667 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's account number, password, or password hint as personal data that falls under the breach notification rules. CC ID 04668 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's payment card information as personal data that falls under the breach notification rules. CC ID 04752 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's credit card number or an individual's debit card number as personal data that falls under the breach notification rules. CC ID 04659 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's payment card service code as personal data that falls under the breach notification rules. CC ID 04754 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's payment card expiration date as personal data that falls under the breach notification rules. CC ID 04756 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's payment card full magnetic stripe data as personal data that falls under the breach notification rules. CC ID 04759 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's payment card security codes (Card Authentication Value 2/Card Validation Code Value 2/Card Verification Value 2/Card Identification Number) as personal data that falls under the breach notification rules. CC ID 04760 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's payment card associated password or password hint as personal data that falls under the breach notification rules. CC ID 04661 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's Individually Identifiable Health Information as personal data that falls under the breach notification rules. CC ID 04673 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's medical history as personal data that falls under the breach notification rules. CC ID 04674 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's medical treatment as personal data that falls under the breach notification rules. CC ID 04675 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's medical diagnosis as personal data that falls under the breach notification rules. CC ID 04676 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's mental condition or physical condition as personal data that falls under the breach notification rules. CC ID 04682 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's health insurance information as personal data that falls under the breach notification rules. CC ID 04681 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's health insurance policy number as personal data that falls under the breach notification rules. CC ID 04683 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's health insurance application and health insurance claims history (including appeals) as personal data that falls under the breach notification rules. CC ID 04684 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's employment information as personal data that falls under the breach notification rules. CC ID 04772 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's Employee Identification Number as personal data that falls under the breach notification rules. CC ID 04773 | Privacy protection for information and data | Preventive | |
| Include data elements that contain an individual's place of employment as personal data that falls under the breach notification rules. CC ID 04788 | Privacy protection for information and data | Preventive | |
| Obtain consent from an individual prior to transferring personal data. CC ID 06948 [Consent is obtained before PI is transferred to or from an individual's computer or other similar device. C3.2 Obtains consent for data transfers] | Privacy protection for information and data | Preventive | |
| Provide an adequate data protection level by the transferee prior to transferring personal data to another country. CC ID 00314 | Privacy protection for information and data | Preventive | |
| Refrain from restricting personal data transfers to member states of the European Union. CC ID 00312 | Privacy protection for information and data | Preventive | |
| Prohibit the transfer of personal data when security is inadequate. CC ID 00345 | Privacy protection for information and data | Preventive | |
| Meet the use of limitation exceptions in order to transfer personal data. CC ID 00346 | Privacy protection for information and data | Preventive | |
| Refrain from transferring past the first transfer. CC ID 00347 | Privacy protection for information and data | Preventive | |
| Allow the data subject the right to object to the personal data transfer. CC ID 00349 | Privacy protection for information and data | Preventive | |
| Include publicly available information as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00316 | Privacy protection for information and data | Preventive | |
| Include transfer agreements between data controllers and third parties when it is for the data subject's interest as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00317 | Privacy protection for information and data | Preventive | |
| Include personal data for the health field and for treatment as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00318 | Privacy protection for information and data | Preventive | |
| Include personal data for journalistic purposes or private purposes as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00319 | Privacy protection for information and data | Preventive | |
| Include personal data for important public interest as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00320 | Privacy protection for information and data | Preventive | |
| Include consent by the data subject as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00321 | Privacy protection for information and data | Preventive | |
| Include personal data used for a contract as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00322 | Privacy protection for information and data | Preventive | |
| Include personal data for protecting the data subject or the data subject's interests, such as saving his/her life or providing healthcare as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00323 | Privacy protection for information and data | Preventive | |
| Include personal data that is necessary to fulfill international law obligations as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00324 | Privacy protection for information and data | Preventive | |
| Include personal data used for legal investigations as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00325 | Privacy protection for information and data | Preventive | |
| Include personal data that is authorized by a legislative act as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00326 | Privacy protection for information and data | Preventive | |
| Require transferees to implement adequate data protection levels for the personal data. CC ID 00335 | Privacy protection for information and data | Preventive | |
| Include personal data that is publicly available information as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00337 | Privacy protection for information and data | Preventive | |
| Include personal data that is used for journalistic purposes or private purposes as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00338 | Privacy protection for information and data | Preventive | |
| Include personal data that is used for important public interest as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00339 | Privacy protection for information and data | Preventive | |
| Include consent by the data subject as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00340 | Privacy protection for information and data | Preventive | |
| Include personal data that is used for a contract as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00341 | Privacy protection for information and data | Preventive | |
| Include personal data that is used for protecting the data subject or the data subject's interests, such as providing healthcare or saving his/her life as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00342 | Privacy protection for information and data | Preventive | |
| Include personal data that is used for a legal investigation as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00343 | Privacy protection for information and data | Preventive | |
| Include personal data that is authorized by a legislative act as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00344 | Privacy protection for information and data | Preventive | |
| Obtain consent prior to storing cookies on an individual's browser. CC ID 06950 | Privacy protection for information and data | Preventive | |
| Obtain consent prior to downloading software to an individual's computer. CC ID 06951 | Privacy protection for information and data | Preventive | |
| Obtain consent prior to tracking Internet traffic patterns or browsing history of an individual. CC ID 06961 | Privacy protection for information and data | Preventive | |
| Develop remedies and sanctions for privacy policy violations. CC ID 00474 [The entity has procedures for identifying and addressing instances when non-compliance with information privacy policies and procedures are identified. M1.2 Policy compliance Ongoing procedures are performed for monitoring the effectiveness of controls over PI and for taking timely corrective actions when necessary. M9.1 Performs ongoing monitoring] | Privacy protection for information and data | Preventive | |
| Implement procedures to file privacy rights violation complaints. CC ID 00476 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1 A process is in place to address inquiries, complaints and disputes. M9.1 Addresses inquiries, complaints and disputes] | Privacy protection for information and data | Corrective | |
| Change or destroy any personal data that is incorrect. CC ID 00462 [The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Privacy protection for information and data | Corrective | |
| Refrain from updating personal data on a regular basis, unless it is necessary for the purposes it was collected. CC ID 13610 | Privacy protection for information and data | Preventive | |
| Escalate the appeal process to change personal data when the data controller fails to make changes to the disputed data. CC ID 00465 | Privacy protection for information and data | Corrective | |
| Notify individuals of their right to challenge personal data. CC ID 00457 [{be accurate}{be complete} Individuals are informed that they are responsible for providing the entity with accurate and complete PI and for contacting the entity if correction of such information is required. Q8.1 Communicates to data subjects] | Privacy protection for information and data | Preventive | |
| Notify individuals of their right to object to personal data for legitimate reasons. CC ID 00458 | Privacy protection for information and data | Preventive | |
| Notify individuals of their ability to object to personal data processing, absent cost. CC ID 00459 | Privacy protection for information and data | Preventive | |
| Investigate the disputed accuracy of personal data. CC ID 00461 | Privacy protection for information and data | Preventive | |
| Order the cessation of data processing when a violation of the privacy policy is detected. CC ID 00475 | Privacy protection for information and data | Corrective | |
| Destroy personal data that breaches privacy after the privacy breach has been detected. CC ID 00503 | Privacy protection for information and data | Corrective | |
| Establish, implement, and maintain a Customer Information Management program. CC ID 00084 | Privacy protection for information and data | Preventive | |
| Check the accuracy of restricted data. CC ID 00088 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1 {be complete} PI is accurate and complete for the purposes for which it is to be used. Q8.1 Ensures accuracy and completeness of PI] | Privacy protection for information and data | Preventive | |
| Check that restricted data is complete. CC ID 00090 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1 {be complete} PI is accurate and complete for the purposes for which it is to be used. Q8.1 Ensures accuracy and completeness of PI] | Privacy protection for information and data | Preventive | |
| Keep restricted data up-to-date and valid. CC ID 00091 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1] | Privacy protection for information and data | Preventive | |
| Maintain restricted data in a form that does not permit the identification of data subjects for longer than the processing purpose. CC ID 00092 [PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI] | Privacy protection for information and data | Preventive | |
| Employ access controls that meet the organization's compliance requirements on third party systems with access to the organization's restricted data. CC ID 04264 [PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.4 Discloses PI only to appropriate third parties PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.1 Discloses PI only to appropriate third parties] | Third Party and supply chain oversight | Detective | |
Establish Roles | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Assign legislative body jurisdiction to the organization's assets, as necessary. CC ID 06956 | Leadership and high level objectives | Preventive | |
| Assign the appropriate roles to all applicable compliance documents. CC ID 06284 | Leadership and high level objectives | Preventive | |
| Assign the approval of compliance exceptions to the appropriate roles inside the organization. CC ID 06443 | Leadership and high level objectives | Preventive | |
| Define the Information Assurance strategic roles and responsibilities. CC ID 00608 | Leadership and high level objectives | Preventive | |
| Establish and maintain a compliance oversight committee. CC ID 00765 [The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Leadership and high level objectives | Detective | |
| Assign the review of project plans for critical projects to the compliance oversight committee. CC ID 01182 | Leadership and high level objectives | Preventive | |
| Assign the corporate governance of Information Technology to the compliance oversight committee. CC ID 01178 | Leadership and high level objectives | Preventive | |
| Assign the review of Information Technology policies and procedures to the compliance oversight committee. CC ID 01179 | Leadership and high level objectives | Preventive | |
| Involve the Board of Directors or senior management in Information Governance. CC ID 00609 | Leadership and high level objectives | Preventive | |
| Assign reviewing and approving Quality Management standards to the appropriate oversight committee. CC ID 07192 | Leadership and high level objectives | Preventive | |
| Notify interested personnel and affected parties participating in the audit of their roles and responsibilities during the audit. CC ID 07151 | Audits and risk management | Preventive | |
| Assign Information System access authorizations if implementing segregation of duties. CC ID 06323 | Technical security | Preventive | |
| Use biometric authentication for identification and authentication, as necessary. CC ID 06857 | Technical security | Preventive | |
| Include assigned roles and responsibilities in the network access control standard. CC ID 06410 | Technical security | Preventive | |
| Define and assign cryptographic, encryption and key management roles and responsibilities. CC ID 15470 | Technical security | Preventive | |
| Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725 | Technical security | Preventive | |
| Employ security guards to provide physical security, as necessary. CC ID 06653 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain high level operational roles and responsibilities. CC ID 00806 | Human Resources management | Preventive | |
| Define and assign the Board of Directors roles and responsibilities and senior management roles and responsibilities, including signing off on key policies and procedures. CC ID 00807 [The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Human Resources management | Preventive | |
| Assign senior management to the role of authorizing official. CC ID 14238 | Human Resources management | Preventive | |
| Define and assign the Privacy Officer's roles and responsibilities. CC ID 00714 [The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Human Resources management | Preventive | |
| Assign security clearance procedures to qualified personnel. CC ID 06812 | Human Resources management | Preventive | |
| Assign personnel screening procedures to qualified personnel. CC ID 11699 | Human Resources management | Preventive | |
| Establish and maintain the staff structure in line with the strategic plan. CC ID 00764 | Human Resources management | Preventive | |
| Classify assets according to the Asset Classification Policy. CC ID 07186 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Operational management | Preventive | |
| Apply asset protection mechanisms for all assets according to their assigned Asset Classification Policy. CC ID 07184 | Operational management | Preventive | |
| Assign system hardening to qualified personnel. CC ID 06813 | System hardening through configuration management | Preventive | |
| Assign the review of custom code changes to individuals other than the code author. CC ID 06291 | Systems design, build, and implementation | Preventive | |
| Include roles and responsibilities in the registration notice. CC ID 16803 | Privacy protection for information and data | Preventive | |
| Require data controllers to be accountable for their actions. CC ID 00470 | Privacy protection for information and data | Preventive | |
| Process restricted data lawfully and carefully. CC ID 00086 | Privacy protection for information and data | Preventive | |
Establish/Maintain Documentation | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Establish, implement, and maintain an information classification standard. CC ID 00601 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a data classification scheme. CC ID 11628 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Leadership and high level objectives | Preventive | |
| Approve the data classification scheme. CC ID 13858 | Leadership and high level objectives | Detective | |
| Establish, implement, and maintain a Quality Management framework. CC ID 07196 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a Quality Management program. CC ID 07201 | Leadership and high level objectives | Preventive | |
| Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241 | Leadership and high level objectives | Preventive | |
| Establish and maintain an Information Systems Assurance Categories Definitions document. CC ID 01608 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a policy and procedure management program. CC ID 06285 [The entity has a process for evaluating and addressing the potential impacts of required changes to information privacy policy and procedures as changes occur in entity operations and operating locations, and as applicable jurisdictional laws and regulations are enacted to become new regulatory compliance requirements. M1.2 Policy changes] | Leadership and high level objectives | Preventive | |
| Include the effective date on all organizational policies. CC ID 06820 | Leadership and high level objectives | Preventive | |
| Include requirements in the organization’s policies, standards, and procedures. CC ID 12956 | Leadership and high level objectives | Preventive | |
| Analyze organizational policies, as necessary. CC ID 14037 | Leadership and high level objectives | Detective | |
| Include threats in the organization’s policies, standards, and procedures. CC ID 12953 | Leadership and high level objectives | Preventive | |
| Include opportunities in the organization’s policies, standards, and procedures. CC ID 12945 | Leadership and high level objectives | Preventive | |
| Establish and maintain an Authority Document list. CC ID 07113 | Leadership and high level objectives | Preventive | |
| Map in scope assets and in scope records to external requirements. CC ID 12189 | Leadership and high level objectives | Detective | |
| Document organizational procedures that harmonize external requirements, including all legal requirements. CC ID 00623 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain full documentation of all policies, standards, and procedures that support the organization's compliance framework. CC ID 01636 | Leadership and high level objectives | Preventive | |
| Disseminate and communicate the list of Authority Documents that support the organization's compliance framework to interested personnel and affected parties. CC ID 01312 | Leadership and high level objectives | Preventive | |
| Classify controls according to their preventive, detective, or corrective status. CC ID 06436 | Leadership and high level objectives | Preventive | |
| Publish, disseminate, and communicate a Statement on Internal Control, as necessary. CC ID 06727 | Leadership and high level objectives | Preventive | |
| Include signatures of c-level executives in the Statement on Internal Control. CC ID 14778 | Leadership and high level objectives | Preventive | |
| Include management's assertions on the effectiveness of internal control in the Statement on Internal Control. CC ID 14771 | Leadership and high level objectives | Corrective | |
| Include confirmation of any significant weaknesses in the Statement on Internal Control. CC ID 06861 | Leadership and high level objectives | Preventive | |
| Include roles and responsibilities in the Statement on Internal Control. CC ID 14774 | Leadership and high level objectives | Preventive | |
| Include an assurance statement regarding the counterterror protective security plan in the Statement on Internal Control. CC ID 06866 | Leadership and high level objectives | Preventive | |
| Include limitations of internal control systems in the Statement on Internal Control. CC ID 14773 | Leadership and high level objectives | Preventive | |
| Include a description of the methodology used to evaluate internal controls in the Statement on Internal Control. CC ID 14772 | Leadership and high level objectives | Preventive | |
| Include the counterterror protective security plan test results in the Statement on Internal Control. CC ID 06867 | Leadership and high level objectives | Detective | |
| Approve all compliance documents. CC ID 06286 | Leadership and high level objectives | Preventive | |
| Align the Authority Document list with external requirements. CC ID 06288 | Leadership and high level objectives | Preventive | |
| Identify and document the Designated Approval Authority for compliance documents. CC ID 07114 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a compliance exception standard. CC ID 01628 | Leadership and high level objectives | Preventive | |
| Include the authority for granting exemptions in the compliance exception standard. CC ID 14329 | Leadership and high level objectives | Preventive | |
| Include all compliance exceptions in the compliance exception standard. CC ID 01630 | Leadership and high level objectives | Detective | |
| Include explanations, compensating controls, or risk acceptance in the compliance exceptions Exceptions document. CC ID 01631 | Leadership and high level objectives | Preventive | |
| Include when exemptions expire in the compliance exception standard. CC ID 14330 | Leadership and high level objectives | Preventive | |
| Include management of the exemption register in the compliance exception standard. CC ID 14328 | Leadership and high level objectives | Preventive | |
| Review and document the meetings and actions of the Board of Directors or audit committee in the Board Report. CC ID 01151 | Leadership and high level objectives | Detective | |
| Include recommendations for changes or updates to the information security program in the Board Report. CC ID 13180 | Leadership and high level objectives | Preventive | |
| Provide critical project reports to the compliance oversight committee in a timely manner. CC ID 01183 | Leadership and high level objectives | Detective | |
| Document the requirements of stakeholders during the business planning process regarding Information Security. CC ID 06498 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a strategic plan. CC ID 12784 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain a Strategic Information Technology Plan. CC ID 00628 | Leadership and high level objectives | Preventive | |
| Include the Information Governance Plan in the Strategic Information Technology Plan. CC ID 10053 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Leadership and high level objectives | Preventive | |
| Include the transparency goals in the Information Governance Plan. CC ID 10056 | Leadership and high level objectives | Preventive | |
| Include the information integrity goals in the Information Governance Plan. CC ID 10057 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain Security Control System monitoring and reporting procedures. CC ID 12506 [Ongoing procedures are performed for monitoring the effectiveness of controls over PI and for taking timely corrective actions when necessary. M9.1 Performs ongoing monitoring] | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of a change detection mechanism in the Security Control System monitoring and reporting procedures. CC ID 12525 | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of audit logging in the Security Control System monitoring and reporting procedures. CC ID 12513 | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of an anti-malware solution in the Security Control System monitoring and reporting procedures. CC ID 12512 | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of a segmentation control in the Security Control System monitoring and reporting procedures. CC ID 12511 | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of a physical access control in the Security Control System monitoring and reporting procedures. CC ID 12510 | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of a logical access control in the Security Control System monitoring and reporting procedures. CC ID 12509 | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of an Intrusion Detection and Prevention System in the Security Control System monitoring and reporting procedures. CC ID 12508 | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of a security testing tool in the Security Control System monitoring and reporting procedures. CC ID 15488 | Monitoring and measurement | Preventive | |
| Include detecting and reporting the failure of a firewall in the Security Control System monitoring and reporting procedures. CC ID 12507 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a continuous monitoring program for configuration management. CC ID 06757 | Monitoring and measurement | Detective | |
| Establish, implement, and maintain a risk monitoring program. CC ID 00658 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a compliance testing strategy. CC ID 00659 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Monitoring and measurement | Preventive | |
| Include a system description in the system security plan. CC ID 16467 | Monitoring and measurement | Preventive | |
| Include a description of the operational context in the system security plan. CC ID 14301 | Monitoring and measurement | Preventive | |
| Include the results of the security categorization in the system security plan. CC ID 14281 | Monitoring and measurement | Preventive | |
| Include the information types in the system security plan. CC ID 14696 | Monitoring and measurement | Preventive | |
| Include the security requirements in the system security plan. CC ID 14274 | Monitoring and measurement | Preventive | |
| Include threats in the system security plan. CC ID 14693 | Monitoring and measurement | Preventive | |
| Include network diagrams in the system security plan. CC ID 14273 | Monitoring and measurement | Preventive | |
| Include roles and responsibilities in the system security plan. CC ID 14682 | Monitoring and measurement | Preventive | |
| Include the results of the privacy risk assessment in the system security plan. CC ID 14676 | Monitoring and measurement | Preventive | |
| Include remote access methods in the system security plan. CC ID 16441 | Monitoring and measurement | Preventive | |
| Include a description of the operational environment in the system security plan. CC ID 14272 | Monitoring and measurement | Preventive | |
| Include the security categorizations and rationale in the system security plan. CC ID 14270 | Monitoring and measurement | Preventive | |
| Include the authorization boundary in the system security plan. CC ID 14257 | Monitoring and measurement | Preventive | |
| Include security controls in the system security plan. CC ID 14239 | Monitoring and measurement | Preventive | |
| Create specific test plans to test each system component. CC ID 00661 | Monitoring and measurement | Preventive | |
| Include the roles and responsibilities in the test plan. CC ID 14299 | Monitoring and measurement | Preventive | |
| Include the assessment team in the test plan. CC ID 14297 | Monitoring and measurement | Preventive | |
| Include the scope in the test plans. CC ID 14293 | Monitoring and measurement | Preventive | |
| Include the assessment environment in the test plan. CC ID 14271 | Monitoring and measurement | Preventive | |
| Review the test plans for each system component. CC ID 00662 | Monitoring and measurement | Preventive | |
| Document validated testing processes in the testing procedures. CC ID 06200 | Monitoring and measurement | Preventive | |
| Include error details, identifying the root causes, and mitigation actions in the testing procedures. CC ID 11827 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a vulnerability management program. CC ID 15721 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a vulnerability assessment program. CC ID 11636 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Monitoring and measurement | Preventive | |
| Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a metrics policy. CC ID 01654 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain an approach for compliance monitoring. CC ID 01653 [The entity has processes for assuring adherence to information privacy policies and procedures through ongoing and separate evaluations. Refer to Component M9.0. M1.0 Monitoring and enforcement The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority] | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain risk management metrics. CC ID 01656 | Monitoring and measurement | Preventive | |
| Identify and document instances of non-compliance with the compliance framework. CC ID 06499 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Monitoring and measurement | Preventive | |
| Identify and document events surrounding non-compliance with the organizational compliance framework. CC ID 12935 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain disciplinary action notices. CC ID 16577 | Monitoring and measurement | Preventive | |
| Include a copy of the order in the disciplinary action notice. CC ID 16606 | Monitoring and measurement | Preventive | |
| Include the sanctions imposed in the disciplinary action notice. CC ID 16599 | Monitoring and measurement | Preventive | |
| Include the effective date of the sanctions in the disciplinary action notice. CC ID 16589 | Monitoring and measurement | Preventive | |
| Include the requirements that were violated in the disciplinary action notice. CC ID 16588 | Monitoring and measurement | Preventive | |
| Include responses to charges from interested personnel and affected parties in the disciplinary action notice. CC ID 16587 | Monitoring and measurement | Preventive | |
| Include the reasons for imposing sanctions in the disciplinary action notice. CC ID 16586 | Monitoring and measurement | Preventive | |
| Include required information in the disciplinary action notice. CC ID 16584 | Monitoring and measurement | Preventive | |
| Include a justification for actions taken in the disciplinary action notice. CC ID 16583 | Monitoring and measurement | Preventive | |
| Include a statement on the conclusions of the investigation in the disciplinary action notice. CC ID 16582 | Monitoring and measurement | Preventive | |
| Include the investigation results in the disciplinary action notice. CC ID 16581 | Monitoring and measurement | Preventive | |
| Include a description of the causes of the actions taken in the disciplinary action notice. CC ID 16580 | Monitoring and measurement | Preventive | |
| Include the name of the person responsible for the charges in the disciplinary action notice. CC ID 16579 | Monitoring and measurement | Preventive | |
| Include contact information in the disciplinary action notice. CC ID 16578 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a security program metrics program. CC ID 01660 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a key management roles metrics standard. CC ID 11631 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a key stakeholder metrics program. CC ID 01661 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a supply chain member metrics program. CC ID 01662 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain a Business Continuity metrics program. CC ID 01663 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain an audit metrics program. CC ID 01664 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain an Information Security metrics program. CC ID 01665 | Monitoring and measurement | Preventive | |
| Establish, implement, and maintain an audit program. CC ID 00684 | Audits and risk management | Preventive | |
| Document any after the fact changes to the engagement file. CC ID 07002 | Audits and risk management | Preventive | |
| Protect access to the engagement file and all associated audit documentation in compliance with Authority Documents the organization must follow. CC ID 07179 | Audits and risk management | Preventive | |
| Disclose work papers in the engagement file in compliance with legal requirements. CC ID 07180 | Audits and risk management | Preventive | |
| Edit the audit assertion for accuracy. CC ID 07030 | Audits and risk management | Preventive | |
| Determine if the audit assertion's in scope procedures are accurately documented. CC ID 06982 | Audits and risk management | Preventive | |
| Include the process of using evidential matter to test in scope controls in the test plan. CC ID 06996 | Audits and risk management | Preventive | |
| Establish, implement, and maintain interview procedures. CC ID 16282 | Audits and risk management | Preventive | |
| Establish and maintain work papers, as necessary. CC ID 13891 | Audits and risk management | Preventive | |
| Include the auditor's conclusions on work performed by individuals assigned to the audit in the work papers. CC ID 16775 | Audits and risk management | Preventive | |
| Include audit irregularities in the work papers. CC ID 16774 | Audits and risk management | Preventive | |
| Include corrective actions in the work papers. CC ID 16771 | Audits and risk management | Preventive | |
| Include information about the organization being audited and the auditor performing the audit in the work papers. CC ID 16770 | Audits and risk management | Preventive | |
| Include discussions with interested personnel and affected parties in the work papers. CC ID 16768 | Audits and risk management | Preventive | |
| Include justification for departing from mandatory requirements in the work papers. CC ID 13935 | Audits and risk management | Preventive | |
| Include the reviewer, and dates, for using evidential matter to test in scope controls in the work papers. CC ID 06998 | Audits and risk management | Preventive | |
| Include the tests, examinations, interviews and observations performed during the audit in the work papers. CC ID 07190 | Audits and risk management | Preventive | |
| Include if any subject matter experts or additional research had to be undertaken to test in scope controls in the work papers. CC ID 07026 | Audits and risk management | Preventive | |
| Include the tester, and dates, for using evidential matter to test in scope controls in the work papers. CC ID 06997 | Audits and risk management | Preventive | |
| Include the causes of identified in scope control deficiencies in the work papers. CC ID 07000 | Audits and risk management | Preventive | |
| Include discussions regarding the causes of identified in scope control deficiencies in the work papers. CC ID 06999 | Audits and risk management | Preventive | |
| Establish and maintain organizational audit reports. CC ID 06731 | Audits and risk management | Preventive | |
| Include the organization's privacy practices in the audit report. CC ID 07029 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Audits and risk management | Preventive | |
| Disseminate and communicate the audit report to all interested personnel and affected parties identified in the distribution list. CC ID 07117 | Audits and risk management | Preventive | |
| Implement a corrective action plan in response to the audit report. CC ID 06777 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Audits and risk management | Corrective | |
| Define penalties for uncorrected audit findings or remaining non-compliant with the audit report. CC ID 08963 | Audits and risk management | Preventive | |
| Establish, implement, and maintain a risk management program. CC ID 12051 | Audits and risk management | Preventive | |
| Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Audits and risk management | Preventive | |
| Establish, implement, and maintain a risk assessment program. CC ID 00687 | Audits and risk management | Preventive | |
| Establish, implement, and maintain risk assessment procedures. CC ID 06446 | Audits and risk management | Preventive | |
| Establish, implement, and maintain a threat and risk classification scheme. CC ID 07183 | Audits and risk management | Preventive | |
| Establish, implement, and maintain an access control program. CC ID 11702 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Technical security | Preventive | |
| Include instructions to change authenticators as often as necessary in the access control program. CC ID 11931 | Technical security | Preventive | |
| Include guidance for how users should protect their authentication credentials in the access control program. CC ID 11929 | Technical security | Preventive | |
| Include guidance on selecting authentication credentials in the access control program. CC ID 11928 | Technical security | Preventive | |
| Establish, implement, and maintain access control policies. CC ID 00512 | Technical security | Preventive | |
| Include compliance requirements in the access control policy. CC ID 14006 | Technical security | Preventive | |
| Include coordination amongst entities in the access control policy. CC ID 14005 | Technical security | Preventive | |
| Include management commitment in the access control policy. CC ID 14004 | Technical security | Preventive | |
| Include roles and responsibilities in the access control policy. CC ID 14003 | Technical security | Preventive | |
| Include the scope in the access control policy. CC ID 14002 | Technical security | Preventive | |
| Include the purpose in the access control policy. CC ID 14001 | Technical security | Preventive | |
| Document the business need justification for user accounts. CC ID 15490 | Technical security | Preventive | |
| Establish, implement, and maintain an instant messaging and chat system usage policy. CC ID 11815 | Technical security | Preventive | |
| Disseminate and communicate the access control policies to all interested personnel and affected parties. CC ID 10061 | Technical security | Preventive | |
| Establish, implement, and maintain an access rights management plan. CC ID 00513 | Technical security | Preventive | |
| Inventory all user accounts. CC ID 13732 | Technical security | Preventive | |
| Add all devices requiring access control to the Access Control List. CC ID 06264 | Technical security | Preventive | |
| Include the objects and users subject to access control in the security policy. CC ID 11836 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Preventive | |
| Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 | Technical security | Preventive | |
| Accept and sign the system use agreement before data or system access is enabled. CC ID 06501 | Technical security | Preventive | |
| Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771 | Technical security | Preventive | |
| Establish and maintain a Digital Rights Management program. CC ID 07093 | Technical security | Preventive | |
| Establish, implement, and maintain an authority for access authorization list. CC ID 06782 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Technical security | Preventive | |
| Establish, implement, and maintain a password policy. CC ID 16346 | Technical security | Preventive | |
| Disseminate and communicate the password policies and password procedures to all users who have access to restricted data or restricted information. CC ID 00518 | Technical security | Preventive | |
| Establish, implement, and maintain biometric collection procedures. CC ID 15419 | Technical security | Preventive | |
| Document the business need justification for authentication data storage. CC ID 06325 | Technical security | Preventive | |
| Establish, implement, and maintain access control procedures. CC ID 11663 | Technical security | Preventive | |
| Document approving and granting access in the access control log. CC ID 06786 | Technical security | Preventive | |
| Include the user identifiers of all personnel who are authorized to access a system in the system record. CC ID 15171 | Technical security | Preventive | |
| Include identity information of all personnel who are authorized to access a system in the system record. CC ID 16406 | Technical security | Preventive | |
| Include the date and time that access rights were changed in the system record. CC ID 16415 | Technical security | Preventive | |
| Establish, implement, and maintain an identification and authentication policy. CC ID 14033 [User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Technical security | Preventive | |
| Include the purpose in the identification and authentication policy. CC ID 14234 | Technical security | Preventive | |
| Include the scope in the identification and authentication policy. CC ID 14232 | Technical security | Preventive | |
| Include roles and responsibilities in the identification and authentication policy. CC ID 14230 | Technical security | Preventive | |
| Include management commitment in the identification and authentication policy. CC ID 14229 | Technical security | Preventive | |
| Include coordination amongst entities in the identification and authentication policy. CC ID 14227 | Technical security | Preventive | |
| Include compliance requirements in the identification and authentication policy. CC ID 14225 | Technical security | Preventive | |
| Establish, implement, and maintain identification and authentication procedures. CC ID 14053 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Technical security | Preventive | |
| Include instructions to refrain from using previously used authenticators in the access control program. CC ID 11930 | Technical security | Preventive | |
| Establish and maintain a memorized secret list. CC ID 13791 | Technical security | Preventive | |
| Establish, implement, and maintain a network configuration standard. CC ID 00530 | Technical security | Preventive | |
| Establish, implement, and maintain network segmentation requirements. CC ID 16380 | Technical security | Preventive | |
| Establish, implement, and maintain a network security policy. CC ID 06440 | Technical security | Preventive | |
| Include compliance requirements in the network security policy. CC ID 14205 | Technical security | Preventive | |
| Include coordination amongst entities in the network security policy. CC ID 14204 | Technical security | Preventive | |
| Include management commitment in the network security policy. CC ID 14203 | Technical security | Preventive | |
| Include roles and responsibilities in the network security policy. CC ID 14202 | Technical security | Preventive | |
| Include the scope in the network security policy. CC ID 14201 | Technical security | Preventive | |
| Include the purpose in the network security policy. CC ID 14200 | Technical security | Preventive | |
| Establish, implement, and maintain system and communications protection procedures. CC ID 14052 | Technical security | Preventive | |
| Establish, implement, and maintain a wireless networking policy. CC ID 06732 | Technical security | Preventive | |
| Include usage restrictions for Bluetooth in the wireless networking policy. CC ID 16443 | Technical security | Preventive | |
| Maintain up-to-date network diagrams. CC ID 00531 | Technical security | Preventive | |
| Include the date of the most recent update on the network diagram. CC ID 14319 | Technical security | Preventive | |
| Include the organization's name in the network diagram. CC ID 14318 | Technical security | Preventive | |
| Include Internet Protocol addresses in the network diagram. CC ID 16244 | Technical security | Preventive | |
| Include Domain Name System names in the network diagram. CC ID 16240 | Technical security | Preventive | |
| Accept, by formal signature, the security implications of the network topology. CC ID 12323 | Technical security | Preventive | |
| Maintain up-to-date data flow diagrams. CC ID 10059 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Technical security | Preventive | |
| Establish, implement, and maintain a sensitive information inventory. CC ID 13736 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Technical security | Detective | |
| Include information flows to third parties in the data flow diagram. CC ID 13185 | Technical security | Preventive | |
| Document where data-at-rest and data in transit is encrypted on the data flow diagram. CC ID 16412 | Technical security | Preventive | |
| Establish, implement, and maintain a Boundary Defense program. CC ID 00544 | Technical security | Preventive | |
| Establish, implement, and maintain a network access control standard. CC ID 00546 | Technical security | Preventive | |
| Include configuration management and rulesets in the network access control standard. CC ID 11845 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Technical security | Preventive | |
| Secure the network access control standard against unauthorized changes. CC ID 11920 | Technical security | Preventive | |
| Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948 | Technical security | Preventive | |
| Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960 | Technical security | Preventive | |
| Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961 | Technical security | Preventive | |
| Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435 | Technical security | Preventive | |
| Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434 | Technical security | Preventive | |
| Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426 | Technical security | Preventive | |
| Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 | Technical security | Preventive | |
| Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547 | Technical security | Preventive | |
| Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539 | Technical security | Preventive | |
| Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280 | Technical security | Preventive | |
| Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033 | Technical security | Preventive | |
| Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 | Technical security | Preventive | |
| Record the configuration rules for network access and control points in the configuration management system. CC ID 12105 | Technical security | Preventive | |
| Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107 | Technical security | Preventive | |
| Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106 | Technical security | Preventive | |
| Establish, implement, and maintain Voice over Internet Protocol Configuration Management standards. CC ID 11853 | Technical security | Preventive | |
| Establish, implement, and maintain a Wireless Local Area Network Configuration Management standard. CC ID 11854 | Technical security | Preventive | |
| Establish, implement, and maintain Voice over Internet Protocol design specification. CC ID 01449 | Technical security | Preventive | |
| Establish, implement, and maintain a Wireless Local Area Network Configuration Management program. CC ID 01646 | Technical security | Preventive | |
| Establish, implement, and maintain information flow control configuration standards. CC ID 01924 | Technical security | Preventive | |
| Maintain a record of the challenge state during identification and authentication in an automated information exchange. CC ID 06629 | Technical security | Preventive | |
| Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3 {internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Technical security | Preventive | |
| Establish, implement, and maintain a document printing policy. CC ID 14384 | Technical security | Preventive | |
| Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396 | Technical security | Preventive | |
| Establish, implement, and maintain information flow procedures. CC ID 04542 | Technical security | Preventive | |
| Establish, implement, and maintain information exchange procedures. CC ID 11782 | Technical security | Preventive | |
| Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097 | Technical security | Preventive | |
| Revoke membership in the whitelist, as necessary. CC ID 13827 | Technical security | Corrective | |
| Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 | Technical security | Preventive | |
| Define the cryptographic module security functions and the cryptographic module operational modes. CC ID 06542 | Technical security | Preventive | |
| Define the cryptographic boundaries. CC ID 06543 | Technical security | Preventive | |
| Establish and maintain the documentation requirements for cryptographic modules. CC ID 06544 | Technical security | Preventive | |
| Establish and maintain the security requirements for cryptographic module ports and cryptographic module interfaces. CC ID 06545 | Technical security | Preventive | |
| Establish, implement, and maintain documentation for the delivery and operation of cryptographic modules. CC ID 06547 | Technical security | Preventive | |
| Document the operation of the cryptographic module. CC ID 06546 | Technical security | Preventive | |
| Generate and protect a secret random number for each digital signature. CC ID 06577 | Technical security | Preventive | |
| Establish the security strength requirements for the digital signature process. CC ID 06578 | Technical security | Preventive | |
| Establish, implement, and maintain an encryption management and cryptographic controls policy. CC ID 04546 | Technical security | Preventive | |
| Provide guidance to customers on how to securely transmit, store, and update cryptographic keys. CC ID 12040 | Technical security | Preventive | |
| Establish, implement, and maintain encryption management procedures. CC ID 15475 | Technical security | Preventive | |
| Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Preventive | |
| Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152 | Technical security | Preventive | |
| Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151 | Technical security | Preventive | |
| Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540 | Technical security | Preventive | |
| Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data] | Technical security | Preventive | |
| Require key custodians to sign the cryptographic key management policy. CC ID 01308 | Technical security | Preventive | |
| Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587 | Technical security | Preventive | |
| Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079 | Technical security | Preventive | |
| Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080 | Technical security | Preventive | |
| Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081 | Technical security | Preventive | |
| Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082 | Technical security | Preventive | |
| Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089 | Technical security | Preventive | |
| Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083 | Technical security | Preventive | |
| Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816 | Technical security | Preventive | |
| Establish, implement, and maintain Public Key certificate procedures. CC ID 07085 | Technical security | Preventive | |
| Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817 | Technical security | Preventive | |
| Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087 | Technical security | Preventive | |
| Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086 | Technical security | Preventive | |
| Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566 | Technical security | Preventive | |
| Establish, implement, and maintain a malicious code protection program. CC ID 00574 | Technical security | Preventive | |
| Establish, implement, and maintain a physical and environmental protection policy. CC ID 14030 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain physical and environmental protection procedures. CC ID 14061 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a physical security program. CC ID 11757 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a facility physical security program. CC ID 00711 [The entity restricts physical access to facilities and protected information assets (e.g., data center facilities, back-up media storage and other sensitive locations) to authorized personnel to meet the entity's objectives. S7.2] | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain opening procedures for businesses. CC ID 16671 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain closing procedures for businesses. CC ID 16670 | Physical and environmental protection | Preventive | |
| Establish and maintain a contract for accessing facilities that transmit, process, or store restricted data. CC ID 12050 | Physical and environmental protection | Preventive | |
| Define communication methods for reporting crimes. CC ID 06349 | Physical and environmental protection | Preventive | |
| Include identification cards or badges in the physical security program. CC ID 14818 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain security procedures for virtual meetings. CC ID 15581 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain floor plans. CC ID 16419 | Physical and environmental protection | Preventive | |
| Include network infrastructure and cabling infrastructure on the floor plan. CC ID 16420 | Physical and environmental protection | Preventive | |
| Post and maintain security signage for all facilities. CC ID 02201 | Physical and environmental protection | Preventive | |
| Identify and document physical access controls for all physical entry points. CC ID 01637 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain physical access procedures. CC ID 13629 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a visitor access permission policy. CC ID 06699 | Physical and environmental protection | Preventive | |
| Escort visitors within the facility, as necessary. CC ID 06417 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048 | Physical and environmental protection | Preventive | |
| Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 [Processes are in place to periodically evaluate and re-validate (with the appropriate authorities) everyone's need for physical access and to make sure such access is consistent with the entity's business needs and the individual's specific job responsibilities. S7.2 Ongoing physical access monitoring] | Physical and environmental protection | Preventive | |
| Authorize physical access to sensitive areas based on job functions. CC ID 12462 [Processes are in place to periodically evaluate and re-validate (with the appropriate authorities) everyone's need for physical access and to make sure such access is consistent with the entity's business needs and the individual's specific job responsibilities. S7.2 Ongoing physical access monitoring] | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain physical identification procedures. CC ID 00713 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819 | Physical and environmental protection | Preventive | |
| Document all lost badges in a lost badge list. CC ID 12448 | Physical and environmental protection | Corrective | |
| Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 [The entity requires individuals to be issued a proximity badge and has implemented proximity control mechanisms that require an individual to authenticate their identity via proximity card reading devices prior to gaining access to internal locations within the entity's data centers, office spaces, document storage locations, work areas and environmental control system locations. S7.2 Internal physical access control] | Physical and environmental protection | Preventive | |
| Include error handling controls in identification issuance procedures. CC ID 13709 | Physical and environmental protection | Preventive | |
| Include information security in the identification issuance procedures. CC ID 15425 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426 | Physical and environmental protection | Preventive | |
| Include an identity registration process in the identification issuance procedures. CC ID 11671 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a door security standard. CC ID 06686 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a lock and access mechanism inventory (keys, lock combinations, or key cards) for all physical access control systems. CC ID 00748 | Physical and environmental protection | Preventive | |
| Record the assigned access mechanism serial number or cipher lock code when issuing controlled items. CC ID 06715 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a window security standard. CC ID 06689 | Physical and environmental protection | Preventive | |
| Post signs at all physical entry points stating the organization's right to inspect upon entry. CC ID 02204 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain after hours facility access procedures. CC ID 06340 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a guideline for working in a secure area. CC ID 04538 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain emergency re-entry procedures. CC ID 11672 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain emergency exit procedures. CC ID 01252 | Physical and environmental protection | Preventive | |
| Establish, Implement, and maintain a camera operating policy. CC ID 15456 | Physical and environmental protection | Preventive | |
| Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700 | Physical and environmental protection | Preventive | |
| Record the date and time of entry in the visitor log. CC ID 13255 | Physical and environmental protection | Preventive | |
| Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a physical access log. CC ID 12080 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain physical security threat reports. CC ID 02207 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a facility wall standard. CC ID 06692 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a media protection policy. CC ID 14029 | Physical and environmental protection | Preventive | |
| Include compliance requirements in the media protection policy. CC ID 14185 | Physical and environmental protection | Preventive | |
| Include coordination amongst entities in the media protection policy. CC ID 14184 | Physical and environmental protection | Preventive | |
| Include management commitment in the media protection policy. CC ID 14182 | Physical and environmental protection | Preventive | |
| Include roles and responsibilities in the media protection policy. CC ID 14180 | Physical and environmental protection | Preventive | |
| Include the scope in the media protection policy. CC ID 14167 | Physical and environmental protection | Preventive | |
| Include the purpose in the media protection policy. CC ID 14166 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain media protection procedures. CC ID 14062 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain storage media access control procedures. CC ID 00959 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200 | Physical and environmental protection | Preventive | |
| Include Information Technology assets in the asset removal policy. CC ID 13162 | Physical and environmental protection | Preventive | |
| Specify the assets to be returned or removed in the asset removal policy. CC ID 13163 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain asset removal procedures or asset decommissioning procedures. CC ID 04540 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain missing asset reporting procedures. CC ID 06336 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain end user computing device security guidelines. CC ID 00719 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a locking screen saver policy. CC ID 06717 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a mobile device management program. CC ID 15212 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a mobile device management policy. CC ID 15214 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain mobile device emergency sanitization procedures. CC ID 16454 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Physical and environmental protection | Preventive | |
| Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292 | Physical and environmental protection | Preventive | |
| Include legal requirements in the mobile device security guidelines. CC ID 12291 | Physical and environmental protection | Preventive | |
| Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290 | Physical and environmental protection | Preventive | |
| Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289 | Physical and environmental protection | Preventive | |
| Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain asset return procedures. CC ID 04537 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain open storage container procedures. CC ID 02198 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a clean desk policy. CC ID 06534 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain contact card reader security guidelines. CC ID 06588 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain contactless card reader security guidelines. CC ID 06589 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain Personal Identification Number input device security guidelines. CC ID 06590 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain a business continuity program. CC ID 13210 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain a continuity plan. CC ID 00752 | Operational and Systems Continuity | Preventive | |
| Document and use the lessons learned to update the continuity plan. CC ID 10037 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Operational and Systems Continuity | Preventive | |
| Include incident management procedures in the continuity plan. CC ID 13244 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain the continuity procedures. CC ID 14236 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Operational and Systems Continuity | Corrective | |
| Establish, implement, and maintain a recovery plan. CC ID 13288 | Operational and Systems Continuity | Preventive | |
| Document lessons learned from testing the recovery plan or an actual event. CC ID 13301 | Operational and Systems Continuity | Detective | |
| Establish, implement, and maintain system continuity plan strategies. CC ID 00735 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational and Systems Continuity | Preventive | |
| Include emergency operating procedures in the continuity plan. CC ID 11694 | Operational and Systems Continuity | Preventive | |
| Include a system acquisition process for critical systems in the emergency mode operation plan. CC ID 01369 | Operational and Systems Continuity | Preventive | |
| Define and prioritize critical business functions. CC ID 00736 | Operational and Systems Continuity | Detective | |
| Review and prioritize the importance of each business process. CC ID 11689 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain Recovery Time Objectives for all in scope systems. CC ID 11688 | Operational and Systems Continuity | Preventive | |
| Define and prioritize critical business records. CC ID 11687 | Operational and Systems Continuity | Preventive | |
| Include the protection of personnel in the continuity plan. CC ID 06378 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain a critical personnel list. CC ID 00739 | Operational and Systems Continuity | Detective | |
| Define the triggering events for when to activate the pandemic plan. CC ID 06801 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain a critical third party list. CC ID 06815 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain a critical resource list. CC ID 00740 | Operational and Systems Continuity | Detective | |
| Define and maintain continuity Service Level Agreements for all critical resources. CC ID 00741 | Operational and Systems Continuity | Preventive | |
| Establish and maintain a core supply inventory required to support critical business functions. CC ID 04890 | Operational and Systems Continuity | Preventive | |
| Include workstation continuity procedures in the continuity plan. CC ID 01378 | Operational and Systems Continuity | Preventive | |
| Include server continuity procedures in the continuity plan. CC ID 01379 | Operational and Systems Continuity | Preventive | |
| Include website continuity procedures in the continuity plan. CC ID 01380 | Operational and Systems Continuity | Preventive | |
| Include near-line capabilities in the continuity plan. CC ID 01383 | Operational and Systems Continuity | Preventive | |
| Include online capabilities in the continuity plan. CC ID 11690 | Operational and Systems Continuity | Preventive | |
| Include mainframe continuity procedures in the continuity plan. CC ID 01382 | Operational and Systems Continuity | Preventive | |
| Include telecommunications continuity procedures in the continuity plan. CC ID 11691 | Operational and Systems Continuity | Preventive | |
| Include system continuity procedures in the continuity plan. CC ID 01268 | Operational and Systems Continuity | Preventive | |
| Include Internet Service Provider continuity procedures in the continuity plan. CC ID 00743 | Operational and Systems Continuity | Detective | |
| Include Local Area Network continuity procedures in the continuity plan. CC ID 01381 | Operational and Systems Continuity | Preventive | |
| Include Wide Area Network continuity procedures in the continuity plan. CC ID 01294 | Operational and Systems Continuity | Preventive | |
| Include priority-of-service provisions in the telecommunications Service Level Agreements. CC ID 01396 | Operational and Systems Continuity | Preventive | |
| Include emergency power continuity procedures in the continuity plan. CC ID 01254 | Operational and Systems Continuity | Preventive | |
| Include damaged site continuity procedures that cover continuing operations in a partially functional primary facility in the continuity plan. CC ID 01374 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain at-risk structure removal or relocation procedures. CC ID 01247 | Operational and Systems Continuity | Preventive | |
| Designate an alternate facility in the continuity plan. CC ID 00742 | Operational and Systems Continuity | Detective | |
| Outline explicit mitigation actions for facility accessibility issues that might take place when an area-wide disruption occurs or an area-wide disaster occurs. CC ID 01391 | Operational and Systems Continuity | Preventive | |
| Include technical preparation considerations for backup operations in the continuity plan. CC ID 01250 | Operational and Systems Continuity | Preventive | |
| Include a backup rotation scheme in the backup policy. CC ID 16219 | Operational and Systems Continuity | Preventive | |
| Include naming conventions in the backup policy. CC ID 16218 | Operational and Systems Continuity | Preventive | |
| Outline explicit mitigation actions for potential off-site electronic media storage facilities accessibility issues for when area-wide disruptions occur or area-wide disasters occur. CC ID 01393 | Operational and Systems Continuity | Preventive | |
| Document the Recovery Point Objective for triggering backup operations and restoration operations. CC ID 01259 | Operational and Systems Continuity | Preventive | |
| Log the execution of each backup. CC ID 00956 | Operational and Systems Continuity | Preventive | |
| Digitally sign disk images, as necessary. CC ID 06814 | Operational and Systems Continuity | Preventive | |
| Include emergency communications procedures in the continuity plan. CC ID 00750 | Operational and Systems Continuity | Preventive | |
| Include managing multiple responding organizations in the emergency communications procedure. CC ID 01249 | Operational and Systems Continuity | Preventive | |
| Maintain contact information for key third parties in a readily accessible manner. CC ID 12764 | Operational and Systems Continuity | Preventive | |
| Minimize system continuity requirements. CC ID 00753 | Operational and Systems Continuity | Preventive | |
| Include purchasing insurance in the continuity plan. CC ID 00762 | Operational and Systems Continuity | Preventive | |
| Determine the adequacy of errors and omissions insurance in the organization's insurance policy. CC ID 13281 | Operational and Systems Continuity | Detective | |
| Determine the adequacy of insurance coverage for items in transit in the organization's insurance policy. CC ID 13283 | Operational and Systems Continuity | Detective | |
| Determine the adequacy of insurance coverage for employee fidelity in the organization's insurance policy. CC ID 13282 | Operational and Systems Continuity | Detective | |
| Determine the adequacy of insurance coverage for assets in the organization's insurance policy. CC ID 14827 | Operational and Systems Continuity | Preventive | |
| Determine the adequacy of insurance coverage for facilities in the organization's insurance policy. CC ID 13280 | Operational and Systems Continuity | Preventive | |
| Determine the adequacy of insurance coverage for Information Technology assets in the organization's insurance policy. CC ID 13279 | Operational and Systems Continuity | Preventive | |
| Determine the adequacy of insurance coverage for printed records in the organization's insurance policy. CC ID 13278 | Operational and Systems Continuity | Preventive | |
| Determine the adequacy of media reconstruction in the organization's insurance policy. CC ID 13277 | Operational and Systems Continuity | Detective | |
| Establish, implement, and maintain a continuity test plan. CC ID 04896 | Operational and Systems Continuity | Preventive | |
| Include testing all system components in the continuity test plan. CC ID 13508 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Operational and Systems Continuity | Preventive | |
| Include test scenarios in the continuity test plan. CC ID 13506 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Operational and Systems Continuity | Preventive | |
| Include predefined goals and realistic conditions during off-site testing. CC ID 01175 | Operational and Systems Continuity | Preventive | |
| Define and assign the roles and responsibilities of the chairman of the board. CC ID 14786 | Human Resources management | Preventive | |
| Establish, implement, and maintain candidate selection procedures to the board of directors. CC ID 14782 | Human Resources management | Preventive | |
| Include the criteria of mixed experiences and skills in the candidate selection procedures. CC ID 14791 | Human Resources management | Preventive | |
| Establish, implement, and maintain a personnel management program. CC ID 14018 | Human Resources management | Preventive | |
| Establish, implement, and maintain a personnel security program. CC ID 10628 | Human Resources management | Preventive | |
| Establish, implement, and maintain personnel screening procedures. CC ID 11700 | Human Resources management | Preventive | |
| Perform a criminal records check during personnel screening. CC ID 06643 | Human Resources management | Preventive | |
| Document any reasons a full criminal records check could not be performed. CC ID 13305 | Human Resources management | Preventive | |
| Perform an academic records check during personnel screening. CC ID 06647 | Human Resources management | Preventive | |
| Document the personnel risk assessment results. CC ID 11764 | Human Resources management | Detective | |
| Establish, implement, and maintain security clearance procedures. CC ID 00783 | Human Resources management | Preventive | |
| Document the security clearance procedure results. CC ID 01635 | Human Resources management | Detective | |
| Establish job categorization criteria, job recruitment criteria, and promotion criteria. CC ID 00781 [The entity establishes qualifications for personnel responsible for protecting the privacy and security of PI and assigns such responsibilities only to those personnel who meet these qualifications and who have received training. M1.2 Qualifications of internal personnel] | Human Resources management | Preventive | |
| Establish and maintain an annual report on compensation. CC ID 14801 | Human Resources management | Preventive | |
| Include the design characteristics of the remuneration system in the annual report on compensation. CC ID 14804 | Human Resources management | Preventive | |
| Establish, implement, and maintain roles and responsibilities in the compensation, reward, and recognition program. CC ID 14798 | Human Resources management | Preventive | |
| Align the compensation, reward, and recognition program with the risk management program. CC ID 14797 | Human Resources management | Preventive | |
| Establish, implement, and maintain remuneration standards, as necessary. CC ID 14794 | Human Resources management | Preventive | |
| Establish, implement, and maintain job applications. CC ID 16180 | Human Resources management | Preventive | |
| Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Operational management | Preventive | |
| Establish, implement, and maintain an information security program. CC ID 00812 | Operational management | Preventive | |
| Include environmental security in the information security program. CC ID 12383 [The entity protects PI, in all forms, against accidental disclosure due to natural disasters and environmental hazards. S7.4] | Operational management | Preventive | |
| Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 | Operational management | Preventive | |
| Include Bring Your Own Device security guidelines in the Acceptable Use Policy. CC ID 01352 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Operational management | Preventive | |
| Include asset use policies in the Acceptable Use Policy. CC ID 01355 | Operational management | Preventive | |
| Establish, implement, and maintain a use of information agreement. CC ID 06215 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1] | Operational management | Preventive | |
| Include use limitations in the use of information agreement. CC ID 06244 | Operational management | Preventive | |
| Include disclosure requirements in the use of information agreement. CC ID 11735 | Operational management | Preventive | |
| Include information recipients in the use of information agreement. CC ID 06245 | Operational management | Preventive | |
| Include reporting out of scope use of information in the use of information agreement. CC ID 06246 | Operational management | Preventive | |
| Include disclosure of information in the use of information agreement. CC ID 11830 | Operational management | Preventive | |
| Include information security procedures assigned to the information recipient in the use of information agreement. CC ID 07130 | Operational management | Preventive | |
| Include information security procedures assigned to the originator in the use of information agreement. CC ID 14418 | Operational management | Preventive | |
| Include a do not contact rule for the individuals identified in a data set in the use of information agreement. CC ID 07131 | Operational management | Preventive | |
| Include the information recipient's third parties accepting the agreement in the use of information agreement. CC ID 07132 | Operational management | Preventive | |
| Establish, implement, and maintain an asset management policy. CC ID 15219 | Operational management | Preventive | |
| Establish, implement, and maintain asset management procedures. CC ID 16748 | Operational management | Preventive | |
| Include life cycle requirements in the security management program. CC ID 16392 | Operational management | Preventive | |
| Include program objectives in the asset management program. CC ID 14413 | Operational management | Preventive | |
| Include a commitment to continual improvement in the asset management program. CC ID 14412 | Operational management | Preventive | |
| Include compliance with applicable requirements in the asset management program. CC ID 14411 | Operational management | Preventive | |
| Establish, implement, and maintain classification schemes for all systems and assets. CC ID 01902 | Operational management | Preventive | |
| Establish, implement, and maintain the systems' confidentiality level. CC ID 01904 | Operational management | Preventive | |
| Define confidentiality controls. CC ID 01908 | Operational management | Preventive | |
| Establish, implement, and maintain the systems' availability level. CC ID 01905 | Operational management | Preventive | |
| Define integrity controls. CC ID 01909 | Operational management | Preventive | |
| Establish, implement, and maintain the systems' integrity level. CC ID 01906 | Operational management | Preventive | |
| Define availability controls. CC ID 01911 | Operational management | Preventive | |
| Establish safety classifications for systems according to their potential harmful effects to operators or end users. CC ID 06603 | Operational management | Preventive | |
| Establish, implement, and maintain an asset safety classification scheme. CC ID 06604 | Operational management | Preventive | |
| Establish, implement, and maintain the Asset Classification Policy. CC ID 06642 | Operational management | Preventive | |
| Document the decision for assigning an asset to a specific asset classification in the Asset Classification Policy. CC ID 07185 | Operational management | Preventive | |
| Assign decomposed system components the same asset classification as the originating system. CC ID 06605 | Operational management | Preventive | |
| Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689 | Operational management | Preventive | |
| Include all account types in the Information Technology inventory. CC ID 13311 | Operational management | Preventive | |
| Include each Information System's major applications in the Information Technology inventory. CC ID 01407 | Operational management | Preventive | |
| Categorize all major applications according to the business information they process. CC ID 07182 | Operational management | Preventive | |
| Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164 | Operational management | Preventive | |
| Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408 | Operational management | Preventive | |
| Include each Information System's minor applications in the Information Technology inventory. CC ID 01409 | Operational management | Preventive | |
| Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729 | Operational management | Preventive | |
| Establish, implement, and maintain a hardware asset inventory. CC ID 00691 | Operational management | Preventive | |
| Include network equipment in the Information Technology inventory. CC ID 00693 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Operational management | Preventive | |
| Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719 | Operational management | Preventive | |
| Include software in the Information Technology inventory. CC ID 00692 | Operational management | Preventive | |
| Establish and maintain a list of authorized software and versions required for each system. CC ID 12093 | Operational management | Preventive | |
| Establish, implement, and maintain a storage media inventory. CC ID 00694 | Operational management | Preventive | |
| Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962 | Operational management | Detective | |
| Establish, implement, and maintain a records inventory and database inventory. CC ID 01260 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Operational management | Preventive | |
| Add inventoried assets to the asset register database, as necessary. CC ID 07051 | Operational management | Preventive | |
| Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181 | Operational management | Preventive | |
| Record the decommission date for applicable assets in the asset inventory. CC ID 14920 | Operational management | Preventive | |
| Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918 | Operational management | Preventive | |
| Record the review date for applicable assets in the asset inventory. CC ID 14919 | Operational management | Preventive | |
| Record services for applicable assets in the asset inventory. CC ID 13733 | Operational management | Preventive | |
| Record protocols for applicable assets in the asset inventory. CC ID 13734 | Operational management | Preventive | |
| Record the software version in the asset inventory. CC ID 12196 | Operational management | Preventive | |
| Record the publisher for applicable assets in the asset inventory. CC ID 13725 | Operational management | Preventive | |
| Record the authentication system in the asset inventory. CC ID 13724 | Operational management | Preventive | |
| Tag unsupported assets in the asset inventory. CC ID 13723 | Operational management | Preventive | |
| Record the install date for applicable assets in the asset inventory. CC ID 13720 | Operational management | Preventive | |
| Record the make, model of device for applicable assets in the asset inventory. CC ID 12465 | Operational management | Preventive | |
| Record the asset tag for physical assets in the asset inventory. CC ID 06632 | Operational management | Preventive | |
| Record the host name of applicable assets in the asset inventory. CC ID 13722 | Operational management | Preventive | |
| Record network ports for applicable assets in the asset inventory. CC ID 13730 | Operational management | Preventive | |
| Record the MAC address for applicable assets in the asset inventory. CC ID 13721 | Operational management | Preventive | |
| Record the operating system type for applicable assets in the asset inventory. CC ID 06633 | Operational management | Preventive | |
| Record the department associated with the asset in the asset inventory. CC ID 12084 | Operational management | Preventive | |
| Record the physical location for applicable assets in the asset inventory. CC ID 06634 | Operational management | Preventive | |
| Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635 | Operational management | Preventive | |
| Record the firmware version for applicable assets in the asset inventory. CC ID 12195 | Operational management | Preventive | |
| Record the related business function for applicable assets in the asset inventory. CC ID 06636 | Operational management | Preventive | |
| Record the deployment environment for applicable assets in the asset inventory. CC ID 06637 | Operational management | Preventive | |
| Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638 | Operational management | Preventive | |
| Link the software asset inventory to the hardware asset inventory. CC ID 12085 | Operational management | Preventive | |
| Record the owner for applicable assets in the asset inventory. CC ID 06640 | Operational management | Preventive | |
| Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696 | Operational management | Preventive | |
| Record all changes to assets in the asset inventory. CC ID 12190 | Operational management | Preventive | |
| Record cloud service derived data in the asset inventory. CC ID 13007 | Operational management | Preventive | |
| Include cloud service customer data in the asset inventory. CC ID 13006 | Operational management | Preventive | |
| Establish, implement, and maintain a software accountability policy. CC ID 00868 | Operational management | Preventive | |
| Establish, implement, and maintain software asset management procedures. CC ID 00895 | Operational management | Preventive | |
| Establish, implement, and maintain software archives procedures. CC ID 00866 | Operational management | Preventive | |
| Establish, implement, and maintain software distribution procedures. CC ID 00894 | Operational management | Preventive | |
| Establish, implement, and maintain software documentation management procedures. CC ID 06395 | Operational management | Preventive | |
| Establish, implement, and maintain software license management procedures. CC ID 06639 | Operational management | Preventive | |
| Establish, implement, and maintain digital legacy procedures. CC ID 16524 | Operational management | Preventive | |
| Establish, implement, and maintain a system redeployment program. CC ID 06276 | Operational management | Preventive | |
| Document the staff's operating knowledge of the system prior to a personnel status change. CC ID 06937 | Operational management | Preventive | |
| Redeploy systems to other organizational units, as necessary. CC ID 11452 | Operational management | Preventive | |
| Establish, implement, and maintain a system disposal program. CC ID 14431 | Operational management | Preventive | |
| Establish, implement, and maintain disposal procedures. CC ID 16513 | Operational management | Preventive | |
| Establish, implement, and maintain asset sanitization procedures. CC ID 16511 | Operational management | Preventive | |
| Establish, implement, and maintain system destruction procedures. CC ID 16474 | Operational management | Preventive | |
| Establish, implement, and maintain printer and multifunction device disposition procedures. CC ID 15216 | Operational management | Preventive | |
| Establish, implement, and maintain a system preventive maintenance program. CC ID 00885 | Operational management | Preventive | |
| Establish and maintain maintenance reports. CC ID 11749 | Operational management | Preventive | |
| Establish and maintain system inspection reports. CC ID 06346 | Operational management | Preventive | |
| Establish, implement, and maintain a system maintenance policy. CC ID 14032 | Operational management | Preventive | |
| Include compliance requirements in the system maintenance policy. CC ID 14217 | Operational management | Preventive | |
| Include management commitment in the system maintenance policy. CC ID 14216 | Operational management | Preventive | |
| Include roles and responsibilities in the system maintenance policy. CC ID 14215 | Operational management | Preventive | |
| Include the scope in the system maintenance policy. CC ID 14214 | Operational management | Preventive | |
| Include the purpose in the system maintenance policy. CC ID 14187 | Operational management | Preventive | |
| Include coordination amongst entities in the system maintenance policy. CC ID 14181 | Operational management | Preventive | |
| Establish, implement, and maintain system maintenance procedures. CC ID 14059 | Operational management | Preventive | |
| Establish, implement, and maintain a technology refresh plan. CC ID 13061 | Operational management | Preventive | |
| Establish and maintain an archive of maintenance reports in a maintenance log. CC ID 06202 | Operational management | Preventive | |
| Post calibration limits or calibration tolerances on or near assets requiring calibration. CC ID 06204 | Operational management | Preventive | |
| Establish, implement, and maintain an end-of-life management process. CC ID 16540 | Operational management | Preventive | |
| Establish, implement, and maintain disposal contracts. CC ID 12199 | Operational management | Preventive | |
| Include disposal procedures in disposal contracts. CC ID 13905 | Operational management | Preventive | |
| Document the storage information for all systems that are stored instead of being disposed or redeployed. CC ID 06936 | Operational management | Preventive | |
| Establish, implement, and maintain a data stewardship policy. CC ID 06657 | Operational management | Preventive | |
| Establish and maintain an unauthorized software list. CC ID 10601 | Operational management | Preventive | |
| Establish, implement, and maintain a customer service program. CC ID 00846 | Operational management | Preventive | |
| Establish, implement, and maintain an incident management policy. CC ID 16414 | Operational management | Preventive | |
| Define the uses and capabilities of the Incident Management program. CC ID 00854 | Operational management | Preventive | |
| Include incident escalation procedures in the Incident Management program. CC ID 00856 | Operational management | Preventive | |
| Define the characteristics of the Incident Management program. CC ID 00855 | Operational management | Preventive | |
| Include the criteria for a data loss event in the Incident Management program. CC ID 12179 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Operational management | Preventive | |
| Include the criteria for an incident in the Incident Management program. CC ID 12173 | Operational management | Preventive | |
| Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504 | Operational management | Preventive | |
| Include detection procedures in the Incident Management program. CC ID 00588 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Operational management | Preventive | |
| Define and document impact thresholds to be used in categorizing incidents. CC ID 10033 | Operational management | Preventive | |
| Document the incident and any relevant evidence in the incident report. CC ID 08659 | Operational management | Detective | |
| Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095 | Operational management | Preventive | |
| Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674 | Operational management | Detective | |
| Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678 | Operational management | Detective | |
| Share data loss event information with interconnected system owners. CC ID 01209 | Operational management | Corrective | |
| Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547 | Operational management | Preventive | |
| Include data loss event notifications in the Incident Response program. CC ID 00364 | Operational management | Preventive | |
| Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954 | Operational management | Preventive | |
| Include required information in the written request to delay the notification to affected parties. CC ID 16785 | Operational management | Preventive | |
| Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985 | Operational management | Preventive | |
| Establish, implement, and maintain incident response notifications. CC ID 12975 | Operational management | Corrective | |
| Include information required by law in incident response notifications. CC ID 00802 | Operational management | Detective | |
| Title breach notifications "Notice of Data Breach". CC ID 12977 | Operational management | Preventive | |
| Display titles of incident response notifications clearly and conspicuously. CC ID 12986 | Operational management | Preventive | |
| Display headings in incident response notifications clearly and conspicuously. CC ID 12987 | Operational management | Preventive | |
| Design the incident response notification to call attention to its nature and significance. CC ID 12984 | Operational management | Preventive | |
| Use plain language to write incident response notifications. CC ID 12976 | Operational management | Preventive | |
| Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983 | Operational management | Preventive | |
| Include the affected parties rights in the incident response notification. CC ID 16811 | Operational management | Preventive | |
| Include details of the investigation in incident response notifications. CC ID 12296 | Operational management | Preventive | |
| Include the issuer's name in incident response notifications. CC ID 12062 | Operational management | Preventive | |
| Include a "What Happened" heading in breach notifications. CC ID 12978 | Operational management | Preventive | |
| Include a general description of the data loss event in incident response notifications. CC ID 04734 | Operational management | Preventive | |
| Include time information in incident response notifications. CC ID 04745 | Operational management | Preventive | |
| Include the identification of the data source in incident response notifications. CC ID 12305 | Operational management | Preventive | |
| Include a "What Information Was Involved" heading in the breach notification. CC ID 12979 | Operational management | Preventive | |
| Include the type of information that was lost in incident response notifications. CC ID 04735 | Operational management | Preventive | |
| Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776 | Operational management | Preventive | |
| Include a "What We Are Doing" heading in the breach notification. CC ID 12982 | Operational management | Preventive | |
| Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736 | Operational management | Preventive | |
| Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737 | Operational management | Preventive | |
| Include a "For More Information" heading in breach notifications. CC ID 12981 | Operational management | Preventive | |
| Include details of the companies and persons involved in incident response notifications. CC ID 12295 | Operational management | Preventive | |
| Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744 | Operational management | Preventive | |
| Include the reporting individual's contact information in incident response notifications. CC ID 12297 | Operational management | Preventive | |
| Include any consequences in the incident response notifications. CC ID 12604 | Operational management | Preventive | |
| Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746 | Operational management | Preventive | |
| Include a "What You Can Do" heading in the breach notification. CC ID 12980 | Operational management | Preventive | |
| Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738 | Operational management | Detective | |
| Include contact information in incident response notifications. CC ID 04739 | Operational management | Preventive | |
| Include contact information in the substitute incident response notification. CC ID 16776 | Operational management | Preventive | |
| Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748 | Operational management | Preventive | |
| Establish, implement, and maintain a containment strategy. CC ID 13480 | Operational management | Preventive | |
| Include the containment approach in the containment strategy. CC ID 13486 | Operational management | Preventive | |
| Include response times in the containment strategy. CC ID 13485 | Operational management | Preventive | |
| Include incident recovery procedures in the Incident Management program. CC ID 01758 | Operational management | Corrective | |
| Establish, implement, and maintain a restoration log. CC ID 12745 | Operational management | Preventive | |
| Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592 | Operational management | Preventive | |
| Analyze security violations in Suspicious Activity Reports. CC ID 00591 | Operational management | Preventive | |
| Update the incident response procedures using the lessons learned. CC ID 01233 | Operational management | Preventive | |
| Include incident monitoring procedures in the Incident Management program. CC ID 01207 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational management | Preventive | |
| Include incident response procedures in the Incident Management program. CC ID 01218 | Operational management | Preventive | |
| Include incident management procedures in the Incident Management program. CC ID 12689 | Operational management | Preventive | |
| Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858 | Operational management | Corrective | |
| Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334 | Operational management | Preventive | |
| Include after-action analysis procedures in the Incident Management program. CC ID 01219 | Operational management | Preventive | |
| Establish, implement, and maintain security and breach investigation procedures. CC ID 16844 | Operational management | Preventive | |
| Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830 | Operational management | Preventive | |
| Log incidents in the Incident Management audit log. CC ID 00857 | Operational management | Preventive | |
| Include corrective actions in the incident management audit log. CC ID 16466 | Operational management | Preventive | |
| Include emergency processing priorities in the Incident Management program. CC ID 00859 | Operational management | Preventive | |
| Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387 | Operational management | Preventive | |
| Include incident record closure procedures in the Incident Management program. CC ID 01620 | Operational management | Preventive | |
| Include incident reporting procedures in the Incident Management program. CC ID 11772 | Operational management | Preventive | |
| Establish, implement, and maintain an Incident Response program. CC ID 00579 | Operational management | Preventive | |
| Establish, implement, and maintain an incident response plan. CC ID 12056 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Operational management | Preventive | |
| Include addressing external communications in the incident response plan. CC ID 13351 | Operational management | Preventive | |
| Include addressing internal communications in the incident response plan. CC ID 13350 | Operational management | Preventive | |
| Include change control procedures in the incident response plan. CC ID 15479 | Operational management | Preventive | |
| Include addressing information sharing in the incident response plan. CC ID 13349 | Operational management | Preventive | |
| Include dynamic reconfiguration in the incident response plan. CC ID 14306 | Operational management | Preventive | |
| Include a definition of reportable incidents in the incident response plan. CC ID 14303 | Operational management | Preventive | |
| Include the management support needed for incident response in the incident response plan. CC ID 14300 | Operational management | Preventive | |
| Include root cause analysis in the incident response plan. CC ID 16423 | Operational management | Preventive | |
| Include how incident response fits into the organization in the incident response plan. CC ID 14294 | Operational management | Preventive | |
| Include the resources needed for incident response in the incident response plan. CC ID 14292 | Operational management | Preventive | |
| Include incident response team services in the Incident Response program. CC ID 11766 | Operational management | Preventive | |
| Include the incident response training program in the Incident Response program. CC ID 06750 | Operational management | Preventive | |
| Establish, implement, and maintain incident response procedures. CC ID 01206 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational management | Detective | |
| Include references to industry best practices in the incident response procedures. CC ID 11956 | Operational management | Preventive | |
| Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949 | Operational management | Preventive | |
| Disseminate and communicate the incident response procedures to all interested personnel and affected parties. CC ID 01215 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Operational management | Preventive | |
| Establish, implement, and maintain a change control program. CC ID 00886 | Operational management | Preventive | |
| Provide audit trails for all approved changes. CC ID 13120 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Operational management | Preventive | |
| Establish, implement, and maintain a Configuration Management program. CC ID 00867 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain appropriate system labeling. CC ID 01900 | System hardening through configuration management | Preventive | |
| Include the identification number of the third party who performed the conformity assessment procedures on all promotional materials. CC ID 15041 | System hardening through configuration management | Preventive | |
| Include the identification number of the third party who conducted the conformity assessment procedures after the CE marking of conformity. CC ID 15040 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain a configuration management policy. CC ID 14023 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain configuration management procedures. CC ID 14074 | System hardening through configuration management | Preventive | |
| Include compliance requirements in the configuration management policy. CC ID 14072 | System hardening through configuration management | Preventive | |
| Include coordination amongst entities in the configuration management policy. CC ID 14071 | System hardening through configuration management | Preventive | |
| Include management commitment in the configuration management policy. CC ID 14070 | System hardening through configuration management | Preventive | |
| Include roles and responsibilities in the configuration management policy. CC ID 14069 | System hardening through configuration management | Preventive | |
| Include the scope in the configuration management policy. CC ID 14068 | System hardening through configuration management | Preventive | |
| Include the purpose in the configuration management policy. CC ID 14067 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain a configuration management plan. CC ID 01901 | System hardening through configuration management | Preventive | |
| Include configuration management procedures in the configuration management plan. CC ID 14248 | System hardening through configuration management | Preventive | |
| Include roles and responsibilities in the configuration management plan. CC ID 14247 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain system tracking documentation. CC ID 15266 | System hardening through configuration management | Preventive | |
| Include prioritization codes in the system tracking documentation. CC ID 15283 | System hardening through configuration management | Preventive | |
| Include the type and category of the request in the system tracking documentation. CC ID 15281 | System hardening through configuration management | Preventive | |
| Include contact information in the system tracking documentation. CC ID 15280 | System hardening through configuration management | Preventive | |
| Include the username in the system tracking documentation. CC ID 15278 | System hardening through configuration management | Preventive | |
| Include a problem description in the system tracking documentation. CC ID 15276 | System hardening through configuration management | Preventive | |
| Include affected systems in the system tracking documentation. CC ID 15275 | System hardening through configuration management | Preventive | |
| Include root causes in the system tracking documentation. CC ID 15274 | System hardening through configuration management | Preventive | |
| Include the name of who is responsible for resolution in the system tracking documentation. CC ID 15273 | System hardening through configuration management | Preventive | |
| Include current status in the system tracking documentation. CC ID 15272 | System hardening through configuration management | Preventive | |
| Record Configuration Management items in the Configuration Management database. CC ID 00861 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain a Configuration Management Database with accessible reporting capabilities. CC ID 02132 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | System hardening through configuration management | Preventive | |
| Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285 | System hardening through configuration management | Preventive | |
| Include the differences between test environments and production environments in the baseline configuration. CC ID 13284 | System hardening through configuration management | Preventive | |
| Include the applied security patches in the baseline configuration. CC ID 13271 | System hardening through configuration management | Preventive | |
| Include the installed application software and version numbers in the baseline configuration. CC ID 13270 | System hardening through configuration management | Preventive | |
| Include installed custom software in the baseline configuration. CC ID 13274 | System hardening through configuration management | Preventive | |
| Include network ports in the baseline configuration. CC ID 13273 | System hardening through configuration management | Preventive | |
| Include the operating systems and version numbers in the baseline configuration. CC ID 13269 | System hardening through configuration management | Preventive | |
| Include backup procedures in the Configuration Management policy. CC ID 01314 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain a system hardening standard. CC ID 00876 | System hardening through configuration management | Preventive | |
| Include common security parameter settings in the configuration standards for all systems. CC ID 12544 | System hardening through configuration management | Preventive | |
| Provide documentation verifying devices are not susceptible to known exploits. CC ID 11987 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain system hardening procedures. CC ID 12001 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain procedures to standardize operating system software installation. CC ID 00869 | System hardening through configuration management | Preventive | |
| Verify operating system installation plans include software security considerations. CC ID 00870 | System hardening through configuration management | Preventive | |
| Document that all enabled functions support secure configurations. CC ID 11985 | System hardening through configuration management | Preventive | |
| Validate, approve, and document all UNIX shells prior to use. CC ID 02161 | System hardening through configuration management | Preventive | |
| Configure the "global Package signature checking" setting to organizational standards. CC ID 08735 | System hardening through configuration management | Preventive | |
| Configure the "Package signature checking" setting for "all configured repositories" to organizational standards. CC ID 08736 | System hardening through configuration management | Preventive | |
| Configure the "verify against the package database" setting for "all installed software packages" to organizational standards. CC ID 08737 | System hardening through configuration management | Preventive | |
| Configure the "isdn4k-utils" package to organizational standards. CC ID 08738 | System hardening through configuration management | Preventive | |
| Configure the "postfix" package to organizational standards. CC ID 08739 | System hardening through configuration management | Preventive | |
| Configure the "vsftpd" package to organizational standards. CC ID 08740 | System hardening through configuration management | Preventive | |
| Configure the "net-snmpd" package to organizational standards. CC ID 08741 | System hardening through configuration management | Preventive | |
| Configure the "rsyslog" package to organizational standards. CC ID 08742 | System hardening through configuration management | Preventive | |
| Configure the "ipsec-tools" package to organizational standards. CC ID 08743 | System hardening through configuration management | Preventive | |
| Configure the "pam_ccreds" package to organizational standards. CC ID 08744 | System hardening through configuration management | Preventive | |
| Configure the "talk-server" package to organizational standards. CC ID 08745 | System hardening through configuration management | Preventive | |
| Configure the "talk" package to organizational standards. CC ID 08746 | System hardening through configuration management | Preventive | |
| Configure the "irda-utils" package to organizational standards. CC ID 08747 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain the interactive logon settings. CC ID 01739 | System hardening through configuration management | Preventive | |
| Include the date and time that access was granted in the system record. CC ID 15174 | System hardening through configuration management | Preventive | |
| Include the access level granted in the system record. CC ID 15173 | System hardening through configuration management | Preventive | |
| Include when access is withdrawn in the system record. CC ID 15172 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain an authenticator standard. CC ID 01702 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain an authenticator management system. CC ID 12031 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain authenticator procedures. CC ID 12002 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of digits required for new passwords" setting to organizational standards. CC ID 08717 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of upper case characters required for new passwords" setting to organizational standards. CC ID 08718 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of lower case characters required for new passwords" setting to organizational standards. CC ID 08719 | System hardening through configuration management | Preventive | |
| Configure the "minimum number of special characters required for new passwords" setting to organizational standards. CC ID 08720 | System hardening through configuration management | Preventive | |
| Configure the "require new passwords to differ from old ones by the appropriate minimum number of characters" setting to organizational standards. CC ID 08722 | System hardening through configuration management | Preventive | |
| Configure the "password reuse" setting to organizational standards. CC ID 08724 | System hardening through configuration management | Preventive | |
| Configure the "shadow password for all accounts in /etc/passwd" setting to organizational standards. CC ID 08721 | System hardening through configuration management | Preventive | |
| Configure the "password hashing algorithm" setting to organizational standards. CC ID 08723 | System hardening through configuration management | Preventive | |
| Configure the "all world-writable directories" user ownership to organizational standards. CC ID 08714 | System hardening through configuration management | Preventive | |
| Configure the "all rsyslog log" files group ownership to organizational standards. CC ID 08715 | System hardening through configuration management | Preventive | |
| Configure the "all rsyslog log" files user ownership to organizational standards. CC ID 08716 | System hardening through configuration management | Preventive | |
| Configure the "all rsyslog log files" permissions to organizational standards. CC ID 08748 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain an account lockout policy. CC ID 01709 | System hardening through configuration management | Preventive | |
| Establish and maintain specific directory installation rules and domain controller installation rules. CC ID 01734 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain appropriate shutdown procedures. CC ID 01778 | System hardening through configuration management | Preventive | |
| Configure the "nodev" option for "/tmp" setting to organizational standards. CC ID 08725 | System hardening through configuration management | Preventive | |
| Configure the "nodev" option for "/dev/shm" setting to organizational standards. CC ID 08726 | System hardening through configuration management | Preventive | |
| Configure the "/tmp filesystem partition" setting to organizational standards. CC ID 08727 | System hardening through configuration management | Preventive | |
| Configure the "var/log" filesystem to organizational standards. CC ID 08728 | System hardening through configuration management | Preventive | |
| Configure the “var/log/audit” filesystem to organizational standards. CC ID 08729 | System hardening through configuration management | Preventive | |
| Configure the "nosuid" setting on the "/tmp" directory to organizational standards. CC ID 08730 | System hardening through configuration management | Preventive | |
| Configure the "noexec" setting on the "/tmp" directory to organizational standards. CC ID 08731 | System hardening through configuration management | Preventive | |
| Configure the "nosuid" setting on the "/dev/shm" directory to organizational standards. CC ID 08732 | System hardening through configuration management | Preventive | |
| Configure the "noexec" option for "/dev/shm" to organizational standards. CC ID 08733 | System hardening through configuration management | Preventive | |
| Configure the "/var/tmp filesystem partition" setting to organizational standards. CC ID 08734 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain network parameter modification procedures. CC ID 01517 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain a network addressing plan. CC ID 16399 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain firewall rules in accordance with organizational standards. CC ID 16353 | System hardening through configuration management | Preventive | |
| Configure Apple iOS to Organizational Standards. CC ID 09986 | System hardening through configuration management | Preventive | |
| Configure the "kernel arguments" setting for "auditing early in the boot process" to organizational standards. CC ID 08749 | System hardening through configuration management | Preventive | |
| Configure the "record date and time modification events" setting for "auditing" to organizational standards. CC ID 08750 | System hardening through configuration management | Preventive | |
| Configure the "record user/group information modification events" setting for "auditing" to organizational standards. CC ID 08751 | System hardening through configuration management | Preventive | |
| Configure the "record changes to the system network environment" setting for "auditing" to organizational standards. CC ID 08752 | System hardening through configuration management | Preventive | |
| Configure the "record changes to the system's mandatory access controls" setting for "auditing" to organizational standards. CC ID 08753 | System hardening through configuration management | Preventive | |
| Configure the "record logon and logout events" setting for "auditing" to organizational standards. CC ID 08754 | System hardening through configuration management | Preventive | |
| Configure the "record process and session initiation events" setting for "auditing" to organizational standards. CC ID 08755 | System hardening through configuration management | Preventive | |
| Configure the "record changes to discretionary access control permissions" setting for "auditing" to organizational standards. CC ID 08756 | System hardening through configuration management | Preventive | |
| Configure the "record unauthorized attempts to access files" setting for "auditing" to organizational standards. CC ID 08757 | System hardening through configuration management | Preventive | |
| Configure the "record use of privileged commands" setting for "auditing" to organizational standards. CC ID 08758 | System hardening through configuration management | Preventive | |
| Configure the "record data export to media events" setting for "auditing" to organizational standards. CC ID 08759 | System hardening through configuration management | Preventive | |
| Configure the "record file and program deletion events" setting for "auditing" to organizational standards. CC ID 08760 | System hardening through configuration management | Preventive | |
| Configure the "record administrator and security personnel action events" setting for "auditing" to organizational standards. CC ID 08761 | System hardening through configuration management | Preventive | |
| Configure the "record kernel module loading and unloading events" setting for "auditing" to organizational standards. CC ID 08762 | System hardening through configuration management | Preventive | |
| Configure the "Ensure auditd configuration is immutable" setting for "auditing" to organizational standards. CC ID 08763 | System hardening through configuration management | Preventive | |
| Configure Red Hat Enterprise Linux to Organizational Standards. CC ID 08713 | System hardening through configuration management | Preventive | |
| Configure the "GPG Key for package manager" setting to organizational standards. CC ID 08764 | System hardening through configuration management | Preventive | |
| Configure the "Support for cramfs filesystems" setting to organizational standards. CC ID 08765 | System hardening through configuration management | Preventive | |
| Configure the "Support for freevxfs filesystems" setting to organizational standards. CC ID 08766 | System hardening through configuration management | Preventive | |
| Configure the "Support for hfs filesystems" setting to organizational standards. CC ID 08767 | System hardening through configuration management | Preventive | |
| Configure the "Support for hfsplus filesystems" setting to organizational standards. CC ID 08768 | System hardening through configuration management | Preventive | |
| Configure the "Support for jffs2 filesystems" setting to organizational standards. CC ID 08769 | System hardening through configuration management | Preventive | |
| Configure the "Support for squashfs filesystems" setting to organizational standards. CC ID 08770 | System hardening through configuration management | Preventive | |
| Configure the "Support for udf filesystems" setting to organizational standards. CC ID 08771 | System hardening through configuration management | Preventive | |
| Configure the "NIS file inclusions" setting for the"/etc/group" file to organizational standards. CC ID 08772 | System hardening through configuration management | Preventive | |
| Configure the "NIS file inclusions" setting for the"/etc/shadow" file to organizational standards. CC ID 08773 | System hardening through configuration management | Preventive | |
| Configure the "setuid" attribute for "all files" to organizational standards. CC ID 08774 | System hardening through configuration management | Preventive | |
| Configure the "setgid" attribute for "all files" to organizational standards. CC ID 08775 | System hardening through configuration management | Preventive | |
| Configure the "gnome desktop screensaver" setting for "all users" to organizational standards. CC ID 08776 | System hardening through configuration management | Preventive | |
| Configure the "screen blanking function of the gnome desktop screensaver" as a "mandatory setting" for "all users" to organizational standards. CC ID 08777 | System hardening through configuration management | Preventive | |
| Configure the "device files with the unlabeled SELinux type" setting for "system includes" to organizational standards. CC ID 08778 | System hardening through configuration management | Preventive | |
| Configure the "system should act as a network sniffer" setting to organizational standards. CC ID 08779 | System hardening through configuration management | Preventive | |
| Configure the "default policy" setting for "iptables INPUT table" to organizational standards. CC ID 08780 | System hardening through configuration management | Preventive | |
| Configure the "DCCP" setting to organizational standards. CC ID 08781 | System hardening through configuration management | Preventive | |
| Configure the Stream Control Transmission Protocol setting to organizational standards. CC ID 08782 | System hardening through configuration management | Preventive | |
| Configure the "RDS" setting to organizational standards. CC ID 08783 | System hardening through configuration management | Preventive | |
| Configure the "TIPC" setting to organizational standards. CC ID 08784 | System hardening through configuration management | Preventive | |
| Configure the "Bluetooth kernel modules" setting to organizational standards. CC ID 08785 | System hardening through configuration management | Preventive | |
| Configure the "Zeroconf networking" setting to organizational standards. CC ID 08786 | System hardening through configuration management | Preventive | |
| Configure the "at daemon" setting to organizational standards. CC ID 08787 | System hardening through configuration management | Preventive | |
| Configure the "SSH 'keep alive' message count" setting to organizational standards. CC ID 08788 | System hardening through configuration management | Preventive | |
| Configure the "set environment options for SSH" setting to organizational standards. CC ID 08789 | System hardening through configuration management | Preventive | |
| Configure the Secure Shell setting to organizational standards. CC ID 08790 | System hardening through configuration management | Preventive | |
| Configure the "sendmail" setting to organizational standards. CC ID 08791 | System hardening through configuration management | Preventive | |
| Configure the "Postfix network listening" setting to organizational standards. CC ID 08792 | System hardening through configuration management | Preventive | |
| Configure the "require LDAP servers to use TLS for SSL communications" setting for "LDAP client" to organizational standards. CC ID 08793 | System hardening through configuration management | Preventive | |
| Configure the "Client SMB packet signing" setting for "smbclient" to organizational standards. CC ID 08794 | System hardening through configuration management | Preventive | |
| Configure the "Client SMB packet signing" setting for "mount.cifs" to organizational standards. CC ID 08795 | System hardening through configuration management | Preventive | |
| Configure the "'wheel' group" setting to organizational standards. CC ID 08796 | System hardening through configuration management | Preventive | |
| Configure the "Access to the root account via su should be restricted to the wheel group" setting to organizational standards. CC ID 08797 | System hardening through configuration management | Preventive | |
| Configure the "retry value" setting to organizational standards. CC ID 08798 | System hardening through configuration management | Preventive | |
| Configure the "rsyslog service" setting to organizational standards. CC ID 08799 | System hardening through configuration management | Preventive | |
| Configure the "send to a remote log host" setting for "Rsyslog logs" to organizational standards. CC ID 08800 | System hardening through configuration management | Preventive | |
| Configure the "accept remote messages" setting for "Rsyslog" to organizational standards. CC ID 08801 | System hardening through configuration management | Preventive | |
| Configure the "irda service" setting to organizational standards. CC ID 08802 | System hardening through configuration management | Preventive | |
| Configure the "avahi service" firewall setting to organizational standards. CC ID 08803 | System hardening through configuration management | Preventive | |
| Configure the "rawdevices service" setting to organizational standards. CC ID 08804 | System hardening through configuration management | Preventive | |
| Configure the "login_defs" variable in "libuser.conf" for "libuser library" to organizational standards. CC ID 08805 | System hardening through configuration management | Preventive | |
| Configure the "User accounts may or may not be inactivated a specified number of days after account expiration" setting to organizational standards. CC ID 08806 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain an information management program. CC ID 14315 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Records management | Preventive | |
| Establish, implement, and maintain records management policies. CC ID 00903 | Records management | Preventive | |
| Define each system's preservation requirements for records and logs. CC ID 00904 | Records management | Detective | |
| Establish, implement, and maintain a data retention program. CC ID 00906 | Records management | Detective | |
| Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657 | Records management | Preventive | |
| Establish, implement, and maintain records disposition procedures. CC ID 00971 | Records management | Preventive | |
| Establish, implement, and maintain records management procedures. CC ID 11619 | Records management | Preventive | |
| Establish, implement, and maintain electronic storage media management procedures. CC ID 00931 | Records management | Preventive | |
| Establish, implement, and maintain system testing procedures. CC ID 11744 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Systems design, build, and implementation | Preventive | |
| Evaluate and document all known code anomalies and code deficiencies. CC ID 06611 | Systems design, build, and implementation | Preventive | |
| Establish, implement, and maintain poor quality material removal procedures. CC ID 06214 | Systems design, build, and implementation | Preventive | |
| Establish, implement, and maintain a privacy framework that protects restricted data. CC ID 11850 [The entity has defined and formally documented data and information privacy policies and procedures for PI collection, usage and processing that are consistent with the entity's objectives related to privacy. M1.0 The entity has implemented a policy governance and accountability process that defines and formally documents policies and procedures for information privacy that are consistent with the entity's objectives related to privacy. M1.2 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Privacy protection for information and data | Preventive | |
| Include the roles and responsibilities of the organization's legal counsel in the privacy framework. CC ID 14862 | Privacy protection for information and data | Preventive | |
| Establish and maintain privacy notices, as necessary. CC ID 13443 | Privacy protection for information and data | Preventive | |
| Include the purpose of the privacy notice in the privacy notice. CC ID 13526 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the ary-noun">new purposespan> is | Privacy protection for information and data | Preventive | |
| Include the processing purpose in the privacy notice. CC ID 16543 | Privacy protection for information and data | Preventive | |
| Include contact information in the privacy notice. CC ID 14432 | Privacy protection for information and data | Preventive | |
| Include the data subject's choices for data collection, data processing, data disclosure, and data retention in the privacy notice. CC ID 13503 [{implicit consent} Data subjects are informed about the choices available to them with respect to the collection, use and disclosure of PI. Data subjects are informed that implicit or explicit consent is required to collect, use and disclose PI, unless a law or regulation specifically requires or allows otherwise. C3.1 Communicates to data subjects The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Privacy protection for information and data | Preventive | |
| Include the right to opt out of personal data disclosure in the privacy notice. CC ID 13460 | Privacy protection for information and data | Preventive | |
| Include instructions on how to opt out of personal data disclosure in the privacy notice. CC ID 13461 | Privacy protection for information and data | Preventive | |
| Include the types of third parties to which personal data is disclosed in the privacy notice. CC ID 13459 [The entity has an objective description of the entities and activities covered by the privacy policies and procedures that is included in the entity's privacy notice. N2.1 Entities and activities covered] | Privacy protection for information and data | Preventive | |
| Include the organization's policies, standards, and procedures in the privacy notice. CC ID 13455 | Privacy protection for information and data | Preventive | |
| Include the organization's privacy framework in the privacy notice, as necessary. CC ID 13456 | Privacy protection for information and data | Preventive | |
| Include the personal data collection categories in the privacy notice. CC ID 13457 | Privacy protection for information and data | Preventive | |
| Include disclosure exceptions in the privacy notice. CC ID 13447 | Privacy protection for information and data | Preventive | |
| Include the types of personal data disclosed in the privacy notice. CC ID 13446 | Privacy protection for information and data | Preventive | |
| Include descriptions of each type of personal data disclosed in the privacy notice. CC ID 13458 [The entity has an objective description of the entities and activities covered by the privacy policies and procedures that is included in the entity's privacy notice. N2.1 Entities and activities covered] | Privacy protection for information and data | Preventive | |
| Specify the time frame that notice will be given. CC ID 00385 | Privacy protection for information and data | Preventive | |
| Include the information about the appeal process in the privacy notice. CC ID 15312 | Privacy protection for information and data | Preventive | |
| Combine privacy notices into a joint notification with suppliers, as necessary. CC ID 13468 | Privacy protection for information and data | Preventive | |
| Deliver a short-form initial notification along with an opt-out notice as an alternate to delivering a privacy notice, as necessary. CC ID 13464 | Privacy protection for information and data | Preventive | |
| Document any reasons acknowledgment of the privacy notice was not received. CC ID 14434 | Privacy protection for information and data | Corrective | |
| Establish and maintain short-form initial notifications of privacy notices that are clear and conspicuous. CC ID 13466 | Privacy protection for information and data | Preventive | |
| Include the organization's privacy framework in the short-form initial notification, as necessary. CC ID 13472 | Privacy protection for information and data | Preventive | |
| Include the methodology for accessing the privacy notice in the short-form initial notification. CC ID 13471 | Privacy protection for information and data | Preventive | |
| Include that the privacy notice is available upon request in the short-form initial notification. CC ID 13470 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain opt-out notices. CC ID 13448 | Privacy protection for information and data | Preventive | |
| Include how opt out directions for joint consumers are treated in the opt-out notice. CC ID 13465 | Privacy protection for information and data | Preventive | |
| Include the opt out method for data subjects in the opt-out notice. CC ID 13467 | Privacy protection for information and data | Preventive | |
| Include the data subject's right to opt out of personal data disclosure in the opt-out notice. CC ID 13463 | Privacy protection for information and data | Preventive | |
| Explain the right to opt out in the opt-out notice. CC ID 13462 | Privacy protection for information and data | Preventive | |
| Include the organization's right to share personal data in the opt-out notice. CC ID 13450 | Privacy protection for information and data | Preventive | |
| Provide the data subject with a notice of participation procedures. CC ID 06241 | Privacy protection for information and data | Preventive | |
| Publish a description of processing activities in an official register. CC ID 00379 | Privacy protection for information and data | Preventive | |
| Establish and maintain a records request manual. CC ID 00381 | Privacy protection for information and data | Preventive | |
| Establish and maintain a description of voluntary disclosure and automatic availability of certain records. CC ID 00382 | Privacy protection for information and data | Preventive | |
| Define what is included in registration notices. CC ID 00386 | Privacy protection for information and data | Preventive | |
| Include the verification method in the registration notice. CC ID 16798 | Privacy protection for information and data | Preventive | |
| Include the statutory authority in the registration notice. CC ID 16799 | Privacy protection for information and data | Preventive | |
| Include the address where the file or hardware supporting the data processing is located in the registration notice. CC ID 00387 | Privacy protection for information and data | Preventive | |
| Include a purpose specification description in the registration notice. CC ID 00388 | Privacy protection for information and data | Preventive | |
| Include information about the dispute resolution body in the registration notice. CC ID 16800 | Privacy protection for information and data | Preventive | |
| Include the data subject category being processed in the registration notice. CC ID 00389 | Privacy protection for information and data | Preventive | |
| Include the time period for data processing in the registration notice. CC ID 00390 | Privacy protection for information and data | Preventive | |
| Include procedures for when the registration notice for processing personal data is insufficient in the registration notice. CC ID 00392 | Privacy protection for information and data | Preventive | |
| Provide the data subject with information about obtaining automated decision-making used during personal data processing. CC ID 12618 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the name, title, and address of the individual accountable for the organizational policies. CC ID 00394 | Privacy protection for information and data | Preventive | |
| Provide the data subject with a copy of any brochures or other information that explain policies, standards, or codes. CC ID 00398 [{be accurate}{be complete} Individuals are informed that they are responsible for providing the entity with accurate and complete PI and for contacting the entity if correction of such information is required. Q8.1 Communicates to data subjects] | Privacy protection for information and data | Preventive | |
| Disseminate and communicate the notification of rights to students and their parent or legal representative. CC ID 12996 | Privacy protection for information and data | Preventive | |
| Include the criteria for determining what constitutes a legitimate educational interest in the notification of rights. CC ID 13004 | Privacy protection for information and data | Preventive | |
| Include the criteria for determining what constitutes a school official in the notification of rights. CC ID 13003 | Privacy protection for information and data | Preventive | |
| Specify the parties to whom education records may be disclosed in the written consent. CC ID 13002 | Privacy protection for information and data | Preventive | |
| Specify the purpose of the disclosure in the written consent. CC ID 13001 | Privacy protection for information and data | Preventive | |
| Specify which education records may be disclosed in the written consent. CC ID 13000 | Privacy protection for information and data | Preventive | |
| Document the conditions when consent is not required to disclose educational data. CC ID 00225 | Privacy protection for information and data | Preventive | |
| Record the health and safety threats of students when disclosing personal data. CC ID 12997 | Privacy protection for information and data | Preventive | |
| Provide adequate structures, policies, procedures, and mechanisms to support direct access by the data subject to personal data that is provided upon request. CC ID 00393 [The entity has policies and procedures for viewing, inspecting, accessing and modifying PI. Refer to Component A5.0. M1.0 Access {dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Privacy protection for information and data | Preventive | |
| Provide the data subject with a description of the type of information held by the organization and a general account of its use. CC ID 00397 [Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Privacy protection for information and data | Preventive | |
| Include individual's names to whom restricted data may be disclosed in the disclosure accounting record. CC ID 13027 | Privacy protection for information and data | Preventive | |
| Establish and maintain a disclosure accounting record. CC ID 13022 [The entity creates and retains a complete, accurate and timely record of authorized disclosures of PI to meet the entity's objectives related to privacy. D6.2 The entity creates and maintains a record of authorized disclosures of PI that is complete, accurate and timely. D6.2 Creates and retains record of authorized disclosures {disclosure accounting record} The entity provides data subjects with an accounting of the PI held and disclosure of the data subjects' PI, upon the data subjects' request, to meet the entity's objectives related to privacy. D6.7] | Privacy protection for information and data | Preventive | |
| Include the official authorities that are allowed to disclose restricted data absent consent in the disclosure accounting record. CC ID 13029 | Privacy protection for information and data | Preventive | |
| Include the legitimate interests for accessing restricted data in the disclosure accounting record. CC ID 13028 | Privacy protection for information and data | Preventive | |
| Include what information was disclosed and to whom in the disclosure accounting record. CC ID 04680 [{disclosure accounting record} Requests for an accounting of PI held and disclosures of the data subjects' PI are captured, and information related to the requests is identified and communicated to data subjects to meet the entity's objectives related to privacy. D6.7 Captures, Identifies and Communicates Requests for Information] | Privacy protection for information and data | Preventive | |
| Include the personal data the organization refrained from disclosing in the disclosure accounting record. CC ID 13769 | Privacy protection for information and data | Preventive | |
| Include the sale of personal data in the disclosure accounting record, as necessary. CC ID 13768 | Privacy protection for information and data | Preventive | |
| Include the disclosure date in the disclosure accounting record. CC ID 07133 | Privacy protection for information and data | Preventive | |
| Include the disclosure recipient in the disclosure accounting record. CC ID 07134 | Privacy protection for information and data | Preventive | |
| Include the disclosure purpose in the disclosure accounting record. CC ID 07135 | Privacy protection for information and data | Preventive | |
| Include the frequency, periodicity, or number of disclosures made during the accounting period in the disclosure accounting record. CC ID 07136 | Privacy protection for information and data | Preventive | |
| Include the final date of multiple disclosures in the disclosure accounting record. CC ID 07137 | Privacy protection for information and data | Preventive | |
| Include how personal data was used for research purposes in the disclosure accounting record. CC ID 07138 | Privacy protection for information and data | Preventive | |
| Include the research activity or research protocol in the disclosure accounting record. CC ID 07139 | Privacy protection for information and data | Preventive | |
| Include the record selection criteria for research activities in the disclosure accounting record. CC ID 07140 | Privacy protection for information and data | Preventive | |
| Include the contact information of the organization that sponsored the research activity in the disclosure accounting record. CC ID 07141 | Privacy protection for information and data | Preventive | |
| Provide shareholders with electronic messages regarding the shareholder meetings. CC ID 04586 | Privacy protection for information and data | Preventive | |
| Make telephone directory information available to the public. CC ID 08698 | Privacy protection for information and data | Preventive | |
| Define the acceptable data modifications before presenting the data to a data subject. CC ID 00400 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a privacy policy. CC ID 06281 | Privacy protection for information and data | Preventive | |
| Include the data subject's rights in the privacy policy. CC ID 16355 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a privacy policy model document. CC ID 14720 | Privacy protection for information and data | Preventive | |
| Document privacy policies in clearly written and easily understood language. CC ID 00376 [The entity's privacy notice is conspicuous and uses clear language. N2.1 Clear and conspicuous] | Privacy protection for information and data | Detective | |
| Document the notification of interested personnel and affected parties regarding privacy policy changes. CC ID 06944 | Privacy protection for information and data | Preventive | |
| Write privacy notices in the official languages required by law. CC ID 16529 | Privacy protection for information and data | Preventive | |
| Define what is included in the privacy policy. CC ID 00404 | Privacy protection for information and data | Preventive | |
| Define the information being collected in the privacy policy. CC ID 13115 | Privacy protection for information and data | Preventive | |
| Define which collection of information is voluntary and which is required in the privacy policy. CC ID 13110 | Privacy protection for information and data | Preventive | |
| Include the means by which information is collected in the privacy policy. CC ID 13114 | Privacy protection for information and data | Preventive | |
| Remove certification marks of privacy programs the organization is no longer a member of from the privacy policy. CC ID 12368 | Privacy protection for information and data | Corrective | |
| Include roles and responsibilities in the privacy policy. CC ID 14669 | Privacy protection for information and data | Preventive | |
| Include management commitment in the privacy policy. CC ID 14668 | Privacy protection for information and data | Preventive | |
| Include coordination amongst entities in the privacy policy. CC ID 14667 | Privacy protection for information and data | Preventive | |
| Include the policy for disclosing personal data of persons who have ceased to be customers in the privacy policy. CC ID 14854 | Privacy protection for information and data | Preventive | |
| Include compliance requirements in the privacy policy. CC ID 14666 | Privacy protection for information and data | Preventive | |
| Include the consequences of refusing to provide required information in the privacy policy. CC ID 13111 | Privacy protection for information and data | Preventive | |
| Remove any privacy programs the organization is not a member of from the privacy policy. CC ID 12367 | Privacy protection for information and data | Corrective | |
| Include independent recourse mechanisms in the privacy policy, as necessary. CC ID 12366 | Privacy protection for information and data | Preventive | |
| Include the privacy programs the organization is a member of in the privacy policy. CC ID 12365 | Privacy protection for information and data | Preventive | |
| Include a complaint form in the privacy policy. CC ID 12364 | Privacy protection for information and data | Preventive | |
| Include the address where the files and hardware that support the data processing is located in the privacy policy. CC ID 00405 | Privacy protection for information and data | Preventive | |
| Include the processing purpose in the privacy policy. CC ID 00406 | Privacy protection for information and data | Preventive | |
| Include an overview of applicable information security controls in the privacy policy, as necessary. CC ID 13117 | Privacy protection for information and data | Preventive | |
| Include the data subject categories being processed in the privacy policy. CC ID 00407 | Privacy protection for information and data | Preventive | |
| Define the retention period for collected information in the privacy policy. CC ID 13116 | Privacy protection for information and data | Preventive | |
| Include the time period for when the data processing will be carried out in the privacy policy. CC ID 00408 | Privacy protection for information and data | Preventive | |
| Include other organizations that personal data is being disclosed to in the privacy policy. CC ID 00409 | Privacy protection for information and data | Preventive | |
| Include how to gain access to personal data held by the organization in the privacy policy. CC ID 00410 | Privacy protection for information and data | Preventive | |
| Include instructions on how to opt-out in the privacy policy. CC ID 00411 | Privacy protection for information and data | Preventive | |
| Include the privacy policy's Uniform Resource Locator in the privacy policy. CC ID 12363 | Privacy protection for information and data | Preventive | |
| Include instructions on how to disable devices that collect restricted data in the privacy policy. CC ID 15454 | Privacy protection for information and data | Preventive | |
| Include a description of devices that collect restricted data in the privacy policy. CC ID 15452 | Privacy protection for information and data | Preventive | |
| Define the audit method used to assess the privacy program in the privacy policy. CC ID 12390 [The entity has procedures for identifying and addressing instances when non-compliance with information privacy policies and procedures are identified. M1.2 Policy compliance] | Privacy protection for information and data | Preventive | |
| Post the privacy policy in an easily seen location. CC ID 00401 [The entity's privacy notice is conspicuous and uses clear language. N2.1 Clear and conspicuous] | Privacy protection for information and data | Preventive | |
| Define who will receive the privacy policy. CC ID 00402 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain privacy procedures. CC ID 14665 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a privacy plan. CC ID 14672 | Privacy protection for information and data | Preventive | |
| Include privacy requirements in the privacy plan. CC ID 14699 | Privacy protection for information and data | Preventive | |
| Include the information types in the privacy plan. CC ID 14695 | Privacy protection for information and data | Preventive | |
| Include threats in the privacy plan. CC ID 14694 | Privacy protection for information and data | Preventive | |
| Include roles and responsibilities in the privacy plan. CC ID 14702 | Privacy protection for information and data | Preventive | |
| Include a description of the operational context in the privacy plan. CC ID 14692 | Privacy protection for information and data | Preventive | |
| Include risk assessment results in the privacy plan. CC ID 14701 | Privacy protection for information and data | Preventive | |
| Include the security categorizations and rationale in the privacy plan. CC ID 14690 | Privacy protection for information and data | Preventive | |
| Include security controls in the privacy plan. CC ID 14681 [The entity has a process to identify the specific or key data privacy security controls that it has designed and placed into operation that help reduce the risks of a data breach or a theft, erasure or alteration of PI. M1.4 Data privacy security controls] | Privacy protection for information and data | Preventive | |
| Include a description of the operational environment in the privacy plan. CC ID 14679 | Privacy protection for information and data | Preventive | |
| Include network diagrams in the privacy plan. CC ID 14678 | Privacy protection for information and data | Preventive | |
| Include the results of the privacy risk assessment in the privacy plan. CC ID 14677 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a privacy report. CC ID 14754 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain personal data choice and consent program. CC ID 12569 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain data request procedures. CC ID 16546 | Privacy protection for information and data | Preventive | |
| Establish and maintain disclosure authorization forms for authorization of consent to use personal data. CC ID 13433 [The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications] | Privacy protection for information and data | Preventive | |
| Include procedures for revoking authorization of consent to use personal data in the disclosure authorization form. CC ID 13438 | Privacy protection for information and data | Preventive | |
| Include the identity of the person seeking consent in the disclosure authorization. CC ID 13999 | Privacy protection for information and data | Preventive | |
| Include the recipients of the disclosed personal data in the disclosure authorization form. CC ID 13440 | Privacy protection for information and data | Preventive | |
| Include the signature of the data subject and the signing date in the disclosure authorization form. CC ID 13439 | Privacy protection for information and data | Preventive | |
| Include the identity of the data subject in the disclosure authorization form. CC ID 13436 | Privacy protection for information and data | Preventive | |
| Include the types of personal data to be disclosed in the disclosure authorization form. CC ID 13442 | Privacy protection for information and data | Preventive | |
| Include how personal data will be used in the disclosure authorization form. CC ID 13441 [The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications] | Privacy protection for information and data | Preventive | |
| Include agreement termination information in the disclosure authorization form. CC ID 13437 | Privacy protection for information and data | Preventive | |
| Highlight the section regarding data subject's consent from other sections in contracts and agreements. CC ID 13988 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a personal data accountability program. CC ID 13432 [The entity provides a privacy awareness program about its privacy policies and related matters, and provides specific training for selected personnel depending on their roles and responsibilities. M1.2 Privacy awareness and training] | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain approval applications. CC ID 16778 | Privacy protection for information and data | Preventive | |
| Include required information in the approval application. CC ID 16628 | Privacy protection for information and data | Preventive | |
| Submit a safe harbor self-certification letter. CC ID 06871 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain Binding Corporate Rules for the international transfers of restricted data. CC ID 12584 | Privacy protection for information and data | Preventive | |
| Include cooperation mechanisms with the supervisory authority in the Binding Corporate Rules. CC ID 12682 | Privacy protection for information and data | Preventive | |
| Include the tasks assigned to the role of data controller in the Binding Corporate Rules. CC ID 12612 | Privacy protection for information and data | Preventive | |
| Include data subject's rights in the Binding Corporate Rules. CC ID 12596 | Privacy protection for information and data | Preventive | |
| Include the means to exercise the data subject's rights in the Binding Corporate Rules. CC ID 12597 | Privacy protection for information and data | Preventive | |
| Include the organizational structure and contact information in the Binding Corporate Rules. CC ID 12595 | Privacy protection for information and data | Preventive | |
| Include the acceptance of liability for breaches of the binding corporate rules in the Binding Corporate Rules. CC ID 12594 | Privacy protection for information and data | Preventive | |
| Include the mechanisms for reporting legal requirements causing adverse effects on protecting restricted data in the Binding Corporate Rules. CC ID 12620 | Privacy protection for information and data | Preventive | |
| Include provisions for providing information on the binding corporate rules to the data subject in the Binding Corporate Rules. CC ID 12593 | Privacy protection for information and data | Preventive | |
| Include reporting changes to the binding corporate rules in the Binding Corporate Rules. CC ID 12591 | Privacy protection for information and data | Preventive | |
| Include reporting changes of the binding corporate rules to the supervisory authority in the Binding Corporate Rules. CC ID 12592 | Privacy protection for information and data | Preventive | |
| Include complaint procedures in the Binding Corporate Rules. CC ID 12613 | Privacy protection for information and data | Preventive | |
| Include the data transfers in the Binding Corporate Rules. CC ID 12590 | Privacy protection for information and data | Preventive | |
| Include specifying the mechanisms for verifying compliance of the binding corporate rules in the Binding Corporate Rules. CC ID 12662 | Privacy protection for information and data | Preventive | |
| Include the identification of the countries in question for the data transfers in the Binding Corporate Rules. CC ID 12601 | Privacy protection for information and data | Preventive | |
| Include the type of data subjects affected by the data transfers in the Binding Corporate Rules. CC ID 12600 | Privacy protection for information and data | Preventive | |
| Include all pertinent data processing information for data transfers in the Binding Corporate Rules. CC ID 12599 | Privacy protection for information and data | Preventive | |
| Include the categories of personal data for data transfers in the Binding Corporate Rules. CC ID 12598 | Privacy protection for information and data | Preventive | |
| Include specifying the legally binding nature of the binding corporate rules in the Binding Corporate Rules. CC ID 12627 | Privacy protection for information and data | Preventive | |
| Include privacy awareness and training in the Binding Corporate Rules. CC ID 12626 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain Data Processing Contracts. CC ID 12650 | Privacy protection for information and data | Preventive | |
| Include the corrective actions to be taken when conditions cannot be met in the Data Processing Contract. CC ID 16812 | Privacy protection for information and data | Preventive | |
| Include data processor confidentiality requirements in the Data Processing Contract. CC ID 12685 | Privacy protection for information and data | Preventive | |
| Include the stipulation of notifying the data controller of legal requirements prior to processing restricted data unless the law prohibits such information on important grounds of public interest in the Data Processing Contract. CC ID 12687 | Privacy protection for information and data | Preventive | |
| Include instructions for processing restricted data in the Data Processing Contract. CC ID 14938 | Privacy protection for information and data | Preventive | |
| Include the purpose for processing restricted data in the Data Processing Contract. CC ID 14937 | Privacy protection for information and data | Preventive | |
| Include the types of restricted data subject to processing in the Data Processing Contract. CC ID 14936 | Privacy protection for information and data | Preventive | |
| Include the duration of processing in the Data Processing Contract. CC ID 14935 | Privacy protection for information and data | Preventive | |
| Include personal data transfer procedures in the Data Processing Contract. CC ID 12683 [PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.4 Discloses PI only to appropriate third parties PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.1 Discloses PI only to appropriate third parties] | Privacy protection for information and data | Preventive | |
| Include the stipulation of allowing auditing for compliance in the Data Processing Contract. CC ID 12679 | Privacy protection for information and data | Preventive | |
| Include the stipulation that the Statement of Compliance will be made available in the Data Processing Contract. CC ID 12678 | Privacy protection for information and data | Preventive | |
| Include the stipulation of complying with external requirements in the Data Processing Contract. CC ID 12676 | Privacy protection for information and data | Preventive | |
| Include the stipulation that copies of restricted data will be disposed, unless retention is required by law, in the Data Processing Contract. CC ID 12670 | Privacy protection for information and data | Preventive | |
| Include the stipulation that personal data will be disposed or returned to the data subject in the Data Processing Contract. CC ID 12669 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a personal data use limitation program. CC ID 13428 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a personal data use purpose specification. CC ID 00093 | Privacy protection for information and data | Preventive | |
| Document the law that requires restricted data to be collected. CC ID 00103 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain data use change of purpose procedures. CC ID 00106 | Privacy protection for information and data | Preventive | |
| Document the use of publicly accessible personal data as an acceptable secondary purpose. CC ID 00108 | Privacy protection for information and data | Preventive | |
| Document the use of privacy-related data as acceptable if the information being used is publicly available information, the secondary use is marketing, and it is not practical to seek consent from the individual before use. CC ID 00110 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the data subject is not charged to request to opt out of direct marketing communications. CC ID 00111 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the data subject has not requested to opt out of direct marketing communications. CC ID 00112 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the organization highlights the opt out option during each direct marketing communication. CC ID 00113 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the organization displays contact information in each written direct marketing communication. CC ID 00114 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the data subject gives consent. CC ID 00115 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is Individually Identifiable Health Information used for research. CC ID 00116 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is used for statistical research, scholarly research, or scientific research and the data subject is anonymous. CC ID 00117 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the data controller believes the use is necessary to prevent a life-threatening emergency. CC ID 00118 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when required by law. CC ID 00119 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is necessary for public emergencies, public health and safety, or individual emergencies. CC ID 00121 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when the primary purpose is directly related to the secondary purpose. CC ID 00123 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary for the enforcement of care and custody. CC ID 15453 | Privacy protection for information and data | Preventive | |
| Document the use of data as an acceptable secondary purpose when it is necessary for use in a legal proceeding. CC ID 15451 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary for a law enforcement investigation. CC ID 15449 | Privacy protection for information and data | Preventive | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary to perform a treaty with a foreign government. CC ID 15447 | Privacy protection for information and data | Preventive | |
| Document restricted data that is disclosed for an acceptable secondary purpose. CC ID 00124 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain data access procedures. CC ID 00414 | Privacy protection for information and data | Preventive | |
| Require data access requests to be in writing, unless the requester is unable. CC ID 00420 | Privacy protection for information and data | Preventive | |
| Define what is to be included in a data access request. CC ID 08699 | Privacy protection for information and data | Preventive | |
| Deliver the records described in the personal data access request, as necessary. CC ID 08701 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1] | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain procedures for individuals to be able to modify their personal data, as necessary. CC ID 11811 [The entity has policies and procedures for viewing, inspecting, accessing and modifying PI. Refer to Component A5.0. M1.0 Access Data subjects are able to update or correct PI held by the entity. The entity provides such updated or corrected information to third parties that were previously provided with the data subject's PI consistent with the entity's objective related to privacy. A5.2 Permits data subjects to update or correct PI When required, the entity has a process that provides data subjects a mechanism with which to request the entity to remove, dispose and erase a data subject's PI. Once a data subject's PI is no longer being stored in the entity's systems (this includes other affiliates and third parties that may also hold or store privacy information on behalf of the entity), the entity notifies the affected data subjects that such information has been removed. N2.1 Data subject revocations] | Privacy protection for information and data | Preventive | |
| Include a liability waiver for any harm caused by the exclusion of personal data in the personal data removal request. CC ID 11975 | Privacy protection for information and data | Preventive | |
| Notify third parties of data access requests that relates to the third party. CC ID 08703 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain restricted data use limitation procedures. CC ID 00128 | Privacy protection for information and data | Preventive | |
| Establish and maintain a record of processing activities when processing restricted data. CC ID 12636 | Privacy protection for information and data | Preventive | |
| Refrain from maintaining a record of processing activities if the data processor employs a limited number of persons. CC ID 13378 | Privacy protection for information and data | Preventive | |
| Refrain from maintaining a record of processing activities if the personal data relates to criminal records. CC ID 13377 | Privacy protection for information and data | Preventive | |
| Refrain from maintaining a record of processing activities if the data being processed is restricted data. CC ID 13376 | Privacy protection for information and data | Preventive | |
| Refrain from maintaining a record of processing activities if it could result in a risk to the data subject's rights or data subject's freedom. CC ID 13375 | Privacy protection for information and data | Preventive | |
| Document the conditions for the use or disclosure of Individually Identifiable Health Information by a covered entity to another covered entity. CC ID 00210 | Privacy protection for information and data | Preventive | |
| Disclose Individually Identifiable Health Information for research use when the appropriate requirements are included in the approval documentation or waiver documentation. CC ID 06257 | Privacy protection for information and data | Preventive | |
| Document the conditions for the disclosure of Individually Identifiable Health Information by an organization providing healthcare services to organizations other than business associates or other covered entities. CC ID 00201 | Privacy protection for information and data | Preventive | |
| Document how Individually Identifiable Health Information is used and disclosed when authorization has been granted. CC ID 00216 | Privacy protection for information and data | Preventive | |
| Define and implement valid authorization control requirements. CC ID 06258 | Privacy protection for information and data | Preventive | |
| Define security breach notification requirement exceptions. CC ID 04797 | Privacy protection for information and data | Preventive | |
| Define what restricted data is not required to be disclosed absent consent. CC ID 00134 | Privacy protection for information and data | Preventive | |
| Define the exceptions to disclosure absent consent. CC ID 00135 | Privacy protection for information and data | Preventive | |
| Define opt-out exceptions for disclosing restricted data. CC ID 00159 | Privacy protection for information and data | Preventive | |
| Define how a data subject may give consent. CC ID 00160 [{explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2 The entity's policies and procedures require data subjects to explicitly agree and consent to the provision and collection of the data subject's PI. In some circumstances where the entity is unable to confirm explicit consent directly with a data subject, the entity's policies and procedures require the entity to formally document its rationale and basis for determining that it has obtained the data subject's implicit consent. C3.2 Explicit and implicit consent] | Privacy protection for information and data | Preventive | |
| Disclose restricted data for judicial decisions, lawsuits, and investigations only after the data controller includes a note of the disclosure in the record. CC ID 00162 | Privacy protection for information and data | Detective | |
| Establish, implement, and maintain restricted data retention procedures. CC ID 00167 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain personal data disposition procedures. CC ID 13498 | Privacy protection for information and data | Preventive | |
| Document the redisclosing restricted data exceptions. CC ID 00170 | Privacy protection for information and data | Preventive | |
| Document the conditions to use Personal Identification Numbers absent consent. CC ID 00242 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain data disclosure procedures. CC ID 00133 [The entity has policies and procedures for disclosing and transmitting PI to external third-party individuals and organizations not under the direct management or control of the entity. Refer to Component D6.0. M1.0 Disclosure to third parties] | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain data request denial procedures. CC ID 00434 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1 When data subjects are denied access to their PI, the entity informs them of the denial and the reasons for the denial in a timely manner, unless prohibited by law or regulation. A5.1 Informs data subjects when access is denied] | Privacy protection for information and data | Preventive | |
| Document that a data search was conducted in case the requested data cannot be found. CC ID 06953 | Privacy protection for information and data | Preventive | |
| Include cookie management in the privacy framework. CC ID 13809 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain cookie management procedures. CC ID 13810 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a personal data collection program. CC ID 06487 [The entity has defined policies and procedures for collecting and creating a data subject's PI. Refer to Component C3.0. M1.0 Collection and creation The entity has a process to collect and create (rendering and aggregating from multiple sources or information providers) PI as identified in the entity's privacy agreements. The process is consistent with its objectives related to privacy. C3.1 PI collection and creation] | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain personal data collection limitation boundaries. CC ID 00507 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a personal data use policy. CC ID 00076 | Privacy protection for information and data | Preventive | |
| Post the collection purpose. CC ID 00101 | Privacy protection for information and data | Preventive | |
| Document each individual's personal data collection consent preferences. CC ID 06945 | Privacy protection for information and data | Preventive | |
| Establish and maintain a personal data definition. CC ID 00028 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Privacy protection for information and data | Preventive | |
| Include the number of children in the personal data definition. CC ID 13759 | Privacy protection for information and data | Preventive | |
| Include the individual's religion in the personal data definition. CC ID 13765 | Privacy protection for information and data | Preventive | |
| Include an individual's political party affiliation in the personal data definition. CC ID 13764 | Privacy protection for information and data | Preventive | |
| Include an individual's license plate number in the personal data definition. CC ID 13763 | Privacy protection for information and data | Preventive | |
| Include an individual's account balances in the personal data definition. CC ID 13770 | Privacy protection for information and data | Preventive | |
| Include an individual's logon credentials in the personal data definition. CC ID 13771 | Privacy protection for information and data | Preventive | |
| Include an individual's military identification number in the personal data definition. CC ID 13083 | Privacy protection for information and data | Preventive | |
| Refrain from including publicly available information in the personal data definition. CC ID 13084 | Privacy protection for information and data | Preventive | |
| Notify parents or legal representatives of what information is collected from children. CC ID 00040 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a personal data collection policy. CC ID 00029 [The entity has a process to collect and create (rendering and aggregating from multiple sources or information providers) PI as identified in the entity's privacy agreements. The process is consistent with its objectives related to privacy. C3.1 PI collection and creation] | Privacy protection for information and data | Preventive | |
| Provide the data subject with information about the data controller during the collection process. CC ID 00023 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the data collector's name and contact information. CC ID 00024 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the name of the data collector who will hold the collected restricted data. CC ID 00025 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the third party processor's contact information when the data controller is not processing the restricted data. CC ID 00026 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a data handling program. CC ID 13427 [The entity has defined policies and procedures for collecting and creating a data subject's PI. Refer to Component C3.0. M1.0 Collection and creation The entity has policies and procedures for handling PI to achieve the stated purposes and needs for which the PI was initially collected. Refer to Component U4.0. M1.0 Use, retention and disposal] | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain data handling policies. CC ID 00353 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain data and information confidentiality policies. CC ID 00361 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain suspicious document procedures. CC ID 04852 | Privacy protection for information and data | Detective | |
| Establish, implement, and maintain a telephone systems usage policy. CC ID 15170 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain call metadata controls. CC ID 04790 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain data handling procedures. CC ID 11756 | Privacy protection for information and data | Preventive | |
| Define personal data that falls under breach notification rules. CC ID 00800 | Privacy protection for information and data | Preventive | |
| Define an out of scope privacy breach. CC ID 04677 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a personal data transfer program. CC ID 00307 | Privacy protection for information and data | Preventive | |
| Include procedures for transferring personal data from one data controller to another data controller in the personal data transfer program. CC ID 00351 | Privacy protection for information and data | Preventive | |
| Include procedures for transferring personal data to third parties in the personal data transfer program. CC ID 00333 [The entity has policies and procedures for disclosing and transmitting PI to external third-party individuals and organizations not under the direct management or control of the entity. Refer to Component D6.0. M1.0 Disclosure to third parties] | Privacy protection for information and data | Preventive | |
| Document transfer disagreements by the data subject in writing. CC ID 00348 | Privacy protection for information and data | Preventive | |
| Define the personal data transfer exceptions for transferring personal data to another country when adequate protection level standards are not met. CC ID 00315 | Privacy protection for information and data | Preventive | |
| Define the personal data transfer exceptions for transferring personal data to another organization when adequate protection level standards are not met. CC ID 00336 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain Internet interactivity data transfer procedures. CC ID 06949 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a privacy impact assessment. CC ID 13712 [The entity performs a privacy (risk) impact assessment to identify and evaluate privacy specific risks, vulnerabilities and scenarios that could result in a system or information privacy breach situation. Privacy (risk) impact assessments are also used to identify security control weaknesses that need to be addressed as well as to report upon the entity's ability to comply with applicable system and privacy information breach notification laws and regulations. M1.3 Privacy (risk) impact assessment] | Privacy protection for information and data | Preventive | |
| Include the individuals with whom information is shared in the privacy impact assessment. CC ID 15520 | Privacy protection for information and data | Preventive | |
| Include how to grant consent in the privacy impact assessment. CC ID 15519 | Privacy protection for information and data | Preventive | |
| Include the opportunities for individuals to consent to using their information in the privacy impact assessment. CC ID 15518 | Privacy protection for information and data | Preventive | |
| Include the opportunities for opting out of information collection in the privacy impact assessment. CC ID 15517 | Privacy protection for information and data | Preventive | |
| Include data handling procedures in the privacy impact assessment. CC ID 15516 | Privacy protection for information and data | Preventive | |
| Include the intended use of information in the privacy impact assessment. CC ID 15515 | Privacy protection for information and data | Preventive | |
| Include the reason information is being collected in the privacy impact assessment. CC ID 15514 | Privacy protection for information and data | Preventive | |
| File privacy rights violation complaints in writing. CC ID 00477 | Privacy protection for information and data | Corrective | |
| Include the acts or omissions that are in violation of privacy rights in the privacy rights violation complaint. CC ID 14360 | Privacy protection for information and data | Corrective | |
| Include the individual's name who is the subject of the complaint in the privacy rights violation complaint. CC ID 14359 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a privacy dispute resolution program. CC ID 12526 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Privacy protection for information and data | Preventive | |
| Include potential remedies in the privacy dispute resolution program. CC ID 12531 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the name, title, and address to whom complaints are forwarded. CC ID 00395 [Data subjects are informed, in writing, about the reason a request for correction of PI was denied and how they may appeal. A5.2 Communicates denial of correction requests Data subjects are informed about how to contact the entity with inquiries, complaints and disputes. M9.1 Communicates to data subjects] | Privacy protection for information and data | Preventive | |
| Include the time frames in which privacy rights violation complaints are processed in the privacy dispute resolution program. CC ID 12529 | Privacy protection for information and data | Preventive | |
| Document unresolved challenges. CC ID 13568 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain an accuracy resolution policy. CC ID 00460 | Privacy protection for information and data | Preventive | |
| Document disagreements as to whether personal data is complete and accurate. CC ID 06952 | Privacy protection for information and data | Preventive | |
| Include the change to the personal data that the data subject requested and the reason the organization refused to make the change in the statement of disagreement. CC ID 06954 [Data subjects are informed, in writing, about the reason a request for correction of PI was denied and how they may appeal. A5.2 Communicates denial of correction requests] | Privacy protection for information and data | Preventive | |
| Include the allegations against the organization in the notice of investigation. CC ID 13031 | Privacy protection for information and data | Preventive | |
| Create an investigative report in regards to a privacy rights violation complaint. CC ID 00495 | Privacy protection for information and data | Corrective | |
| Define the available administrative remedies in regards to a privacy rights violation complaint. CC ID 00497 | Privacy protection for information and data | Detective | |
| Define the organization's liability based on the applicable law. CC ID 00504 | Privacy protection for information and data | Preventive | |
| Define the sanctions and fines available for privacy rights violations based on applicable law. CC ID 00505 | Privacy protection for information and data | Preventive | |
| Define the appeal process based on the applicable law. CC ID 00506 | Privacy protection for information and data | Preventive | |
| Provide notice of proposed penalties. CC ID 06216 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain customer data authentication procedures. CC ID 13187 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain a supply chain management program. CC ID 11742 | Third Party and supply chain oversight | Preventive | |
| Establish, implement, and maintain procedures for establishing, maintaining, and terminating third party contracts. CC ID 00796 | Third Party and supply chain oversight | Preventive | |
| Review and update all contracts, as necessary. CC ID 11612 [The entity's internal personnel or advisers review contracts for consistency with privacy policies and procedures and address any inconsistencies. M1.2 Consistency of commitments with privacy policies and procedures] | Third Party and supply chain oversight | Preventive | |
| Include text that organizations must meet organizational compliance requirements in third party contracts. CC ID 06506 | Third Party and supply chain oversight | Preventive | |
| Include compliance with the organization's privacy policy in third party contracts. CC ID 06518 [The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Third Party and supply chain oversight | Preventive | |
| Include incident management procedures and incident reporting procedures in third party contracts. CC ID 01214 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5 A process exists for obtaining commitments from vendors and other third parties to report to the entity actual or suspected unauthorized disclosures of PI. D6.5 Reports actual or suspected unauthorized disclosures] | Third Party and supply chain oversight | Preventive | |
| Request attestation of compliance from third parties. CC ID 12067 | Third Party and supply chain oversight | Detective | |
Human Resources Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Assign responsibility for enforcing the requirements of the Information Governance Plan to senior management. CC ID 12058 | Leadership and high level objectives | Preventive | |
| Engage information governance subject matter experts in the development of the Information Governance Plan. CC ID 10055 | Leadership and high level objectives | Preventive | |
| Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950 | Monitoring and measurement | Detective | |
| Assign senior management to approve test plans. CC ID 13071 | Monitoring and measurement | Preventive | |
| Align disciplinary actions with the level of compliance violation. CC ID 12404 | Monitoring and measurement | Preventive | |
| Include roles and responsibilities in the interview procedures. CC ID 16297 | Audits and risk management | Preventive | |
| Assign responsibility for remediation actions. CC ID 13622 | Audits and risk management | Preventive | |
| Define roles for information systems. CC ID 12454 | Technical security | Preventive | |
| Define access needs for each role assigned to an information system. CC ID 12455 | Technical security | Preventive | |
| Change authenticators after personnel status changes. CC ID 12284 | Technical security | Preventive | |
| Assign roles and responsibilities for administering user account management. CC ID 11900 | Technical security | Preventive | |
| Require multiple forms of personal identification prior to issuing user identifiers. CC ID 08712 | Technical security | Preventive | |
| Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820 | Technical security | Preventive | |
| Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030 | Physical and environmental protection | Preventive | |
| Direct each employee to be responsible for their identification card or badge. CC ID 12332 | Physical and environmental protection | Preventive | |
| Assign employees the responsibility for controlling their identification badges. CC ID 12333 | Physical and environmental protection | Preventive | |
| Identify alternate personnel for each person on the critical personnel list. CC ID 12771 | Operational and Systems Continuity | Preventive | |
| Establish and maintain board committees, as necessary. CC ID 14789 | Human Resources management | Preventive | |
| Assign oversight of C-level executives to the Board of Directors. CC ID 14784 | Human Resources management | Preventive | |
| Assign oversight of the financial management program to the board of directors. CC ID 14781 | Human Resources management | Preventive | |
| Assign senior management to the role of supporting Quality Management. CC ID 13692 | Human Resources management | Preventive | |
| Assign members who are independent from management to the Board of Directors. CC ID 12395 | Human Resources management | Preventive | |
| Assign ownership of risks to the Board of Directors or senior management. CC ID 13662 | Human Resources management | Preventive | |
| Assign the organization's board and senior management to oversee the continuity planning process. CC ID 12991 | Human Resources management | Preventive | |
| Rotate members of the board of directors, as necessary. CC ID 14803 | Human Resources management | Corrective | |
| Perform security skills assessments for all critical employees. CC ID 12102 | Human Resources management | Detective | |
| Perform a background check during personnel screening. CC ID 11758 | Human Resources management | Detective | |
| Perform a personal identification check during personnel screening. CC ID 06721 | Human Resources management | Preventive | |
| Perform a personal references check during personnel screening. CC ID 06645 | Human Resources management | Preventive | |
| Perform a credit check during personnel screening. CC ID 06646 | Human Resources management | Preventive | |
| Perform a resume check during personnel screening. CC ID 06659 | Human Resources management | Preventive | |
| Perform a curriculum vitae check during personnel screening. CC ID 06660 | Human Resources management | Preventive | |
| Allow personnel being screened to appeal findings and appeal decisions. CC ID 06720 | Human Resources management | Preventive | |
| Perform personnel screening procedures, as necessary. CC ID 11763 | Human Resources management | Preventive | |
| Perform periodic background checks on designated roles, as necessary. CC ID 11759 | Human Resources management | Detective | |
| Perform security clearance procedures, as necessary. CC ID 06644 | Human Resources management | Preventive | |
| Establish and maintain security clearances. CC ID 01634 | Human Resources management | Preventive | |
| Establish, implement, and maintain a compensation, reward, and recognition program. CC ID 12806 | Human Resources management | Preventive | |
| Refrain from using employees' privacy choices to restrict employment. CC ID 12425 | Human Resources management | Preventive | |
| Refrain from using employees' privacy choices to take punitive actions. CC ID 16815 | Human Resources management | Preventive | |
| Disseminate and communicate the organization’s ethical culture in job recruitment criteria and promotion criteria. CC ID 12825 | Human Resources management | Preventive | |
| Recognize personnel who reinforce desirable conduct with incentives. CC ID 12815 | Human Resources management | Preventive | |
| Include a space for the applicant's name on the job application. CC ID 16190 | Human Resources management | Preventive | |
| Include a space for the applicant's current address on the job application. CC ID 16189 | Human Resources management | Preventive | |
| Include a space for the applicant's social security number on the job application. CC ID 16188 | Human Resources management | Preventive | |
| Include a space for the applicant's date of birth on the job application. CC ID 16186 | Human Resources management | Preventive | |
| Include a space for previous employers and business relationships on the job application. CC ID 16185 | Human Resources management | Preventive | |
| Include a space to explain formal disciplinary actions and sanctions on the job application. CC ID 16184 | Human Resources management | Preventive | |
| Include a space for the start date on the job application. CC ID 16187 | Human Resources management | Preventive | |
| Include a space to explain legal penalties on the job application. CC ID 16183 | Human Resources management | Preventive | |
| Approve the wording of job applications. CC ID 16182 | Human Resources management | Preventive | |
| Include a space for past aliases and other used names on job applications. CC ID 12301 | Human Resources management | Preventive | |
| Include a space for previous addresses and previous residences on the job application. CC ID 12302 | Human Resources management | Preventive | |
| Include a space to explain employment gaps on the job application. CC ID 12303 | Human Resources management | Preventive | |
| Assign an information owner to organizational assets, as necessary. CC ID 12729 | Operational management | Preventive | |
| Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344 | Operational management | Preventive | |
| Control granting access to appropriate parties performing maintenance on organizational assets. CC ID 11873 | Operational management | Preventive | |
| Define and assign the roles and responsibilities for Incident Management program. CC ID 13055 | Operational management | Preventive | |
| Implement security controls for personnel that have accessed information absent authorization. CC ID 10611 | Operational management | Corrective | |
| Refrain from discriminating against data subjects who have exercised privacy rights. CC ID 13435 | Privacy protection for information and data | Preventive | |
| Assign ownership of the privacy program to the appropriate organizational role. CC ID 11848 | Privacy protection for information and data | Preventive | |
| Bind data controllers to secrecy concerning the performance of their duties. CC ID 12610 | Privacy protection for information and data | Preventive | |
| Refrain from engaging other data processors absent written authorization from the data controller. CC ID 12647 | Privacy protection for information and data | Preventive | |
| Include the stipulation that the data processor will respect the conditions for engaging another data processor in the Data Processing Contract. CC ID 12686 | Privacy protection for information and data | Preventive | |
| Review compliance with the organization's privacy objectives. CC ID 13490 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Privacy protection for information and data | Detective | |
| Notify individuals of their ability to challenge personal behavioral assessments on record. CC ID 04798 | Privacy protection for information and data | Preventive | |
IT Impact Zone | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Leadership and high level objectives CC ID 00597 | Leadership and high level objectives | IT Impact Zone | |
| Monitoring and measurement CC ID 00636 | Monitoring and measurement | IT Impact Zone | |
| Audits and risk management CC ID 00677 | Audits and risk management | IT Impact Zone | |
| Technical security CC ID 00508 | Technical security | IT Impact Zone | |
| Physical and environmental protection CC ID 00709 | Physical and environmental protection | IT Impact Zone | |
| Operational and Systems Continuity CC ID 00731 | Operational and Systems Continuity | IT Impact Zone | |
| Human Resources management CC ID 00763 | Human Resources management | IT Impact Zone | |
| Operational management CC ID 00805 | Operational management | IT Impact Zone | |
| System hardening through configuration management CC ID 00860 | System hardening through configuration management | IT Impact Zone | |
| Records management CC ID 00902 | Records management | IT Impact Zone | |
| Systems design, build, and implementation CC ID 00989 | Systems design, build, and implementation | IT Impact Zone | |
| Privacy protection for information and data CC ID 00008 | Privacy protection for information and data | IT Impact Zone | |
| Third Party and supply chain oversight CC ID 08807 | Third Party and supply chain oversight | IT Impact Zone | |
Investigate | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Rank discovered vulnerabilities. CC ID 11940 | Monitoring and measurement | Detective | |
| Determine the causes of compliance violations. CC ID 12401 | Monitoring and measurement | Corrective | |
| Determine if multiple compliance violations of the same type could occur. CC ID 12402 | Monitoring and measurement | Detective | |
| Review the effectiveness of disciplinary actions carried out for compliance violations. CC ID 12403 | Monitoring and measurement | Detective | |
| Audit cybersecurity risk management within the policies, standards, and procedures of the organization. CC ID 13011 | Audits and risk management | Detective | |
| Audit information systems, as necessary. CC ID 13010 | Audits and risk management | Detective | |
| Audit the potential costs of compromise to information systems. CC ID 13012 | Audits and risk management | Detective | |
| Detect anomalies in physical barriers. CC ID 13533 | Physical and environmental protection | Detective | |
| Report anomalies in the visitor log to appropriate personnel. CC ID 14755 | Physical and environmental protection | Detective | |
| Inspect mobile devices for the storage of restricted data or restricted information. CC ID 08707 | Physical and environmental protection | Detective | |
| Identify root causes of incidents that force system changes. CC ID 13482 | Operational management | Detective | |
| Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677 | Operational management | Detective | |
| Analyze the incident response process following an incident response. CC ID 13179 | Operational management | Detective | |
| Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298 | Operational management | Preventive | |
| Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042 | Operational management | Detective | |
| Identify the affected parties during incident investigations. CC ID 16781 | Operational management | Detective | |
| Interview suspects during incident investigations, as necessary. CC ID 14041 | Operational management | Detective | |
| Interview victims and witnesses during incident investigations, as necessary. CC ID 14038 | Operational management | Detective | |
| Analyze requirements for processing personal data in contracts. CC ID 12550 | Privacy protection for information and data | Detective | |
| Confirm the data quality of personal data collected from third parties. CC ID 13510 | Privacy protection for information and data | Detective | |
| Review the methods for collecting personal data, as necessary. CC ID 13511 | Privacy protection for information and data | Detective | |
| Perform an identity check prior to approving an account change request. CC ID 13670 | Privacy protection for information and data | Detective | |
Log Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Establish, implement, and maintain logging and monitoring operations. CC ID 00637 | Monitoring and measurement | Detective | |
| Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638 | Monitoring and measurement | Detective | |
| Enable logging for all systems that meet a traceability criteria. CC ID 00640 | Monitoring and measurement | Detective | |
| Analyze firewall logs for the correct capturing of data. CC ID 00549 | Monitoring and measurement | Detective | |
| Log account usage to determine dormant accounts. CC ID 12118 | Monitoring and measurement | Detective | |
| Log account usage times. CC ID 07099 | Monitoring and measurement | Detective | |
| Log Internet Protocol addresses used during logon. CC ID 07100 | Monitoring and measurement | Detective | |
| Disseminate and communicate the reviews of audit reports to organizational management. CC ID 00653 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Audits and risk management | Detective | |
| Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312 | Technical security | Preventive | |
| Establish and maintain a visitor log. CC ID 00715 | Physical and environmental protection | Preventive | |
| Record the visitor's name in the visitor log. CC ID 00557 | Physical and environmental protection | Preventive | |
| Record the visitor's organization in the visitor log. CC ID 12121 | Physical and environmental protection | Preventive | |
| Record the visitor's acceptable access areas in the visitor log. CC ID 12237 | Physical and environmental protection | Preventive | |
| Retain all records in the visitor log as prescribed by law. CC ID 00572 | Physical and environmental protection | Preventive | |
| Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641 | Physical and environmental protection | Preventive | |
| Log when the vault is accessed. CC ID 06725 | Physical and environmental protection | Detective | |
| Log when the cabinet is accessed. CC ID 11674 | Physical and environmental protection | Detective | |
| Store facility access logs in off-site storage. CC ID 06958 | Physical and environmental protection | Preventive | |
| Log the transiting, internal distribution, and external distribution of restricted storage media. CC ID 12321 | Physical and environmental protection | Preventive | |
| Log the transfer of removable storage media. CC ID 12322 | Physical and environmental protection | Preventive | |
| Maintain records of all system components entering and exiting the facility. CC ID 14304 | Physical and environmental protection | Preventive | |
| Log important conversations conducted during emergencies with third parties. CC ID 12763 | Operational and Systems Continuity | Preventive | |
| Log the performance of all remote maintenance. CC ID 13202 | Operational management | Preventive | |
| Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754 | Operational management | Corrective | |
| Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326 | Operational management | Detective | |
| Include who the incident was reported to in the incident management audit log. CC ID 16487 | Operational management | Preventive | |
| Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238 | Operational management | Corrective | |
| Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234 | Operational management | Preventive | |
| Verify the log file configured to capture critical sendmail messages is owned by an appropriate user or group. CC ID 05319 | System hardening through configuration management | Preventive | |
| Set the file permissions for log file that is configured to capture critical sendmail messages properly. CC ID 05461 | System hardening through configuration management | Preventive | |
| Provide the reference database used to verify input data in the logging capability. CC ID 15018 | System hardening through configuration management | Preventive | |
| Configure the log to capture audit log initialization, along with auditable event selection. CC ID 00649 | System hardening through configuration management | Detective | |
| Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890 | System hardening through configuration management | Detective | |
| Configure the log to capture the information referent when personal data is being accessed. CC ID 11968 | System hardening through configuration management | Detective | |
| Configure the log to capture each auditable event's origination. CC ID 01338 | System hardening through configuration management | Detective | |
| Configure the log to capture the amount of data uploaded and downloaded. CC ID 16494 | System hardening through configuration management | Preventive | |
| Configure the log to capture startups and shutdowns. CC ID 16491 | System hardening through configuration management | Preventive | |
| Configure the log to capture user queries and searches. CC ID 16479 | System hardening through configuration management | Preventive | |
| Configure the log to capture Internet Protocol addresses. CC ID 16495 | System hardening through configuration management | Preventive | |
| Configure the log to capture error messages. CC ID 16477 | System hardening through configuration management | Preventive | |
| Configure the log to capture system failures. CC ID 16475 | System hardening through configuration management | Preventive | |
| Configure the log to capture all malicious code that has been discovered, quarantined, and/or eradicated. CC ID 00577 | System hardening through configuration management | Detective | |
| Capture successful operating system access and successful software access. CC ID 00527 | System hardening through configuration management | Detective | |
| Configure the log to capture hardware and software access attempts. CC ID 01220 | System hardening through configuration management | Detective | |
| Configure the log to capture logons, logouts, logon attempts, and logout attempts. CC ID 01915 | System hardening through configuration management | Detective | |
| Configure the log to capture access to restricted data or restricted information. CC ID 00644 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | System hardening through configuration management | Detective | |
| Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 | System hardening through configuration management | Detective | |
| Configure the log to capture identification and authentication mechanism use. CC ID 00648 | System hardening through configuration management | Detective | |
| Configure the log to capture all access to the audit trail. CC ID 00646 | System hardening through configuration management | Detective | |
| Configure the log to capture Object access to key directories or key files. CC ID 01697 | System hardening through configuration management | Detective | |
| Configure the log to capture both access and access attempts to security-relevant objects and security-relevant directories. CC ID 01916 | System hardening through configuration management | Detective | |
| Configure the log to capture system level object creation and deletion. CC ID 00650 | System hardening through configuration management | Detective | |
| Configure the log to capture changes to User privileges, audit policies, and trust policies by enabling audit policy changes. CC ID 01698 | System hardening through configuration management | Detective | |
| Configure the log to capture user account additions, modifications, and deletions. CC ID 16482 | System hardening through configuration management | Preventive | |
| Configure the log to capture user authenticator changes. CC ID 01917 | System hardening through configuration management | Detective | |
| Enable or disable NFS server logging, as appropriate. CC ID 05593 | System hardening through configuration management | Detective | |
| Log Pluggable Authentication Modules access at an appropriate level. CC ID 05599 | System hardening through configuration management | Detective | |
| Enable or disable the logging of "martian" packets (impossible addresses), as appropriate. CC ID 05601 | System hardening through configuration management | Detective | |
| Enable or disable dhcpd logging, as appropriate. CC ID 05602 | System hardening through configuration management | Detective | |
| Enable or disable attempted stack exploit logging, as appropriate. CC ID 05614 | System hardening through configuration management | Detective | |
| Enable or disable the debug logging option, as appropriate. CC ID 05617 | System hardening through configuration management | Detective | |
| Enable or disable the logging of vsftpd transactions, as appropriate. CC ID 06032 | System hardening through configuration management | Detective | |
| Configure the log to send alerts for each auditable events success or failure. CC ID 01337 | System hardening through configuration management | Preventive | |
| Verify auditing is logged to an appropriate directory. CC ID 05603 | System hardening through configuration management | Detective | |
| Enable or disable the /var/log/authlog log, as appropriate. CC ID 05606 | System hardening through configuration management | Detective | |
| Enable or disable the /var/log/syslog log, as appropriate. CC ID 05607 | System hardening through configuration management | Detective | |
| Enable or disable the /var/adm/messages log, as appropriate. CC ID 05608 | System hardening through configuration management | Detective | |
| Enable or disable the /var/adm/sulog log, as appropriate. CC ID 05609 | System hardening through configuration management | Detective | |
| Enable or disable the /var/adm/utmp(x) log, as appropriate. CC ID 05610 | System hardening through configuration management | Detective | |
| Enable or disable the /var/adm/wtmp(x) log, as appropriate. CC ID 05611 | System hardening through configuration management | Detective | |
| Enable or disable the /var/adm/sshlog log, as appropriate. CC ID 05612 | System hardening through configuration management | Detective | |
| Enable or disable the /var/log/pamlog log, as appropriate. CC ID 05613 | System hardening through configuration management | Detective | |
| Perform filesystem logging and filesystem journaling. CC ID 05615 | System hardening through configuration management | Detective | |
| Log the disclosure of personal data. CC ID 06628 | Privacy protection for information and data | Preventive | |
| Log the modification of personal data. CC ID 11844 | Privacy protection for information and data | Preventive | |
| Log account access dates and report when dormant accounts suddenly exhibit unusual activity. CC ID 04874 | Privacy protection for information and data | Detective | |
| Log dates for account name changes or address changes. CC ID 04876 | Privacy protection for information and data | Detective | |
Maintenance | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Use system components only when third party support is available. CC ID 10644 | Operational management | Preventive | |
| Obtain justification for the continued use of system components when third party support is no longer available. CC ID 10645 | Operational management | Preventive | |
| Conduct offsite maintenance in authorized facilities. CC ID 16473 | Operational management | Preventive | |
| Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295 | Operational management | Preventive | |
| Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291 | Operational management | Preventive | |
| Restart systems on a periodic basis. CC ID 16498 | Operational management | Preventive | |
| Remove components being serviced from the information system prior to performing maintenance. CC ID 14251 | Operational management | Preventive | |
Monitor and Evaluate Occurrences | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Analyze organizational objectives, functions, and activities. CC ID 00598 | Leadership and high level objectives | Preventive | |
| Establish, implement, and maintain intrusion management operations. CC ID 00580 | Monitoring and measurement | Preventive | |
| Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Monitoring and measurement | Detective | |
| Monitor systems for blended attacks and multiple component incidents. CC ID 01225 | Monitoring and measurement | Detective | |
| Monitor systems for Denial of Service attacks. CC ID 01222 | Monitoring and measurement | Detective | |
| Monitor systems for unauthorized data transfers. CC ID 12971 | Monitoring and measurement | Preventive | |
| Monitor systems for access to restricted data or restricted information. CC ID 04721 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Monitoring and measurement | Detective | |
| Detect unauthorized access to systems. CC ID 06798 | Monitoring and measurement | Detective | |
| Incorporate potential red flags into the organization's incident management system. CC ID 04652 | Monitoring and measurement | Detective | |
| Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430 | Monitoring and measurement | Detective | |
| Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808 | Monitoring and measurement | Detective | |
| Monitor systems for unauthorized mobile code. CC ID 10034 | Monitoring and measurement | Preventive | |
| Monitor and evaluate system performance. CC ID 00651 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Monitoring and measurement | Detective | |
| Monitor and evaluate user account activity. CC ID 07066 [User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Monitoring and measurement | Detective | |
| Generate daily reports of user logons during hours outside of their usage profile. CC ID 07068 | Monitoring and measurement | Detective | |
| Generate daily reports of users who have grossly exceeded their usage profile logon duration. CC ID 07069 | Monitoring and measurement | Detective | |
| Log account usage durations. CC ID 12117 | Monitoring and measurement | Detective | |
| Report red flags when logon credentials are used on a computer different from the one in the usage profile. CC ID 07070 | Monitoring and measurement | Detective | |
| Monitor the organization's exposure to threats, as necessary. CC ID 06494 | Monitoring and measurement | Preventive | |
| Monitor and evaluate environmental threats. CC ID 13481 | Monitoring and measurement | Detective | |
| Monitor for new vulnerabilities. CC ID 06843 | Monitoring and measurement | Preventive | |
| Monitor devices continuously for conformance with production specifications. CC ID 06201 | Monitoring and measurement | Detective | |
| Monitor personnel and third parties for compliance to the organizational compliance framework. CC ID 04726 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Monitoring and measurement | Detective | |
| Establish, implement, and maintain compliance program metrics. CC ID 11625 | Monitoring and measurement | Preventive | |
| Supervise interested personnel and affected parties participating in the audit. CC ID 07150 | Audits and risk management | Preventive | |
| Track and measure the implementation of the organizational compliance framework. CC ID 06445 [The entity has a process for governing and overseeing the application of policies and procedures. M1.2 Oversight and monitoring] | Audits and risk management | Preventive | |
| Enforce information flow control. CC ID 11781 | Technical security | Preventive | |
| Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 | Physical and environmental protection | Preventive | |
| Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 | Physical and environmental protection | Detective | |
| Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675 | Physical and environmental protection | Preventive | |
| Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328 | Physical and environmental protection | Detective | |
| Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609 | Physical and environmental protection | Detective | |
| Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677 | Physical and environmental protection | Detective | |
| Monitor for alarmed security doors being propped open. CC ID 06684 | Physical and environmental protection | Detective | |
| Monitor the location of distributed assets. CC ID 11684 | Physical and environmental protection | Detective | |
| Log an incident if unauthorized restricted data or unauthorized restricted information is discovered on a mobile device. CC ID 08708 | Physical and environmental protection | Corrective | |
| Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052 | Operational management | Corrective | |
| Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053 | Operational management | Corrective | |
| Automate software license monitoring, as necessary. CC ID 07057 | Operational management | Preventive | |
| Determine the incident severity level when assessing the security incidents. CC ID 01650 | Operational management | Corrective | |
| Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453 | Operational management | Detective | |
| Require personnel to monitor for and report suspicious account activity. CC ID 16462 | Operational management | Detective | |
| Respond to and triage when an incident is detected. CC ID 06942 | Operational management | Detective | |
| Escalate incidents, as necessary. CC ID 14861 | Operational management | Corrective | |
| Check the precursors and indicators when assessing the security incidents. CC ID 01761 | Operational management | Corrective | |
| Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265 | Operational management | Detective | |
| Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234 | Operational management | Preventive | |
| Identify potential red flags to alert the organization before a data leakage has occurred. CC ID 04654 | Privacy protection for information and data | Preventive | |
| Establish, implement, and maintain suspicious user account activity procedures. CC ID 04854 | Privacy protection for information and data | Detective | |
| Report fraudulent account activity, unauthorized transactions, or discrepancies with current accounts. CC ID 04875 | Privacy protection for information and data | Corrective | |
| Review accounts that are changed for additional user requests. CC ID 11846 | Privacy protection for information and data | Detective | |
| Review monitored websites for data leakage. CC ID 10593 | Privacy protection for information and data | Detective | |
| Include personal data that is encrypted or redacted as an out of scope privacy breach. CC ID 04679 | Privacy protection for information and data | Preventive | |
| Include cryptographic keys not being accessed during a privacy breach as an out of scope privacy breach. CC ID 04761 | Privacy protection for information and data | Preventive | |
| Include any personal data that is on an encrypted mobile device as an out of scope privacy breach, if the encryption keys were not accessed and the mobile device was recovered. CC ID 04762 | Privacy protection for information and data | Preventive | |
Physical and Environmental Protection | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Protect the facility from crime. CC ID 06347 | Physical and environmental protection | Preventive | |
| Protect facilities from eavesdropping. CC ID 02222 | Physical and environmental protection | Preventive | |
| Inspect telephones for eavesdropping devices. CC ID 02223 | Physical and environmental protection | Detective | |
| Hold conferences requiring sensitive information discussions in spaces that have commensurate security. CC ID 11440 | Physical and environmental protection | Preventive | |
| Provide one-time meeting support for discussions involving Top Secret information. CC ID 11441 | Physical and environmental protection | Preventive | |
| Create security zones in facilities, as necessary. CC ID 16295 | Physical and environmental protection | Preventive | |
| Establish clear zones around any sensitive facilities. CC ID 02214 | Physical and environmental protection | Preventive | |
| Inspect items brought into the facility. CC ID 06341 | Physical and environmental protection | Preventive | |
| Maintain all physical security systems. CC ID 02206 | Physical and environmental protection | Preventive | |
| Maintain all security alarm systems. CC ID 11669 | Physical and environmental protection | Preventive | |
| Control physical access to (and within) the facility. CC ID 01329 [The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Physical and environmental protection | Preventive | |
| Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419 | Physical and environmental protection | Preventive | |
| Secure physical entry points with physical access controls or security guards. CC ID 01640 [The entity requires individuals to be issued a proximity badge and has implemented proximity control mechanisms that require an individual to authenticate their identity via proximity card reading devices prior to gaining access to internal locations within the entity's data centers, office spaces, document storage locations, work areas and environmental control system locations. S7.2 Internal physical access control] | Physical and environmental protection | Detective | |
| Configure the access control system to grant access only during authorized working hours. CC ID 12325 | Physical and environmental protection | Preventive | |
| Check the visitor's stated identity against a provided government issued identification. CC ID 06701 | Physical and environmental protection | Preventive | |
| Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463 | Physical and environmental protection | Corrective | |
| Issue photo identification badges to all employees. CC ID 12326 | Physical and environmental protection | Preventive | |
| Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334 | Physical and environmental protection | Preventive | |
| Manage visitor identification inside the facility. CC ID 11670 | Physical and environmental protection | Preventive | |
| Secure unissued visitor identification badges. CC ID 06712 | Physical and environmental protection | Preventive | |
| Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331 | Physical and environmental protection | Preventive | |
| Restrict access to the badge system to authorized personnel. CC ID 12043 | Physical and environmental protection | Preventive | |
| Enforce dual control for badge assignments. CC ID 12328 | Physical and environmental protection | Preventive | |
| Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327 | Physical and environmental protection | Preventive | |
| Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282 | Physical and environmental protection | Preventive | |
| Prevent tailgating through physical entry points. CC ID 06685 | Physical and environmental protection | Preventive | |
| Use locks to protect against unauthorized physical access. CC ID 06342 | Physical and environmental protection | Preventive | |
| Install and maintain security lighting at all physical entry points. CC ID 02205 | Physical and environmental protection | Preventive | |
| Use vandal resistant light fixtures for all security lighting. CC ID 16130 | Physical and environmental protection | Preventive | |
| Manage access to loading docks, unloading docks, and mail rooms. CC ID 02210 | Physical and environmental protection | Preventive | |
| Secure the loading dock with physical access controls or security guards. CC ID 06703 | Physical and environmental protection | Preventive | |
| Isolate loading areas from information processing facilities, if possible. CC ID 12028 | Physical and environmental protection | Preventive | |
| Screen incoming mail and deliveries. CC ID 06719 | Physical and environmental protection | Preventive | |
| Protect access to the facility's mechanical systems area. CC ID 02212 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain elevator security guidelines. CC ID 02232 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain stairwell security guidelines. CC ID 02233 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain glass opening security guidelines. CC ID 02234 | Physical and environmental protection | Preventive | |
| Establish a security room, if necessary. CC ID 00738 | Physical and environmental protection | Preventive | |
| Implement physical security standards for mainframe rooms or data centers. CC ID 00749 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Physical and environmental protection | Preventive | |
| Establish and maintain equipment security cages in a shared space environment. CC ID 06711 | Physical and environmental protection | Preventive | |
| Secure systems in lockable equipment cabinets, as necessary. CC ID 06716 | Physical and environmental protection | Preventive | |
| Lock all lockable equipment cabinets. CC ID 11673 | Physical and environmental protection | Detective | |
| Establish, implement, and maintain vault physical security standards. CC ID 02203 | Physical and environmental protection | Preventive | |
| Monitor physical entry point alarms. CC ID 01639 | Physical and environmental protection | Detective | |
| Build and maintain fencing, as necessary. CC ID 02235 | Physical and environmental protection | Preventive | |
| Implement security measures for all interior spaces that allow for any payment transactions. CC ID 06352 | Physical and environmental protection | Preventive | |
| Physically segregate business areas in accordance with organizational standards. CC ID 16718 | Physical and environmental protection | Preventive | |
| Design interior walls with sound absorbing materials as well as thermal resistant materials. CC ID 06372 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Physical and environmental protection | Preventive | |
| Use locked containers to transport non-digital media outside of controlled areas. CC ID 14286 | Physical and environmental protection | Preventive | |
| Restrict physical access to distributed assets. CC ID 11865 [The entity restricts physical access to facilities and protected information assets (e.g., data center facilities, back-up media storage and other sensitive locations) to authorized personnel to meet the entity's objectives. S7.2 {logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Physical and environmental protection | Preventive | |
| House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873 | Physical and environmental protection | Preventive | |
| Protect electronic storage media with physical access controls. CC ID 00720 | Physical and environmental protection | Preventive | |
| Protect physical assets with earthquake-resistant mechanisms. CC ID 06360 | Physical and environmental protection | Preventive | |
| Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Physical and environmental protection | Preventive | |
| Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Physical and environmental protection | Preventive | |
| Protect the combinations for all combination locks. CC ID 02199 | Physical and environmental protection | Preventive | |
| Establish and maintain eavesdropping protection for vaults. CC ID 02231 | Physical and environmental protection | Preventive | |
| Protect distributed assets against theft. CC ID 06799 | Physical and environmental protection | Preventive | |
| Control the delivery of assets through physical entry points and physical exit points. CC ID 01441 | Physical and environmental protection | Preventive | |
| Control the removal of assets through physical entry points and physical exit points. CC ID 11681 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain on-site physical controls for all distributed assets. CC ID 04820 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain off-site physical controls for all distributed assets. CC ID 04539 | Physical and environmental protection | Preventive | |
| Attach asset location technologies to distributed assets. CC ID 10626 | Physical and environmental protection | Detective | |
| Employ asset location technologies in accordance with applicable laws and regulations. CC ID 10627 | Physical and environmental protection | Preventive | |
| Unpair missing Bluetooth devices. CC ID 12428 | Physical and environmental protection | Corrective | |
| Secure workstations to desks with security cables. CC ID 04724 | Physical and environmental protection | Preventive | |
| Include the use of privacy filters in the mobile device security guidelines. CC ID 16452 | Physical and environmental protection | Preventive | |
| Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430 | Physical and environmental protection | Preventive | |
| Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429 | Physical and environmental protection | Preventive | |
| Separate systems that transmit, process, or store restricted data from those that do not by deploying physical access controls. CC ID 00722 | Physical and environmental protection | Preventive | |
| Secure system components from unauthorized viewing. CC ID 01437 | Physical and environmental protection | Preventive | |
| Identify customer property within the organizational facility. CC ID 06612 | Physical and environmental protection | Preventive | |
| Protect customer property under the care of the organization. CC ID 11685 | Physical and environmental protection | Preventive | |
| Provide storage media shelving capable of bearing all potential loads. CC ID 11400 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain physical hazard segregation or removal procedures. CC ID 01248 | Operational and Systems Continuity | Corrective | |
| Separate the alternate facility from the primary facility through geographic separation. CC ID 01394 | Operational and Systems Continuity | Preventive | |
| Establish and maintain off-site electronic media storage facilities. CC ID 00957 | Operational and Systems Continuity | Preventive | |
| Conduct environmental surveys. CC ID 00690 | Operational management | Preventive | |
| Plan and conduct maintenance so that it does not interfere with scheduled operations. CC ID 06389 | Operational management | Preventive | |
| Control and monitor all maintenance tools. CC ID 01432 | Operational management | Detective | |
| Identify and authenticate appropriate parties prior to granting access to maintain assets. CC ID 11874 | Operational management | Preventive | |
| Refrain from protecting physical assets when no longer required. CC ID 13484 | Operational management | Corrective | |
| Place printed records awaiting destruction into secure containers. CC ID 12464 | Records management | Preventive | |
| Destroy printed records so they cannot be reconstructed. CC ID 11779 | Records management | Preventive | |
| Physically secure printed records. CC ID 11778 [The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Records management | Preventive | |
Process or Activity | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Update or adjust fraud detection systems, as necessary. CC ID 13684 | Monitoring and measurement | Corrective | |
| Align the enterprise architecture with the system security plan. CC ID 14255 | Monitoring and measurement | Preventive | |
| Ensure protocols are free from injection flaws. CC ID 16401 | Monitoring and measurement | Preventive | |
| Correct compliance violations. CC ID 13515 [The entity takes remedial action in response to misuse of PI by a third party to whom the entity has transferred such information. D6.5 Remediates misuse of PI by third parties The entity takes remedial action in response to misuse of PI by a third party to whom the entity has transferred such information. D6.6 Remediates misuse of PI by third parties The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Monitoring and measurement | Corrective | |
| Determine the effect of fraud and non-compliance on the description of the system in the audit assertion, as necessary. CC ID 13977 | Audits and risk management | Detective | |
| Determine the effect of fraud and non-compliance on the achievement of in scope controls in the audit assertion, as necessary. CC ID 13978 | Audits and risk management | Detective | |
| Review documentation to determine the effectiveness of in scope controls. CC ID 16522 | Audits and risk management | Preventive | |
| Coordinate the scheduling of interviews. CC ID 16293 | Audits and risk management | Preventive | |
| Create a schedule for the interviews. CC ID 16292 | Audits and risk management | Preventive | |
| Identify interviewees. CC ID 16290 | Audits and risk management | Preventive | |
| Discuss unsolved questions with the interviewee. CC ID 16298 | Audits and risk management | Detective | |
| Allow interviewee to respond to explanations. CC ID 16296 | Audits and risk management | Detective | |
| Explain the requirements being discussed to the interviewee. CC ID 16294 | Audits and risk management | Detective | |
| Explain the testing results to the interviewee. CC ID 16291 | Audits and risk management | Preventive | |
| Withdraw from the audit, when defined conditions exist. CC ID 13885 | Audits and risk management | Corrective | |
| Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301 | Technical security | Preventive | |
| Define the activation requirements for identification cards or badges. CC ID 06583 | Technical security | Preventive | |
| Disallow self-enrollment of biometric information. CC ID 11834 | Technical security | Preventive | |
| Enforce the network segmentation requirements. CC ID 16381 | Technical security | Preventive | |
| Use a passive asset inventory discovery tool to identify assets when network mapping. CC ID 13735 | Technical security | Detective | |
| Use an active asset inventory discovery tool to identify sensitive information for data flow diagrams. CC ID 13737 | Technical security | Detective | |
| Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270 | Technical security | Detective | |
| Update application layer firewalls to the most current version. CC ID 12037 | Technical security | Preventive | |
| Define the asymmetric signature field for the CHUID container on identification cards or badges. CC ID 06584 | Technical security | Preventive | |
| Implement cryptographic operations and support functions on identification cards or badges. CC ID 06585 | Technical security | Preventive | |
| Define the format of the biometric data on identification cards or badges. CC ID 06586 | Technical security | Preventive | |
| Implement physical identification processes. CC ID 13715 | Physical and environmental protection | Preventive | |
| Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717 | Physical and environmental protection | Preventive | |
| Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714 | Physical and environmental protection | Preventive | |
| Include identity proofing processes in the identification issuance procedures. CC ID 06597 | Physical and environmental protection | Preventive | |
| Prohibit assets from being taken off-site absent prior authorization. CC ID 12027 | Physical and environmental protection | Preventive | |
| Remote wipe any distributed asset reported lost or stolen. CC ID 12197 | Physical and environmental protection | Corrective | |
| Remove dormant systems from the network, as necessary. CC ID 13727 | Physical and environmental protection | Corrective | |
| Reconfigure restored systems to meet the Recovery Time Objectives. CC ID 11693 | Operational and Systems Continuity | Corrective | |
| Perform backup procedures for in scope systems. CC ID 11692 | Operational and Systems Continuity | Preventive | |
| Include all residences in the criminal records check. CC ID 13306 | Human Resources management | Preventive | |
| Restrict unscheduled downtime in order to maintain high availability for critical systems. CC ID 12742 | Operational management | Preventive | |
| Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885 | Operational management | Preventive | |
| Implement automated mechanisms to transfer predictive maintenance data to a maintenance management system. CC ID 10616 | Operational management | Preventive | |
| Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197 | Operational management | Corrective | |
| Coordinate incident response activities with interested personnel and affected parties. CC ID 13196 | Operational management | Corrective | |
| Contain the incident to prevent further loss. CC ID 01751 | Operational management | Corrective | |
| Revoke the written request to delay the notification. CC ID 16843 | Operational management | Preventive | |
| Post the incident response notification on the organization's website. CC ID 16809 | Operational management | Preventive | |
| Document the determination for providing a substitute incident response notification. CC ID 16841 | Operational management | Preventive | |
| Conduct incident investigations, as necessary. CC ID 13826 | Operational management | Detective | |
| Prohibit files from containing wild cards, as necessary. CC ID 16318 | System hardening through configuration management | Preventive | |
| Change default accounts. CC ID 16468 | System hardening through configuration management | Preventive | |
| Define the location requirements for network elements and network devices. CC ID 16379 | System hardening through configuration management | Preventive | |
| Reset wireless access points, as necessary. CC ID 14317 | System hardening through configuration management | Corrective | |
| Determine how long to keep records and logs before disposing them. CC ID 11661 | Records management | Preventive | |
| Manage waste materials in accordance with the storage media disposition and destruction procedures. CC ID 16485 | Records management | Preventive | |
| Define each system's disposition requirements for records and logs. CC ID 11651 | Records management | Preventive | |
| Include system performance in the scope of system testing. CC ID 12624 | Systems design, build, and implementation | Preventive | |
| Include security controls in the scope of system testing. CC ID 12623 | Systems design, build, and implementation | Preventive | |
| Include business logic in the scope of system testing. CC ID 12622 | Systems design, build, and implementation | Preventive | |
| Require a data protection impact assessment when profiling the data subject. CC ID 12680 | Privacy protection for information and data | Detective | |
| Provide the data subject with information about automated decision-making during personal data processing. CC ID 12609 | Privacy protection for information and data | Preventive | |
| Provide the data subject with contractual requirements requiring the provision of personal data. CC ID 12588 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the data retention period for personal data. CC ID 12587 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the criteria used to determine the data retention period for personal data. CC ID 12589 | Privacy protection for information and data | Preventive | |
| Provide the data subject with the adequacy decision. CC ID 12586 | Privacy protection for information and data | Preventive | |
| Provide the data subject with references to the appropriate safeguards used to protect the privacy of personal data. CC ID 12585 | Privacy protection for information and data | Preventive | |
| Provide the data subject with copies of the appropriate safeguards used to protect the privacy of personal data. CC ID 12608 | Privacy protection for information and data | Preventive | |
| Notify the data subject of the right to data portability. CC ID 12603 | Privacy protection for information and data | Preventive | |
| Provide the data subject with information about the right to erasure. CC ID 12602 | Privacy protection for information and data | Preventive | |
| Provide shareholders access to electronic messages via electronic means. CC ID 11855 | Privacy protection for information and data | Preventive | |
| Provide the data subject with information about the legitimate interests associated with personal data processing. CC ID 12614 [The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Privacy protection for information and data | Preventive | |
| Align the enterprise architecture with the privacy plan. CC ID 14705 | Privacy protection for information and data | Preventive | |
| Confirm the individual's identity before granting an opt-out request. CC ID 16813 | Privacy protection for information and data | Preventive | |
| Approve the approval application unless applicant has been convicted. CC ID 16603 | Privacy protection for information and data | Preventive | |
| Provide the supervisory authority with any information requested by the supervisory authority. CC ID 12606 | Privacy protection for information and data | Preventive | |
| Allow data subjects to submit data requests. CC ID 16545 | Privacy protection for information and data | Preventive | |
| Define what is included in a request for a waiver or reduction of fees. CC ID 15522 | Privacy protection for information and data | Preventive | |
| Allow affected third parties to consent or object to a data access request. CC ID 08704 | Privacy protection for information and data | Preventive | |
| Refrain from processing restricted data if the restricted data is involved in a legal claim. CC ID 12668 | Privacy protection for information and data | Preventive | |
| Refrain from providing information to the data subject when the organization cannot identify the data subject. CC ID 12667 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for statistical purposes. CC ID 12656 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for historical research purposes. CC ID 12655 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for scientific research purposes. CC ID 12654 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for exercising freedom of expression. CC ID 12684 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when it is used to provide a service. CC ID 13779 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when it is being used for incident detection. CC ID 13778 | Privacy protection for information and data | Detective | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for archival purposes. CC ID 12653 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is for compliance with a legal obligation. CC ID 12652 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for the public interest. CC ID 12649 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon data subject request when personal data processing concerns legal claims. CC ID 12644 | Privacy protection for information and data | Preventive | |
| Refrain from processing personal data if the data subject opposes the data erasure of personal data. CC ID 12619 | Privacy protection for information and data | Preventive | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is to support the treatment of the individual. CC ID 11969 | Privacy protection for information and data | Preventive | |
| Process personal data absent consent in order to protect the vital interests of the data subject. CC ID 14012 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon receiving a personal data removal request when it is necessary for maintaining information assets. CC ID 13789 | Privacy protection for information and data | Preventive | |
| Refrain from erasing personal data upon receiving a personal data removal request when it is necessary to complete a payment transaction. CC ID 13788 | Privacy protection for information and data | Preventive | |
| Include disclosing personal data that would threaten facilities, property, transport, or communication systems as a reason for denial in the personal data request denial procedures. CC ID 08702 | Privacy protection for information and data | Preventive | |
| Include if the record would constitute an action for breach of a duty of confidence as a reason for denial in the personal data request denial procedures. CC ID 08700 | Privacy protection for information and data | Preventive | |
| Search the Internet for evidence of data leakage. CC ID 10419 | Privacy protection for information and data | Detective | |
| Alert appropriate personnel when data leakage is detected. CC ID 14715 | Privacy protection for information and data | Preventive | |
| Take appropriate action when a data leakage is discovered. CC ID 14716 | Privacy protection for information and data | Corrective | |
| Refrain from installing software on an individual's computer unless acting in accordance with a court order. CC ID 14000 | Privacy protection for information and data | Preventive | |
| Remove or uninstall software from an individual's computer, as necessary. CC ID 13998 | Privacy protection for information and data | Preventive | |
| Remove or uninstall software from an individual's computer when consent is revoked. CC ID 13997 | Privacy protection for information and data | Preventive | |
| Define the fee structure for the appeal process. CC ID 16532 | Privacy protection for information and data | Preventive | |
| Define the time requirements for the appeal process. CC ID 16531 | Privacy protection for information and data | Preventive | |
| Formalize client and third party relationships with contracts or nondisclosure agreements. CC ID 00794 | Third Party and supply chain oversight | Detective | |
| Assess third parties' compliance environment during due diligence. CC ID 13134 | Third Party and supply chain oversight | Detective | |
Records Management | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Maintain vulnerability scan reports as organizational records. CC ID 12092 | Monitoring and measurement | Preventive | |
| Archive the engagement file and all work papers for the period prescribed by law or contract. CC ID 10038 | Audits and risk management | Preventive | |
| Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090 | Technical security | Preventive | |
| Retain video events according to Records Management procedures. CC ID 06304 | Physical and environmental protection | Preventive | |
| Control the transiting and internal distribution or external distribution of assets. CC ID 00963 | Physical and environmental protection | Preventive | |
| Obtain management authorization for restricted storage media transit or distribution from a controlled access area. CC ID 00964 | Physical and environmental protection | Preventive | |
| Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961 | Physical and environmental protection | Preventive | |
| Treat archive media as evidence. CC ID 00960 | Physical and environmental protection | Preventive | |
| Control the storage of restricted storage media. CC ID 00965 | Physical and environmental protection | Preventive | |
| Identify all critical business records. CC ID 00737 | Operational and Systems Continuity | Detective | |
| Include source code in the asset inventory. CC ID 14858 | Operational management | Preventive | |
| Establish, implement, and maintain incident management audit logs. CC ID 13514 [The entity creates and maintains a record of detected or reported unauthorized disclosures of PI that is complete, accurate and timely. D6.3 Creates and retains record of detected or reported unauthorized disclosures The entity creates and retains a complete, accurate and timely record of detected or reported unauthorized disclosures (including breaches) of PI to meet the entity's objectives related to privacy. D6.3] | Operational management | Preventive | |
| Verify all device files are located in an appropriate directory. CC ID 05571 | System hardening through configuration management | Preventive | |
| Retain records in accordance with applicable requirements. CC ID 00968 [The entity retains PI consistent with its objectives related to privacy. U4.2 PI is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise. U4.2 Retains PI The entity creates and retains a complete, accurate and timely record of authorized disclosures of PI to meet the entity's objectives related to privacy. D6.2 The entity creates and retains a complete, accurate and timely record of detected or reported unauthorized disclosures (including breaches) of PI to meet the entity's objectives related to privacy. D6.3] | Records management | Preventive | |
| Remove and/or destroy records according to the records' retention event and retention period schedule. CC ID 06621 [PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI] | Records management | Preventive | |
| Protect records from loss in accordance with applicable requirements. CC ID 12007 [Policies and procedures have been implemented to protect PI from erasure or destruction during the specified retention period of the information. U4.2 Protects PI] | Records management | Preventive | |
| Capture the records required by organizational compliance requirements. CC ID 00912 | Records management | Detective | |
| Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943 | Records management | Preventive | |
| Refrain from allowing students the right to inspect the financial records of their parent or legal representative. CC ID 13025 | Privacy protection for information and data | Preventive | |
| Refrain from allowing students the right to inspect confidential letters and confidential letters of recommendation. CC ID 13019 | Privacy protection for information and data | Preventive | |
| Amend education records within a reasonable period after receiving a record amendment request. CC ID 12998 | Privacy protection for information and data | Corrective | |
| Decide whether to amend education records based on evidence presented during a hearing. CC ID 13020 | Privacy protection for information and data | Corrective | |
| Grant access to education records in support of educational program audits. CC ID 13032 | Privacy protection for information and data | Preventive | |
| Grant access to education records in support of external requirements. CC ID 13033 | Privacy protection for information and data | Preventive | |
| Collect and retain disclosure authorizations for each data subject. CC ID 13434 [Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information] | Privacy protection for information and data | Preventive | |
| Refrain from destroying records being inspected or reviewed. CC ID 13015 | Privacy protection for information and data | Preventive | |
| Submit personal data removal requests in writing. CC ID 11973 | Privacy protection for information and data | Preventive | |
| Allow authorized individuals to authenticate record entries containing personal data. CC ID 11812 | Privacy protection for information and data | Corrective | |
| Refrain from processing restricted data, as necessary. CC ID 12551 | Privacy protection for information and data | Preventive | |
| Include the data protection officer's contact information in the record of processing activities. CC ID 12640 | Privacy protection for information and data | Preventive | |
| Include the data processor's contact information in the record of processing activities. CC ID 12657 | Privacy protection for information and data | Preventive | |
| Include the data processor's representative's contact information in the record of processing activities. CC ID 12658 | Privacy protection for information and data | Preventive | |
| Include a general description of the implemented security measures in the record of processing activities. CC ID 12641 | Privacy protection for information and data | Preventive | |
| Include a description of the data subject categories in the record of processing activities. CC ID 12659 | Privacy protection for information and data | Preventive | |
| Include the purpose of processing restricted data in the record of processing activities. CC ID 12663 | Privacy protection for information and data | Preventive | |
| Include the personal data processing categories in the record of processing activities. CC ID 12661 | Privacy protection for information and data | Preventive | |
| Include the time limits for erasing each data category in the record of processing activities. CC ID 12690 | Privacy protection for information and data | Preventive | |
| Include the data recipient categories to whom restricted data has been or will be disclosed in the record of processing activities. CC ID 12664 | Privacy protection for information and data | Preventive | |
| Include a description of the personal data categories in the record of processing activities. CC ID 12660 | Privacy protection for information and data | Preventive | |
| Include the joint data controller's contact information in the record of processing activities. CC ID 12639 | Privacy protection for information and data | Preventive | |
| Include the data controller's representative's contact information in the record of processing activities. CC ID 12638 | Privacy protection for information and data | Preventive | |
| Include documentation of the transferee's safeguards for transferring restricted data in the record of processing activities. CC ID 12643 | Privacy protection for information and data | Preventive | |
| Include the identification of transferees for transferring restricted data in the record of processing activities. CC ID 12642 | Privacy protection for information and data | Preventive | |
| Include the data controller's contact information in the record of processing activities. CC ID 12637 | Privacy protection for information and data | Preventive | |
| Refrain from disclosing Individually Identifiable Health Information when in violation of territorial or federal law. CC ID 11966 | Privacy protection for information and data | Preventive | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is permitted with the consent of the data subject. CC ID 11970 | Privacy protection for information and data | Preventive | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is permitted by law. CC ID 11976 | Privacy protection for information and data | Preventive | |
| Refrain from disclosing personal data absent consent of the individual or for defined exceptions. CC ID 11967 | Privacy protection for information and data | Preventive | |
| Remove personal data from records after receiving a personal data removal request. CC ID 11972 [Requests for deletion of PI are captured and information related to the requests is identified and flagged for destruction to meet the entity's objectives related to privacy. U4.3 Captures, identifies and flags requests for deletion] | Privacy protection for information and data | Preventive | |
| Authorize the transfer of restricted data in accordance with organizational standards. CC ID 16428 | Privacy protection for information and data | Preventive | |
Systems Continuity | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Review and prioritize the importance of each business unit. CC ID 01165 | Operational and Systems Continuity | Preventive | |
| Document the mean time to failure for system components. CC ID 10684 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain Recovery Time Objectives for all in scope services. CC ID 12241 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain Recovery Point Objectives for all in scope systems. CC ID 15719 | Operational and Systems Continuity | Preventive | |
| Include evacuation procedures in the continuity plan. CC ID 12773 | Operational and Systems Continuity | Preventive | |
| Establish, implement, and maintain backup procedures for in scope systems. CC ID 01258 | Operational and Systems Continuity | Preventive | |
| Document the backup method and backup frequency on a case-by-case basis in the backup procedures. CC ID 01384 | Operational and Systems Continuity | Preventive | |
| Review the security of the off-site electronic media storage facilities, as necessary. CC ID 00573 | Operational and Systems Continuity | Detective | |
| Store backup media in a fire-rated container which is not collocated with the operational system. CC ID 14289 | Operational and Systems Continuity | Preventive | |
| Store backup vital records in a manner that is accessible for emergency retrieval. CC ID 12765 | Operational and Systems Continuity | Preventive | |
| Back up all records. CC ID 11974 | Operational and Systems Continuity | Preventive | |
| Expedite emergency communications' fiscal decisions in accordance with accounting principles. CC ID 01266 | Operational and Systems Continuity | Preventive | |
| Validate information security continuity controls regularly. CC ID 12008 | Operational and Systems Continuity | Preventive | |
| Approve the continuity plan test results. CC ID 15718 | Operational and Systems Continuity | Preventive | |
| Verify the organization has Emergency Power Supplies available for the systems. CC ID 01912 | System hardening through configuration management | Preventive | |
| Verify enough emergency power is available for a graceful shutdown if the primary power system fails. CC ID 01913 | System hardening through configuration management | Preventive | |
| Verify emergency power continuity procedures are in place to transfer power to a secondary source if the primary power system fails. CC ID 01914 | System hardening through configuration management | Preventive | |
Systems Design, Build, and Implementation | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Implement gateways between security domains. CC ID 16493 | Technical security | Preventive | |
| Apply security controls to each level of the information classification standard. CC ID 01903 | Operational management | Preventive | |
| Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695 | Operational management | Preventive | |
| Review each system's operational readiness. CC ID 06275 | Operational management | Preventive | |
| Validate the system before implementing approved changes. CC ID 01510 | Operational management | Preventive | |
| Implement only one application or primary function per network component or server. CC ID 00879 | System hardening through configuration management | Preventive | |
| Reboot the system after initial systems hardening is complete and before certification. CC ID 01603 | System hardening through configuration management | Preventive | |
| Initiate the System Development Life Cycle development phase or System Development Life Cycle build phase. CC ID 06267 | Systems design, build, and implementation | Preventive | |
| Control the test data used in the development environment. CC ID 12013 | Systems design, build, and implementation | Preventive | |
| Select the test data carefully. CC ID 12011 | Systems design, build, and implementation | Preventive | |
Technical Security | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Develop and maintain a usage profile for each user account. CC ID 07067 | Monitoring and measurement | Preventive | |
| Test security systems and associated security procedures, as necessary. CC ID 11901 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Monitoring and measurement | Detective | |
| Perform internal penetration tests, as necessary. CC ID 12471 | Monitoring and measurement | Detective | |
| Perform external penetration tests, as necessary. CC ID 12470 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Monitoring and measurement | Detective | |
| Perform application-layer penetration testing on all systems, as necessary. CC ID 11630 | Monitoring and measurement | Detective | |
| Perform penetration testing on segmentation controls, as necessary. CC ID 12498 | Monitoring and measurement | Detective | |
| Estimate the maximum bandwidth of any covert channels. CC ID 10653 | Monitoring and measurement | Detective | |
| Reduce the maximum bandwidth of covert channels. CC ID 10655 | Monitoring and measurement | Corrective | |
| Perform vulnerability scans, as necessary. CC ID 11637 | Monitoring and measurement | Detective | |
| Identify and document security vulnerabilities. CC ID 11857 | Monitoring and measurement | Detective | |
| Use dedicated user accounts when conducting vulnerability scans. CC ID 12098 | Monitoring and measurement | Preventive | |
| Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638 | Monitoring and measurement | Detective | |
| Correlate vulnerability scan reports from the various systems. CC ID 10636 | Monitoring and measurement | Detective | |
| Perform vulnerability scans prior to installing payment applications. CC ID 12192 | Monitoring and measurement | Detective | |
| Implement scanning tools, as necessary. CC ID 14282 | Monitoring and measurement | Detective | |
| Repeat vulnerability scanning after an approved change occurs. CC ID 12468 | Monitoring and measurement | Detective | |
| Perform external vulnerability scans, as necessary. CC ID 11624 | Monitoring and measurement | Detective | |
| Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635 | Monitoring and measurement | Detective | |
| Perform vulnerability assessments, as necessary. CC ID 11828 | Monitoring and measurement | Corrective | |
| Review applications for security vulnerabilities after the application is updated. CC ID 11938 | Monitoring and measurement | Detective | |
| Correct or mitigate vulnerabilities. CC ID 12497 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Monitoring and measurement | Corrective | |
| Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated. CC ID 13859 | Monitoring and measurement | Corrective | |
| Include security threats and vulnerabilities in the threat and risk classification scheme. CC ID 00699 [As part of the risk assessment process, management identifies environmental threats that could impair the confidentiality, integrity and availability of systems, including threats resulting from adverse weather or the failure of physical access control and environmental control systems, or from electrical discharge, fire and water damage. S7.2 Identifies environmental threats] | Audits and risk management | Preventive | |
| Implement safeguards to protect access credentials from unauthorized access. CC ID 16433 | Technical security | Preventive | |
| Identify information system users. CC ID 12081 | Technical security | Detective | |
| Review user accounts. CC ID 00525 | Technical security | Detective | |
| Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 | Technical security | Detective | |
| Review shared accounts. CC ID 11840 | Technical security | Detective | |
| Control access rights to organizational assets. CC ID 00004 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software {logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Technical security | Preventive | |
| Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835 | Technical security | Preventive | |
| Define access needs for each system component of an information system. CC ID 12456 | Technical security | Preventive | |
| Define the level of privilege required for each system component of an information system. CC ID 12457 | Technical security | Preventive | |
| Establish access rights based on least privilege. CC ID 01411 | Technical security | Preventive | |
| Assign user permissions based on job responsibilities. CC ID 00538 | Technical security | Preventive | |
| Assign user privileges after they have management sign off. CC ID 00542 | Technical security | Preventive | |
| Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 | Technical security | Preventive | |
| Disallow unlocking user accounts absent system administrator approval. CC ID 01413 | Technical security | Preventive | |
| Establish session authenticity through Transport Layer Security. CC ID 01627 | Technical security | Preventive | |
| Include all system components in the access control system. CC ID 11939 | Technical security | Preventive | |
| Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850 | Technical security | Preventive | |
| Enable attribute-based access control for objects and users on information systems. CC ID 16351 | Technical security | Preventive | |
| Enable role-based access control for objects and users on information systems. CC ID 12458 | Technical security | Preventive | |
| Enforce access restrictions for change control. CC ID 01428 | Technical security | Preventive | |
| Permit a limited set of user actions absent identification and authentication. CC ID 04849 | Technical security | Preventive | |
| Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262 | Technical security | Preventive | |
| Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 | Technical security | Preventive | |
| Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964 | Technical security | Preventive | |
| Control user privileges. CC ID 11665 | Technical security | Preventive | |
| Review all user privileges, as necessary. CC ID 06784 [Persons, infrastructure, network devices and software are identified and authenticated, and their access privileges are validated prior to granting access to information assets, whether locally or remotely. S7.1 Identifies and authenticates users] | Technical security | Preventive | |
| Review each user's access capabilities when their role changes. CC ID 00524 | Technical security | Preventive | |
| Enable products restricted by Digital Rights Management to be used while offline. CC ID 07094 | Technical security | Preventive | |
| Establish, implement, and maintain User Access Management procedures. CC ID 00514 | Technical security | Preventive | |
| Review and approve logical access to all assets based upon organizational policies. CC ID 06641 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Preventive | |
| Control the addition and modification of user identifiers, user credentials, or other authenticators. CC ID 00515 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Preventive | |
| Automate access control methods, as necessary. CC ID 11838 | Technical security | Preventive | |
| Automate Access Control Systems, as necessary. CC ID 06854 | Technical security | Preventive | |
| Refrain from storing logon credentials for third party applications. CC ID 13690 | Technical security | Preventive | |
| Refrain from allowing user access to identifiers and authenticators used by applications. CC ID 10048 | Technical security | Preventive | |
| Remove inactive user accounts, as necessary. CC ID 00517 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Corrective | |
| Remove temporary user accounts, as necessary. CC ID 11839 | Technical security | Corrective | |
| Enforce the password policy. CC ID 16347 | Technical security | Preventive | |
| Enforce usage restrictions for superuser accounts. CC ID 07064 | Technical security | Preventive | |
| Establish, implement, and maintain user accounts in accordance with the organizational Governance, Risk, and Compliance framework. CC ID 00526 | Technical security | Preventive | |
| Protect and manage biometric systems and biometric data. CC ID 01261 | Technical security | Preventive | |
| Implement out-of-band authentication, as necessary. CC ID 10606 | Technical security | Corrective | |
| Include digital identification procedures in the access control program. CC ID 11841 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Preventive | |
| Disallow the use of Personal Identification Numbers as user identifiers. CC ID 06785 | Technical security | Preventive | |
| Require proper authentication for user identifiers. CC ID 11785 | Technical security | Preventive | |
| Refrain from allowing individuals to share authentication mechanisms. CC ID 11932 | Technical security | Preventive | |
| Refrain from assigning authentication mechanisms for shared accounts. CC ID 11910 | Technical security | Preventive | |
| Employ live scans to verify biometric authentication. CC ID 06847 | Technical security | Preventive | |
| Identify and control all network access controls. CC ID 00529 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Technical security | Preventive | |
| Place Intrusion Detection Systems and Intrusion Response Systems in network locations where they will be the most effective. CC ID 04589 | Technical security | Detective | |
| Ensure the data plane, control plane, and management plane have been segregated according to organizational standards. CC ID 16385 | Technical security | Preventive | |
| Manage all internal network connections. CC ID 06329 | Technical security | Preventive | |
| Employ Dynamic Host Configuration Protocol server logging when assigning dynamic IP addresses using the Dynamic Host Configuration Protocol. CC ID 12109 | Technical security | Preventive | |
| Establish, implement, and maintain separate virtual private networks to transport sensitive information. CC ID 12124 | Technical security | Preventive | |
| Establish, implement, and maintain separate virtual local area networks for untrusted devices. CC ID 12095 | Technical security | Preventive | |
| Plan for and approve all network changes. CC ID 00534 | Technical security | Preventive | |
| Manage all external network connections. CC ID 11842 | Technical security | Preventive | |
| Route outbound Internet traffic through a proxy server that supports decrypting network traffic. CC ID 12116 | Technical security | Preventive | |
| Prohibit systems from connecting directly to internal networks outside the demilitarized zone (DMZ). CC ID 16360 | Technical security | Preventive | |
| Implement a fault-tolerant architecture. CC ID 01626 | Technical security | Preventive | |
| Implement segregation of duties. CC ID 11843 | Technical security | Preventive | |
| Refrain from disclosing private Internet Protocol addresses and routing information, unless necessary. CC ID 11891 | Technical security | Preventive | |
| Segregate systems in accordance with organizational standards. CC ID 12546 [The entity considers and, when deemed necessary, uses network segmentation to restrict access within and between its internal network segments and external networks. Segmentation permits unrelated portions of the entity's information system to be isolated from other network segments. S7.1 Considers network segmentation] | Technical security | Preventive | |
| Implement resource-isolation mechanisms in organizational networks. CC ID 16438 | Technical security | Preventive | |
| Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533 | Technical security | Preventive | |
| Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310 | Technical security | Preventive | |
| Design Demilitarized Zones with proper isolation rules. CC ID 00532 | Technical security | Preventive | |
| Restrict inbound network traffic into the Demilitarized Zone to Internet Protocol addresses within the Demilitarized Zone. CC ID 11998 | Technical security | Preventive | |
| Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993 | Technical security | Preventive | |
| Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373 | Technical security | Preventive | |
| Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821 | Technical security | Preventive | |
| Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588 | Technical security | Preventive | |
| Employ centralized management systems to configure and control networks, as necessary. CC ID 12540 | Technical security | Preventive | |
| Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903 | Technical security | Corrective | |
| Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420 | Technical security | Preventive | |
| Protect the firewall's network connection interfaces. CC ID 01955 | Technical security | Preventive | |
| Establish, implement, and maintain packet filtering requirements. CC ID 16362 | Technical security | Preventive | |
| Configure firewall filtering to only permit established connections into the network. CC ID 12482 | Technical security | Preventive | |
| Distrust relying solely on Wired Equivalent Privacy encryption for Wireless Local Area Networks. CC ID 01647 | Technical security | Preventive | |
| Conduct a Wireless Local Area Network site survey to determine the proper location for wireless access points. CC ID 00605 | Technical security | Preventive | |
| Establish, implement, and maintain a data loss prevention solution to protect Access Control Lists. CC ID 12128 [Data loss prevention processes and technologies are used to restrict a user or system's ability to exfiltrate protected information, to execute data transmission, move information stored logically or maintained in physical devices, or otherwise modify, view, reproduce or destroy such information. S7.3 Restricts the ability to perform transmission] | Technical security | Preventive | |
| Review and approve information exchange system connections. CC ID 07143 | Technical security | Preventive | |
| Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104 | Technical security | Preventive | |
| Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107 | Technical security | Preventive | |
| Block uncategorized sites using URL filtering. CC ID 12140 | Technical security | Preventive | |
| Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139 | Technical security | Detective | |
| Manage the use of encryption controls and cryptographic controls. CC ID 00570 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Technical security | Preventive | |
| Employ cryptographic controls that comply with applicable requirements. CC ID 12491 | Technical security | Preventive | |
| Make key usage for data fields unique for each device. CC ID 04828 | Technical security | Preventive | |
| Accept only trusted keys and/or certificates. CC ID 11988 | Technical security | Preventive | |
| Bind keys to each identity. CC ID 12337 | Technical security | Preventive | |
| Generate unique cryptographic keys for each user. CC ID 12169 | Technical security | Preventive | |
| Implement decryption keys so that they are not linked to user accounts. CC ID 06851 | Technical security | Preventive | |
| Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085 | Technical security | Preventive | |
| Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Preventive | |
| Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092 | Technical security | Preventive | |
| Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084 | Technical security | Preventive | |
| Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091 | Technical security | Preventive | |
| Refrain from storing encryption keys with cloud service providers when cryptographic key management services are in place locally. CC ID 13153 | Technical security | Preventive | |
| Refrain from permitting cloud service providers to manage encryption keys when cryptographic key management services are in place locally. CC ID 13154 | Technical security | Preventive | |
| Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data] | Technical security | Preventive | |
| Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492 | Technical security | Preventive | |
| Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490 | Technical security | Preventive | |
| Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416 | Technical security | Preventive | |
| Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568 | Technical security | Preventive | |
| Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021 | Technical security | Preventive | |
| Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020 | Technical security | Preventive | |
| Protect application services information transmitted over a public network from contract disputes. CC ID 12019 | Technical security | Preventive | |
| Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018 | Technical security | Preventive | |
| Install and maintain container security solutions. CC ID 16178 | Technical security | Preventive | |
| Implement audio protection controls on telephone systems in controlled areas. CC ID 16455 | Physical and environmental protection | Preventive | |
| Secure unissued access mechanisms. CC ID 06713 | Physical and environmental protection | Preventive | |
| Change cipher lock codes, as necessary. CC ID 06651 | Physical and environmental protection | Preventive | |
| Encrypt digital media containing sensitive information during transport outside controlled areas. CC ID 14258 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain on-site logical controls for all distributed assets. CC ID 11682 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain off-site logical controls for all distributed assets. CC ID 11683 | Physical and environmental protection | Preventive | |
| Remote lock any distributed assets reported lost or stolen. CC ID 14008 | Physical and environmental protection | Corrective | |
| Establish, implement, and maintain a clear screen policy. CC ID 12436 | Physical and environmental protection | Preventive | |
| Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 | Physical and environmental protection | Preventive | |
| Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 | Physical and environmental protection | Preventive | |
| Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960 | Human Resources management | Preventive | |
| Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054 | Operational management | Preventive | |
| Link the authentication system to the asset inventory. CC ID 13718 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Operational management | Preventive | |
| Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110 | Operational management | Detective | |
| Prevent users from disabling required software. CC ID 16417 | Operational management | Preventive | |
| Control remote maintenance according to the system's asset classification. CC ID 01433 | Operational management | Preventive | |
| Approve all remote maintenance sessions. CC ID 10615 | Operational management | Preventive | |
| Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 | Operational management | Preventive | |
| Employ dedicated systems during system maintenance. CC ID 12108 | Operational management | Preventive | |
| Isolate dedicated systems used for system maintenance from Internet access. CC ID 12114 | Operational management | Preventive | |
| Categorize the incident following an incident response. CC ID 13208 | Operational management | Preventive | |
| Wipe data and memory after an incident has been detected. CC ID 16850 | Operational management | Corrective | |
| Refrain from accessing compromised systems. CC ID 01752 | Operational management | Corrective | |
| Isolate compromised systems from the network. CC ID 01753 | Operational management | Corrective | |
| Change authenticators after a security incident has been detected. CC ID 06789 | Operational management | Corrective | |
| Change wireless access variables after a data loss event has been detected. CC ID 01756 | Operational management | Corrective | |
| Re-image compromised systems with secure builds. CC ID 12086 | Operational management | Corrective | |
| Integrate configuration management procedures into the incident management program. CC ID 13647 | Operational management | Preventive | |
| Respond when an integrity violation is detected, as necessary. CC ID 10678 | Operational management | Corrective | |
| Shut down systems when an integrity violation is detected, as necessary. CC ID 10679 | Operational management | Corrective | |
| Restart systems when an integrity violation is detected, as necessary. CC ID 10680 | Operational management | Corrective | |
| Configure security parameter settings on all system components appropriately. CC ID 12041 | System hardening through configuration management | Preventive | |
| Configure session timeout and reauthentication settings according to organizational standards. CC ID 12460 | System hardening through configuration management | Preventive | |
| Invalidate session identifiers upon session termination. CC ID 10649 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain container orchestration. CC ID 16350 | System hardening through configuration management | Preventive | |
| Use the latest approved version of all software. CC ID 00897 | System hardening through configuration management | Preventive | |
| Verify users are listed in the ASET userlist file. CC ID 04907 | System hardening through configuration management | Preventive | |
| Implement hardware-based write-protect for system firmware components. CC ID 10659 | System hardening through configuration management | Preventive | |
| Implement procedures to manually disable hardware-based write-protect to change computer firmware. CC ID 10660 | System hardening through configuration management | Preventive | |
| Refrain from using assertion lifetimes to limit each session. CC ID 13871 | System hardening through configuration management | Preventive | |
| Establish access requirements for SNMP community strings. CC ID 16357 | System hardening through configuration management | Preventive | |
| Restrict and control the use of privileged utility programs. CC ID 12030 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain service accounts. CC ID 13861 | System hardening through configuration management | Preventive | |
| Review the ownership of service accounts, as necessary. CC ID 13863 | System hardening through configuration management | Detective | |
| Manage access credentials for service accounts. CC ID 13862 | System hardening through configuration management | Preventive | |
| Restrict logons by specified source addresses. CC ID 16394 | System hardening through configuration management | Preventive | |
| Establish, implement, and maintain authenticators. CC ID 15305 | System hardening through configuration management | Preventive | |
| Disallow personal data in authenticators. CC ID 13864 | System hardening through configuration management | Preventive | |
| Restrict access to authentication files to authorized personnel, as necessary. CC ID 12127 | System hardening through configuration management | Preventive | |
| Protect authenticators or authentication factors from unauthorized modification and disclosure. CC ID 15317 | System hardening through configuration management | Preventive | |
| Implement safeguards to protect authenticators from unauthorized access. CC ID 15310 | System hardening through configuration management | Preventive | |
| Configure each system's security alerts to organizational standards. CC ID 12113 | System hardening through configuration management | Preventive | |
| Verify system files are not world-writable. CC ID 01546 | System hardening through configuration management | Preventive | |
| Verify backup directories containing patches are not accessible. CC ID 01547 | System hardening through configuration management | Preventive | |
| Find files and directories with extended attributes. CC ID 01552 | System hardening through configuration management | Detective | |
| Digitally sign and encrypt e-mail, as necessary. CC ID 04493 | System hardening through configuration management | Preventive | |
| Manage temporary files, as necessary. CC ID 04847 | System hardening through configuration management | Preventive | |
| Restrict the exporting of files and directories, as necessary. CC ID 16315 | System hardening through configuration management | Preventive | |
| Verify the /usr/lib/sendmail file is owned by an appropriate user or group. CC ID 05324 | System hardening through configuration management | Preventive | |
| Remove unnecessary accounts. CC ID 16476 | System hardening through configuration management | Corrective | |
| Employ multifactor authentication for accounts with administrative privilege. CC ID 12496 | System hardening through configuration management | Preventive | |
| Invoke a strong encryption method before requesting an authenticator. CC ID 11986 | System hardening through configuration management | Preventive | |
| Establish and verify the file permissions for the passwd files, the shadow files, and the group files. CC ID 01537 | System hardening through configuration management | Preventive | |
| Verify iPrint/NDPS are not on the system volume (sys). CC ID 04468 | System hardening through configuration management | Preventive | |
| Purge files immediately after deletion. CC ID 04469 | System hardening through configuration management | Preventive | |
| Refrain from accepting routes from unauthorized parties. CC ID 16397 | System hardening through configuration management | Preventive | |
| Configure wireless access to be restricted to authorized wireless networks. CC ID 12099 | System hardening through configuration management | Preventive | |
| Keep current the time synchronization technology. CC ID 12548 | System hardening through configuration management | Preventive | |
| Verify only BlackBerry Enterprise Server e-mail software and e-mail hardware is being used. CC ID 04601 | System hardening through configuration management | Preventive | |
| Verify metamessage software is not installed on BlackBerry handheld devices. CC ID 04604 | System hardening through configuration management | Preventive | |
| Configure the log to capture all URL requests. CC ID 12138 | System hardening through configuration management | Detective | |
| Configure security and protection software to check for phishing attacks. CC ID 04569 | System hardening through configuration management | Detective | |
| Establish, implement, and maintain online storage controls. CC ID 00942 | Records management | Preventive | |
| Provide encryption for different types of electronic storage media. CC ID 00945 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data {physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Records management | Preventive | |
| Protect test data in the development environment. CC ID 12014 | Systems design, build, and implementation | Preventive | |
| Refrain from allowing access rights to education records maintained by another educational institution. CC ID 13014 | Privacy protection for information and data | Preventive | |
| Display warning screens and confirmation screens for all payment transactions. CC ID 06409 | Privacy protection for information and data | Preventive | |
| Implement technical controls that limit processing restricted data for specific purposes. CC ID 12646 | Privacy protection for information and data | Preventive | |
| Employ a random number generator to create authenticators. CC ID 13782 | Privacy protection for information and data | Preventive | |
| Provide unobservability of users and resources. CC ID 04551 | Privacy protection for information and data | Preventive | |
| Protect electronic messaging information. CC ID 12022 | Privacy protection for information and data | Preventive | |
| Render unrecoverable sensitive authentication data after authorization is approved. CC ID 11952 | Privacy protection for information and data | Preventive | |
| Encrypt, truncate, or tokenize data fields, as necessary. CC ID 06850 | Privacy protection for information and data | Preventive | |
| Implement security measures to protect personal data. CC ID 13606 [The entity has policies and procedures for protecting the integrity of PI during initial and subsequent collection, creation, usage, processing, alteration, adaptation, re-organization, storage, destruction and erasure. Refer to Component S7.0. M1.0 Security for privacy] | Privacy protection for information and data | Preventive | |
Testing | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | CLASS | |
|---|---|---|---|
| Establish, implement, and maintain a self-assessment approach as part of the compliance testing strategy. CC ID 12833 | Monitoring and measurement | Preventive | |
| Test compliance controls for proper functionality. CC ID 00660 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations] | Monitoring and measurement | Detective | |
| Establish, implement, and maintain a system security plan. CC ID 01922 | Monitoring and measurement | Preventive | |
| Adhere to the system security plan. CC ID 11640 | Monitoring and measurement | Detective | |
| Validate all testing assumptions in the test plans. CC ID 00663 | Monitoring and measurement | Detective | |
| Require testing procedures to be complete. CC ID 00664 | Monitoring and measurement | Detective | |
| Determine the appropriate assessment method for each testing process in the test plan. CC ID 00665 | Monitoring and measurement | Preventive | |
| Analyze system audit reports and determine the need to perform more tests. CC ID 00666 | Monitoring and measurement | Detective | |
| Perform penetration tests, as necessary. CC ID 00655 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Monitoring and measurement | Detective | |
| Include coverage of all in scope systems during penetration testing. CC ID 11957 | Monitoring and measurement | Detective | |
| Test the system for broken access controls. CC ID 01319 | Monitoring and measurement | Detective | |
| Test the system for broken authentication and session management. CC ID 01320 | Monitoring and measurement | Detective | |
| Test the system for insecure communications. CC ID 00535 | Monitoring and measurement | Detective | |
| Test the system for cross-site scripting attacks. CC ID 01321 | Monitoring and measurement | Detective | |
| Test the system for buffer overflows. CC ID 01322 | Monitoring and measurement | Detective | |
| Test the system for injection flaws. CC ID 01323 | Monitoring and measurement | Detective | |
| Test the system for Denial of Service. CC ID 01326 | Monitoring and measurement | Detective | |
| Test the system for insecure configuration management. CC ID 01327 | Monitoring and measurement | Detective | |
| Perform network-layer penetration testing on all systems, as necessary. CC ID 01277 | Monitoring and measurement | Detective | |
| Test the system for cross-site request forgery. CC ID 06296 | Monitoring and measurement | Detective | |
| Repeat penetration testing, as necessary. CC ID 06860 | Monitoring and measurement | Detective | |
| Test the system for covert channels. CC ID 10652 | Monitoring and measurement | Detective | |
| Test systems to determine which covert channels might be exploited. CC ID 10654 | Monitoring and measurement | Detective | |
| Repeat vulnerability scanning, as necessary. CC ID 11646 | Monitoring and measurement | Detective | |
| Perform internal vulnerability scans, as necessary. CC ID 00656 | Monitoring and measurement | Detective | |
| Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039 | Monitoring and measurement | Preventive | |
| Test the system for unvalidated input. CC ID 01318 | Monitoring and measurement | Detective | |
| Test the system for proper error handling. CC ID 01324 | Monitoring and measurement | Detective | |
| Test the system for insecure data storage. CC ID 01325 | Monitoring and measurement | Detective | |
| Test the system for access control enforcement in all Uniform Resource Locators. CC ID 06297 | Monitoring and measurement | Detective | |
| Conduct onsite inspections, as necessary. CC ID 16199 | Audits and risk management | Preventive | |
| Determine the accurateness of the audit assertion's in scope system description. CC ID 06979 | Audits and risk management | Detective | |
| Determine if the in scope system has been implemented as described in the audit assertion. CC ID 06983 | Audits and risk management | Detective | |
| Determine if the audit assertion's in scope controls are reasonable. CC ID 06980 | Audits and risk management | Detective | |
| Document test plans for auditing in scope controls. CC ID 06985 | Audits and risk management | Detective | |
| Determine the implementation status of the audit assertion's in scope controls. CC ID 06981 | Audits and risk management | Detective | |
| Determine the effectiveness of in scope controls. CC ID 06984 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations] | Audits and risk management | Detective | |
| Determine any errors or material omissions in the audit assertion that affect in scope control implementations. CC ID 06990 | Audits and risk management | Detective | |
| Audit the in scope system according to the test plan using relevant evidence. CC ID 07112 | Audits and risk management | Preventive | |
| Provide transactional walkthrough procedures for external auditors. CC ID 00672 | Audits and risk management | Preventive | |
| Conduct interviews, as necessary. CC ID 07188 | Audits and risk management | Detective | |
| Include if in scope control deviations allow in scope controls to be performed acceptably in the work papers. CC ID 06987 | Audits and risk management | Detective | |
| Investigate the nature and causes of identified in scope control deviations. CC ID 06986 | Audits and risk management | Detective | |
| Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455 | Technical security | Detective | |
| Employ unique identifiers. CC ID 01273 | Technical security | Detective | |
| Authenticate user identities before unlocking an account. CC ID 11837 | Technical security | Detective | |
| Authenticate user identities before manually resetting an authenticator. CC ID 04567 | Technical security | Detective | |
| Identify the user when enrolling them in the biometric system. CC ID 06882 | Technical security | Detective | |
| Register all Domain Names associated with the organization to the organization and not an individual. CC ID 07210 | Technical security | Detective | |
| Configure firewalls to perform dynamic packet filtering. CC ID 01288 | Technical security | Detective | |
| Require the system to identify and authenticate approved devices before establishing a connection. CC ID 01429 [Persons, infrastructure, network devices and software are identified and authenticated, and their access privileges are validated prior to granting access to information assets, whether locally or remotely. S7.1 Identifies and authenticates users] | Technical security | Preventive | |
| Test cryptographic key management applications, as necessary. CC ID 04829 | Technical security | Detective | |
| Implement non-repudiation for transactions. CC ID 00567 | Technical security | Detective | |
| Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330 | Physical and environmental protection | Preventive | |
| Implement operational requirements for card readers. CC ID 02225 | Physical and environmental protection | Preventive | |
| Test locks for physical security vulnerabilities. CC ID 04880 | Physical and environmental protection | Detective | |
| Test the recovery plan, as necessary. CC ID 13290 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Operational and Systems Continuity | Detective | |
| Test the backup information, as necessary. CC ID 13303 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Operational and Systems Continuity | Detective | |
| Refrain from sharing a single point of failure between the alternate telecommunications service providers and the primary telecommunications service providers. CC ID 01397 | Operational and Systems Continuity | Detective | |
| Separate the alternate telecommunications service providers from the primary telecommunications service providers through geographic separation, so as to not be susceptible to the same hazards. CC ID 01399 | Operational and Systems Continuity | Detective | |
| Require telecommunications service providers to have adequate continuity plans. CC ID 01400 | Operational and Systems Continuity | Detective | |
| Separate the off-site electronic media storage facilities from the primary facility through geographic separation. CC ID 01390 | Operational and Systems Continuity | Detective | |
| Test backup media for media integrity and information integrity, as necessary. CC ID 01401 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Operational and Systems Continuity | Detective | |
| Test backup media at the alternate facility in addition to testing at the primary facility. CC ID 06375 | Operational and Systems Continuity | Detective | |
| Test each restored system for media integrity and information integrity. CC ID 01920 | Operational and Systems Continuity | Detective | |
| Include stakeholders when testing restored systems, as necessary. CC ID 13066 | Operational and Systems Continuity | Corrective | |
| Use available financial resources for the efficaciousness of the service continuity strategy. CC ID 01370 | Operational and Systems Continuity | Detective | |
| Establish, implement, and maintain a business continuity plan testing program. CC ID 14829 | Operational and Systems Continuity | Preventive | |
| Test the continuity plan, as necessary. CC ID 00755 [{business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Operational and Systems Continuity | Detective | |
| Include coverage of all major components in the scope of testing the continuity plan. CC ID 12767 [{business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Operational and Systems Continuity | Preventive | |
| Include third party recovery services in the scope of testing the continuity plan. CC ID 12766 | Operational and Systems Continuity | Preventive | |
| Validate the emergency communications procedures during continuity plan tests. CC ID 12777 | Operational and Systems Continuity | Preventive | |
| Include the coordination and interfaces among third parties in the coverage of the scope of testing the continuity plan. CC ID 12769 | Operational and Systems Continuity | Preventive | |
| Involve senior management, as necessary, when testing the continuity plan. CC ID 13793 | Operational and Systems Continuity | Detective | |
| Test the continuity plan under conditions that simulate a disaster or disruption. CC ID 00757 | Operational and Systems Continuity | Detective | |
| Analyze system interdependence during continuity plan tests. CC ID 13082 | Operational and Systems Continuity | Detective | |
| Validate the evacuation plans during continuity plan tests. CC ID 12760 | Operational and Systems Continuity | Preventive | |
| Test the continuity plan at the alternate facility. CC ID 01174 | Operational and Systems Continuity | Detective | |
| Coordinate testing the continuity plan with all applicable business units and critical business functions. CC ID 01388 | Operational and Systems Continuity | Preventive | |
| Review all third party's continuity plan test results. CC ID 01365 | Operational and Systems Continuity | Detective | |
| Automate the off-site testing to more thoroughly test the continuity plan. CC ID 01389 | Operational and Systems Continuity | Detective | |
| Retest the continuity plan after correcting reported deficiencies documented in the continuity plan test results. CC ID 06553 | Operational and Systems Continuity | Detective | |
| Conduct full recovery and restoration of service testing for high impact systems at the alternate facility. CC ID 01404 | Operational and Systems Continuity | Detective | |
| Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782 [The entity establishes qualifications for personnel responsible for protecting the privacy and security of PI and assigns such responsibilities only to those personnel who meet these qualifications and who have received training. M1.2 Qualifications of internal personnel] | Human Resources management | Detective | |
| Perform a drug test during personnel screening. CC ID 06648 | Human Resources management | Preventive | |
| Implement segregation of duties in roles and responsibilities. CC ID 00774 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Human Resources management | Detective | |
| Test systems for malicious code prior to when the system will be redeployed. CC ID 06339 | Operational management | Detective | |
| Conduct maintenance with authorized personnel. CC ID 01434 | Operational management | Detective | |
| Calibrate assets according to the calibration procedures for the asset. CC ID 06203 | Operational management | Detective | |
| Test for detrimental environmental factors after a system is disposed. CC ID 06938 | Operational management | Detective | |
| Assess all incidents to determine what information was accessed. CC ID 01226 | Operational management | Corrective | |
| Test incident monitoring procedures. CC ID 13194 | Operational management | Detective | |
| Test the incident response procedures. CC ID 01216 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Operational management | Detective | |
| Test network access controls for proper Configuration Management settings. CC ID 01281 | System hardening through configuration management | Detective | |
| Verify Automated Security Enhancement Tool checks the NIS+ tables, as appropriate. CC ID 04908 | System hardening through configuration management | Preventive | |
| Verify wireless peripherals meet organizational security requirements. CC ID 00657 | System hardening through configuration management | Detective | |
| Verify only necessary system files are located on the server's system volume (sys) or boot volume. CC ID 04472 | System hardening through configuration management | Preventive | |
| Use Wireless Local Area Network Network Interface Cards that turn off or disable Peer-To-Peer Wireless Local Area Network communications. CC ID 04594 | System hardening through configuration management | Detective | |
| Verify wired network interface cards and Wireless Network Interface Cards are not simultaneously active for network devices other than a Wireless Access Point. CC ID 04596 | System hardening through configuration management | Detective | |
| Configure security and protection software to check for up-to-date signature files. CC ID 00576 | System hardening through configuration management | Detective | |
| Configure security and protection software to check e-mail messages. CC ID 00578 | System hardening through configuration management | Preventive | |
| Perform vulnerability testing before final installation. CC ID 00884 | System hardening through configuration management | Detective | |
| Maintain continued integrity for all stored data and stored records. CC ID 00969 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity] | Records management | Detective | |
| Destroy electronic storage media following the storage media disposition and destruction procedures. CC ID 00970 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Records management | Detective | |
| Maintain media sanitization equipment in operational condition. CC ID 00721 | Records management | Detective | |
| Perform Quality Management on all newly developed or modified systems. CC ID 01100 | Systems design, build, and implementation | Detective | |
| Restrict production data from being used in the test environment. CC ID 01103 | Systems design, build, and implementation | Detective | |
| Test all software changes before promoting the system to a production environment. CC ID 01106 | Systems design, build, and implementation | Detective | |
| Test security functionality during the development process. CC ID 12015 | Systems design, build, and implementation | Preventive | |
| Review and test custom code to identify potential coding vulnerabilities. CC ID 01316 | Systems design, build, and implementation | Detective | |
| Review and test source code. CC ID 01086 | Systems design, build, and implementation | Detective | |
| Correct code anomalies and code deficiencies in custom code and retest before release. CC ID 06292 | Systems design, build, and implementation | Corrective | |
| Approve all custom code test results before code is released. CC ID 06293 | Systems design, build, and implementation | Detective | |
| Refrain from storing data elements containing payment card full magnetic stripe data. CC ID 04757 | Privacy protection for information and data | Detective | |
| Implement physical controls to protect personal data. CC ID 00355 | Privacy protection for information and data | Preventive | |
| Conduct personal data risk assessments. CC ID 00357 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Privacy protection for information and data | Detective | |
| Conduct internal data processing audits. CC ID 00374 | Privacy protection for information and data | Detective | |
| Refrain from subjecting individuals to retaliation or intimidation after a complaint is created. CC ID 06218 | Privacy protection for information and data | Detective | |
| Record restricted data correctly. CC ID 00089 | Privacy protection for information and data | Detective | |
| Include third party acknowledgment of their data protection responsibilities in third party contracts. CC ID 01364 | Third Party and supply chain oversight | Detective | |
Common Controls andThere are three types of Common Control classifications; corrective, detective, and preventive. Common Controls at the top level have the default assignment of Impact Zone.
Corrective | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
|---|---|---|---|
| Correct errors and deficiencies in a timely manner. CC ID 13501 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations {dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Leadership and high level objectives | Business Processes | |
| Include management's assertions on the effectiveness of internal control in the Statement on Internal Control. CC ID 14771 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Update or adjust fraud detection systems, as necessary. CC ID 13684 | Monitoring and measurement | Process or Activity | |
| Reduce the maximum bandwidth of covert channels. CC ID 10655 | Monitoring and measurement | Technical Security | |
| Update the vulnerability scanners' vulnerability list. CC ID 10634 | Monitoring and measurement | Configuration | |
| Notify the interested personnel and affected parties after the failure of an automated security test. CC ID 06748 | Monitoring and measurement | Behavior | |
| Perform vulnerability assessments, as necessary. CC ID 11828 | Monitoring and measurement | Technical Security | |
| Correct or mitigate vulnerabilities. CC ID 12497 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Monitoring and measurement | Technical Security | |
| Establish, implement, and maintain an exception management process for vulnerabilities that cannot be remediated. CC ID 13859 | Monitoring and measurement | Technical Security | |
| Determine the causes of compliance violations. CC ID 12401 | Monitoring and measurement | Investigate | |
| Correct compliance violations. CC ID 13515 [The entity takes remedial action in response to misuse of PI by a third party to whom the entity has transferred such information. D6.5 Remediates misuse of PI by third parties The entity takes remedial action in response to misuse of PI by a third party to whom the entity has transferred such information. D6.6 Remediates misuse of PI by third parties The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Monitoring and measurement | Process or Activity | |
| Carry out disciplinary actions when a compliance violation is detected. CC ID 06675 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Monitoring and measurement | Behavior | |
| Report compliance monitoring statistics to the Board of Directors and other critical stakeholders, as necessary. CC ID 00676 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Monitoring and measurement | Actionable Reports or Measurements | |
| Withdraw from the audit, when defined conditions exist. CC ID 13885 | Audits and risk management | Process or Activity | |
| Implement a corrective action plan in response to the audit report. CC ID 06777 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Audits and risk management | Establish/Maintain Documentation | |
| Monitor and report on the status of mitigation actions in the corrective action plan. CC ID 15250 | Audits and risk management | Actionable Reports or Measurements | |
| Notify the user when an authentication is attempted using an expired authenticator. CC ID 13818 | Technical security | Communicate | |
| Revoke asset access when a personnel status change occurs or an individual is terminated. CC ID 00516 [Processes are in place to remove physical access to facilities and system resources when an individual no longer requires access. S7.2 Removes physical access] | Technical security | Behavior | |
| Review and update accounts and access rights when notified of personnel status changes. CC ID 00788 | Technical security | Behavior | |
| Remove inactive user accounts, as necessary. CC ID 00517 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Technical Security | |
| Remove temporary user accounts, as necessary. CC ID 11839 | Technical security | Technical Security | |
| Implement out-of-band authentication, as necessary. CC ID 10606 | Technical security | Technical Security | |
| Disseminate and communicate the access control procedures to all interested personnel and affected parties. CC ID 14123 | Technical security | Communicate | |
| Tune the biometric identification equipment, as necessary. CC ID 07077 | Technical security | Configuration | |
| Include reviewing the rulesets for firewalls and routers in the firewall and router configuration standard, as necessary. CC ID 11903 | Technical security | Technical Security | |
| Quarantine data that fails security tests. CC ID 16500 | Technical security | Data and Information Management | |
| Revoke membership in the whitelist, as necessary. CC ID 13827 | Technical security | Establish/Maintain Documentation | |
| Revoke old cryptographic keys or invalid cryptographic keys immediately. CC ID 01307 | Technical security | Data and Information Management | |
| Replace known or suspected compromised cryptographic keys immediately. CC ID 01306 | Technical security | Data and Information Management | |
| Change access requirements to organizational assets for personnel and visitors, as necessary. CC ID 12463 | Physical and environmental protection | Physical and Environmental Protection | |
| Document all lost badges in a lost badge list. CC ID 12448 | Physical and environmental protection | Establish/Maintain Documentation | |
| Remote lock any distributed assets reported lost or stolen. CC ID 14008 | Physical and environmental protection | Technical Security | |
| Remote wipe any distributed asset reported lost or stolen. CC ID 12197 | Physical and environmental protection | Process or Activity | |
| Unpair missing Bluetooth devices. CC ID 12428 | Physical and environmental protection | Physical and Environmental Protection | |
| Remove dormant systems from the network, as necessary. CC ID 13727 | Physical and environmental protection | Process or Activity | |
| Log an incident if unauthorized restricted data or unauthorized restricted information is discovered on a mobile device. CC ID 08708 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain the continuity procedures. CC ID 14236 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Reconfigure restored systems to meet the Recovery Point Objectives. CC ID 01256 | Operational and Systems Continuity | Configuration | |
| Reconfigure restored systems to meet the Recovery Time Objectives. CC ID 11693 | Operational and Systems Continuity | Process or Activity | |
| Establish, implement, and maintain physical hazard segregation or removal procedures. CC ID 01248 | Operational and Systems Continuity | Physical and Environmental Protection | |
| Include stakeholders when testing restored systems, as necessary. CC ID 13066 | Operational and Systems Continuity | Testing | |
| Identify who can speak to the media in the emergency communications procedures. CC ID 12761 | Operational and Systems Continuity | Communicate | |
| Rotate members of the board of directors, as necessary. CC ID 14803 | Human Resources management | Human Resources Management | |
| Identify discrepancies between the asset register database and the Information Technology inventory, as necessary. CC ID 07052 | Operational management | Monitor and Evaluate Occurrences | |
| Investigate and resolve discrepancies between the asset register database and the Information Technology inventory. CC ID 07053 | Operational management | Monitor and Evaluate Occurrences | |
| Refrain from protecting physical assets when no longer required. CC ID 13484 | Operational management | Physical and Environmental Protection | |
| Determine the incident severity level when assessing the security incidents. CC ID 01650 | Operational management | Monitor and Evaluate Occurrences | |
| Escalate incidents, as necessary. CC ID 14861 | Operational management | Monitor and Evaluate Occurrences | |
| Include support from law enforcement authorities when conducting incident response activities, as necessary. CC ID 13197 | Operational management | Process or Activity | |
| Respond to all alerts from security systems in a timely manner. CC ID 06434 | Operational management | Behavior | |
| Coordinate incident response activities with interested personnel and affected parties. CC ID 13196 | Operational management | Process or Activity | |
| Contain the incident to prevent further loss. CC ID 01751 | Operational management | Process or Activity | |
| Wipe data and memory after an incident has been detected. CC ID 16850 | Operational management | Technical Security | |
| Refrain from accessing compromised systems. CC ID 01752 | Operational management | Technical Security | |
| Isolate compromised systems from the network. CC ID 01753 | Operational management | Technical Security | |
| Store system logs for in scope systems as digital forensic evidence after a security incident has been detected. CC ID 01754 | Operational management | Log Management | |
| Change authenticators after a security incident has been detected. CC ID 06789 | Operational management | Technical Security | |
| Assess all incidents to determine what information was accessed. CC ID 01226 | Operational management | Testing | |
| Check the precursors and indicators when assessing the security incidents. CC ID 01761 | Operational management | Monitor and Evaluate Occurrences | |
| Share incident information with interested personnel and affected parties. CC ID 01212 | Operational management | Data and Information Management | |
| Share data loss event information with the media. CC ID 01759 | Operational management | Behavior | |
| Share data loss event information with interconnected system owners. CC ID 01209 | Operational management | Establish/Maintain Documentation | |
| Report data loss event information to breach notification organizations. CC ID 01210 | Operational management | Data and Information Management | |
| Report to breach notification organizations the time frame in which the organization will send data loss event notifications to interested personnel and affected parties. CC ID 04731 | Operational management | Behavior | |
| Notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00365 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5 The entity provides notification of breaches and incidents to affected data subjects, regulators and others to meet the entity's objectives related to privacy. D6.6 The entity has a process for providing notice of breaches and incidents to affected data subjects, regulators and others to meet the entity's objectives related to privacy. D6.6 Provides notice of beaches and incidents {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Operational management | Behavior | |
| Delay sending incident response notifications under predetermined conditions. CC ID 00804 | Operational management | Behavior | |
| Establish, implement, and maintain incident response notifications. CC ID 12975 | Operational management | Establish/Maintain Documentation | |
| Provide enrollment information for identity theft prevention services or identity theft mitigation services. CC ID 13767 | Operational management | Communicate | |
| Offer identity theft prevention services or identity theft mitigation services at no cost to the affected parties. CC ID 13766 | Operational management | Business Processes | |
| Send paper incident response notifications to affected parties, as necessary. CC ID 00366 | Operational management | Behavior | |
| Determine if a substitute incident response notification is permitted if notifying affected parties. CC ID 00803 | Operational management | Behavior | |
| Use a substitute incident response notification to notify interested personnel and affected parties of the privacy breach that affects their personal data. CC ID 00368 | Operational management | Behavior | |
| Telephone incident response notifications to affected parties, as necessary. CC ID 04650 | Operational management | Behavior | |
| Publish the incident response notification in a general circulation periodical. CC ID 04651 | Operational management | Behavior | |
| Send electronic incident response notifications to affected parties, as necessary. CC ID 00367 | Operational management | Behavior | |
| Notify interested personnel and affected parties of the privacy breach about any recovered restricted data. CC ID 13347 | Operational management | Communicate | |
| Include incident recovery procedures in the Incident Management program. CC ID 01758 | Operational management | Establish/Maintain Documentation | |
| Change wireless access variables after a data loss event has been detected. CC ID 01756 | Operational management | Technical Security | |
| Eradicate the cause of the incident after the incident has been contained. CC ID 01757 | Operational management | Business Processes | |
| Implement security controls for personnel that have accessed information absent authorization. CC ID 10611 | Operational management | Human Resources Management | |
| Re-image compromised systems with secure builds. CC ID 12086 | Operational management | Technical Security | |
| Establish, implement, and maintain temporary and emergency access authorization procedures. CC ID 00858 | Operational management | Establish/Maintain Documentation | |
| Include the organizational functions affected by disruption in the Incident Management audit log. CC ID 12238 | Operational management | Log Management | |
| Respond when an integrity violation is detected, as necessary. CC ID 10678 | Operational management | Technical Security | |
| Shut down systems when an integrity violation is detected, as necessary. CC ID 10679 | Operational management | Technical Security | |
| Restart systems when an integrity violation is detected, as necessary. CC ID 10680 | Operational management | Technical Security | |
| Change the authenticator for shared accounts when the group membership changes. CC ID 14249 | System hardening through configuration management | Business Processes | |
| Configure the look-up secret authenticator to dispose of memorized secrets after their use. CC ID 13817 | System hardening through configuration management | Configuration | |
| Remove unnecessary accounts. CC ID 16476 | System hardening through configuration management | Technical Security | |
| Change default usernames, as necessary. CC ID 14661 | System hardening through configuration management | Configuration | |
| Disable or delete shared User IDs. CC ID 12478 | System hardening through configuration management | Configuration | |
| Disable or delete generic user IDs. CC ID 12479 | System hardening through configuration management | Configuration | |
| Reset wireless access points, as necessary. CC ID 14317 | System hardening through configuration management | Process or Activity | |
| Configure payment applications to become disabled when suspicious activity is detected. CC ID 12221 | System hardening through configuration management | Configuration | |
| Correct code anomalies and code deficiencies in custom code and retest before release. CC ID 06292 | Systems design, build, and implementation | Testing | |
| Document any reasons acknowledgment of the privacy notice was not received. CC ID 14434 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Amend education records within a reasonable period after receiving a record amendment request. CC ID 12998 | Privacy protection for information and data | Records Management | |
| Decide whether to amend education records based on evidence presented during a hearing. CC ID 13020 | Privacy protection for information and data | Records Management | |
| Remove certification marks of privacy programs the organization is no longer a member of from the privacy policy. CC ID 12368 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Remove any privacy programs the organization is not a member of from the privacy policy. CC ID 12367 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disseminate private communications when required by law. CC ID 14335 | Privacy protection for information and data | Communicate | |
| Include any reasons for delay if notifying the supervisory authority after the time limit. CC ID 12675 | Privacy protection for information and data | Communicate | |
| Allow authorized individuals to authenticate record entries containing personal data. CC ID 11812 | Privacy protection for information and data | Records Management | |
| Notify the subject of care when a lack of availability of health information systems might have adversely affected their care. CC ID 13990 | Privacy protection for information and data | Communicate | |
| Refrain from disseminating and communicating with individuals that have opted out of direct marketing communications. CC ID 13708 | Privacy protection for information and data | Communicate | |
| Refrain from disclosing a security breach if an investigation concludes none has occurred. CC ID 13086 | Privacy protection for information and data | Communicate | |
| Notify the data subject when personal data has been inadvertently disclosed. CC ID 13989 | Privacy protection for information and data | Communicate | |
| Report fraudulent account activity, unauthorized transactions, or discrepancies with current accounts. CC ID 04875 | Privacy protection for information and data | Monitor and Evaluate Occurrences | |
| Take appropriate action when a data leakage is discovered. CC ID 14716 | Privacy protection for information and data | Process or Activity | |
| Implement procedures to file privacy rights violation complaints. CC ID 00476 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1 A process is in place to address inquiries, complaints and disputes. M9.1 Addresses inquiries, complaints and disputes] | Privacy protection for information and data | Data and Information Management | |
| File privacy rights violation complaints in writing. CC ID 00477 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the acts or omissions that are in violation of privacy rights in the privacy rights violation complaint. CC ID 14360 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide assistance to data subjects for filing privacy rights violation complaints. CC ID 00478 | Privacy protection for information and data | Behavior | |
| File privacy rights violation complaints inside the mandate stipulated from the refusal. CC ID 00479 | Privacy protection for information and data | Behavior | |
| Change or destroy any personal data that is incorrect. CC ID 00462 [The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Privacy protection for information and data | Data and Information Management | |
| Notify the data subject of changes made to personal data as the result of a dispute. CC ID 00463 | Privacy protection for information and data | Behavior | |
| Escalate the appeal process to change personal data when the data controller fails to make changes to the disputed data. CC ID 00465 | Privacy protection for information and data | Data and Information Management | |
| Notify the data subject of which and why disputed changes were not made to personal data. CC ID 00466 [The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Privacy protection for information and data | Behavior | |
| Notify entities to whom personal data was transferred that the personal data is wrong, along with the corrections. CC ID 00467 [Data subjects are able to update or correct PI held by the entity. The entity provides such updated or corrected information to third parties that were previously provided with the data subject's PI consistent with the entity's objective related to privacy. A5.2 Permits data subjects to update or correct PI The entity corrects, amends or appends PI based on information provided by data subjects and communicates such information to third parties, as committed or required, to meet the entity's objectives related to privacy. If a request for correction is denied, data subjects are informed of the denial and reason for such denial to meet the entity's objectives related to privacy. A5.2] | Privacy protection for information and data | Behavior | |
| Order the cessation of data processing when a violation of the privacy policy is detected. CC ID 00475 | Privacy protection for information and data | Data and Information Management | |
| Cooperate with authorities during a privacy rights violation complaint investigation. CC ID 14364 | Privacy protection for information and data | Business Processes | |
| Notify respondents after a privacy rights violation complaint investigation has been resolved. CC ID 13513 [Each complaint is addressed and the resolution is documented and communicated to the individual. M9.1 Documents and communicates dispute resolution and recourse] | Privacy protection for information and data | Communicate | |
| Create an investigative report in regards to a privacy rights violation complaint. CC ID 00495 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Respond to an investigative report in regards to a privacy rights violation complaint. CC ID 00496 | Privacy protection for information and data | Behavior | |
| Order the organization to change to be in compliance with applicable law. CC ID 00499 | Privacy protection for information and data | Behavior | |
| Order the organization to publish a notice with the corrections or actions taken. CC ID 00500 | Privacy protection for information and data | Behavior | |
| Award damages based on applicable law. CC ID 00501 | Privacy protection for information and data | Behavior | |
| Destroy personal data that breaches privacy after the privacy breach has been detected. CC ID 00503 | Privacy protection for information and data | Data and Information Management | |
Detective | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
|---|---|---|---|
| Approve the data classification scheme. CC ID 13858 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Analyze organizational policies, as necessary. CC ID 14037 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Map in scope assets and in scope records to external requirements. CC ID 12189 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the counterterror protective security plan test results in the Statement on Internal Control. CC ID 06867 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include all compliance exceptions in the compliance exception standard. CC ID 01630 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish and maintain a compliance oversight committee. CC ID 00765 [The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Leadership and high level objectives | Establish Roles | |
| Review and document the meetings and actions of the Board of Directors or audit committee in the Board Report. CC ID 01151 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Provide critical project reports to the compliance oversight committee in a timely manner. CC ID 01183 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain logging and monitoring operations. CC ID 00637 | Monitoring and measurement | Log Management | |
| Monitor systems for inappropriate usage and other security violations. CC ID 00585 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Monitor systems for blended attacks and multiple component incidents. CC ID 01225 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Monitor systems for Denial of Service attacks. CC ID 01222 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Monitor systems for access to restricted data or restricted information. CC ID 04721 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Assign roles and responsibilities for overseeing access to restricted data or restricted information. CC ID 11950 | Monitoring and measurement | Human Resources Management | |
| Detect unauthorized access to systems. CC ID 06798 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Incorporate potential red flags into the organization's incident management system. CC ID 04652 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Alert interested personnel when suspicious activity is detected by an Intrusion Detection System or Intrusion Prevention System. CC ID 06430 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Alert interested personnel and affected parties when an incident causes an outage. CC ID 06808 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Operationalize key monitoring and logging concepts to ensure the audit trails capture sufficient information. CC ID 00638 | Monitoring and measurement | Log Management | |
| Enable logging for all systems that meet a traceability criteria. CC ID 00640 | Monitoring and measurement | Log Management | |
| Analyze firewall logs for the correct capturing of data. CC ID 00549 | Monitoring and measurement | Log Management | |
| Monitor and evaluate system performance. CC ID 00651 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain a continuous monitoring program for configuration management. CC ID 06757 | Monitoring and measurement | Establish/Maintain Documentation | |
| Monitor and evaluate user account activity. CC ID 07066 [User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Log account usage to determine dormant accounts. CC ID 12118 | Monitoring and measurement | Log Management | |
| Log account usage times. CC ID 07099 | Monitoring and measurement | Log Management | |
| Generate daily reports of user logons during hours outside of their usage profile. CC ID 07068 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Generate daily reports of users who have grossly exceeded their usage profile logon duration. CC ID 07069 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Log account usage durations. CC ID 12117 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Notify the appropriate personnel after identifying dormant accounts. CC ID 12125 | Monitoring and measurement | Communicate | |
| Log Internet Protocol addresses used during logon. CC ID 07100 | Monitoring and measurement | Log Management | |
| Report red flags when logon credentials are used on a computer different from the one in the usage profile. CC ID 07070 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Report inappropriate usage of user accounts to the appropriate personnel. CC ID 14243 | Monitoring and measurement | Communicate | |
| Monitor and evaluate environmental threats. CC ID 13481 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Test compliance controls for proper functionality. CC ID 00660 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations] | Monitoring and measurement | Testing | |
| Adhere to the system security plan. CC ID 11640 | Monitoring and measurement | Testing | |
| Validate all testing assumptions in the test plans. CC ID 00663 | Monitoring and measurement | Testing | |
| Require testing procedures to be complete. CC ID 00664 | Monitoring and measurement | Testing | |
| Analyze system audit reports and determine the need to perform more tests. CC ID 00666 | Monitoring and measurement | Testing | |
| Monitor devices continuously for conformance with production specifications. CC ID 06201 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Test security systems and associated security procedures, as necessary. CC ID 11901 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Monitoring and measurement | Technical Security | |
| Perform penetration tests, as necessary. CC ID 00655 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Monitoring and measurement | Testing | |
| Perform internal penetration tests, as necessary. CC ID 12471 | Monitoring and measurement | Technical Security | |
| Perform external penetration tests, as necessary. CC ID 12470 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Monitoring and measurement | Technical Security | |
| Include coverage of all in scope systems during penetration testing. CC ID 11957 | Monitoring and measurement | Testing | |
| Test the system for broken access controls. CC ID 01319 | Monitoring and measurement | Testing | |
| Test the system for broken authentication and session management. CC ID 01320 | Monitoring and measurement | Testing | |
| Test the system for insecure communications. CC ID 00535 | Monitoring and measurement | Testing | |
| Test the system for cross-site scripting attacks. CC ID 01321 | Monitoring and measurement | Testing | |
| Test the system for buffer overflows. CC ID 01322 | Monitoring and measurement | Testing | |
| Test the system for injection flaws. CC ID 01323 | Monitoring and measurement | Testing | |
| Test the system for Denial of Service. CC ID 01326 | Monitoring and measurement | Testing | |
| Test the system for insecure configuration management. CC ID 01327 | Monitoring and measurement | Testing | |
| Perform network-layer penetration testing on all systems, as necessary. CC ID 01277 | Monitoring and measurement | Testing | |
| Test the system for cross-site request forgery. CC ID 06296 | Monitoring and measurement | Testing | |
| Perform application-layer penetration testing on all systems, as necessary. CC ID 11630 | Monitoring and measurement | Technical Security | |
| Perform penetration testing on segmentation controls, as necessary. CC ID 12498 | Monitoring and measurement | Technical Security | |
| Verify segmentation controls are operational and effective. CC ID 12545 | Monitoring and measurement | Audits and Risk Management | |
| Repeat penetration testing, as necessary. CC ID 06860 | Monitoring and measurement | Testing | |
| Test the system for covert channels. CC ID 10652 | Monitoring and measurement | Testing | |
| Estimate the maximum bandwidth of any covert channels. CC ID 10653 | Monitoring and measurement | Technical Security | |
| Test systems to determine which covert channels might be exploited. CC ID 10654 | Monitoring and measurement | Testing | |
| Perform vulnerability scans, as necessary. CC ID 11637 | Monitoring and measurement | Technical Security | |
| Repeat vulnerability scanning, as necessary. CC ID 11646 | Monitoring and measurement | Testing | |
| Identify and document security vulnerabilities. CC ID 11857 | Monitoring and measurement | Technical Security | |
| Rank discovered vulnerabilities. CC ID 11940 | Monitoring and measurement | Investigate | |
| Assign vulnerability scanning to qualified personnel or external third parties. CC ID 11638 | Monitoring and measurement | Technical Security | |
| Correlate vulnerability scan reports from the various systems. CC ID 10636 | Monitoring and measurement | Technical Security | |
| Perform internal vulnerability scans, as necessary. CC ID 00656 | Monitoring and measurement | Testing | |
| Perform vulnerability scans prior to installing payment applications. CC ID 12192 | Monitoring and measurement | Technical Security | |
| Implement scanning tools, as necessary. CC ID 14282 | Monitoring and measurement | Technical Security | |
| Repeat vulnerability scanning after an approved change occurs. CC ID 12468 | Monitoring and measurement | Technical Security | |
| Perform external vulnerability scans, as necessary. CC ID 11624 | Monitoring and measurement | Technical Security | |
| Use automated mechanisms to compare new vulnerability scan reports with past vulnerability scan reports. CC ID 10635 | Monitoring and measurement | Technical Security | |
| Review applications for security vulnerabilities after the application is updated. CC ID 11938 | Monitoring and measurement | Technical Security | |
| Test the system for unvalidated input. CC ID 01318 | Monitoring and measurement | Testing | |
| Test the system for proper error handling. CC ID 01324 | Monitoring and measurement | Testing | |
| Test the system for insecure data storage. CC ID 01325 | Monitoring and measurement | Testing | |
| Test the system for access control enforcement in all Uniform Resource Locators. CC ID 06297 | Monitoring and measurement | Testing | |
| Report on the percentage of critical assets for which an assurance strategy is implemented. CC ID 01657 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of key organizational functions for which an assurance strategy is implemented. CC ID 01658 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of key compliance requirements for which an assurance strategy has been implemented. CC ID 01659 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of the Information System budget allocated to Information Security. CC ID 04571 | Monitoring and measurement | Actionable Reports or Measurements | |
| Monitor personnel and third parties for compliance to the organizational compliance framework. CC ID 04726 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Align enforcement reviews for non-compliance with organizational risk tolerance. CC ID 13063 | Monitoring and measurement | Business Processes | |
| Determine if multiple compliance violations of the same type could occur. CC ID 12402 | Monitoring and measurement | Investigate | |
| Review the effectiveness of disciplinary actions carried out for compliance violations. CC ID 12403 | Monitoring and measurement | Investigate | |
| Report on the policies and controls that have been implemented by management. CC ID 01670 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of security management roles that have been assigned. CC ID 01671 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of board meetings or committee meetings at which Information Assurance was on the agenda. CC ID 01672 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of supply chain members for which all Information Assurance requirements have been implemented. CC ID 01675 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of organizational units that have an established Business Continuity Plan. CC ID 01676 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of organizational units with a documented Business Continuity Plan for which specific responsibilities have been assigned. CC ID 02057 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of Business Continuity Plans that have been reviewed, tested, and updated. CC ID 02058 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of needed internal audits that have been completed and reviewed. CC ID 01677 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of Information Security requirements from applicable laws and regulations that are included in the audit program. CC ID 02069 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of needed external audits that have been completed and reviewed. CC ID 11632 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of Information Security audits conducted in compliance with the approved audit program. CC ID 02070 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of audit findings that have been resolved since the last audit. CC ID 01678 | Monitoring and measurement | Actionable Reports or Measurements | |
| Report on the percentage of management actions in response to audit findings and audit recommendations that were implemented in a timely way. CC ID 02071 | Monitoring and measurement | Actionable Reports or Measurements | |
| Identify hypothetical assumptions in forecasts and projections during an audit. CC ID 13946 | Audits and risk management | Audits and Risk Management | |
| Refrain from examining forecasts and projections which refrain from disclosing assumptions during an audit. CC ID 13932 | Audits and risk management | Audits and Risk Management | |
| Audit cybersecurity risk management within the policies, standards, and procedures of the organization. CC ID 13011 | Audits and risk management | Investigate | |
| Audit information systems, as necessary. CC ID 13010 | Audits and risk management | Investigate | |
| Audit the potential costs of compromise to information systems. CC ID 13012 | Audits and risk management | Investigate | |
| Determine the accurateness of the audit assertion's in scope system description. CC ID 06979 | Audits and risk management | Testing | |
| Determine if the in scope system has been implemented as described in the audit assertion. CC ID 06983 | Audits and risk management | Testing | |
| Investigate the nature and causes of misstatements in the audit assertion's in scope system description. CC ID 16557 | Audits and risk management | Audits and Risk Management | |
| Determine the effect of fraud and non-compliance on the description of the system in the audit assertion, as necessary. CC ID 13977 | Audits and risk management | Process or Activity | |
| Determine if the audit assertion's in scope controls are reasonable. CC ID 06980 | Audits and risk management | Testing | |
| Determine the effect of fraud and non-compliance on the achievement of in scope controls in the audit assertion, as necessary. CC ID 13978 | Audits and risk management | Process or Activity | |
| Document test plans for auditing in scope controls. CC ID 06985 | Audits and risk management | Testing | |
| Determine the implementation status of the audit assertion's in scope controls. CC ID 06981 | Audits and risk management | Testing | |
| Determine the effectiveness of in scope controls. CC ID 06984 [{be ongoing}{privacy control}{design effectiveness} The entity has a process for performing ongoing and separate evaluations of the design and operating effectiveness of information privacy and security controls and for addressing any identified control deficiencies. M1.3 Ongoing and separate evaluations] | Audits and risk management | Testing | |
| Review incident management audit logs to determine the effectiveness of in scope controls. CC ID 12157 | Audits and risk management | Audits and Risk Management | |
| Review audit reports to determine the effectiveness of in scope controls. CC ID 12156 | Audits and risk management | Audits and Risk Management | |
| Observe processes to determine the effectiveness of in scope controls. CC ID 12155 | Audits and risk management | Audits and Risk Management | |
| Interview stakeholders to determine the effectiveness of in scope controls. CC ID 12154 | Audits and risk management | Audits and Risk Management | |
| Review policies and procedures to determine the effectiveness of in scope controls. CC ID 12144 | Audits and risk management | Audits and Risk Management | |
| Evaluate personnel status changes to determine the effectiveness of in scope controls. CC ID 16556 | Audits and risk management | Audits and Risk Management | |
| Determine whether individuals performing a control have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 16555 | Audits and risk management | Audits and Risk Management | |
| Determine any errors or material omissions in the audit assertion that affect in scope control implementations. CC ID 06990 | Audits and risk management | Testing | |
| Conduct interviews, as necessary. CC ID 07188 | Audits and risk management | Testing | |
| Verify statements made by interviewees are correct. CC ID 16299 | Audits and risk management | Behavior | |
| Discuss unsolved questions with the interviewee. CC ID 16298 | Audits and risk management | Process or Activity | |
| Allow interviewee to respond to explanations. CC ID 16296 | Audits and risk management | Process or Activity | |
| Explain the requirements being discussed to the interviewee. CC ID 16294 | Audits and risk management | Process or Activity | |
| Explain the goals of the interview to the interviewee. CC ID 07189 | Audits and risk management | Behavior | |
| Include if the audit evidence has identified in scope control deficiencies in the work papers. CC ID 07152 | Audits and risk management | Audits and Risk Management | |
| Include if in scope control deviations allow in scope controls to be performed acceptably in the work papers. CC ID 06987 | Audits and risk management | Testing | |
| Investigate the nature and causes of identified in scope control deviations. CC ID 06986 | Audits and risk management | Testing | |
| Disseminate and communicate the reviews of audit reports to organizational management. CC ID 00653 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Audits and risk management | Log Management | |
| Review management's response to issues raised in past audit reports. CC ID 01149 | Audits and risk management | Audits and Risk Management | |
| Identify information system users. CC ID 12081 | Technical security | Technical Security | |
| Review user accounts. CC ID 00525 | Technical security | Technical Security | |
| Match user accounts to authorized parties. CC ID 12126 | Technical security | Configuration | |
| Identify and authenticate processes running on information systems that act on behalf of users. CC ID 12082 | Technical security | Technical Security | |
| Review shared accounts. CC ID 11840 | Technical security | Technical Security | |
| Disallow application IDs from running as privileged users. CC ID 10050 | Technical security | Configuration | |
| Perform a risk assessment prior to activating third party access to the organization's critical systems. CC ID 06455 | Technical security | Testing | |
| Notify interested personnel when user accounts are added or deleted. CC ID 14327 | Technical security | Communicate | |
| Employ unique identifiers. CC ID 01273 | Technical security | Testing | |
| Authenticate user identities before unlocking an account. CC ID 11837 | Technical security | Testing | |
| Authenticate user identities before manually resetting an authenticator. CC ID 04567 | Technical security | Testing | |
| Identify the user when enrolling them in the biometric system. CC ID 06882 | Technical security | Testing | |
| Place Intrusion Detection Systems and Intrusion Response Systems in network locations where they will be the most effective. CC ID 04589 | Technical security | Technical Security | |
| Use a passive asset inventory discovery tool to identify assets when network mapping. CC ID 13735 | Technical security | Process or Activity | |
| Use an active asset inventory discovery tool to identify sensitive information for data flow diagrams. CC ID 13737 | Technical security | Process or Activity | |
| Establish, implement, and maintain a sensitive information inventory. CC ID 13736 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Technical security | Establish/Maintain Documentation | |
| Register all Domain Names associated with the organization to the organization and not an individual. CC ID 07210 | Technical security | Testing | |
| Include testing and approving all network connections through the firewall in the firewall and router configuration standard. CC ID 01270 | Technical security | Process or Activity | |
| Configure security alerts in firewalls to include the source Internet protocol address and destination Internet protocol address associated with long sessions. CC ID 12174 | Technical security | Configuration | |
| Configure firewalls to perform dynamic packet filtering. CC ID 01288 | Technical security | Testing | |
| Configure network access and control points to organizational standards. CC ID 12442 | Technical security | Configuration | |
| Subscribe to a URL categorization service to maintain website category definitions in the URL filter list. CC ID 12139 | Technical security | Technical Security | |
| Test cryptographic key management applications, as necessary. CC ID 04829 | Technical security | Testing | |
| Implement non-repudiation for transactions. CC ID 00567 | Technical security | Testing | |
| Inspect telephones for eavesdropping devices. CC ID 02223 | Physical and environmental protection | Physical and Environmental Protection | |
| Detect anomalies in physical barriers. CC ID 13533 | Physical and environmental protection | Investigate | |
| Secure physical entry points with physical access controls or security guards. CC ID 01640 [The entity requires individuals to be issued a proximity badge and has implemented proximity control mechanisms that require an individual to authenticate their identity via proximity card reading devices prior to gaining access to internal locations within the entity's data centers, office spaces, document storage locations, work areas and environmental control system locations. S7.2 Internal physical access control] | Physical and environmental protection | Physical and Environmental Protection | |
| Test locks for physical security vulnerabilities. CC ID 04880 | Physical and environmental protection | Testing | |
| Lock all lockable equipment cabinets. CC ID 11673 | Physical and environmental protection | Physical and Environmental Protection | |
| Monitor for unauthorized physical access at physical entry points and physical exit points. CC ID 01638 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Report anomalies in the visitor log to appropriate personnel. CC ID 14755 | Physical and environmental protection | Investigate | |
| Log when the vault is accessed. CC ID 06725 | Physical and environmental protection | Log Management | |
| Log when the cabinet is accessed. CC ID 11674 | Physical and environmental protection | Log Management | |
| Observe restricted areas with motion detectors or closed-circuit television systems. CC ID 01328 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Review and correlate all data collected from video cameras and/or access control mechanisms with other entries. CC ID 11609 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Monitor physical entry point alarms. CC ID 01639 | Physical and environmental protection | Physical and Environmental Protection | |
| Evaluate and react to when unauthorized access is detected by physical entry point alarms. CC ID 11677 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Monitor for alarmed security doors being propped open. CC ID 06684 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Track restricted storage media while it is in transit. CC ID 00967 | Physical and environmental protection | Data and Information Management | |
| Attach asset location technologies to distributed assets. CC ID 10626 | Physical and environmental protection | Physical and Environmental Protection | |
| Monitor the location of distributed assets. CC ID 11684 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Inspect mobile devices for the storage of restricted data or restricted information. CC ID 08707 | Physical and environmental protection | Investigate | |
| Test the recovery plan, as necessary. CC ID 13290 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Operational and Systems Continuity | Testing | |
| Test the backup information, as necessary. CC ID 13303 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Operational and Systems Continuity | Testing | |
| Document lessons learned from testing the recovery plan or an actual event. CC ID 13301 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Define and prioritize critical business functions. CC ID 00736 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Identify all critical business records. CC ID 00737 | Operational and Systems Continuity | Records Management | |
| Establish, implement, and maintain a critical personnel list. CC ID 00739 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Establish, implement, and maintain a critical resource list. CC ID 00740 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include Internet Service Provider continuity procedures in the continuity plan. CC ID 00743 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Refrain from sharing a single point of failure between the alternate telecommunications service providers and the primary telecommunications service providers. CC ID 01397 | Operational and Systems Continuity | Testing | |
| Separate the alternate telecommunications service providers from the primary telecommunications service providers through geographic separation, so as to not be susceptible to the same hazards. CC ID 01399 | Operational and Systems Continuity | Testing | |
| Require telecommunications service providers to have adequate continuity plans. CC ID 01400 | Operational and Systems Continuity | Testing | |
| Designate an alternate facility in the continuity plan. CC ID 00742 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Determine which data elements to back up. CC ID 13483 | Operational and Systems Continuity | Data and Information Management | |
| Separate the off-site electronic media storage facilities from the primary facility through geographic separation. CC ID 01390 | Operational and Systems Continuity | Testing | |
| Review the security of the off-site electronic media storage facilities, as necessary. CC ID 00573 | Operational and Systems Continuity | Systems Continuity | |
| Test backup media for media integrity and information integrity, as necessary. CC ID 01401 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Operational and Systems Continuity | Testing | |
| Test backup media at the alternate facility in addition to testing at the primary facility. CC ID 06375 | Operational and Systems Continuity | Testing | |
| Test each restored system for media integrity and information integrity. CC ID 01920 | Operational and Systems Continuity | Testing | |
| Use available financial resources for the efficaciousness of the service continuity strategy. CC ID 01370 | Operational and Systems Continuity | Testing | |
| Review the insurance coverage of the insurance policy, as necessary. CC ID 12688 | Operational and Systems Continuity | Business Processes | |
| Review the beneficiaries of the insurance policy. CC ID 16563 | Operational and Systems Continuity | Business Processes | |
| Determine the adequacy of errors and omissions insurance in the organization's insurance policy. CC ID 13281 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Determine the adequacy of insurance coverage for items in transit in the organization's insurance policy. CC ID 13283 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Determine the adequacy of insurance coverage for employee fidelity in the organization's insurance policy. CC ID 13282 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Determine the adequacy of media reconstruction in the organization's insurance policy. CC ID 13277 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Test the continuity plan, as necessary. CC ID 00755 [{business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Operational and Systems Continuity | Testing | |
| Involve senior management, as necessary, when testing the continuity plan. CC ID 13793 | Operational and Systems Continuity | Testing | |
| Test the continuity plan under conditions that simulate a disaster or disruption. CC ID 00757 | Operational and Systems Continuity | Testing | |
| Analyze system interdependence during continuity plan tests. CC ID 13082 | Operational and Systems Continuity | Testing | |
| Test the continuity plan at the alternate facility. CC ID 01174 | Operational and Systems Continuity | Testing | |
| Review all third party's continuity plan test results. CC ID 01365 | Operational and Systems Continuity | Testing | |
| Automate the off-site testing to more thoroughly test the continuity plan. CC ID 01389 | Operational and Systems Continuity | Testing | |
| Retest the continuity plan after correcting reported deficiencies documented in the continuity plan test results. CC ID 06553 | Operational and Systems Continuity | Testing | |
| Conduct full recovery and restoration of service testing for high impact systems at the alternate facility. CC ID 01404 | Operational and Systems Continuity | Testing | |
| Employ individuals who have the appropriate staff qualifications, staff clearances, and staff competencies. CC ID 00782 [The entity establishes qualifications for personnel responsible for protecting the privacy and security of PI and assigns such responsibilities only to those personnel who meet these qualifications and who have received training. M1.2 Qualifications of internal personnel] | Human Resources management | Testing | |
| Perform security skills assessments for all critical employees. CC ID 12102 | Human Resources management | Human Resources Management | |
| Perform a background check during personnel screening. CC ID 11758 | Human Resources management | Human Resources Management | |
| Document the personnel risk assessment results. CC ID 11764 | Human Resources management | Establish/Maintain Documentation | |
| Perform periodic background checks on designated roles, as necessary. CC ID 11759 | Human Resources management | Human Resources Management | |
| Document the security clearance procedure results. CC ID 01635 | Human Resources management | Establish/Maintain Documentation | |
| Implement segregation of duties in roles and responsibilities. CC ID 00774 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Human Resources management | Testing | |
| Include all electronic storage media containing restricted data or restricted information in the storage media inventory. CC ID 00962 | Operational management | Establish/Maintain Documentation | |
| Employ Dynamic Host Configuration Protocol server logging to detect systems not in the asset inventory. CC ID 12110 | Operational management | Technical Security | |
| Test systems for malicious code prior to when the system will be redeployed. CC ID 06339 | Operational management | Testing | |
| Control and monitor all maintenance tools. CC ID 01432 | Operational management | Physical and Environmental Protection | |
| Conduct maintenance with authorized personnel. CC ID 01434 | Operational management | Testing | |
| Calibrate assets according to the calibration procedures for the asset. CC ID 06203 | Operational management | Testing | |
| Test for detrimental environmental factors after a system is disposed. CC ID 06938 | Operational management | Testing | |
| Establish, implement, and maintain an anti-money laundering program. CC ID 13675 | Operational management | Business Processes | |
| Require personnel to monitor for and report known or suspected compromise of assets. CC ID 16453 | Operational management | Monitor and Evaluate Occurrences | |
| Require personnel to monitor for and report suspicious account activity. CC ID 16462 | Operational management | Monitor and Evaluate Occurrences | |
| Identify root causes of incidents that force system changes. CC ID 13482 | Operational management | Investigate | |
| Respond to and triage when an incident is detected. CC ID 06942 | Operational management | Monitor and Evaluate Occurrences | |
| Document the incident and any relevant evidence in the incident report. CC ID 08659 | Operational management | Establish/Maintain Documentation | |
| Refrain from turning on any in scope devices that are turned off when a security incident is detected. CC ID 08677 | Operational management | Investigate | |
| Include where the digital forensic evidence was found in the forensic investigation report. CC ID 08674 | Operational management | Establish/Maintain Documentation | |
| Include the condition of the digital forensic evidence in the forensic investigation report. CC ID 08678 | Operational management | Establish/Maintain Documentation | |
| Analyze the incident response process following an incident response. CC ID 13179 | Operational management | Investigate | |
| Submit an incident management audit log to the proper authorities for each security breach that affects a predefined number of individuals, as necessary. CC ID 06326 | Operational management | Log Management | |
| Determine whether or not incident response notifications are necessary during the privacy breach investigation. CC ID 00801 | Operational management | Behavior | |
| Avoid false positive incident response notifications. CC ID 04732 | Operational management | Behavior | |
| Include information required by law in incident response notifications. CC ID 00802 | Operational management | Establish/Maintain Documentation | |
| Include how the affected parties can protect themselves from identity theft in incident response notifications. CC ID 04738 | Operational management | Establish/Maintain Documentation | |
| Detect any potentially undiscovered security vulnerabilities on previously compromised systems. CC ID 06265 | Operational management | Monitor and Evaluate Occurrences | |
| Test incident monitoring procedures. CC ID 13194 | Operational management | Testing | |
| Conduct incident investigations, as necessary. CC ID 13826 | Operational management | Process or Activity | |
| Analyze the behaviors of individuals involved in the incident during incident investigations. CC ID 14042 | Operational management | Investigate | |
| Identify the affected parties during incident investigations. CC ID 16781 | Operational management | Investigate | |
| Interview suspects during incident investigations, as necessary. CC ID 14041 | Operational management | Investigate | |
| Interview victims and witnesses during incident investigations, as necessary. CC ID 14038 | Operational management | Investigate | |
| Establish, implement, and maintain incident response procedures. CC ID 01206 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational management | Establish/Maintain Documentation | |
| Test the incident response procedures. CC ID 01216 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Operational management | Testing | |
| Test network access controls for proper Configuration Management settings. CC ID 01281 | System hardening through configuration management | Testing | |
| Configure the "HEALTHCHECK" to organizational standards. CC ID 14511 | System hardening through configuration management | Configuration | |
| Configure the "audit-log-maxsize" argument to organizational standards. CC ID 14624 | System hardening through configuration management | Configuration | |
| Configure the "audit-log-path" argument to organizational standards. CC ID 14622 | System hardening through configuration management | Configuration | |
| Configure the "audit-log-maxbackup" argument to organizational standards. CC ID 14613 | System hardening through configuration management | Configuration | |
| Configure the "audit-log-maxage" argument to organizational standards. CC ID 14605 | System hardening through configuration management | Configuration | |
| Verify wireless peripherals meet organizational security requirements. CC ID 00657 | System hardening through configuration management | Testing | |
| Review the ownership of service accounts, as necessary. CC ID 13863 | System hardening through configuration management | Technical Security | |
| Ensure the root account is the first entry in password files. CC ID 16323 | System hardening through configuration management | Data and Information Management | |
| Find files and directories with extended attributes. CC ID 01552 | System hardening through configuration management | Technical Security | |
| Verify that no UID 0 accounts exist other than root. CC ID 01585 | System hardening through configuration management | Configuration | |
| Configure symbolic permissions for the passwd file, shadow file, and group files to organizational standards. CC ID 01584 | System hardening through configuration management | Configuration | |
| Review the use of utility and device driver software, as necessary. CC ID 13145 | System hardening through configuration management | Business Processes | |
| Use Wireless Local Area Network Network Interface Cards that turn off or disable Peer-To-Peer Wireless Local Area Network communications. CC ID 04594 | System hardening through configuration management | Testing | |
| Verify wired network interface cards and Wireless Network Interface Cards are not simultaneously active for network devices other than a Wireless Access Point. CC ID 04596 | System hardening through configuration management | Testing | |
| Configure the "/etc/docker/daemon.json" files and directories auditing to organizational standards. CC ID 14467 | System hardening through configuration management | Configuration | |
| Configure the "/etc/docker" files and directories auditing to organizational standards. CC ID 14459 | System hardening through configuration management | Configuration | |
| Configure the "docker.socket" files and directories auditing to organizational standards. CC ID 14458 | System hardening through configuration management | Configuration | |
| Configure the "docker.service" files and directories auditing to organizational standards. CC ID 14454 | System hardening through configuration management | Configuration | |
| Configure the "/var/lib/docker" files and directories auditing to organizational standards. CC ID 14453 | System hardening through configuration management | Configuration | |
| Configure the "/usr/sbin/runc" files and directories auditing to organizational standards. CC ID 14452 | System hardening through configuration management | Configuration | |
| Configure the "/usr/bin/containerd" files and directories auditing to organizational standards. CC ID 14451 | System hardening through configuration management | Configuration | |
| Configure the "/etc/default/docker" files and directories auditing to organizational standards. CC ID 14450 | System hardening through configuration management | Configuration | |
| Configure the "/etc/sysconfig/docker" files and directories auditing to organizational standards. CC ID 14449 | System hardening through configuration management | Configuration | |
| Configure the log to capture audit log initialization, along with auditable event selection. CC ID 00649 | System hardening through configuration management | Log Management | |
| Configure the log to capture creates, reads, updates, or deletes of records containing personal data. CC ID 11890 | System hardening through configuration management | Log Management | |
| Configure the log to capture the information referent when personal data is being accessed. CC ID 11968 | System hardening through configuration management | Log Management | |
| Configure the log to capture each auditable event's origination. CC ID 01338 | System hardening through configuration management | Log Management | |
| Configure the log to capture remote access information. CC ID 05596 | System hardening through configuration management | Configuration | |
| Configure the log to capture all malicious code that has been discovered, quarantined, and/or eradicated. CC ID 00577 | System hardening through configuration management | Log Management | |
| Configure the "logging level" to organizational standards. CC ID 14456 | System hardening through configuration management | Configuration | |
| Capture successful operating system access and successful software access. CC ID 00527 | System hardening through configuration management | Log Management | |
| Configure the log to capture hardware and software access attempts. CC ID 01220 | System hardening through configuration management | Log Management | |
| Configure the log to capture all URL requests. CC ID 12138 | System hardening through configuration management | Technical Security | |
| Configure the log to capture logons, logouts, logon attempts, and logout attempts. CC ID 01915 | System hardening through configuration management | Log Management | |
| Configure the log to capture access to restricted data or restricted information. CC ID 00644 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | System hardening through configuration management | Log Management | |
| Configure the log to capture actions taken by individuals with root privileges or administrative privileges and add logging option to the root file system. CC ID 00645 | System hardening through configuration management | Log Management | |
| Configure the log to capture identification and authentication mechanism use. CC ID 00648 | System hardening through configuration management | Log Management | |
| Configure the log to capture all access to the audit trail. CC ID 00646 | System hardening through configuration management | Log Management | |
| Configure the log to capture Object access to key directories or key files. CC ID 01697 | System hardening through configuration management | Log Management | |
| Configure the log to capture both access and access attempts to security-relevant objects and security-relevant directories. CC ID 01916 | System hardening through configuration management | Log Management | |
| Configure the log to capture system level object creation and deletion. CC ID 00650 | System hardening through configuration management | Log Management | |
| Configure the log to capture changes to User privileges, audit policies, and trust policies by enabling audit policy changes. CC ID 01698 | System hardening through configuration management | Log Management | |
| Configure the log to capture user authenticator changes. CC ID 01917 | System hardening through configuration management | Log Management | |
| Enable or disable NFS server logging, as appropriate. CC ID 05593 | System hardening through configuration management | Log Management | |
| Log Pluggable Authentication Modules access at an appropriate level. CC ID 05599 | System hardening through configuration management | Log Management | |
| Enable or disable the logging of "martian" packets (impossible addresses), as appropriate. CC ID 05601 | System hardening through configuration management | Log Management | |
| Enable or disable dhcpd logging, as appropriate. CC ID 05602 | System hardening through configuration management | Log Management | |
| Enable or disable attempted stack exploit logging, as appropriate. CC ID 05614 | System hardening through configuration management | Log Management | |
| Enable or disable the debug logging option, as appropriate. CC ID 05617 | System hardening through configuration management | Log Management | |
| Enable or disable the logging of vsftpd transactions, as appropriate. CC ID 06032 | System hardening through configuration management | Log Management | |
| Verify auditing is logged to an appropriate directory. CC ID 05603 | System hardening through configuration management | Log Management | |
| Enable or disable the /var/log/authlog log, as appropriate. CC ID 05606 | System hardening through configuration management | Log Management | |
| Enable or disable the /var/log/syslog log, as appropriate. CC ID 05607 | System hardening through configuration management | Log Management | |
| Enable or disable the /var/adm/messages log, as appropriate. CC ID 05608 | System hardening through configuration management | Log Management | |
| Enable or disable the /var/adm/sulog log, as appropriate. CC ID 05609 | System hardening through configuration management | Log Management | |
| Enable or disable the /var/adm/utmp(x) log, as appropriate. CC ID 05610 | System hardening through configuration management | Log Management | |
| Enable or disable the /var/adm/wtmp(x) log, as appropriate. CC ID 05611 | System hardening through configuration management | Log Management | |
| Enable or disable the /var/adm/sshlog log, as appropriate. CC ID 05612 | System hardening through configuration management | Log Management | |
| Enable or disable the /var/log/pamlog log, as appropriate. CC ID 05613 | System hardening through configuration management | Log Management | |
| Perform filesystem logging and filesystem journaling. CC ID 05615 | System hardening through configuration management | Log Management | |
| Configure security and protection software to check for up-to-date signature files. CC ID 00576 | System hardening through configuration management | Testing | |
| Configure security and protection software to check for phishing attacks. CC ID 04569 | System hardening through configuration management | Technical Security | |
| Perform vulnerability testing before final installation. CC ID 00884 | System hardening through configuration management | Testing | |
| Ensure data sets have the appropriate characteristics. CC ID 15000 | Records management | Data and Information Management | |
| Ensure data sets are complete, are accurate, and are relevant. CC ID 14999 | Records management | Data and Information Management | |
| Define each system's preservation requirements for records and logs. CC ID 00904 | Records management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a data retention program. CC ID 00906 | Records management | Establish/Maintain Documentation | |
| Maintain continued integrity for all stored data and stored records. CC ID 00969 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity] | Records management | Testing | |
| Destroy electronic storage media following the storage media disposition and destruction procedures. CC ID 00970 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Records management | Testing | |
| Maintain media sanitization equipment in operational condition. CC ID 00721 | Records management | Testing | |
| Capture the records required by organizational compliance requirements. CC ID 00912 | Records management | Records Management | |
| Classify restricted data or restricted information in Records Management systems according to the data or information's sensitivity. CC ID 04720 [The types of PI and sensitive PI and the related processes, systems and third parties involved in the handling of such information are identified. D6.7 Identifies types of PI and handling processes {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Records management | Data and Information Management | |
| Perform Quality Management on all newly developed or modified systems. CC ID 01100 | Systems design, build, and implementation | Testing | |
| Restrict production data from being used in the test environment. CC ID 01103 | Systems design, build, and implementation | Testing | |
| Test all software changes before promoting the system to a production environment. CC ID 01106 | Systems design, build, and implementation | Testing | |
| Review and test custom code to identify potential coding vulnerabilities. CC ID 01316 | Systems design, build, and implementation | Testing | |
| Review and test source code. CC ID 01086 | Systems design, build, and implementation | Testing | |
| Approve all custom code test results before code is released. CC ID 06293 | Systems design, build, and implementation | Testing | |
| Require a data protection impact assessment when profiling the data subject. CC ID 12680 | Privacy protection for information and data | Process or Activity | |
| Document privacy policies in clearly written and easily understood language. CC ID 00376 [The entity's privacy notice is conspicuous and uses clear language. N2.1 Clear and conspicuous] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Notify the individual of the reasons for delays in responding to data access requests. CC ID 00422 | Privacy protection for information and data | Behavior | |
| Notify the individual when a cost is imposed which must be paid in advance to gain access. CC ID 00423 | Privacy protection for information and data | Behavior | |
| Refrain from erasing personal data upon data subject request when it is being used for incident detection. CC ID 13778 | Privacy protection for information and data | Process or Activity | |
| Analyze requirements for processing personal data in contracts. CC ID 12550 | Privacy protection for information and data | Investigate | |
| Disclose personal data when the data subject has consented and has the ability to opt out. CC ID 00158 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data for judicial decisions, lawsuits, and investigations only after the data controller includes a note of the disclosure in the record. CC ID 00162 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include personal data that is for the state's economic interest as a reason for denial in the personal data request denial procedures. CC ID 00446 | Privacy protection for information and data | Data and Information Management | |
| Determine the financial impact for the unauthorized disclosure of privacy-related data and privacy-related information. CC ID 06488 | Privacy protection for information and data | Business Processes | |
| Confirm the data quality of personal data collected from third parties. CC ID 13510 | Privacy protection for information and data | Investigate | |
| Review the methods for collecting personal data, as necessary. CC ID 13511 | Privacy protection for information and data | Investigate | |
| Refrain from storing data elements containing payment card full magnetic stripe data. CC ID 04757 | Privacy protection for information and data | Testing | |
| Conduct personal data risk assessments. CC ID 00357 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Privacy protection for information and data | Testing | |
| Establish, implement, and maintain suspicious document procedures. CC ID 04852 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain suspicious personal data procedures. CC ID 04853 | Privacy protection for information and data | Data and Information Management | |
| Compare certain personal data such as name, date of birth, address, driver's license, or other identification against personal data on file for the applicant. CC ID 04855 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain suspicious user account activity procedures. CC ID 04854 | Privacy protection for information and data | Monitor and Evaluate Occurrences | |
| Perform an identity check prior to approving an account change request. CC ID 13670 | Privacy protection for information and data | Investigate | |
| Use the contact information on file to contact the individual identified in an account change request. CC ID 04857 | Privacy protection for information and data | Behavior | |
| Match consumer reports with current accounts on file to ensure account misuse or information misuse has not occurred. CC ID 04873 | Privacy protection for information and data | Data and Information Management | |
| Log account access dates and report when dormant accounts suddenly exhibit unusual activity. CC ID 04874 | Privacy protection for information and data | Log Management | |
| Log dates for account name changes or address changes. CC ID 04876 | Privacy protection for information and data | Log Management | |
| Review accounts that are changed for additional user requests. CC ID 11846 | Privacy protection for information and data | Monitor and Evaluate Occurrences | |
| Send change notices for change of address requests to the old address and the new address. CC ID 04877 | Privacy protection for information and data | Data and Information Management | |
| Search the Internet for evidence of data leakage. CC ID 10419 | Privacy protection for information and data | Process or Activity | |
| Review monitored websites for data leakage. CC ID 10593 | Privacy protection for information and data | Monitor and Evaluate Occurrences | |
| Conduct internal data processing audits. CC ID 00374 | Privacy protection for information and data | Testing | |
| Review compliance with the organization's privacy objectives. CC ID 13490 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results {unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Privacy protection for information and data | Human Resources Management | |
| Investigate privacy rights violation complaints. CC ID 00480 [Each complaint is addressed and the resolution is documented and communicated to the individual. M9.1 Documents and communicates dispute resolution and recourse] | Privacy protection for information and data | Behavior | |
| Notify respondents after a privacy rights violation complaint investigation begins. CC ID 00491 | Privacy protection for information and data | Behavior | |
| Investigate privacy rights violation complaints in private. CC ID 00492 | Privacy protection for information and data | Behavior | |
| Make appropriate inquiries and obtain appropriate information regarding privacy rights violation complaints. CC ID 00493 | Privacy protection for information and data | Behavior | |
| Allow the complainant to appear before the commissioner and make a submission, orally or in writing, about the privacy rights violation complaint investigation prior to an adverse decision to the complainant is reached. CC ID 00494 | Privacy protection for information and data | Behavior | |
| Define the available administrative remedies in regards to a privacy rights violation complaint. CC ID 00497 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from subjecting individuals to retaliation or intimidation after a complaint is created. CC ID 06218 | Privacy protection for information and data | Testing | |
| Record restricted data correctly. CC ID 00089 | Privacy protection for information and data | Testing | |
| Formalize client and third party relationships with contracts or nondisclosure agreements. CC ID 00794 | Third Party and supply chain oversight | Process or Activity | |
| Include third party acknowledgment of their data protection responsibilities in third party contracts. CC ID 01364 | Third Party and supply chain oversight | Testing | |
| Employ access controls that meet the organization's compliance requirements on third party systems with access to the organization's restricted data. CC ID 04264 [PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.4 Discloses PI only to appropriate third parties PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.1 Discloses PI only to appropriate third parties] | Third Party and supply chain oversight | Data and Information Management | |
| Assess third parties' compliance environment during due diligence. CC ID 13134 | Third Party and supply chain oversight | Process or Activity | |
| Request attestation of compliance from third parties. CC ID 12067 | Third Party and supply chain oversight | Establish/Maintain Documentation | |
| Assess third parties' compliance with the organization's third party security policies during due diligence. CC ID 12075 [The entity uses antivirus and anti-malware software and requires that it be implemented and maintained on all end-point devices connected to the internal and external networks to provide for the interception, detection and remediation of malware. The entity also requires third-party service organizations to confirm that their users and systems that connect to the entity's internal networks, infrastructure systems, network devices, application systems and data storage devices and information, also have active and currently updated antivirus and anti-malware protections. S7.1 Uses antivirus and anti-malware software] | Third Party and supply chain oversight | Business Processes | |
IT Impact Zone | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
|---|---|---|---|
| Leadership and high level objectives CC ID 00597 | Leadership and high level objectives | IT Impact Zone | |
| Monitoring and measurement CC ID 00636 | Monitoring and measurement | IT Impact Zone | |
| Audits and risk management CC ID 00677 | Audits and risk management | IT Impact Zone | |
| Technical security CC ID 00508 | Technical security | IT Impact Zone | |
| Physical and environmental protection CC ID 00709 | Physical and environmental protection | IT Impact Zone | |
| Operational and Systems Continuity CC ID 00731 | Operational and Systems Continuity | IT Impact Zone | |
| Human Resources management CC ID 00763 | Human Resources management | IT Impact Zone | |
| Operational management CC ID 00805 | Operational management | IT Impact Zone | |
| System hardening through configuration management CC ID 00860 | System hardening through configuration management | IT Impact Zone | |
| Records management CC ID 00902 | Records management | IT Impact Zone | |
| Systems design, build, and implementation CC ID 00989 | Systems design, build, and implementation | IT Impact Zone | |
| Privacy protection for information and data CC ID 00008 | Privacy protection for information and data | IT Impact Zone | |
| Third Party and supply chain oversight CC ID 08807 | Third Party and supply chain oversight | IT Impact Zone | |
Preventive | KEY: Primary Verb Primary Noun Secondary Verb Secondary Noun Limiting Term | |||
| Mandated - bold Implied - italic Implementation - regular | IMPACT ZONE | TYPE | |
|---|---|---|---|
| Analyze organizational objectives, functions, and activities. CC ID 00598 | Leadership and high level objectives | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain an information classification standard. CC ID 00601 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Take into account the accessibility to and location of the data or information when establishing information impact levels. CC ID 04787 | Leadership and high level objectives | Data and Information Management | |
| Take into account the organization's obligation to protect data or information when establishing information impact levels. CC ID 04786 | Leadership and high level objectives | Data and Information Management | |
| Take into account the context of use for data or information when establishing information impact levels. CC ID 04785 | Leadership and high level objectives | Data and Information Management | |
| Take into account the potential aggregation of restricted data fields when establishing information impact levels. CC ID 04784 | Leadership and high level objectives | Data and Information Management | |
| Classify the sensitivity to unauthorized disclosure or modification of information in the information classification standard. CC ID 11997 [The entity has a process for classifying PI according to applicable regulation and risks associated with unauthorized disclosure or misuse. M1.3 Data and information classification] | Leadership and high level objectives | Data and Information Management | |
| Take into account the distinguishability factor when establishing information impact levels. CC ID 04783 | Leadership and high level objectives | Data and Information Management | |
| Classify the criticality to unauthorized disclosure or modification of information in the information classification standard. CC ID 11996 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Leadership and high level objectives | Data and Information Management | |
| Classify the value of information in the information classification standard. CC ID 11995 | Leadership and high level objectives | Data and Information Management | |
| Classify the legal requirements of information in the information classification standard. CC ID 11994 [The entity has a process for classifying PI according to applicable regulation and risks associated with unauthorized disclosure or misuse. M1.3 Data and information classification] | Leadership and high level objectives | Data and Information Management | |
| Establish, implement, and maintain a data classification scheme. CC ID 11628 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Take into account the characteristics of the geographical, behavioral and functional setting for all datasets. CC ID 15046 | Leadership and high level objectives | Data and Information Management | |
| Disseminate and communicate the data classification scheme to interested personnel and affected parties. CC ID 16804 | Leadership and high level objectives | Communicate | |
| Establish, implement, and maintain a Quality Management framework. CC ID 07196 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain a Quality Management program. CC ID 07201 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish and maintain the scope of the organizational compliance framework and Information Assurance controls. CC ID 01241 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Identify roles, tasks, information, systems, and assets that fall under the organization's mandated Authority Documents. CC ID 00688 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Leadership and high level objectives | Business Processes | |
| Establish and maintain an Information Systems Assurance Categories Definitions document. CC ID 01608 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain a policy and procedure management program. CC ID 06285 [The entity has a process for evaluating and addressing the potential impacts of required changes to information privacy policy and procedures as changes occur in entity operations and operating locations, and as applicable jurisdictional laws and regulations are enacted to become new regulatory compliance requirements. M1.2 Policy changes] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include requirements in the organization’s policies, standards, and procedures. CC ID 12956 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the effective date on all organizational policies. CC ID 06820 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include threats in the organization’s policies, standards, and procedures. CC ID 12953 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Assess the impact of changes to organizational policies, standards, and procedures, as necessary. CC ID 14824 [The entity has a process for evaluating and addressing the potential impacts of required changes to information privacy policy and procedures as changes occur in entity operations and operating locations, and as applicable jurisdictional laws and regulations are enacted to become new regulatory compliance requirements. M1.2 Policy changes] | Leadership and high level objectives | Business Processes | |
| Include opportunities in the organization’s policies, standards, and procedures. CC ID 12945 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish and maintain an Authority Document list. CC ID 07113 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Document organizational procedures that harmonize external requirements, including all legal requirements. CC ID 00623 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain full documentation of all policies, standards, and procedures that support the organization's compliance framework. CC ID 01636 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Disseminate and communicate the organization’s policies, standards, and procedures to all interested personnel and affected parties. CC ID 12901 | Leadership and high level objectives | Communicate | |
| Disseminate and communicate the list of Authority Documents that support the organization's compliance framework to interested personnel and affected parties. CC ID 01312 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Classify controls according to their preventive, detective, or corrective status. CC ID 06436 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Publish, disseminate, and communicate a Statement on Internal Control, as necessary. CC ID 06727 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include signatures of c-level executives in the Statement on Internal Control. CC ID 14778 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include confirmation of any significant weaknesses in the Statement on Internal Control. CC ID 06861 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include roles and responsibilities in the Statement on Internal Control. CC ID 14774 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include an assurance statement regarding the counterterror protective security plan in the Statement on Internal Control. CC ID 06866 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include limitations of internal control systems in the Statement on Internal Control. CC ID 14773 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include a description of the methodology used to evaluate internal controls in the Statement on Internal Control. CC ID 14772 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Assign legislative body jurisdiction to the organization's assets, as necessary. CC ID 06956 | Leadership and high level objectives | Establish Roles | |
| Approve all compliance documents. CC ID 06286 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Align the Authority Document list with external requirements. CC ID 06288 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Assign the appropriate roles to all applicable compliance documents. CC ID 06284 | Leadership and high level objectives | Establish Roles | |
| Identify and document the Designated Approval Authority for compliance documents. CC ID 07114 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain a compliance exception standard. CC ID 01628 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the authority for granting exemptions in the compliance exception standard. CC ID 14329 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include explanations, compensating controls, or risk acceptance in the compliance exceptions Exceptions document. CC ID 01631 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Review the compliance exceptions in the exceptions document, as necessary. CC ID 01632 | Leadership and high level objectives | Business Processes | |
| Include when exemptions expire in the compliance exception standard. CC ID 14330 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Assign the approval of compliance exceptions to the appropriate roles inside the organization. CC ID 06443 | Leadership and high level objectives | Establish Roles | |
| Include management of the exemption register in the compliance exception standard. CC ID 14328 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Disseminate and communicate compliance documents to all interested personnel and affected parties. CC ID 06282 | Leadership and high level objectives | Behavior | |
| Disseminate and communicate any compliance document changes when the documents are updated to interested personnel and affected parties. CC ID 06283 | Leadership and high level objectives | Behavior | |
| Define the Information Assurance strategic roles and responsibilities. CC ID 00608 | Leadership and high level objectives | Establish Roles | |
| Include recommendations for changes or updates to the information security program in the Board Report. CC ID 13180 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Assign the review of project plans for critical projects to the compliance oversight committee. CC ID 01182 | Leadership and high level objectives | Establish Roles | |
| Assign the corporate governance of Information Technology to the compliance oversight committee. CC ID 01178 | Leadership and high level objectives | Establish Roles | |
| Assign the review of Information Technology policies and procedures to the compliance oversight committee. CC ID 01179 | Leadership and high level objectives | Establish Roles | |
| Involve the Board of Directors or senior management in Information Governance. CC ID 00609 | Leadership and high level objectives | Establish Roles | |
| Assign responsibility for enforcing the requirements of the Information Governance Plan to senior management. CC ID 12058 | Leadership and high level objectives | Human Resources Management | |
| Address Information Security during the business planning processes. CC ID 06495 | Leadership and high level objectives | Data and Information Management | |
| Document the requirements of stakeholders during the business planning process regarding Information Security. CC ID 06498 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Assign reviewing and approving Quality Management standards to the appropriate oversight committee. CC ID 07192 | Leadership and high level objectives | Establish Roles | |
| Establish, implement, and maintain a strategic plan. CC ID 12784 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain a Strategic Information Technology Plan. CC ID 00628 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the Information Governance Plan in the Strategic Information Technology Plan. CC ID 10053 [The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Leadership and high level objectives | Establish/Maintain Documentation | |
| Engage information governance subject matter experts in the development of the Information Governance Plan. CC ID 10055 | Leadership and high level objectives | Human Resources Management | |
| Include the transparency goals in the Information Governance Plan. CC ID 10056 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Include the information integrity goals in the Information Governance Plan. CC ID 10057 | Leadership and high level objectives | Establish/Maintain Documentation | |
| Establish, implement, and maintain Security Control System monitoring and reporting procedures. CC ID 12506 [Ongoing procedures are performed for monitoring the effectiveness of controls over PI and for taking timely corrective actions when necessary. M9.1 Performs ongoing monitoring] | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of a change detection mechanism in the Security Control System monitoring and reporting procedures. CC ID 12525 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of audit logging in the Security Control System monitoring and reporting procedures. CC ID 12513 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of an anti-malware solution in the Security Control System monitoring and reporting procedures. CC ID 12512 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of a segmentation control in the Security Control System monitoring and reporting procedures. CC ID 12511 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of a physical access control in the Security Control System monitoring and reporting procedures. CC ID 12510 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of a logical access control in the Security Control System monitoring and reporting procedures. CC ID 12509 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of an Intrusion Detection and Prevention System in the Security Control System monitoring and reporting procedures. CC ID 12508 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of a security testing tool in the Security Control System monitoring and reporting procedures. CC ID 15488 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include detecting and reporting the failure of a firewall in the Security Control System monitoring and reporting procedures. CC ID 12507 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain intrusion management operations. CC ID 00580 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Monitor systems for unauthorized data transfers. CC ID 12971 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Address operational anomalies within the incident management system. CC ID 11633 | Monitoring and measurement | Audits and Risk Management | |
| Incorporate an Identity Theft Prevention Program into the organization's incident management system. CC ID 11634 | Monitoring and measurement | Audits and Risk Management | |
| Monitor systems for unauthorized mobile code. CC ID 10034 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Enable and configure logging on all network access controls. CC ID 01963 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Monitoring and measurement | Configuration | |
| Disseminate and communicate monitoring capabilities with interested personnel and affected parties. CC ID 13156 | Monitoring and measurement | Communicate | |
| Disseminate and communicate statistics on resource usage with interested personnel and affected parties. CC ID 13155 | Monitoring and measurement | Communicate | |
| Develop and maintain a usage profile for each user account. CC ID 07067 | Monitoring and measurement | Technical Security | |
| Establish, implement, and maintain a risk monitoring program. CC ID 00658 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Monitoring and measurement | Establish/Maintain Documentation | |
| Monitor the organization's exposure to threats, as necessary. CC ID 06494 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Implement a fraud detection system. CC ID 13081 | Monitoring and measurement | Business Processes | |
| Monitor for new vulnerabilities. CC ID 06843 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain a compliance testing strategy. CC ID 00659 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain a self-assessment approach as part of the compliance testing strategy. CC ID 12833 | Monitoring and measurement | Testing | |
| Establish, implement, and maintain a system security plan. CC ID 01922 | Monitoring and measurement | Testing | |
| Include a system description in the system security plan. CC ID 16467 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include a description of the operational context in the system security plan. CC ID 14301 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the results of the security categorization in the system security plan. CC ID 14281 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the information types in the system security plan. CC ID 14696 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the security requirements in the system security plan. CC ID 14274 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include threats in the system security plan. CC ID 14693 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include network diagrams in the system security plan. CC ID 14273 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include roles and responsibilities in the system security plan. CC ID 14682 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the results of the privacy risk assessment in the system security plan. CC ID 14676 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include remote access methods in the system security plan. CC ID 16441 | Monitoring and measurement | Establish/Maintain Documentation | |
| Disseminate and communicate the system security plan to interested personnel and affected parties. CC ID 14275 | Monitoring and measurement | Communicate | |
| Include a description of the operational environment in the system security plan. CC ID 14272 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the security categorizations and rationale in the system security plan. CC ID 14270 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the authorization boundary in the system security plan. CC ID 14257 | Monitoring and measurement | Establish/Maintain Documentation | |
| Align the enterprise architecture with the system security plan. CC ID 14255 | Monitoring and measurement | Process or Activity | |
| Include security controls in the system security plan. CC ID 14239 | Monitoring and measurement | Establish/Maintain Documentation | |
| Create specific test plans to test each system component. CC ID 00661 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the roles and responsibilities in the test plan. CC ID 14299 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the assessment team in the test plan. CC ID 14297 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the scope in the test plans. CC ID 14293 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the assessment environment in the test plan. CC ID 14271 | Monitoring and measurement | Establish/Maintain Documentation | |
| Approve the system security plan. CC ID 14241 | Monitoring and measurement | Business Processes | |
| Review the test plans for each system component. CC ID 00662 | Monitoring and measurement | Establish/Maintain Documentation | |
| Document validated testing processes in the testing procedures. CC ID 06200 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include error details, identifying the root causes, and mitigation actions in the testing procedures. CC ID 11827 | Monitoring and measurement | Establish/Maintain Documentation | |
| Determine the appropriate assessment method for each testing process in the test plan. CC ID 00665 | Monitoring and measurement | Testing | |
| Implement automated audit tools. CC ID 04882 | Monitoring and measurement | Acquisition/Sale of Assets or Services | |
| Assign senior management to approve test plans. CC ID 13071 | Monitoring and measurement | Human Resources Management | |
| Establish, implement, and maintain a testing program. CC ID 00654 | Monitoring and measurement | Behavior | |
| Establish, implement, and maintain a penetration test program. CC ID 01105 | Monitoring and measurement | Behavior | |
| Ensure protocols are free from injection flaws. CC ID 16401 | Monitoring and measurement | Process or Activity | |
| Establish, implement, and maintain a vulnerability management program. CC ID 15721 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain a vulnerability assessment program. CC ID 11636 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Monitoring and measurement | Establish/Maintain Documentation | |
| Use dedicated user accounts when conducting vulnerability scans. CC ID 12098 | Monitoring and measurement | Technical Security | |
| Record the vulnerability scanning activity in the vulnerability scan report. CC ID 12097 | Monitoring and measurement | Establish/Maintain Documentation | |
| Disseminate and communicate the vulnerability scan results to interested personnel and affected parties. CC ID 16418 | Monitoring and measurement | Communicate | |
| Maintain vulnerability scan reports as organizational records. CC ID 12092 | Monitoring and measurement | Records Management | |
| Employ an approved third party to perform external vulnerability scans on the organization's systems. CC ID 12467 | Monitoring and measurement | Business Processes | |
| Meet the requirements for a passing score during an external vulnerability scan or rescan. CC ID 12039 | Monitoring and measurement | Testing | |
| Establish, implement, and maintain a compliance monitoring policy. CC ID 00671 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain a metrics policy. CC ID 01654 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain an approach for compliance monitoring. CC ID 01653 [The entity has processes for assuring adherence to information privacy policies and procedures through ongoing and separate evaluations. Refer to Component M9.0. M1.0 Monitoring and enforcement The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority] | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain risk management metrics. CC ID 01656 | Monitoring and measurement | Establish/Maintain Documentation | |
| Identify information being used to support the performance of the governance, risk, and compliance capability. CC ID 12866 | Monitoring and measurement | Business Processes | |
| Identify information being used to support performance reviews for risk optimization. CC ID 12865 | Monitoring and measurement | Audits and Risk Management | |
| Identify and document instances of non-compliance with the compliance framework. CC ID 06499 [Instances of noncompliance with objectives related to privacy are documented and reported and, if needed, corrective and disciplinary measures are taken on a timely basis. M9.1 Documents and reports instances of noncompliance] | Monitoring and measurement | Establish/Maintain Documentation | |
| Identify and document events surrounding non-compliance with the organizational compliance framework. CC ID 12935 | Monitoring and measurement | Establish/Maintain Documentation | |
| Align disciplinary actions with the level of compliance violation. CC ID 12404 | Monitoring and measurement | Human Resources Management | |
| Establish, implement, and maintain disciplinary action notices. CC ID 16577 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include a copy of the order in the disciplinary action notice. CC ID 16606 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the sanctions imposed in the disciplinary action notice. CC ID 16599 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the effective date of the sanctions in the disciplinary action notice. CC ID 16589 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the requirements that were violated in the disciplinary action notice. CC ID 16588 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include responses to charges from interested personnel and affected parties in the disciplinary action notice. CC ID 16587 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the reasons for imposing sanctions in the disciplinary action notice. CC ID 16586 | Monitoring and measurement | Establish/Maintain Documentation | |
| Disseminate and communicate the disciplinary action notice to interested personnel and affected parties. CC ID 16585 | Monitoring and measurement | Communicate | |
| Include required information in the disciplinary action notice. CC ID 16584 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include a justification for actions taken in the disciplinary action notice. CC ID 16583 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include a statement on the conclusions of the investigation in the disciplinary action notice. CC ID 16582 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the investigation results in the disciplinary action notice. CC ID 16581 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include a description of the causes of the actions taken in the disciplinary action notice. CC ID 16580 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include the name of the person responsible for the charges in the disciplinary action notice. CC ID 16579 | Monitoring and measurement | Establish/Maintain Documentation | |
| Include contact information in the disciplinary action notice. CC ID 16578 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain compliance program metrics. CC ID 11625 | Monitoring and measurement | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain a security program metrics program. CC ID 01660 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain a key management roles metrics standard. CC ID 11631 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain a key stakeholder metrics program. CC ID 01661 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain a supply chain member metrics program. CC ID 01662 | Monitoring and measurement | Establish/Maintain Documentation | |
| Report on the Service Level Agreement performance of supply chain members. CC ID 06838 | Monitoring and measurement | Actionable Reports or Measurements | |
| Establish, implement, and maintain a Business Continuity metrics program. CC ID 01663 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain an audit metrics program. CC ID 01664 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain an Information Security metrics program. CC ID 01665 | Monitoring and measurement | Establish/Maintain Documentation | |
| Establish, implement, and maintain an audit program. CC ID 00684 | Audits and risk management | Establish/Maintain Documentation | |
| Accept the attestation engagement when all preconditions are met. CC ID 13933 | Audits and risk management | Business Processes | |
| Audit in scope audit items and compliance documents. CC ID 06730 [{administrative safeguard}{technical safeguard}{internal penetration testing} Management uses a combination of different ongoing and separate evaluations, including system internal and external penetration testing, third-party independent verifications and certifications using established security control frameworks (NIST, COBIT, OWASP, etc.) and vendor and industry-specific, and the entity's own defined technical specifications, security requirements and configuration standards (e.g., performing ISO, PCI or TSP certifications), and internal audit assessments to monitor the effectiveness of required administrative, technical and physical safeguards. S7.5 Considers different types of ongoing and separate evaluations] | Audits and risk management | Audits and Risk Management | |
| Collect all work papers for the audit and audit report into an engagement file. CC ID 07001 | Audits and risk management | Actionable Reports or Measurements | |
| Document any after the fact changes to the engagement file. CC ID 07002 | Audits and risk management | Establish/Maintain Documentation | |
| Protect access to the engagement file and all associated audit documentation in compliance with Authority Documents the organization must follow. CC ID 07179 | Audits and risk management | Establish/Maintain Documentation | |
| Disclose work papers in the engagement file in compliance with legal requirements. CC ID 07180 | Audits and risk management | Establish/Maintain Documentation | |
| Archive the engagement file and all work papers for the period prescribed by law or contract. CC ID 10038 | Audits and risk management | Records Management | |
| Conduct onsite inspections, as necessary. CC ID 16199 | Audits and risk management | Testing | |
| Audit policies, standards, and procedures. CC ID 12927 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Audits and risk management | Audits and Risk Management | |
| Edit the audit assertion for accuracy. CC ID 07030 | Audits and risk management | Establish/Maintain Documentation | |
| Determine if the audit assertion's in scope procedures are accurately documented. CC ID 06982 | Audits and risk management | Establish/Maintain Documentation | |
| Review documentation to determine the effectiveness of in scope controls. CC ID 16522 | Audits and risk management | Process or Activity | |
| Include the process of using evidential matter to test in scope controls in the test plan. CC ID 06996 | Audits and risk management | Establish/Maintain Documentation | |
| Audit the in scope system according to the test plan using relevant evidence. CC ID 07112 | Audits and risk management | Testing | |
| Implement procedures that collect sufficient audit evidence. CC ID 07153 | Audits and risk management | Audits and Risk Management | |
| Collect evidence about the in scope audit items of the audit assertion. CC ID 07154 | Audits and risk management | Audits and Risk Management | |
| Collect audit evidence sufficient to avoid misstatements. CC ID 07155 | Audits and risk management | Audits and Risk Management | |
| Collect audit evidence at the level of the organization's competence in the subject matter. CC ID 07156 | Audits and risk management | Audits and Risk Management | |
| Collect audit evidence sufficient to overcome inadequacies in the organization's attestation. CC ID 07157 | Audits and risk management | Audits and Risk Management | |
| Report that audit evidence collected was not sufficient to the proper authorities. CC ID 16847 | Audits and risk management | Communicate | |
| Provide transactional walkthrough procedures for external auditors. CC ID 00672 | Audits and risk management | Testing | |
| Establish, implement, and maintain interview procedures. CC ID 16282 | Audits and risk management | Establish/Maintain Documentation | |
| Include roles and responsibilities in the interview procedures. CC ID 16297 | Audits and risk management | Human Resources Management | |
| Coordinate the scheduling of interviews. CC ID 16293 | Audits and risk management | Process or Activity | |
| Create a schedule for the interviews. CC ID 16292 | Audits and risk management | Process or Activity | |
| Identify interviewees. CC ID 16290 | Audits and risk management | Process or Activity | |
| Explain the testing results to the interviewee. CC ID 16291 | Audits and risk management | Process or Activity | |
| Establish and maintain work papers, as necessary. CC ID 13891 | Audits and risk management | Establish/Maintain Documentation | |
| Include the auditor's conclusions on work performed by individuals assigned to the audit in the work papers. CC ID 16775 | Audits and risk management | Establish/Maintain Documentation | |
| Include audit irregularities in the work papers. CC ID 16774 | Audits and risk management | Establish/Maintain Documentation | |
| Include corrective actions in the work papers. CC ID 16771 | Audits and risk management | Establish/Maintain Documentation | |
| Include information about the organization being audited and the auditor performing the audit in the work papers. CC ID 16770 | Audits and risk management | Establish/Maintain Documentation | |
| Include discussions with interested personnel and affected parties in the work papers. CC ID 16768 | Audits and risk management | Establish/Maintain Documentation | |
| Include justification for departing from mandatory requirements in the work papers. CC ID 13935 | Audits and risk management | Establish/Maintain Documentation | |
| Include audit evidence obtained from previous engagements in the work papers. CC ID 16518 | Audits and risk management | Audits and Risk Management | |
| Include the reviewer, and dates, for using evidential matter to test in scope controls in the work papers. CC ID 06998 | Audits and risk management | Establish/Maintain Documentation | |
| Include the tests, examinations, interviews and observations performed during the audit in the work papers. CC ID 07190 | Audits and risk management | Establish/Maintain Documentation | |
| Include if any subject matter experts or additional research had to be undertaken to test in scope controls in the work papers. CC ID 07026 | Audits and risk management | Establish/Maintain Documentation | |
| Include the tester, and dates, for using evidential matter to test in scope controls in the work papers. CC ID 06997 | Audits and risk management | Establish/Maintain Documentation | |
| Include any subsequent events related to the audit assertion or audit subject matter in the work papers. CC ID 07177 | Audits and risk management | Audits and Risk Management | |
| Include the causes of identified in scope control deficiencies in the work papers. CC ID 07000 | Audits and risk management | Establish/Maintain Documentation | |
| Include discussions regarding the causes of identified in scope control deficiencies in the work papers. CC ID 06999 | Audits and risk management | Establish/Maintain Documentation | |
| Supervise interested personnel and affected parties participating in the audit. CC ID 07150 | Audits and risk management | Monitor and Evaluate Occurrences | |
| Notify interested personnel and affected parties participating in the audit of their roles and responsibilities during the audit. CC ID 07151 | Audits and risk management | Establish Roles | |
| Respond to questions or clarification requests regarding the audit. CC ID 08902 | Audits and risk management | Business Processes | |
| Track and measure the implementation of the organizational compliance framework. CC ID 06445 [The entity has a process for governing and overseeing the application of policies and procedures. M1.2 Oversight and monitoring] | Audits and risk management | Monitor and Evaluate Occurrences | |
| Review the need for organizational efficiency as balanced against the needs of compliance and security. CC ID 07111 | Audits and risk management | Business Processes | |
| Establish and maintain organizational audit reports. CC ID 06731 | Audits and risk management | Establish/Maintain Documentation | |
| Include the organization's privacy practices in the audit report. CC ID 07029 [{compliance reviews} Compliance with objectives related to privacy are reviewed and documented and the results of such reviews are reported to management. If problems are identified, remediation plans are developed and implemented. M9.1 Documents and reports compliance review results] | Audits and risk management | Establish/Maintain Documentation | |
| Disseminate and communicate the audit report to all interested personnel and affected parties identified in the distribution list. CC ID 07117 | Audits and risk management | Establish/Maintain Documentation | |
| Assign responsibility for remediation actions. CC ID 13622 | Audits and risk management | Human Resources Management | |
| Define penalties for uncorrected audit findings or remaining non-compliant with the audit report. CC ID 08963 | Audits and risk management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a risk management program. CC ID 12051 | Audits and risk management | Establish/Maintain Documentation | |
| Establish, implement, and maintain the risk assessment framework. CC ID 00685 | Audits and risk management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a risk assessment program. CC ID 00687 | Audits and risk management | Establish/Maintain Documentation | |
| Establish, implement, and maintain risk assessment procedures. CC ID 06446 | Audits and risk management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a threat and risk classification scheme. CC ID 07183 | Audits and risk management | Establish/Maintain Documentation | |
| Include security threats and vulnerabilities in the threat and risk classification scheme. CC ID 00699 [As part of the risk assessment process, management identifies environmental threats that could impair the confidentiality, integrity and availability of systems, including threats resulting from adverse weather or the failure of physical access control and environmental control systems, or from electrical discharge, fire and water damage. S7.2 Identifies environmental threats] | Audits and risk management | Technical Security | |
| Establish, implement, and maintain an access control program. CC ID 11702 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Technical security | Establish/Maintain Documentation | |
| Include instructions to change authenticators as often as necessary in the access control program. CC ID 11931 | Technical security | Establish/Maintain Documentation | |
| Include guidance for how users should protect their authentication credentials in the access control program. CC ID 11929 | Technical security | Establish/Maintain Documentation | |
| Include guidance on selecting authentication credentials in the access control program. CC ID 11928 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain access control policies. CC ID 00512 | Technical security | Establish/Maintain Documentation | |
| Include compliance requirements in the access control policy. CC ID 14006 | Technical security | Establish/Maintain Documentation | |
| Include coordination amongst entities in the access control policy. CC ID 14005 | Technical security | Establish/Maintain Documentation | |
| Include management commitment in the access control policy. CC ID 14004 | Technical security | Establish/Maintain Documentation | |
| Include roles and responsibilities in the access control policy. CC ID 14003 | Technical security | Establish/Maintain Documentation | |
| Include the scope in the access control policy. CC ID 14002 | Technical security | Establish/Maintain Documentation | |
| Include the purpose in the access control policy. CC ID 14001 | Technical security | Establish/Maintain Documentation | |
| Document the business need justification for user accounts. CC ID 15490 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain an instant messaging and chat system usage policy. CC ID 11815 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate the access control policies to all interested personnel and affected parties. CC ID 10061 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain an access rights management plan. CC ID 00513 | Technical security | Establish/Maintain Documentation | |
| Implement safeguards to protect access credentials from unauthorized access. CC ID 16433 | Technical security | Technical Security | |
| Inventory all user accounts. CC ID 13732 | Technical security | Establish/Maintain Documentation | |
| Establish and maintain contact information for user accounts, as necessary. CC ID 15418 | Technical security | Data and Information Management | |
| Control access rights to organizational assets. CC ID 00004 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software {logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Technical security | Technical Security | |
| Configure access control lists in accordance with organizational standards. CC ID 16465 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Technical security | Configuration | |
| Add all devices requiring access control to the Access Control List. CC ID 06264 | Technical security | Establish/Maintain Documentation | |
| Generate but refrain from storing authenticators or Personal Identification Numbers for systems involved in high risk activities. CC ID 06835 | Technical security | Technical Security | |
| Define roles for information systems. CC ID 12454 | Technical security | Human Resources Management | |
| Define access needs for each role assigned to an information system. CC ID 12455 | Technical security | Human Resources Management | |
| Define access needs for each system component of an information system. CC ID 12456 | Technical security | Technical Security | |
| Define the level of privilege required for each system component of an information system. CC ID 12457 | Technical security | Technical Security | |
| Establish access rights based on least privilege. CC ID 01411 | Technical security | Technical Security | |
| Assign user permissions based on job responsibilities. CC ID 00538 | Technical security | Technical Security | |
| Assign user privileges after they have management sign off. CC ID 00542 | Technical security | Technical Security | |
| Separate processing domains to segregate user privileges and enhance information flow control. CC ID 06767 | Technical security | Configuration | |
| Establish, implement, and maintain lockout procedures or lockout mechanisms to be triggered after a predetermined number of consecutive logon attempts. CC ID 01412 | Technical security | Technical Security | |
| Configure the lockout procedure to disregard failed logon attempts after the user is authenticated. CC ID 13822 | Technical security | Configuration | |
| Disallow unlocking user accounts absent system administrator approval. CC ID 01413 | Technical security | Technical Security | |
| Establish, implement, and maintain session lock capabilities. CC ID 01417 | Technical security | Configuration | |
| Limit concurrent sessions according to account type. CC ID 01416 | Technical security | Configuration | |
| Establish session authenticity through Transport Layer Security. CC ID 01627 | Technical security | Technical Security | |
| Configure the "tlsverify" argument to organizational standards. CC ID 14460 | Technical security | Configuration | |
| Configure the "tlscacert" argument to organizational standards. CC ID 14521 | Technical security | Configuration | |
| Configure the "tlscert" argument to organizational standards. CC ID 14520 | Technical security | Configuration | |
| Configure the "tlskey" argument to organizational standards. CC ID 14519 | Technical security | Configuration | |
| Enable access control for objects and users on each system. CC ID 04553 [The entity implements logical access security control software, infrastructures, authentication mechanisms and related architectures and security configuration controls over protected information assets to protect them from security incidents and events that might result in unauthorized access, alteration, destruction or disclosure of that information, and to meet the entity's privacy objectives. S7.1 Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Configuration | |
| Include all system components in the access control system. CC ID 11939 | Technical security | Technical Security | |
| Set access control for objects and users to "deny all" unless explicitly authorized. CC ID 06301 | Technical security | Process or Activity | |
| Enable access control for objects and users to match restrictions set by the system's security classification. CC ID 04850 | Technical security | Technical Security | |
| Enable attribute-based access control for objects and users on information systems. CC ID 16351 | Technical security | Technical Security | |
| Enable role-based access control for objects and users on information systems. CC ID 12458 | Technical security | Technical Security | |
| Include the objects and users subject to access control in the security policy. CC ID 11836 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Establish/Maintain Documentation | |
| Assign Information System access authorizations if implementing segregation of duties. CC ID 06323 | Technical security | Establish Roles | |
| Enforce access restrictions for change control. CC ID 01428 | Technical security | Technical Security | |
| Enforce access restrictions for restricted data. CC ID 01921 | Technical security | Data and Information Management | |
| Permit a limited set of user actions absent identification and authentication. CC ID 04849 | Technical security | Technical Security | |
| Activate third party maintenance accounts and user identifiers, as necessary. CC ID 04262 | Technical security | Technical Security | |
| Establish, implement, and maintain a system use agreement for each information system. CC ID 06500 | Technical security | Establish/Maintain Documentation | |
| Accept and sign the system use agreement before data or system access is enabled. CC ID 06501 | Technical security | Establish/Maintain Documentation | |
| Display a logon banner and appropriate logon message before granting access to the system. CC ID 06770 | Technical security | Technical Security | |
| Display previous logon information in the logon banner. CC ID 01415 | Technical security | Configuration | |
| Document actions that can be performed on an information system absent identification and authentication of the user. CC ID 06771 | Technical security | Establish/Maintain Documentation | |
| Use automatic equipment identification as a method of connection authentication absent an individual's identification and authentication. CC ID 06964 | Technical security | Technical Security | |
| Control user privileges. CC ID 11665 | Technical security | Technical Security | |
| Review all user privileges, as necessary. CC ID 06784 [Persons, infrastructure, network devices and software are identified and authenticated, and their access privileges are validated prior to granting access to information assets, whether locally or remotely. S7.1 Identifies and authenticates users] | Technical security | Technical Security | |
| Encrypt files and move them to a secure file server when a user account is disabled. CC ID 07065 | Technical security | Configuration | |
| Review each user's access capabilities when their role changes. CC ID 00524 | Technical security | Technical Security | |
| Change authenticators after personnel status changes. CC ID 12284 | Technical security | Human Resources Management | |
| Establish and maintain a Digital Rights Management program. CC ID 07093 | Technical security | Establish/Maintain Documentation | |
| Enable products restricted by Digital Rights Management to be used while offline. CC ID 07094 | Technical security | Technical Security | |
| Establish, implement, and maintain User Access Management procedures. CC ID 00514 | Technical security | Technical Security | |
| Establish, implement, and maintain an authority for access authorization list. CC ID 06782 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Technical security | Establish/Maintain Documentation | |
| Review and approve logical access to all assets based upon organizational policies. CC ID 06641 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Technical Security | |
| Control the addition and modification of user identifiers, user credentials, or other authenticators. CC ID 00515 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Technical Security | |
| Assign roles and responsibilities for administering user account management. CC ID 11900 | Technical security | Human Resources Management | |
| Automate access control methods, as necessary. CC ID 11838 | Technical security | Technical Security | |
| Automate Access Control Systems, as necessary. CC ID 06854 | Technical security | Technical Security | |
| Refrain from storing logon credentials for third party applications. CC ID 13690 | Technical security | Technical Security | |
| Refrain from allowing user access to identifiers and authenticators used by applications. CC ID 10048 | Technical security | Technical Security | |
| Establish, implement, and maintain a password policy. CC ID 16346 | Technical security | Establish/Maintain Documentation | |
| Enforce the password policy. CC ID 16347 | Technical security | Technical Security | |
| Disseminate and communicate the password policies and password procedures to all users who have access to restricted data or restricted information. CC ID 00518 | Technical security | Establish/Maintain Documentation | |
| Limit superuser accounts to designated System Administrators. CC ID 06766 | Technical security | Configuration | |
| Enforce usage restrictions for superuser accounts. CC ID 07064 | Technical security | Technical Security | |
| Establish, implement, and maintain user accounts in accordance with the organizational Governance, Risk, and Compliance framework. CC ID 00526 | Technical security | Technical Security | |
| Protect and manage biometric systems and biometric data. CC ID 01261 | Technical security | Technical Security | |
| Establish, implement, and maintain biometric collection procedures. CC ID 15419 | Technical security | Establish/Maintain Documentation | |
| Document the business need justification for authentication data storage. CC ID 06325 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain access control procedures. CC ID 11663 | Technical security | Establish/Maintain Documentation | |
| Grant access to authorized personnel or systems. CC ID 12186 | Technical security | Configuration | |
| Document approving and granting access in the access control log. CC ID 06786 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate the access control log to interested personnel and affected parties. CC ID 16442 | Technical security | Communicate | |
| Include the user identifiers of all personnel who are authorized to access a system in the system record. CC ID 15171 | Technical security | Establish/Maintain Documentation | |
| Include identity information of all personnel who are authorized to access a system in the system record. CC ID 16406 | Technical security | Establish/Maintain Documentation | |
| Include the date and time that access was reviewed in the system record. CC ID 16416 | Technical security | Data and Information Management | |
| Include the date and time that access rights were changed in the system record. CC ID 16415 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain an identification and authentication policy. CC ID 14033 [User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Technical security | Establish/Maintain Documentation | |
| Include the purpose in the identification and authentication policy. CC ID 14234 | Technical security | Establish/Maintain Documentation | |
| Include the scope in the identification and authentication policy. CC ID 14232 | Technical security | Establish/Maintain Documentation | |
| Include roles and responsibilities in the identification and authentication policy. CC ID 14230 | Technical security | Establish/Maintain Documentation | |
| Include management commitment in the identification and authentication policy. CC ID 14229 | Technical security | Establish/Maintain Documentation | |
| Include coordination amongst entities in the identification and authentication policy. CC ID 14227 | Technical security | Establish/Maintain Documentation | |
| Include compliance requirements in the identification and authentication policy. CC ID 14225 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate the identification and authentication policy to interested personnel and affected parties. CC ID 14197 | Technical security | Communicate | |
| Establish, implement, and maintain identification and authentication procedures. CC ID 14053 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI User and system identification and authentication policy and procedure requirements are established, documented, managed, monitored and enforced for users and systems accessing the entity's information, infrastructure platforms and network devices, application systems, data storage systems and utility software. S7.1 Manages identification and authentication] | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate the identification and authentication procedures to interested personnel and affected parties. CC ID 14223 | Technical security | Communicate | |
| Include digital identification procedures in the access control program. CC ID 11841 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | Technical security | Technical Security | |
| Disseminate and communicate user identifiers and authenticators using secure communication protocols. CC ID 06791 | Technical security | Data and Information Management | |
| Include instructions to refrain from using previously used authenticators in the access control program. CC ID 11930 | Technical security | Establish/Maintain Documentation | |
| Disallow the use of Personal Identification Numbers as user identifiers. CC ID 06785 | Technical security | Technical Security | |
| Define the activation requirements for identification cards or badges. CC ID 06583 | Technical security | Process or Activity | |
| Require multiple forms of personal identification prior to issuing user identifiers. CC ID 08712 | Technical security | Human Resources Management | |
| Require proper authentication for user identifiers. CC ID 11785 | Technical security | Technical Security | |
| Assign authenticators to user accounts. CC ID 06855 | Technical security | Configuration | |
| Assign authentication mechanisms for user account authentication. CC ID 06856 | Technical security | Configuration | |
| Refrain from allowing individuals to share authentication mechanisms. CC ID 11932 | Technical security | Technical Security | |
| Establish and maintain a memorized secret list. CC ID 13791 | Technical security | Establish/Maintain Documentation | |
| Limit account credential reuse as a part of digital identification procedures. CC ID 12357 | Technical security | Configuration | |
| Refrain from assigning authentication mechanisms for shared accounts. CC ID 11910 | Technical security | Technical Security | |
| Use biometric authentication for identification and authentication, as necessary. CC ID 06857 | Technical security | Establish Roles | |
| Employ live scans to verify biometric authentication. CC ID 06847 | Technical security | Technical Security | |
| Disallow self-enrollment of biometric information. CC ID 11834 | Technical security | Process or Activity | |
| Notify a user when an authenticator for a user account is changed. CC ID 13820 | Technical security | Communicate | |
| Identify and control all network access controls. CC ID 00529 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Technical security | Technical Security | |
| Establish, implement, and maintain a network configuration standard. CC ID 00530 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain network segmentation requirements. CC ID 16380 | Technical security | Establish/Maintain Documentation | |
| Enforce the network segmentation requirements. CC ID 16381 | Technical security | Process or Activity | |
| Ensure the data plane, control plane, and management plane have been segregated according to organizational standards. CC ID 16385 | Technical security | Technical Security | |
| Establish, implement, and maintain a network security policy. CC ID 06440 | Technical security | Establish/Maintain Documentation | |
| Include compliance requirements in the network security policy. CC ID 14205 | Technical security | Establish/Maintain Documentation | |
| Include coordination amongst entities in the network security policy. CC ID 14204 | Technical security | Establish/Maintain Documentation | |
| Include management commitment in the network security policy. CC ID 14203 | Technical security | Establish/Maintain Documentation | |
| Include roles and responsibilities in the network security policy. CC ID 14202 | Technical security | Establish/Maintain Documentation | |
| Include the scope in the network security policy. CC ID 14201 | Technical security | Establish/Maintain Documentation | |
| Include the purpose in the network security policy. CC ID 14200 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate the network security policy to interested personnel and affected parties. CC ID 14199 | Technical security | Communicate | |
| Establish, implement, and maintain system and communications protection procedures. CC ID 14052 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate the system and communications protection procedures to interested personnel and affected parties. CC ID 14206 | Technical security | Communicate | |
| Establish, implement, and maintain a wireless networking policy. CC ID 06732 | Technical security | Establish/Maintain Documentation | |
| Include usage restrictions for Bluetooth in the wireless networking policy. CC ID 16443 | Technical security | Establish/Maintain Documentation | |
| Maintain up-to-date network diagrams. CC ID 00531 | Technical security | Establish/Maintain Documentation | |
| Include the date of the most recent update on the network diagram. CC ID 14319 | Technical security | Establish/Maintain Documentation | |
| Include virtual systems in the network diagram. CC ID 16324 | Technical security | Data and Information Management | |
| Include the organization's name in the network diagram. CC ID 14318 | Technical security | Establish/Maintain Documentation | |
| Include Internet Protocol addresses in the network diagram. CC ID 16244 | Technical security | Establish/Maintain Documentation | |
| Include Domain Name System names in the network diagram. CC ID 16240 | Technical security | Establish/Maintain Documentation | |
| Accept, by formal signature, the security implications of the network topology. CC ID 12323 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate network diagrams to interested personnel and affected parties. CC ID 13137 | Technical security | Communicate | |
| Maintain up-to-date data flow diagrams. CC ID 10059 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Technical security | Establish/Maintain Documentation | |
| Include information flows to third parties in the data flow diagram. CC ID 13185 | Technical security | Establish/Maintain Documentation | |
| Document where data-at-rest and data in transit is encrypted on the data flow diagram. CC ID 16412 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate the data flow diagrams to interested personnel and affected parties. CC ID 16407 | Technical security | Communicate | |
| Manage all internal network connections. CC ID 06329 | Technical security | Technical Security | |
| Employ Dynamic Host Configuration Protocol server logging when assigning dynamic IP addresses using the Dynamic Host Configuration Protocol. CC ID 12109 | Technical security | Technical Security | |
| Establish, implement, and maintain separate virtual private networks to transport sensitive information. CC ID 12124 | Technical security | Technical Security | |
| Establish, implement, and maintain separate virtual local area networks for untrusted devices. CC ID 12095 | Technical security | Technical Security | |
| Plan for and approve all network changes. CC ID 00534 | Technical security | Technical Security | |
| Manage all external network connections. CC ID 11842 | Technical security | Technical Security | |
| Route outbound Internet traffic through a proxy server that supports decrypting network traffic. CC ID 12116 | Technical security | Technical Security | |
| Prohibit systems from connecting directly to external networks. CC ID 08709 | Technical security | Configuration | |
| Prohibit systems from connecting directly to internal networks outside the demilitarized zone (DMZ). CC ID 16360 | Technical security | Technical Security | |
| Secure the Domain Name System. CC ID 00540 | Technical security | Configuration | |
| Implement a fault-tolerant architecture. CC ID 01626 | Technical security | Technical Security | |
| Implement segregation of duties. CC ID 11843 | Technical security | Technical Security | |
| Configure the network to limit zone transfers to trusted servers. CC ID 01876 | Technical security | Configuration | |
| Establish, implement, and maintain a Boundary Defense program. CC ID 00544 | Technical security | Establish/Maintain Documentation | |
| Refrain from disclosing private Internet Protocol addresses and routing information, unless necessary. CC ID 11891 | Technical security | Technical Security | |
| Authorize the disclosure of private Internet Protocol addresses and routing information to external entities. CC ID 12034 | Technical security | Communicate | |
| Segregate systems in accordance with organizational standards. CC ID 12546 [The entity considers and, when deemed necessary, uses network segmentation to restrict access within and between its internal network segments and external networks. Segmentation permits unrelated portions of the entity's information system to be isolated from other network segments. S7.1 Considers network segmentation] | Technical security | Technical Security | |
| Implement gateways between security domains. CC ID 16493 | Technical security | Systems Design, Build, and Implementation | |
| Implement resource-isolation mechanisms in organizational networks. CC ID 16438 | Technical security | Technical Security | |
| Segregate servers that contain restricted data or restricted information from direct public access. CC ID 00533 | Technical security | Technical Security | |
| Prevent logical access to dedicated networks from outside the secure areas. CC ID 12310 | Technical security | Technical Security | |
| Design Demilitarized Zones with proper isolation rules. CC ID 00532 | Technical security | Technical Security | |
| Restrict inbound network traffic into the Demilitarized Zone. CC ID 01285 | Technical security | Data and Information Management | |
| Restrict inbound network traffic into the Demilitarized Zone to Internet Protocol addresses within the Demilitarized Zone. CC ID 11998 | Technical security | Technical Security | |
| Restrict inbound Internet traffic within the Demilitarized Zone to system components that provide publicly accessible services, protocols, and ports. CC ID 11993 | Technical security | Technical Security | |
| Segregate applications and databases that contain restricted data or restricted information in an internal network zone. CC ID 01289 | Technical security | Data and Information Management | |
| Establish, implement, and maintain a network access control standard. CC ID 00546 | Technical security | Establish/Maintain Documentation | |
| Include assigned roles and responsibilities in the network access control standard. CC ID 06410 | Technical security | Establish Roles | |
| Employ firewalls to secure network connections between networks of different security categorizations. CC ID 16373 | Technical security | Technical Security | |
| Employ firewalls to secure network connections between trusted networks and untrusted networks, as necessary. CC ID 11821 | Technical security | Technical Security | |
| Place firewalls between all security domains and between any Demilitarized Zone and internal network zones. CC ID 01274 | Technical security | Configuration | |
| Place firewalls between wireless networks and applications or databases that contain restricted data or restricted information. CC ID 01293 | Technical security | Configuration | |
| Place firewalls between all security domains and between any secure subnet and internal network zones. CC ID 11784 | Technical security | Configuration | |
| Separate the wireless access points and wireless bridges from the wired network via a firewall. CC ID 04588 | Technical security | Technical Security | |
| Include configuration management and rulesets in the network access control standard. CC ID 11845 [{logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Technical security | Establish/Maintain Documentation | |
| Secure the network access control standard against unauthorized changes. CC ID 11920 | Technical security | Establish/Maintain Documentation | |
| Employ centralized management systems to configure and control networks, as necessary. CC ID 12540 | Technical security | Technical Security | |
| Establish, implement, and maintain a firewall and router configuration standard. CC ID 00541 | Technical security | Configuration | |
| Include compensating controls implemented for insecure protocols in the firewall and router configuration standard. CC ID 11948 | Technical security | Establish/Maintain Documentation | |
| Include restricting inbound network traffic in the firewall and router configuration standard. CC ID 11960 | Technical security | Establish/Maintain Documentation | |
| Include restricting outbound network traffic in the firewall and router configuration standard. CC ID 11961 | Technical security | Establish/Maintain Documentation | |
| Include requirements for a firewall at each Internet connection and between any demilitarized zone and the internal network zone in the firewall and router configuration standard. CC ID 12435 | Technical security | Establish/Maintain Documentation | |
| Include network diagrams that identify connections between all subnets and wireless networks in the firewall and router configuration standard. CC ID 12434 | Technical security | Establish/Maintain Documentation | |
| Include network diagrams that identify storage or processing locations of all restricted data in the firewall and router configuration standard. CC ID 12426 | Technical security | Establish/Maintain Documentation | |
| Deny or strictly control wireless traffic to applications or databases that contain restricted data or restricted information. CC ID 11847 | Technical security | Configuration | |
| Include a protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00537 | Technical security | Establish/Maintain Documentation | |
| Configure network ports to organizational standards. CC ID 14007 | Technical security | Configuration | |
| Include approval of the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 12547 | Technical security | Establish/Maintain Documentation | |
| Include the use of protocols above and beyond common information service protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 00539 | Technical security | Establish/Maintain Documentation | |
| Include justifying the use of risky protocols in the protocols, ports, applications, and services list in the firewall and router configuration standard. CC ID 01280 | Technical security | Establish/Maintain Documentation | |
| Document and implement security features for each identified insecure service, protocol, and port in the protocols, ports, applications, and services list. CC ID 12033 | Technical security | Establish/Maintain Documentation | |
| Identify the insecure services, protocols, and ports in the protocols, ports, applications, and services list in the firewall and router configuration. CC ID 12032 | Technical security | Establish/Maintain Documentation | |
| Install and configure firewalls to be enabled on all mobile devices, if possible. CC ID 00550 | Technical security | Configuration | |
| Lock personal firewall configurations to prevent them from being disabled or changed by end users. CC ID 06420 | Technical security | Technical Security | |
| Configure network access and control points to protect restricted data or restricted information. CC ID 01284 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Technical security | Configuration | |
| Protect data stored at external locations. CC ID 16333 | Technical security | Data and Information Management | |
| Protect the firewall's network connection interfaces. CC ID 01955 | Technical security | Technical Security | |
| Configure firewalls to deny all traffic by default, except explicitly designated traffic. CC ID 00547 | Technical security | Configuration | |
| Allow local program exceptions on the firewall, as necessary. CC ID 01956 | Technical security | Configuration | |
| Allow remote administration exceptions on the firewall, as necessary. CC ID 01957 | Technical security | Configuration | |
| Allow file sharing exceptions on the firewall, as necessary. CC ID 01958 | Technical security | Configuration | |
| Allow printer sharing exceptions on the firewall, as necessary. CC ID 11849 | Technical security | Configuration | |
| Allow Internet Control Message Protocol exceptions on the firewall, as necessary. CC ID 01959 | Technical security | Configuration | |
| Allow Remote Desktop Connection exceptions on the firewall, as necessary. CC ID 01960 | Technical security | Configuration | |
| Allow UPnP framework exceptions on the firewall, as necessary. CC ID 01961 | Technical security | Configuration | |
| Allow notification exceptions on the firewall, as necessary. CC ID 01962 | Technical security | Configuration | |
| Allow unicast response to multicast or broadcast exceptions on the firewall, as necessary. CC ID 01964 | Technical security | Configuration | |
| Allow protocol port exceptions on the firewall, as necessary. CC ID 01965 | Technical security | Configuration | |
| Allow local port exceptions on the firewall, as necessary. CC ID 01966 | Technical security | Configuration | |
| Establish, implement, and maintain ingress address filters on the firewall, as necessary. CC ID 01287 | Technical security | Configuration | |
| Establish, implement, and maintain packet filtering requirements. CC ID 16362 | Technical security | Technical Security | |
| Configure firewall filtering to only permit established connections into the network. CC ID 12482 | Technical security | Technical Security | |
| Restrict outbound network traffic from systems that contain restricted data or restricted information. CC ID 01295 | Technical security | Data and Information Management | |
| Deny direct Internet access to databases that store restricted data or restricted information. CC ID 01271 | Technical security | Data and Information Management | |
| Synchronize and secure all router configuration files. CC ID 01291 | Technical security | Configuration | |
| Synchronize and secure all firewall configuration files. CC ID 11851 | Technical security | Configuration | |
| Configure firewalls to generate an audit log. CC ID 12038 | Technical security | Audits and Risk Management | |
| Configure firewalls to generate an alert when a potential security incident is detected. CC ID 12165 | Technical security | Configuration | |
| Record the configuration rules for network access and control points in the configuration management system. CC ID 12105 | Technical security | Establish/Maintain Documentation | |
| Record the duration of the business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12107 | Technical security | Establish/Maintain Documentation | |
| Record each individual's name and business need associated with changes to the configuration rules for network access and control points in the configuration management system. CC ID 12106 | Technical security | Establish/Maintain Documentation | |
| Install and configure application layer firewalls for all key web-facing applications. CC ID 01450 | Technical security | Configuration | |
| Update application layer firewalls to the most current version. CC ID 12037 | Technical security | Process or Activity | |
| Establish, implement, and maintain Voice over Internet Protocol Configuration Management standards. CC ID 11853 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain a Wireless Local Area Network Configuration Management standard. CC ID 11854 | Technical security | Establish/Maintain Documentation | |
| Configure third party Wireless Local Area Network services in accordance with organizational Information Assurance standards. CC ID 00751 | Technical security | Configuration | |
| Remove all unauthorized Wireless Local Area Networks. CC ID 06309 | Technical security | Configuration | |
| Establish, implement, and maintain Voice over Internet Protocol design specification. CC ID 01449 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain a Wireless Local Area Network Configuration Management program. CC ID 01646 | Technical security | Establish/Maintain Documentation | |
| Distrust relying solely on Wired Equivalent Privacy encryption for Wireless Local Area Networks. CC ID 01647 | Technical security | Technical Security | |
| Refrain from using Wired Equivalent Privacy for Wireless Local Area Networks that use Wi-Fi Protected Access. CC ID 01648 | Technical security | Configuration | |
| Conduct a Wireless Local Area Network site survey to determine the proper location for wireless access points. CC ID 00605 | Technical security | Technical Security | |
| Configure Intrusion Detection Systems and Intrusion Prevention Systems to continuously check and send alerts for rogue devices connected to Wireless Local Area Networks. CC ID 04830 | Technical security | Configuration | |
| Remove all unauthorized wireless access points. CC ID 11856 | Technical security | Configuration | |
| Enforce information flow control. CC ID 11781 | Technical security | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain information flow control configuration standards. CC ID 01924 | Technical security | Establish/Maintain Documentation | |
| Require the system to identify and authenticate approved devices before establishing a connection. CC ID 01429 [Persons, infrastructure, network devices and software are identified and authenticated, and their access privileges are validated prior to granting access to information assets, whether locally or remotely. S7.1 Identifies and authenticates users] | Technical security | Testing | |
| Maintain a record of the challenge state during identification and authentication in an automated information exchange. CC ID 06629 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain a data loss prevention solution to protect Access Control Lists. CC ID 12128 [Data loss prevention processes and technologies are used to restrict a user or system's ability to exfiltrate protected information, to execute data transmission, move information stored logically or maintained in physical devices, or otherwise modify, view, reproduce or destroy such information. S7.3 Restricts the ability to perform transmission] | Technical security | Technical Security | |
| Constrain the information flow of restricted data or restricted information. CC ID 06763 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Technical security | Data and Information Management | |
| Restrict access to restricted data and restricted information on a need to know basis. CC ID 12453 | Technical security | Data and Information Management | |
| Prohibit restricted data or restricted information from being sent to mobile devices. CC ID 04725 | Technical security | Data and Information Management | |
| Prohibit restricted data or restricted information from being copied or moved absent approval of system boundaries for information flow control. CC ID 06310 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Technical security | Data and Information Management | |
| Establish, implement, and maintain information flow control policies inside the system and between interconnected systems. CC ID 01410 [{internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3 {internal user} The entity restricts the transmission, movement and removal of information to authorized internal and external users and processes, and protects it during transmission, movement or removal to meet the entity's objectives. S7.3] | Technical security | Establish/Maintain Documentation | |
| Define risk tolerance to illicit data flow for each type of information classification. CC ID 01923 | Technical security | Data and Information Management | |
| Establish, implement, and maintain a document printing policy. CC ID 14384 | Technical security | Establish/Maintain Documentation | |
| Include printing to personal printers during a continuity event in the document printing policy. CC ID 14396 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain information flow procedures. CC ID 04542 | Technical security | Establish/Maintain Documentation | |
| Disclose non-privacy related restricted information after a court makes a determination the information is material to a court case. CC ID 06242 | Technical security | Data and Information Management | |
| Exchange non-privacy related restricted information with approved third parties if the information supports an approved activity. CC ID 06243 | Technical security | Data and Information Management | |
| Establish, implement, and maintain information exchange procedures. CC ID 11782 | Technical security | Establish/Maintain Documentation | |
| Perform content sanitization on data-in-transit. CC ID 16512 | Technical security | Data and Information Management | |
| Perform content conversion on data-in-transit. CC ID 16510 | Technical security | Data and Information Management | |
| Protect data from unauthorized access while transmitting between separate parts of the system. CC ID 16499 | Technical security | Data and Information Management | |
| Protect data from modification or loss while transmitting between separate parts of the system. CC ID 04554 | Technical security | Data and Information Management | |
| Protect data from unauthorized disclosure while transmitting between separate parts of the system. CC ID 11859 | Technical security | Data and Information Management | |
| Review and approve information exchange system connections. CC ID 07143 | Technical security | Technical Security | |
| Log issuers who send personal data in cleartext in the transfer audit log. CC ID 12312 | Technical security | Log Management | |
| Establish, implement, and maintain measures to detect and prevent the use of unsafe internet services. CC ID 13104 | Technical security | Technical Security | |
| Refrain from storing restricted data at unsafe Internet services or virtual servers. CC ID 13107 | Technical security | Technical Security | |
| Establish, implement, and maintain whitelists and blacklists of domain names. CC ID 07097 | Technical security | Establish/Maintain Documentation | |
| Deploy sender policy framework records in the organization's Domain Name Servers. CC ID 12183 | Technical security | Configuration | |
| Block uncategorized sites using URL filtering. CC ID 12140 | Technical security | Technical Security | |
| Establish, implement, and maintain whitelists and blacklists of web content. CC ID 15234 | Technical security | Data and Information Management | |
| Establish, implement, and maintain whitelists and blacklists of software. CC ID 11780 | Technical security | Establish/Maintain Documentation | |
| Implement information flow control policies when making decisions about information sharing or collaboration. CC ID 10094 | Technical security | Behavior | |
| Manage the use of encryption controls and cryptographic controls. CC ID 00570 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Technical security | Technical Security | |
| Comply with the encryption laws of the local country. CC ID 16377 | Technical security | Business Processes | |
| Define the cryptographic module security functions and the cryptographic module operational modes. CC ID 06542 | Technical security | Establish/Maintain Documentation | |
| Define the cryptographic boundaries. CC ID 06543 | Technical security | Establish/Maintain Documentation | |
| Establish and maintain the documentation requirements for cryptographic modules. CC ID 06544 | Technical security | Establish/Maintain Documentation | |
| Establish and maintain the security requirements for cryptographic module ports and cryptographic module interfaces. CC ID 06545 | Technical security | Establish/Maintain Documentation | |
| Implement the documented cryptographic module security functions. CC ID 06755 | Technical security | Data and Information Management | |
| Establish, implement, and maintain documentation for the delivery and operation of cryptographic modules. CC ID 06547 | Technical security | Establish/Maintain Documentation | |
| Document the operation of the cryptographic module. CC ID 06546 | Technical security | Establish/Maintain Documentation | |
| Employ cryptographic controls that comply with applicable requirements. CC ID 12491 | Technical security | Technical Security | |
| Establish, implement, and maintain digital signatures. CC ID 13828 | Technical security | Data and Information Management | |
| Include the expiration date in digital signatures. CC ID 13833 | Technical security | Data and Information Management | |
| Include audience restrictions in digital signatures. CC ID 13834 | Technical security | Data and Information Management | |
| Include the subject in digital signatures. CC ID 13832 | Technical security | Data and Information Management | |
| Include the issuer in digital signatures. CC ID 13831 | Technical security | Data and Information Management | |
| Include identifiers in the digital signature. CC ID 13829 | Technical security | Data and Information Management | |
| Generate and protect a secret random number for each digital signature. CC ID 06577 | Technical security | Establish/Maintain Documentation | |
| Establish the security strength requirements for the digital signature process. CC ID 06578 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain an encryption management and cryptographic controls policy. CC ID 04546 | Technical security | Establish/Maintain Documentation | |
| Refrain from allowing the use of cleartext for input or output of restricted data or restricted information. CC ID 04823 | Technical security | Configuration | |
| Encrypt in scope data or in scope information, as necessary. CC ID 04824 | Technical security | Data and Information Management | |
| Digitally sign records and data, as necessary. CC ID 16507 | Technical security | Data and Information Management | |
| Make key usage for data fields unique for each device. CC ID 04828 | Technical security | Technical Security | |
| Decrypt restricted data for the minimum time required. CC ID 12308 | Technical security | Data and Information Management | |
| Decrypt personal data only on dedicated networks, not on public networks. CC ID 12309 | Technical security | Data and Information Management | |
| Accept only trusted keys and/or certificates. CC ID 11988 | Technical security | Technical Security | |
| Establish, implement, and maintain cryptographic key creation domain parameter requirements. CC ID 06575 | Technical security | Data and Information Management | |
| Define the asymmetric signature field for the CHUID container on identification cards or badges. CC ID 06584 | Technical security | Process or Activity | |
| Implement cryptographic operations and support functions on identification cards or badges. CC ID 06585 | Technical security | Process or Activity | |
| Disseminate and communicate the encryption management and cryptographic controls policy to all interested personnel and affected parties. CC ID 15476 | Technical security | Communicate | |
| Define the format of the biometric data on identification cards or badges. CC ID 06586 | Technical security | Process or Activity | |
| Protect salt values and hash values in accordance with organizational standards. CC ID 16471 | Technical security | Data and Information Management | |
| Provide guidance to customers on how to securely transmit, store, and update cryptographic keys. CC ID 12040 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate the encryption management procedures to all interested personnel and affected parties. CC ID 15477 | Technical security | Communicate | |
| Establish, implement, and maintain encryption management procedures. CC ID 15475 | Technical security | Establish/Maintain Documentation | |
| Define and assign cryptographic, encryption and key management roles and responsibilities. CC ID 15470 | Technical security | Establish Roles | |
| Establish, implement, and maintain cryptographic key management procedures. CC ID 00571 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate cryptographic key management procedures to interested personnel and affected parties. CC ID 13164 | Technical security | Communicate | |
| Bind keys to each identity. CC ID 12337 | Technical security | Technical Security | |
| Include recommended cryptographic key management procedures for cloud service providers in the cryptographic key management procedures. CC ID 13152 | Technical security | Establish/Maintain Documentation | |
| Include requesting cryptographic key types in the cryptographic key management procedures. CC ID 13151 | Technical security | Establish/Maintain Documentation | |
| Recover encrypted data for lost cryptographic keys, compromised cryptographic keys, or damaged cryptographic keys. CC ID 01301 | Technical security | Data and Information Management | |
| Generate strong cryptographic keys. CC ID 01299 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Data and Information Management | |
| Generate unique cryptographic keys for each user. CC ID 12169 | Technical security | Technical Security | |
| Use approved random number generators for creating cryptographic keys. CC ID 06574 | Technical security | Data and Information Management | |
| Implement decryption keys so that they are not linked to user accounts. CC ID 06851 | Technical security | Technical Security | |
| Include the establishment of cryptographic keys in the cryptographic key management procedures. CC ID 06540 | Technical security | Establish/Maintain Documentation | |
| Disseminate and communicate cryptographic keys securely. CC ID 01300 | Technical security | Data and Information Management | |
| Control the input and output of cryptographic keys from a cryptographic module. CC ID 06541 | Technical security | Data and Information Management | |
| Store cryptographic keys securely. CC ID 01298 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Data and Information Management | |
| Restrict access to cryptographic keys. CC ID 01297 | Technical security | Data and Information Management | |
| Store cryptographic keys in encrypted format. CC ID 06084 | Technical security | Data and Information Management | |
| Store key-encrypting keys and data-encrypting keys in different locations. CC ID 06085 | Technical security | Technical Security | |
| Include offsite backups of cryptographic keys in the cryptographic key management procedures. CC ID 13127 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data] | Technical security | Establish/Maintain Documentation | |
| Change cryptographic keys in accordance with organizational standards. CC ID 01302 | Technical security | Data and Information Management | |
| Destroy cryptographic keys promptly after the retention period. CC ID 01303 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Data and Information Management | |
| Control cryptographic keys with split knowledge and dual control. CC ID 01304 | Technical security | Data and Information Management | |
| Prevent the unauthorized substitution of cryptographic keys. CC ID 01305 | Technical security | Data and Information Management | |
| Manage outdated cryptographic keys, compromised cryptographic keys, or revoked cryptographic keys. CC ID 06852 [Processes are in place to protect public and private encryption keys during generation, storage, use, deactivation and destruction. S7.1 Protects encryption keys] | Technical security | Technical Security | |
| Archive outdated cryptographic keys. CC ID 06884 | Technical security | Data and Information Management | |
| Archive revoked cryptographic keys. CC ID 11819 | Technical security | Data and Information Management | |
| Require key custodians to sign the cryptographic key management policy. CC ID 01308 | Technical security | Establish/Maintain Documentation | |
| Require key custodians to sign the key custodian's roles and responsibilities. CC ID 11820 | Technical security | Human Resources Management | |
| Manage the digital signature cryptographic key pair. CC ID 06576 | Technical security | Data and Information Management | |
| Establish, implement, and maintain requirements for Personal Identity Verification authentication certificates. CC ID 06587 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain Public Key certificate application procedures. CC ID 07079 | Technical security | Establish/Maintain Documentation | |
| Establish a Registration Authority to support the Public Key Infrastructure. CC ID 15725 | Technical security | Establish Roles | |
| Include the Identification and Authentication of individuals or entities in the Public Key certificate application procedures. CC ID 07080 | Technical security | Establish/Maintain Documentation | |
| Include approving or rejecting Public Key certificate applications in the Public Key certificate application procedure. CC ID 07081 | Technical security | Establish/Maintain Documentation | |
| Include revocation of Public Key certificates in the Public Key certificate procedures. CC ID 07082 | Technical security | Establish/Maintain Documentation | |
| Publish revoked Public Key certificates in the Certificate Revocation List. CC ID 07089 | Technical security | Establish/Maintain Documentation | |
| Establish, implement, and maintain Public Key renewal or rekeying request procedures. CC ID 07083 | Technical security | Establish/Maintain Documentation | |
| Include identification and authentication in Public Key renewal or rekeying request procedures. CC ID 11816 | Technical security | Establish/Maintain Documentation | |
| Issue authentication mechanisms that support the Public Key Infrastructure. CC ID 07092 | Technical security | Technical Security | |
| Establish a Root Certification Authority to support the Public Key Infrastructure. CC ID 07084 | Technical security | Technical Security | |
| Establish, implement, and maintain Public Key certificate procedures. CC ID 07085 | Technical security | Establish/Maintain Documentation | |
| Include signing and issuing Public Key certificates in the Public Key certificate procedures. CC ID 11817 | Technical security | Establish/Maintain Documentation | |
| Include publishing Public Key certificates in the Public Key certificate procedures. CC ID 07087 | Technical security | Establish/Maintain Documentation | |
| Include access to issued Public Key certificates in the Public Key certificate procedures. CC ID 07086 | Technical security | Establish/Maintain Documentation | |
| Connect the Public Key Infrastructure to the organization's identity and access management system. CC ID 07091 | Technical security | Technical Security | |
| Archive Public Key certificate records according to organizational Records Management rules. CC ID 07090 | Technical security | Records Management | |
| Refrain from storing encryption keys with cloud service providers when cryptographic key management services are in place locally. CC ID 13153 | Technical security | Technical Security | |
| Refrain from permitting cloud service providers to manage encryption keys when cryptographic key management services are in place locally. CC ID 13154 | Technical security | Technical Security | |
| Use strong data encryption to transmit in scope data or in scope information, as necessary. CC ID 00564 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data] | Technical security | Technical Security | |
| Ensure restricted data or restricted information are encrypted prior to or at the time of transmission. CC ID 01749 [{data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data] | Technical security | Configuration | |
| Configure the encryption strength to be appropriate for the encryption methodology of the cryptographic controls. CC ID 12492 | Technical security | Technical Security | |
| Encrypt traffic over networks with trusted cryptographic keys. CC ID 12490 | Technical security | Technical Security | |
| Authorize transactions of data transmitted over public networks or shared data networks. CC ID 00566 | Technical security | Establish/Maintain Documentation | |
| Treat data messages that do not receive an acknowledgment as never been sent. CC ID 14416 | Technical security | Technical Security | |
| Establish trusted paths to transmit restricted data or restricted information over public networks or wireless networks. CC ID 00568 | Technical security | Technical Security | |
| Protect application services information transmitted over a public network from unauthorized modification. CC ID 12021 | Technical security | Technical Security | |
| Protect application services information transmitted over a public network from unauthorized disclosure. CC ID 12020 | Technical security | Technical Security | |
| Protect application services information transmitted over a public network from contract disputes. CC ID 12019 | Technical security | Technical Security | |
| Protect application services information transmitted over a public network from fraudulent activity. CC ID 12018 | Technical security | Technical Security | |
| Establish, implement, and maintain a malicious code protection program. CC ID 00574 | Technical security | Establish/Maintain Documentation | |
| Install security and protection software, as necessary. CC ID 00575 [The entity uses antivirus and anti-malware software and requires that it be implemented and maintained on all end-point devices connected to the internal and external networks to provide for the interception, detection and remediation of malware. The entity also requires third-party service organizations to confirm that their users and systems that connect to the entity's internal networks, infrastructure systems, network devices, application systems and data storage devices and information, also have active and currently updated antivirus and anti-malware protections. S7.1 Uses antivirus and anti-malware software] | Technical security | Configuration | |
| Install and maintain container security solutions. CC ID 16178 | Technical security | Technical Security | |
| Establish, implement, and maintain a physical and environmental protection policy. CC ID 14030 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain physical and environmental protection procedures. CC ID 14061 [{administrative safeguard}{technical safeguard} The entity tests the effectiveness of the key administrative, technical and physical safeguards protecting personal data, periodically and as required by entity policy, or by relevant, applicable laws or regulations. S7.5] | Physical and environmental protection | Establish/Maintain Documentation | |
| Disseminate and communicate the physical and environmental protection procedures to interested personnel and affected parties. CC ID 14175 | Physical and environmental protection | Communicate | |
| Establish, implement, and maintain a physical security program. CC ID 11757 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain a facility physical security program. CC ID 00711 [The entity restricts physical access to facilities and protected information assets (e.g., data center facilities, back-up media storage and other sensitive locations) to authorized personnel to meet the entity's objectives. S7.2] | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain opening procedures for businesses. CC ID 16671 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain closing procedures for businesses. CC ID 16670 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish and maintain a contract for accessing facilities that transmit, process, or store restricted data. CC ID 12050 | Physical and environmental protection | Establish/Maintain Documentation | |
| Refrain from providing access to facilities that transmit, process, or store restricted data until the contract for accessing the facility is signed. CC ID 12311 | Physical and environmental protection | Behavior | |
| Protect the facility from crime. CC ID 06347 | Physical and environmental protection | Physical and Environmental Protection | |
| Define communication methods for reporting crimes. CC ID 06349 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include identification cards or badges in the physical security program. CC ID 14818 | Physical and environmental protection | Establish/Maintain Documentation | |
| Protect facilities from eavesdropping. CC ID 02222 | Physical and environmental protection | Physical and Environmental Protection | |
| Implement audio protection controls on telephone systems in controlled areas. CC ID 16455 | Physical and environmental protection | Technical Security | |
| Establish, implement, and maintain security procedures for virtual meetings. CC ID 15581 | Physical and environmental protection | Establish/Maintain Documentation | |
| Hold conferences requiring sensitive information discussions in spaces that have commensurate security. CC ID 11440 | Physical and environmental protection | Physical and Environmental Protection | |
| Provide one-time meeting support for discussions involving Top Secret information. CC ID 11441 | Physical and environmental protection | Physical and Environmental Protection | |
| Create security zones in facilities, as necessary. CC ID 16295 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish clear zones around any sensitive facilities. CC ID 02214 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain floor plans. CC ID 16419 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include network infrastructure and cabling infrastructure on the floor plan. CC ID 16420 | Physical and environmental protection | Establish/Maintain Documentation | |
| Post floor plans of critical facilities in secure locations. CC ID 16138 | Physical and environmental protection | Communicate | |
| Post and maintain security signage for all facilities. CC ID 02201 | Physical and environmental protection | Establish/Maintain Documentation | |
| Inspect items brought into the facility. CC ID 06341 | Physical and environmental protection | Physical and Environmental Protection | |
| Maintain all physical security systems. CC ID 02206 | Physical and environmental protection | Physical and Environmental Protection | |
| Maintain all security alarm systems. CC ID 11669 | Physical and environmental protection | Physical and Environmental Protection | |
| Identify and document physical access controls for all physical entry points. CC ID 01637 | Physical and environmental protection | Establish/Maintain Documentation | |
| Control physical access to (and within) the facility. CC ID 01329 [The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain physical access procedures. CC ID 13629 | Physical and environmental protection | Establish/Maintain Documentation | |
| Meet the physical access requirements of disabled individuals, if reasonably possible. CC ID 00419 | Physical and environmental protection | Physical and Environmental Protection | |
| Configure the access control system to grant access only during authorized working hours. CC ID 12325 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain a visitor access permission policy. CC ID 06699 | Physical and environmental protection | Establish/Maintain Documentation | |
| Escort visitors within the facility, as necessary. CC ID 06417 | Physical and environmental protection | Establish/Maintain Documentation | |
| Check the visitor's stated identity against a provided government issued identification. CC ID 06701 | Physical and environmental protection | Physical and Environmental Protection | |
| Authorize visitors before granting entry to physical areas containing restricted data or restricted information. CC ID 01330 | Physical and environmental protection | Testing | |
| Disseminate and communicate the right of the organization to search visitors while at the facility. CC ID 06702 | Physical and environmental protection | Behavior | |
| Establish, implement, and maintain procedures for changing a visitor's access requirements. CC ID 12048 | Physical and environmental protection | Establish/Maintain Documentation | |
| Maintain and review facility access lists of personnel who have been granted authorized entry to (and within) facilities that contain restricted data or restricted information. CC ID 01436 [Processes are in place to periodically evaluate and re-validate (with the appropriate authorities) everyone's need for physical access and to make sure such access is consistent with the entity's business needs and the individual's specific job responsibilities. S7.2 Ongoing physical access monitoring] | Physical and environmental protection | Establish/Maintain Documentation | |
| Authorize physical access to sensitive areas based on job functions. CC ID 12462 [Processes are in place to periodically evaluate and re-validate (with the appropriate authorities) everyone's need for physical access and to make sure such access is consistent with the entity's business needs and the individual's specific job responsibilities. S7.2 Ongoing physical access monitoring] | Physical and environmental protection | Establish/Maintain Documentation | |
| Escort uncleared personnel who need to work in or access controlled access areas. CC ID 00747 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain physical identification procedures. CC ID 00713 | Physical and environmental protection | Establish/Maintain Documentation | |
| Disallow opting out of wearing or displaying identification cards or badges. CC ID 13030 | Physical and environmental protection | Human Resources Management | |
| Implement physical identification processes. CC ID 13715 | Physical and environmental protection | Process or Activity | |
| Refrain from using knowledge-based authentication for in-person identity verification. CC ID 13717 | Physical and environmental protection | Process or Activity | |
| Issue photo identification badges to all employees. CC ID 12326 | Physical and environmental protection | Physical and Environmental Protection | |
| Implement operational requirements for card readers. CC ID 02225 | Physical and environmental protection | Testing | |
| Establish, implement, and maintain lost or damaged identification card procedures, as necessary. CC ID 14819 | Physical and environmental protection | Establish/Maintain Documentation | |
| Report lost badges, stolen badges, and broken badges to the Security Manager. CC ID 12334 | Physical and environmental protection | Physical and Environmental Protection | |
| Manage constituent identification inside the facility. CC ID 02215 | Physical and environmental protection | Behavior | |
| Direct each employee to be responsible for their identification card or badge. CC ID 12332 | Physical and environmental protection | Human Resources Management | |
| Manage visitor identification inside the facility. CC ID 11670 | Physical and environmental protection | Physical and Environmental Protection | |
| Issue visitor identification badges to all non-employees. CC ID 00543 | Physical and environmental protection | Behavior | |
| Secure unissued visitor identification badges. CC ID 06712 | Physical and environmental protection | Physical and Environmental Protection | |
| Retrieve visitor identification badges prior to the exit of a visitor from the facility. CC ID 01331 | Physical and environmental protection | Behavior | |
| Include name, date of entry, and validity period on disposable identification cards or badges. CC ID 12331 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain identification issuance procedures for identification cards or badges. CC ID 06598 [The entity requires individuals to be issued a proximity badge and has implemented proximity control mechanisms that require an individual to authenticate their identity via proximity card reading devices prior to gaining access to internal locations within the entity's data centers, office spaces, document storage locations, work areas and environmental control system locations. S7.2 Internal physical access control] | Physical and environmental protection | Establish/Maintain Documentation | |
| Record the assigned identification card or badge serial number when issuing an identification card or badge. CC ID 06714 | Physical and environmental protection | Process or Activity | |
| Include error handling controls in identification issuance procedures. CC ID 13709 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include an appeal process in the identification issuance procedures. CC ID 15428 | Physical and environmental protection | Business Processes | |
| Include information security in the identification issuance procedures. CC ID 15425 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include identity proofing processes in the identification issuance procedures. CC ID 06597 | Physical and environmental protection | Process or Activity | |
| Establish, implement, and maintain post-issuance update procedures for identification cards or badges. CC ID 15426 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include an identity registration process in the identification issuance procedures. CC ID 11671 | Physical and environmental protection | Establish/Maintain Documentation | |
| Restrict access to the badge system to authorized personnel. CC ID 12043 | Physical and environmental protection | Physical and Environmental Protection | |
| Enforce dual control for badge assignments. CC ID 12328 | Physical and environmental protection | Physical and Environmental Protection | |
| Enforce dual control for accessing unassigned identification cards or badges. CC ID 12327 | Physical and environmental protection | Physical and Environmental Protection | |
| Refrain from imprinting the company name or company logo on identification cards or badges. CC ID 12282 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain identification renewal procedures for identification cards or badges. CC ID 06599 | Physical and environmental protection | Establish/Maintain Documentation | |
| Assign employees the responsibility for controlling their identification badges. CC ID 12333 | Physical and environmental protection | Human Resources Management | |
| Establish, implement, and maintain identification re-issuing procedures for identification cards or badges. CC ID 06596 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain identification mechanism termination procedures. CC ID 06306 | Physical and environmental protection | Establish/Maintain Documentation | |
| Prevent tailgating through physical entry points. CC ID 06685 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain a door security standard. CC ID 06686 | Physical and environmental protection | Establish/Maintain Documentation | |
| Install doors so that exposed hinges are on the secured side. CC ID 06687 | Physical and environmental protection | Configuration | |
| Install emergency doors to permit egress only. CC ID 06688 | Physical and environmental protection | Configuration | |
| Install contact alarms on doors, as necessary. CC ID 06710 | Physical and environmental protection | Configuration | |
| Use locks to protect against unauthorized physical access. CC ID 06342 | Physical and environmental protection | Physical and Environmental Protection | |
| Use locks with electronic authentication systems or cipher locks, as necessary. CC ID 06650 | Physical and environmental protection | Configuration | |
| Secure unissued access mechanisms. CC ID 06713 | Physical and environmental protection | Technical Security | |
| Establish, implement, and maintain a lock and access mechanism inventory (keys, lock combinations, or key cards) for all physical access control systems. CC ID 00748 | Physical and environmental protection | Establish/Maintain Documentation | |
| Change cipher lock codes, as necessary. CC ID 06651 | Physical and environmental protection | Technical Security | |
| Record the assigned access mechanism serial number or cipher lock code when issuing controlled items. CC ID 06715 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain a window security standard. CC ID 06689 | Physical and environmental protection | Establish/Maintain Documentation | |
| Install contact alarms on openable windows, as necessary. CC ID 06690 | Physical and environmental protection | Configuration | |
| Install glass break alarms on windows, as necessary. CC ID 06691 | Physical and environmental protection | Configuration | |
| Post signs at all physical entry points stating the organization's right to inspect upon entry. CC ID 02204 | Physical and environmental protection | Establish/Maintain Documentation | |
| Install and maintain security lighting at all physical entry points. CC ID 02205 | Physical and environmental protection | Physical and Environmental Protection | |
| Use vandal resistant light fixtures for all security lighting. CC ID 16130 | Physical and environmental protection | Physical and Environmental Protection | |
| Manage access to loading docks, unloading docks, and mail rooms. CC ID 02210 | Physical and environmental protection | Physical and Environmental Protection | |
| Secure the loading dock with physical access controls or security guards. CC ID 06703 | Physical and environmental protection | Physical and Environmental Protection | |
| Isolate loading areas from information processing facilities, if possible. CC ID 12028 | Physical and environmental protection | Physical and Environmental Protection | |
| Screen incoming mail and deliveries. CC ID 06719 | Physical and environmental protection | Physical and Environmental Protection | |
| Protect access to the facility's mechanical systems area. CC ID 02212 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain elevator security guidelines. CC ID 02232 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain stairwell security guidelines. CC ID 02233 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain glass opening security guidelines. CC ID 02234 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain after hours facility access procedures. CC ID 06340 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish a security room, if necessary. CC ID 00738 | Physical and environmental protection | Physical and Environmental Protection | |
| Implement physical security standards for mainframe rooms or data centers. CC ID 00749 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Physical and environmental protection | Physical and Environmental Protection | |
| Establish and maintain equipment security cages in a shared space environment. CC ID 06711 | Physical and environmental protection | Physical and Environmental Protection | |
| Secure systems in lockable equipment cabinets, as necessary. CC ID 06716 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain vault physical security standards. CC ID 02203 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain a guideline for working in a secure area. CC ID 04538 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain emergency re-entry procedures. CC ID 11672 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain emergency exit procedures. CC ID 01252 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, Implement, and maintain a camera operating policy. CC ID 15456 | Physical and environmental protection | Establish/Maintain Documentation | |
| Disseminate and communicate the camera installation policy to interested personnel and affected parties. CC ID 15461 | Physical and environmental protection | Communicate | |
| Establish and maintain a visitor log. CC ID 00715 | Physical and environmental protection | Log Management | |
| Require all visitors to sign in to the visitor log before the entrance of a visitor to the facility. CC ID 06700 | Physical and environmental protection | Establish/Maintain Documentation | |
| Require all visitors to sign out of the visitor log before the exit of a visitor from the facility. CC ID 06649 | Physical and environmental protection | Behavior | |
| Record the visitor's name in the visitor log. CC ID 00557 | Physical and environmental protection | Log Management | |
| Record the visitor's organization in the visitor log. CC ID 12121 | Physical and environmental protection | Log Management | |
| Record the visitor's acceptable access areas in the visitor log. CC ID 12237 | Physical and environmental protection | Log Management | |
| Record the date and time of entry in the visitor log. CC ID 13255 | Physical and environmental protection | Establish/Maintain Documentation | |
| Record the onsite personnel authorizing physical access for the visitor in the visitor log. CC ID 12466 | Physical and environmental protection | Establish/Maintain Documentation | |
| Retain all records in the visitor log as prescribed by law. CC ID 00572 | Physical and environmental protection | Log Management | |
| Establish, implement, and maintain a physical access log. CC ID 12080 | Physical and environmental protection | Establish/Maintain Documentation | |
| Log the entrance of a staff member to a facility or designated rooms within the facility. CC ID 01641 | Physical and environmental protection | Log Management | |
| Store facility access logs in off-site storage. CC ID 06958 | Physical and environmental protection | Log Management | |
| Log the exit of a staff member to a facility or designated rooms within the facility. CC ID 11675 | Physical and environmental protection | Monitor and Evaluate Occurrences | |
| Configure video cameras to cover all physical entry points. CC ID 06302 | Physical and environmental protection | Configuration | |
| Configure video cameras to prevent physical tampering or disablement. CC ID 06303 | Physical and environmental protection | Configuration | |
| Retain video events according to Records Management procedures. CC ID 06304 | Physical and environmental protection | Records Management | |
| Establish, implement, and maintain physical security threat reports. CC ID 02207 | Physical and environmental protection | Establish/Maintain Documentation | |
| Build and maintain fencing, as necessary. CC ID 02235 | Physical and environmental protection | Physical and Environmental Protection | |
| Implement security measures for all interior spaces that allow for any payment transactions. CC ID 06352 | Physical and environmental protection | Physical and Environmental Protection | |
| Physically segregate business areas in accordance with organizational standards. CC ID 16718 | Physical and environmental protection | Physical and Environmental Protection | |
| Employ security guards to provide physical security, as necessary. CC ID 06653 | Physical and environmental protection | Establish Roles | |
| Establish, implement, and maintain a facility wall standard. CC ID 06692 | Physical and environmental protection | Establish/Maintain Documentation | |
| Design interior walls with sound absorbing materials as well as thermal resistant materials. CC ID 06372 | Physical and environmental protection | Physical and Environmental Protection | |
| Design interior walls that provide security to extend from true floor to true ceiling. CC ID 06693 | Physical and environmental protection | Configuration | |
| Refrain from search and seizure inside organizational facilities absent a warrant. CC ID 09980 | Physical and environmental protection | Behavior | |
| Disallow either search or seizure of any person inside organizational facilities absent a warrant. CC ID 09981 | Physical and environmental protection | Behavior | |
| Disallow copying or excerpting from documents, books, or records that are on or in the premises of an organizational facility absent a warrant. CC ID 09982 | Physical and environmental protection | Business Processes | |
| Disallow inspecting computers or searching computer records inside organizational facilities absent a warrant. CC ID 09983 | Physical and environmental protection | Behavior | |
| Do nothing to help during a search and seizure inside organizational facilities absent a warrant and being legally compelled to assist. CC ID 09984 | Physical and environmental protection | Behavior | |
| Establish, implement, and maintain physical security controls for distributed assets. CC ID 00718 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Physical and environmental protection | Physical and Environmental Protection | |
| Control the transiting and internal distribution or external distribution of assets. CC ID 00963 | Physical and environmental protection | Records Management | |
| Log the transiting, internal distribution, and external distribution of restricted storage media. CC ID 12321 | Physical and environmental protection | Log Management | |
| Encrypt digital media containing sensitive information during transport outside controlled areas. CC ID 14258 | Physical and environmental protection | Technical Security | |
| Obtain management authorization for restricted storage media transit or distribution from a controlled access area. CC ID 00964 | Physical and environmental protection | Records Management | |
| Use locked containers to transport non-digital media outside of controlled areas. CC ID 14286 | Physical and environmental protection | Physical and Environmental Protection | |
| Transport restricted media using a delivery method that can be tracked. CC ID 11777 | Physical and environmental protection | Business Processes | |
| Restrict physical access to distributed assets. CC ID 11865 [The entity restricts physical access to facilities and protected information assets (e.g., data center facilities, back-up media storage and other sensitive locations) to authorized personnel to meet the entity's objectives. S7.2 {logical access} The entity restricts logical and physical access to its information assets, including computing and network hardware, application systems, data (at-rest, during processing or in transmission), software, administrative authorities, mobile devices, output, and offline system components are restricted through the use of authentication and access control software and rule sets, and access to information assets is logged and monitored based on defined access authorizations. S7.1 Restricts logical and physical access to PI] | Physical and environmental protection | Physical and Environmental Protection | |
| House network hardware in lockable rooms or lockable equipment cabinets. CC ID 01873 | Physical and environmental protection | Physical and Environmental Protection | |
| Protect electronic storage media with physical access controls. CC ID 00720 | Physical and environmental protection | Physical and Environmental Protection | |
| Protect physical assets with earthquake-resistant mechanisms. CC ID 06360 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain a media protection policy. CC ID 14029 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include compliance requirements in the media protection policy. CC ID 14185 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include coordination amongst entities in the media protection policy. CC ID 14184 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include management commitment in the media protection policy. CC ID 14182 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include roles and responsibilities in the media protection policy. CC ID 14180 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include the scope in the media protection policy. CC ID 14167 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include the purpose in the media protection policy. CC ID 14166 | Physical and environmental protection | Establish/Maintain Documentation | |
| Disseminate and communicate the media protection policy to interested personnel and affected parties. CC ID 14165 | Physical and environmental protection | Communicate | |
| Establish, implement, and maintain media protection procedures. CC ID 14062 | Physical and environmental protection | Establish/Maintain Documentation | |
| Disseminate and communicate the media protection procedures to interested personnel and affected parties. CC ID 14186 | Physical and environmental protection | Communicate | |
| Establish, implement, and maintain removable storage media controls. CC ID 06680 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Physical and environmental protection | Data and Information Management | |
| Control access to restricted storage media. CC ID 04889 | Physical and environmental protection | Data and Information Management | |
| Physically secure all electronic storage media that store restricted data or restricted information. CC ID 11664 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Physical and environmental protection | Physical and Environmental Protection | |
| Separate duplicate originals and backup media from the original electronic storage media. CC ID 00961 | Physical and environmental protection | Records Management | |
| Treat archive media as evidence. CC ID 00960 | Physical and environmental protection | Records Management | |
| Log the transfer of removable storage media. CC ID 12322 | Physical and environmental protection | Log Management | |
| Establish, implement, and maintain storage media access control procedures. CC ID 00959 | Physical and environmental protection | Establish/Maintain Documentation | |
| Require removable storage media be in the custody of an authorized individual. CC ID 12319 | Physical and environmental protection | Behavior | |
| Control the storage of restricted storage media. CC ID 00965 | Physical and environmental protection | Records Management | |
| Store removable storage media containing restricted data or restricted information using electronic media storage cabinets or electronic media storage vaults. CC ID 00717 [{physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Physical and environmental protection | Physical and Environmental Protection | |
| Protect the combinations for all combination locks. CC ID 02199 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain electronic media storage container repair guidelines. CC ID 02200 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish and maintain eavesdropping protection for vaults. CC ID 02231 | Physical and environmental protection | Physical and Environmental Protection | |
| Serialize all removable storage media. CC ID 00949 | Physical and environmental protection | Configuration | |
| Protect distributed assets against theft. CC ID 06799 | Physical and environmental protection | Physical and Environmental Protection | |
| Include Information Technology assets in the asset removal policy. CC ID 13162 | Physical and environmental protection | Establish/Maintain Documentation | |
| Specify the assets to be returned or removed in the asset removal policy. CC ID 13163 | Physical and environmental protection | Establish/Maintain Documentation | |
| Disseminate and communicate the asset removal policy to interested personnel and affected parties. CC ID 13160 | Physical and environmental protection | Communicate | |
| Establish, implement, and maintain asset removal procedures or asset decommissioning procedures. CC ID 04540 | Physical and environmental protection | Establish/Maintain Documentation | |
| Prohibit assets from being taken off-site absent prior authorization. CC ID 12027 | Physical and environmental protection | Process or Activity | |
| Control the delivery of assets through physical entry points and physical exit points. CC ID 01441 | Physical and environmental protection | Physical and Environmental Protection | |
| Control the removal of assets through physical entry points and physical exit points. CC ID 11681 | Physical and environmental protection | Physical and Environmental Protection | |
| Maintain records of all system components entering and exiting the facility. CC ID 14304 | Physical and environmental protection | Log Management | |
| Establish, implement, and maintain on-site logical controls for all distributed assets. CC ID 11682 | Physical and environmental protection | Technical Security | |
| Establish, implement, and maintain off-site logical controls for all distributed assets. CC ID 11683 | Physical and environmental protection | Technical Security | |
| Establish, implement, and maintain on-site physical controls for all distributed assets. CC ID 04820 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain off-site physical controls for all distributed assets. CC ID 04539 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain missing asset reporting procedures. CC ID 06336 | Physical and environmental protection | Establish/Maintain Documentation | |
| Employ asset location technologies in accordance with applicable laws and regulations. CC ID 10627 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain end user computing device security guidelines. CC ID 00719 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain a locking screen saver policy. CC ID 06717 | Physical and environmental protection | Establish/Maintain Documentation | |
| Encrypt information stored on devices in publicly accessible areas. CC ID 16410 | Physical and environmental protection | Data and Information Management | |
| Secure workstations to desks with security cables. CC ID 04724 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain a mobile device management program. CC ID 15212 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain a mobile device management policy. CC ID 15214 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain mobile device emergency sanitization procedures. CC ID 16454 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain mobile device security guidelines. CC ID 04723 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Physical and environmental protection | Establish/Maintain Documentation | |
| Require users to refrain from leaving mobile devices unattended. CC ID 16446 | Physical and environmental protection | Business Processes | |
| Include the expectation of data loss in the event of sanitizing the mobile device in the mobile device security guidelines. CC ID 12292 | Physical and environmental protection | Establish/Maintain Documentation | |
| Wipe information from mobile devices after a predetermined number of unsuccessful logon attempts. CC ID 14242 | Physical and environmental protection | Data and Information Management | |
| Include legal requirements in the mobile device security guidelines. CC ID 12291 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include the use of privacy filters in the mobile device security guidelines. CC ID 16452 | Physical and environmental protection | Physical and Environmental Protection | |
| Include prohibiting the usage of unapproved application stores in the mobile device security guidelines. CC ID 12290 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include requiring users to create data backups in the mobile device security guidelines. CC ID 12289 | Physical and environmental protection | Establish/Maintain Documentation | |
| Include the definition of mobile devices in the mobile device security guidelines. CC ID 12288 | Physical and environmental protection | Establish/Maintain Documentation | |
| Refrain from responding to unsolicited Personal Identification Number requests. CC ID 12430 | Physical and environmental protection | Physical and Environmental Protection | |
| Refrain from pairing Bluetooth devices in unsecured areas. CC ID 12429 | Physical and environmental protection | Physical and Environmental Protection | |
| Encrypt information stored on mobile devices. CC ID 01422 | Physical and environmental protection | Data and Information Management | |
| Separate systems that transmit, process, or store restricted data from those that do not by deploying physical access controls. CC ID 00722 | Physical and environmental protection | Physical and Environmental Protection | |
| Secure system components from unauthorized viewing. CC ID 01437 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain asset return procedures. CC ID 04537 | Physical and environmental protection | Establish/Maintain Documentation | |
| Request the return of all appropriate assets upon notification of a personnel status change. CC ID 06678 | Physical and environmental protection | Behavior | |
| Require the return of all assets upon notification an individual is terminated. CC ID 06679 | Physical and environmental protection | Behavior | |
| Prohibit the use of recording devices near restricted data or restricted information, absent authorization. CC ID 04598 | Physical and environmental protection | Behavior | |
| Prohibit usage of cell phones near restricted data or restricted information, absent authorization. CC ID 06354 | Physical and environmental protection | Behavior | |
| Prohibit mobile device usage near restricted data or restricted information, absent authorization. CC ID 04597 | Physical and environmental protection | Behavior | |
| Prohibit wireless technology usage near restricted data or restricted information, absent authorization. CC ID 08706 | Physical and environmental protection | Configuration | |
| Establish, implement, and maintain open storage container procedures. CC ID 02198 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain a clean desk policy. CC ID 06534 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain a clear screen policy. CC ID 12436 | Physical and environmental protection | Technical Security | |
| Establish, implement, and maintain contact card reader security guidelines. CC ID 06588 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain contactless card reader security guidelines. CC ID 06589 | Physical and environmental protection | Establish/Maintain Documentation | |
| Establish, implement, and maintain Personal Identification Number input device security guidelines. CC ID 06590 | Physical and environmental protection | Establish/Maintain Documentation | |
| Identify customer property within the organizational facility. CC ID 06612 | Physical and environmental protection | Physical and Environmental Protection | |
| Protect customer property under the care of the organization. CC ID 11685 | Physical and environmental protection | Physical and Environmental Protection | |
| Prohibit the unauthorized remote activation of collaborative computing devices. CC ID 06768 | Physical and environmental protection | Technical Security | |
| Provide a physical disconnect of collaborative computing devices in a way that supports ease of use. CC ID 06769 | Physical and environmental protection | Configuration | |
| Indicate the active use of collaborative computing devices to users physically present at the device. CC ID 10647 | Physical and environmental protection | Technical Security | |
| Provide storage media shelving capable of bearing all potential loads. CC ID 11400 | Physical and environmental protection | Physical and Environmental Protection | |
| Establish, implement, and maintain a business continuity program. CC ID 13210 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Establish, implement, and maintain a continuity plan. CC ID 00752 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Document and use the lessons learned to update the continuity plan. CC ID 10037 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include incident management procedures in the continuity plan. CC ID 13244 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Disseminate and communicate the continuity procedures to interested personnel and affected parties. CC ID 14055 | Operational and Systems Continuity | Communicate | |
| Establish, implement, and maintain a recovery plan. CC ID 13288 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Establish, implement, and maintain system continuity plan strategies. CC ID 00735 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include emergency operating procedures in the continuity plan. CC ID 11694 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include a system acquisition process for critical systems in the emergency mode operation plan. CC ID 01369 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Review and prioritize the importance of each business unit. CC ID 01165 | Operational and Systems Continuity | Systems Continuity | |
| Review and prioritize the importance of each business process. CC ID 11689 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Document the mean time to failure for system components. CC ID 10684 | Operational and Systems Continuity | Systems Continuity | |
| Conduct a risk assessment on reciprocal agreements that provide for recovery capabilities. CC ID 12759 | Operational and Systems Continuity | Audits and Risk Management | |
| Establish, implement, and maintain Recovery Time Objectives for all in scope services. CC ID 12241 | Operational and Systems Continuity | Systems Continuity | |
| Establish, implement, and maintain Recovery Point Objectives for all in scope systems. CC ID 15719 | Operational and Systems Continuity | Systems Continuity | |
| Establish, implement, and maintain Recovery Time Objectives for all in scope systems. CC ID 11688 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Define and prioritize critical business records. CC ID 11687 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include the protection of personnel in the continuity plan. CC ID 06378 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Identify alternate personnel for each person on the critical personnel list. CC ID 12771 | Operational and Systems Continuity | Human Resources Management | |
| Define the triggering events for when to activate the pandemic plan. CC ID 06801 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Establish, implement, and maintain a critical third party list. CC ID 06815 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Disseminate and communicate critical third party dependencies to interested personnel and affected parties. CC ID 06816 | Operational and Systems Continuity | Behavior | |
| Define and maintain continuity Service Level Agreements for all critical resources. CC ID 00741 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Establish and maintain a core supply inventory required to support critical business functions. CC ID 04890 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include workstation continuity procedures in the continuity plan. CC ID 01378 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include server continuity procedures in the continuity plan. CC ID 01379 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include website continuity procedures in the continuity plan. CC ID 01380 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Post all required information on organizational websites and ensure all hyperlinks are working. CC ID 04579 | Operational and Systems Continuity | Data and Information Management | |
| Include near-line capabilities in the continuity plan. CC ID 01383 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include online capabilities in the continuity plan. CC ID 11690 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include mainframe continuity procedures in the continuity plan. CC ID 01382 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include telecommunications continuity procedures in the continuity plan. CC ID 11691 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include system continuity procedures in the continuity plan. CC ID 01268 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include Local Area Network continuity procedures in the continuity plan. CC ID 01381 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include Wide Area Network continuity procedures in the continuity plan. CC ID 01294 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include priority-of-service provisions in the telecommunications Service Level Agreements. CC ID 01396 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include emergency power continuity procedures in the continuity plan. CC ID 01254 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include evacuation procedures in the continuity plan. CC ID 12773 | Operational and Systems Continuity | Systems Continuity | |
| Include damaged site continuity procedures that cover continuing operations in a partially functional primary facility in the continuity plan. CC ID 01374 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Establish, implement, and maintain at-risk structure removal or relocation procedures. CC ID 01247 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Separate the alternate facility from the primary facility through geographic separation. CC ID 01394 | Operational and Systems Continuity | Physical and Environmental Protection | |
| Outline explicit mitigation actions for facility accessibility issues that might take place when an area-wide disruption occurs or an area-wide disaster occurs. CC ID 01391 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include technical preparation considerations for backup operations in the continuity plan. CC ID 01250 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include a backup rotation scheme in the backup policy. CC ID 16219 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include naming conventions in the backup policy. CC ID 16218 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Establish, implement, and maintain backup procedures for in scope systems. CC ID 01258 | Operational and Systems Continuity | Systems Continuity | |
| Document the backup method and backup frequency on a case-by-case basis in the backup procedures. CC ID 01384 | Operational and Systems Continuity | Systems Continuity | |
| Establish and maintain off-site electronic media storage facilities. CC ID 00957 | Operational and Systems Continuity | Physical and Environmental Protection | |
| Configure the off-site electronic media storage facilities to utilize timely and effective recovery operations. CC ID 01392 | Operational and Systems Continuity | Configuration | |
| Outline explicit mitigation actions for potential off-site electronic media storage facilities accessibility issues for when area-wide disruptions occur or area-wide disasters occur. CC ID 01393 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Store backup media at an off-site electronic media storage facility. CC ID 01332 | Operational and Systems Continuity | Data and Information Management | |
| Transport backup media in lockable electronic media storage containers. CC ID 01264 | Operational and Systems Continuity | Data and Information Management | |
| Store backup media in a fire-rated container which is not collocated with the operational system. CC ID 14289 | Operational and Systems Continuity | Systems Continuity | |
| Identify the access methods for backup media at both the primary facility and the off-site electronic media storage facility. CC ID 01257 | Operational and Systems Continuity | Data and Information Management | |
| Store backup vital records in a manner that is accessible for emergency retrieval. CC ID 12765 | Operational and Systems Continuity | Systems Continuity | |
| Establish, implement, and maintain security controls to protect offsite data. CC ID 16259 | Operational and Systems Continuity | Data and Information Management | |
| Perform backup procedures for in scope systems. CC ID 11692 | Operational and Systems Continuity | Process or Activity | |
| Perform full backups in accordance with organizational standards. CC ID 16376 | Operational and Systems Continuity | Data and Information Management | |
| Perform incremental backups in accordance with organizational standards. CC ID 16375 | Operational and Systems Continuity | Data and Information Management | |
| Back up all records. CC ID 11974 | Operational and Systems Continuity | Systems Continuity | |
| Use virtual machine snapshots for full backups and changed block tracking (CBT) for incremental backups. CC ID 16374 | Operational and Systems Continuity | Data and Information Management | |
| Document the Recovery Point Objective for triggering backup operations and restoration operations. CC ID 01259 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Encrypt backup data. CC ID 00958 | Operational and Systems Continuity | Configuration | |
| Log the execution of each backup. CC ID 00956 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Digitally sign disk images, as necessary. CC ID 06814 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include emergency communications procedures in the continuity plan. CC ID 00750 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include managing multiple responding organizations in the emergency communications procedure. CC ID 01249 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Expedite emergency communications' fiscal decisions in accordance with accounting principles. CC ID 01266 | Operational and Systems Continuity | Systems Continuity | |
| Maintain contact information for key third parties in a readily accessible manner. CC ID 12764 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Log important conversations conducted during emergencies with third parties. CC ID 12763 | Operational and Systems Continuity | Log Management | |
| Identify the appropriate staff to route external communications to in the emergency communications procedures. CC ID 12762 | Operational and Systems Continuity | Communicate | |
| Include the ability to obtain additional liquidity in the continuity plan. CC ID 12770 | Operational and Systems Continuity | Acquisition/Sale of Assets or Services | |
| Minimize system continuity requirements. CC ID 00753 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include purchasing insurance in the continuity plan. CC ID 00762 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Obtain an insurance policy that covers business interruptions applicable to organizational needs and geography. CC ID 06682 | Operational and Systems Continuity | Acquisition/Sale of Assets or Services | |
| Obtain an insurance policy to cover business products and services delivered to clients. CC ID 06683 | Operational and Systems Continuity | Acquisition/Sale of Assets or Services | |
| Determine the adequacy of insurance coverage for assets in the organization's insurance policy. CC ID 14827 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Determine the adequacy of insurance coverage for facilities in the organization's insurance policy. CC ID 13280 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Determine the adequacy of insurance coverage for Information Technology assets in the organization's insurance policy. CC ID 13279 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Determine the adequacy of insurance coverage for printed records in the organization's insurance policy. CC ID 13278 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Validate information security continuity controls regularly. CC ID 12008 | Operational and Systems Continuity | Systems Continuity | |
| Establish, implement, and maintain a business continuity plan testing program. CC ID 14829 | Operational and Systems Continuity | Testing | |
| Establish, implement, and maintain a continuity test plan. CC ID 04896 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include testing all system components in the continuity test plan. CC ID 13508 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing] | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include test scenarios in the continuity test plan. CC ID 13506 [{continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {continuity procedure} Incident management and system recovery testing is performed on a periodic basis to make sure the entity continues to be able to identify, evaluate and respond to critical incidents. Testing includes: 1) the development and use of test scenarios based on the likelihood and magnitude of potential threats and known vulnerabilities; 2) consideration of system components that might impair system and information availability; 3) scenarios that consider the potential for key person availability; and 4) the updating of continuity and resiliency plans, procedures and systems based on test results. S7.5 Implements incident management and recovery testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing {business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Include coverage of all major components in the scope of testing the continuity plan. CC ID 12767 [{business continuity plan}{continuity procedure}{continuity capability} The entity periodically tests the effectiveness of its business continuity and resiliency plans, procedures and capabilities to make sure that they continue to protect the entity from the adverse effects of unplanned system outages or damages that render systems and information assets unavailable or compromised. Testing includes: 1) the preparation and execution of risk scenario events that consider the likelihood and magnitude of identified threats and known vulnerabilities and system and process weaknesses; 2) the consideration of system components that could impair system processing and information confidentiality, integrity and availability; 3) scenarios that consider the potential impacts to key personnel availability; and 4) the update and revision of plans, processes and systems based on feedback and lessons learned from the results of testing. S7.5 Implements business continuity plan testing] | Operational and Systems Continuity | Testing | |
| Include third party recovery services in the scope of testing the continuity plan. CC ID 12766 | Operational and Systems Continuity | Testing | |
| Validate the emergency communications procedures during continuity plan tests. CC ID 12777 | Operational and Systems Continuity | Testing | |
| Include the coordination and interfaces among third parties in the coverage of the scope of testing the continuity plan. CC ID 12769 | Operational and Systems Continuity | Testing | |
| Validate the evacuation plans during continuity plan tests. CC ID 12760 | Operational and Systems Continuity | Testing | |
| Include predefined goals and realistic conditions during off-site testing. CC ID 01175 | Operational and Systems Continuity | Establish/Maintain Documentation | |
| Coordinate testing the continuity plan with all applicable business units and critical business functions. CC ID 01388 | Operational and Systems Continuity | Testing | |
| Document the continuity plan test results and provide them to interested personnel and affected parties. CC ID 06548 | Operational and Systems Continuity | Actionable Reports or Measurements | |
| Approve the continuity plan test results. CC ID 15718 | Operational and Systems Continuity | Systems Continuity | |
| Establish, implement, and maintain high level operational roles and responsibilities. CC ID 00806 | Human Resources management | Establish Roles | |
| Define and assign the Board of Directors roles and responsibilities and senior management roles and responsibilities, including signing off on key policies and procedures. CC ID 00807 [The entity has an overall governance and legal structure that defines and establishes responsibility and authority for the entity's oversight processes, policy setting and ongoing monitoring activities. M1.2 Responsibility and authority The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Human Resources management | Establish Roles | |
| Establish and maintain board committees, as necessary. CC ID 14789 | Human Resources management | Human Resources Management | |
| Define and assign the roles and responsibilities of the chairman of the board. CC ID 14786 | Human Resources management | Establish/Maintain Documentation | |
| Assign oversight of C-level executives to the Board of Directors. CC ID 14784 | Human Resources management | Human Resources Management | |
| Establish, implement, and maintain candidate selection procedures to the board of directors. CC ID 14782 | Human Resources management | Establish/Maintain Documentation | |
| Include the criteria of mixed experiences and skills in the candidate selection procedures. CC ID 14791 | Human Resources management | Establish/Maintain Documentation | |
| Assign oversight of the financial management program to the board of directors. CC ID 14781 | Human Resources management | Human Resources Management | |
| Assign senior management to the role of supporting Quality Management. CC ID 13692 | Human Resources management | Human Resources Management | |
| Assign senior management to the role of authorizing official. CC ID 14238 | Human Resources management | Establish Roles | |
| Assign members who are independent from management to the Board of Directors. CC ID 12395 | Human Resources management | Human Resources Management | |
| Assign ownership of risks to the Board of Directors or senior management. CC ID 13662 | Human Resources management | Human Resources Management | |
| Assign the organization's board and senior management to oversee the continuity planning process. CC ID 12991 | Human Resources management | Human Resources Management | |
| Define and assign the Privacy Officer's roles and responsibilities. CC ID 00714 [The entity has a governance and legal structure that establishes accountability for information privacy policy creation, oversight, monitoring and compliance. M1.2 Established accountability] | Human Resources management | Establish Roles | |
| Establish, implement, and maintain a personnel management program. CC ID 14018 | Human Resources management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a personnel security program. CC ID 10628 | Human Resources management | Establish/Maintain Documentation | |
| Assign security clearance procedures to qualified personnel. CC ID 06812 | Human Resources management | Establish Roles | |
| Assign personnel screening procedures to qualified personnel. CC ID 11699 | Human Resources management | Establish Roles | |
| Establish, implement, and maintain personnel screening procedures. CC ID 11700 | Human Resources management | Establish/Maintain Documentation | |
| Perform a personal identification check during personnel screening. CC ID 06721 | Human Resources management | Human Resources Management | |
| Perform a criminal records check during personnel screening. CC ID 06643 | Human Resources management | Establish/Maintain Documentation | |
| Include all residences in the criminal records check. CC ID 13306 | Human Resources management | Process or Activity | |
| Document any reasons a full criminal records check could not be performed. CC ID 13305 | Human Resources management | Establish/Maintain Documentation | |
| Perform a personal references check during personnel screening. CC ID 06645 | Human Resources management | Human Resources Management | |
| Perform a credit check during personnel screening. CC ID 06646 | Human Resources management | Human Resources Management | |
| Perform an academic records check during personnel screening. CC ID 06647 | Human Resources management | Establish/Maintain Documentation | |
| Perform a drug test during personnel screening. CC ID 06648 | Human Resources management | Testing | |
| Perform a resume check during personnel screening. CC ID 06659 | Human Resources management | Human Resources Management | |
| Perform a curriculum vitae check during personnel screening. CC ID 06660 | Human Resources management | Human Resources Management | |
| Allow personnel being screened to appeal findings and appeal decisions. CC ID 06720 | Human Resources management | Human Resources Management | |
| Disseminate and communicate screening results to interested personnel and affected parties. CC ID 16445 | Human Resources management | Communicate | |
| Perform personnel screening procedures, as necessary. CC ID 11763 | Human Resources management | Human Resources Management | |
| Establish, implement, and maintain security clearance procedures. CC ID 00783 | Human Resources management | Establish/Maintain Documentation | |
| Perform security clearance procedures, as necessary. CC ID 06644 | Human Resources management | Human Resources Management | |
| Establish and maintain security clearances. CC ID 01634 | Human Resources management | Human Resources Management | |
| Establish and maintain the staff structure in line with the strategic plan. CC ID 00764 | Human Resources management | Establish Roles | |
| Establish, implement, and maintain segregation of duties compensating controls if segregation of duties is not practical. CC ID 06960 | Human Resources management | Technical Security | |
| Establish job categorization criteria, job recruitment criteria, and promotion criteria. CC ID 00781 [The entity establishes qualifications for personnel responsible for protecting the privacy and security of PI and assigns such responsibilities only to those personnel who meet these qualifications and who have received training. M1.2 Qualifications of internal personnel] | Human Resources management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a compensation, reward, and recognition program. CC ID 12806 | Human Resources management | Human Resources Management | |
| Establish and maintain an annual report on compensation. CC ID 14801 | Human Resources management | Establish/Maintain Documentation | |
| Include the design characteristics of the remuneration system in the annual report on compensation. CC ID 14804 | Human Resources management | Establish/Maintain Documentation | |
| Disseminate and communicate the compensation, reward, and recognition program to interested personnel and affected parties. CC ID 14800 | Human Resources management | Communicate | |
| Establish, implement, and maintain roles and responsibilities in the compensation, reward, and recognition program. CC ID 14798 | Human Resources management | Establish/Maintain Documentation | |
| Align the compensation, reward, and recognition program with the risk management program. CC ID 14797 | Human Resources management | Establish/Maintain Documentation | |
| Establish, implement, and maintain remuneration standards, as necessary. CC ID 14794 | Human Resources management | Establish/Maintain Documentation | |
| Refrain from using employees' privacy choices to restrict employment. CC ID 12425 | Human Resources management | Human Resources Management | |
| Refrain from using employees' privacy choices to take punitive actions. CC ID 16815 | Human Resources management | Human Resources Management | |
| Use rewards and career development to motivate personnel. CC ID 06906 | Human Resources management | Behavior | |
| Disseminate and communicate the organization’s ethical culture in job recruitment criteria and promotion criteria. CC ID 12825 | Human Resources management | Human Resources Management | |
| Recognize personnel who reinforce desirable conduct with incentives. CC ID 12815 | Human Resources management | Human Resources Management | |
| Establish, implement, and maintain job applications. CC ID 16180 | Human Resources management | Establish/Maintain Documentation | |
| Include a space for the applicant's name on the job application. CC ID 16190 | Human Resources management | Human Resources Management | |
| Include a space for the applicant's current address on the job application. CC ID 16189 | Human Resources management | Human Resources Management | |
| Include a space for the applicant's social security number on the job application. CC ID 16188 | Human Resources management | Human Resources Management | |
| Include a space for the applicant's date of birth on the job application. CC ID 16186 | Human Resources management | Human Resources Management | |
| Include a space for previous employers and business relationships on the job application. CC ID 16185 | Human Resources management | Human Resources Management | |
| Include a space to explain formal disciplinary actions and sanctions on the job application. CC ID 16184 | Human Resources management | Human Resources Management | |
| Include a space for the start date on the job application. CC ID 16187 | Human Resources management | Human Resources Management | |
| Include a space to explain legal penalties on the job application. CC ID 16183 | Human Resources management | Human Resources Management | |
| Approve the wording of job applications. CC ID 16182 | Human Resources management | Human Resources Management | |
| Include a space for past aliases and other used names on job applications. CC ID 12301 | Human Resources management | Human Resources Management | |
| Include a space for previous addresses and previous residences on the job application. CC ID 12302 | Human Resources management | Human Resources Management | |
| Include a space to explain employment gaps on the job application. CC ID 12303 | Human Resources management | Human Resources Management | |
| Train all personnel and third parties, as necessary. CC ID 00785 | Human Resources management | Behavior | |
| Establish, implement, and maintain an education methodology. CC ID 06671 | Human Resources management | Business Processes | |
| Tailor training to be taught at each person's level of responsibility. CC ID 06674 [The entity provides a privacy awareness program about its privacy policies and related matters, and provides specific training for selected personnel depending on their roles and responsibilities. M1.2 Privacy awareness and training] | Human Resources management | Behavior | |
| Establish, implement, and maintain a Governance, Risk, and Compliance framework. CC ID 01406 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain an information security program. CC ID 00812 | Operational management | Establish/Maintain Documentation | |
| Include environmental security in the information security program. CC ID 12383 [The entity protects PI, in all forms, against accidental disclosure due to natural disasters and environmental hazards. S7.4] | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain the Acceptable Use Policy. CC ID 01350 | Operational management | Establish/Maintain Documentation | |
| Include Bring Your Own Device security guidelines in the Acceptable Use Policy. CC ID 01352 [{endpoint device}{mobile device}{personal device} Processes are in place to protect endpoint and mobile computing and personal productivity devices (such as laptop and desktop computers, servers, networking and data storage devices, smart phones and tablets) that are used in computing, networking, data storage and processing of the entity's information assets. S7.3 Protects end point and mobile devices] | Operational management | Establish/Maintain Documentation | |
| Include asset use policies in the Acceptable Use Policy. CC ID 01355 | Operational management | Establish/Maintain Documentation | |
| Include a removable storage media use policy in the Acceptable Use Policy. CC ID 06772 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Operational management | Data and Information Management | |
| Establish, implement, and maintain a use of information agreement. CC ID 06215 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1] | Operational management | Establish/Maintain Documentation | |
| Include use limitations in the use of information agreement. CC ID 06244 | Operational management | Establish/Maintain Documentation | |
| Include disclosure requirements in the use of information agreement. CC ID 11735 | Operational management | Establish/Maintain Documentation | |
| Include information recipients in the use of information agreement. CC ID 06245 | Operational management | Establish/Maintain Documentation | |
| Include reporting out of scope use of information in the use of information agreement. CC ID 06246 | Operational management | Establish/Maintain Documentation | |
| Include disclosure of information in the use of information agreement. CC ID 11830 | Operational management | Establish/Maintain Documentation | |
| Include information security procedures assigned to the information recipient in the use of information agreement. CC ID 07130 | Operational management | Establish/Maintain Documentation | |
| Include information security procedures assigned to the originator in the use of information agreement. CC ID 14418 | Operational management | Establish/Maintain Documentation | |
| Include a do not contact rule for the individuals identified in a data set in the use of information agreement. CC ID 07131 | Operational management | Establish/Maintain Documentation | |
| Include the information recipient's third parties accepting the agreement in the use of information agreement. CC ID 07132 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain an Asset Management program. CC ID 06630 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Operational management | Business Processes | |
| Establish, implement, and maintain an asset management policy. CC ID 15219 | Operational management | Establish/Maintain Documentation | |
| Include coordination amongst entities in the asset management policy. CC ID 16424 | Operational management | Business Processes | |
| Establish, implement, and maintain asset management procedures. CC ID 16748 | Operational management | Establish/Maintain Documentation | |
| Assign an information owner to organizational assets, as necessary. CC ID 12729 | Operational management | Human Resources Management | |
| Define and prioritize the importance of each asset in the asset management program. CC ID 16837 | Operational management | Business Processes | |
| Include life cycle requirements in the security management program. CC ID 16392 | Operational management | Establish/Maintain Documentation | |
| Include program objectives in the asset management program. CC ID 14413 | Operational management | Establish/Maintain Documentation | |
| Include a commitment to continual improvement in the asset management program. CC ID 14412 | Operational management | Establish/Maintain Documentation | |
| Include compliance with applicable requirements in the asset management program. CC ID 14411 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain administrative controls over all assets. CC ID 16400 | Operational management | Business Processes | |
| Establish, implement, and maintain classification schemes for all systems and assets. CC ID 01902 | Operational management | Establish/Maintain Documentation | |
| Apply security controls to each level of the information classification standard. CC ID 01903 | Operational management | Systems Design, Build, and Implementation | |
| Establish, implement, and maintain the systems' confidentiality level. CC ID 01904 | Operational management | Establish/Maintain Documentation | |
| Define confidentiality controls. CC ID 01908 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain the systems' availability level. CC ID 01905 | Operational management | Establish/Maintain Documentation | |
| Restrict unscheduled downtime in order to maintain high availability for critical systems. CC ID 12742 | Operational management | Process or Activity | |
| Define integrity controls. CC ID 01909 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain the systems' integrity level. CC ID 01906 | Operational management | Establish/Maintain Documentation | |
| Define availability controls. CC ID 01911 | Operational management | Establish/Maintain Documentation | |
| Establish safety classifications for systems according to their potential harmful effects to operators or end users. CC ID 06603 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain an asset safety classification scheme. CC ID 06604 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain the Asset Classification Policy. CC ID 06642 | Operational management | Establish/Maintain Documentation | |
| Disseminate and communicate the Asset Classification Policy to interested personnel and affected parties. CC ID 14851 | Operational management | Communicate | |
| Classify assets according to the Asset Classification Policy. CC ID 07186 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Operational management | Establish Roles | |
| Classify virtual systems by type and purpose. CC ID 16332 | Operational management | Business Processes | |
| Document the decision for assigning an asset to a specific asset classification in the Asset Classification Policy. CC ID 07185 | Operational management | Establish/Maintain Documentation | |
| Apply asset protection mechanisms for all assets according to their assigned Asset Classification Policy. CC ID 07184 | Operational management | Establish Roles | |
| Disallow systems from processing information, disseminating and communicating information, or storing information that is above the system's assigned asset classification. CC ID 06606 | Operational management | Configuration | |
| Assign decomposed system components the same asset classification as the originating system. CC ID 06605 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain an asset inventory. CC ID 06631 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Operational management | Business Processes | |
| Establish, implement, and maintain an Information Technology inventory with asset discovery audit trails. CC ID 00689 | Operational management | Establish/Maintain Documentation | |
| Include all account types in the Information Technology inventory. CC ID 13311 | Operational management | Establish/Maintain Documentation | |
| Include each Information System's system boundaries in the Information Technology inventory. CC ID 00695 | Operational management | Systems Design, Build, and Implementation | |
| Identify processes, Information Systems, and third parties that transmit, process, or store restricted data. CC ID 06289 [The types of PI and sensitive PI and the related processes, systems and third parties involved in the handling of such information are identified. D6.7 Identifies types of PI and handling processes] | Operational management | Data and Information Management | |
| Include each Information System's major applications in the Information Technology inventory. CC ID 01407 | Operational management | Establish/Maintain Documentation | |
| Categorize all major applications according to the business information they process. CC ID 07182 | Operational management | Establish/Maintain Documentation | |
| Document the resources, hazards, and Evaluation Assurance Levels for each major application. CC ID 01164 | Operational management | Establish/Maintain Documentation | |
| Include the General Support Systems and security support structure in the Information Technology inventory. CC ID 01408 | Operational management | Establish/Maintain Documentation | |
| Include each Information System's minor applications in the Information Technology inventory. CC ID 01409 | Operational management | Establish/Maintain Documentation | |
| Conduct environmental surveys. CC ID 00690 | Operational management | Physical and Environmental Protection | |
| Categorize facilities in the Information Technology inventory according to their environmental risks. CC ID 06729 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a hardware asset inventory. CC ID 00691 | Operational management | Establish/Maintain Documentation | |
| Include network equipment in the Information Technology inventory. CC ID 00693 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Operational management | Establish/Maintain Documentation | |
| Include mobile devices that store restricted data or restricted information in the Information Technology inventory. CC ID 04719 | Operational management | Establish/Maintain Documentation | |
| Include interconnected systems and Software as a Service in the Information Technology inventory. CC ID 04885 | Operational management | Process or Activity | |
| Include software in the Information Technology inventory. CC ID 00692 | Operational management | Establish/Maintain Documentation | |
| Establish and maintain a list of authorized software and versions required for each system. CC ID 12093 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a storage media inventory. CC ID 00694 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a records inventory and database inventory. CC ID 01260 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Operational management | Establish/Maintain Documentation | |
| Add inventoried assets to the asset register database, as necessary. CC ID 07051 | Operational management | Establish/Maintain Documentation | |
| Organize the asset register database by grouping objects according to an organizational information classification standard. CC ID 07181 | Operational management | Establish/Maintain Documentation | |
| Use automated tools to collect Information Technology inventory information, as necessary. CC ID 07054 | Operational management | Technical Security | |
| Link the authentication system to the asset inventory. CC ID 13718 [The entity identifies, inventories, validates, classifies and manages information assets. S7.1 Identifies and manages the inventory of information assets] | Operational management | Technical Security | |
| Record a unique name for each asset in the asset inventory. CC ID 16305 | Operational management | Data and Information Management | |
| Record the decommission date for applicable assets in the asset inventory. CC ID 14920 | Operational management | Establish/Maintain Documentation | |
| Record the status of information systems in the asset inventory. CC ID 16304 | Operational management | Data and Information Management | |
| Record the communication interfaces for applicable assets in the asset inventory. CC ID 16301 | Operational management | Data and Information Management | |
| Record the Uniform Resource Locator for applicable assets in the asset inventory. CC ID 14918 | Operational management | Establish/Maintain Documentation | |
| Include source code in the asset inventory. CC ID 14858 | Operational management | Records Management | |
| Assign ownership of maintaining the asset inventory, as necessary. CC ID 12344 | Operational management | Human Resources Management | |
| Record the review date for applicable assets in the asset inventory. CC ID 14919 | Operational management | Establish/Maintain Documentation | |
| Record software license information for each asset in the asset inventory. CC ID 11736 | Operational management | Data and Information Management | |
| Record services for applicable assets in the asset inventory. CC ID 13733 | Operational management | Establish/Maintain Documentation | |
| Record protocols for applicable assets in the asset inventory. CC ID 13734 | Operational management | Establish/Maintain Documentation | |
| Record the software version in the asset inventory. CC ID 12196 | Operational management | Establish/Maintain Documentation | |
| Record the publisher for applicable assets in the asset inventory. CC ID 13725 | Operational management | Establish/Maintain Documentation | |
| Record the authentication system in the asset inventory. CC ID 13724 | Operational management | Establish/Maintain Documentation | |
| Tag unsupported assets in the asset inventory. CC ID 13723 | Operational management | Establish/Maintain Documentation | |
| Record the install date for applicable assets in the asset inventory. CC ID 13720 | Operational management | Establish/Maintain Documentation | |
| Record the make, model of device for applicable assets in the asset inventory. CC ID 12465 | Operational management | Establish/Maintain Documentation | |
| Record the asset tag for physical assets in the asset inventory. CC ID 06632 | Operational management | Establish/Maintain Documentation | |
| Record the host name of applicable assets in the asset inventory. CC ID 13722 | Operational management | Establish/Maintain Documentation | |
| Record network ports for applicable assets in the asset inventory. CC ID 13730 | Operational management | Establish/Maintain Documentation | |
| Record the MAC address for applicable assets in the asset inventory. CC ID 13721 | Operational management | Establish/Maintain Documentation | |
| Record the operating system version for applicable assets in the asset inventory. CC ID 11748 | Operational management | Data and Information Management | |
| Record the operating system type for applicable assets in the asset inventory. CC ID 06633 | Operational management | Establish/Maintain Documentation | |
| Record rooms at external locations in the asset inventory. CC ID 16302 | Operational management | Data and Information Management | |
| Record the department associated with the asset in the asset inventory. CC ID 12084 | Operational management | Establish/Maintain Documentation | |
| Record the physical location for applicable assets in the asset inventory. CC ID 06634 | Operational management | Establish/Maintain Documentation | |
| Record the manufacturer's serial number for applicable assets in the asset inventory. CC ID 06635 | Operational management | Establish/Maintain Documentation | |
| Record the firmware version for applicable assets in the asset inventory. CC ID 12195 | Operational management | Establish/Maintain Documentation | |
| Record the related business function for applicable assets in the asset inventory. CC ID 06636 | Operational management | Establish/Maintain Documentation | |
| Record the deployment environment for applicable assets in the asset inventory. CC ID 06637 | Operational management | Establish/Maintain Documentation | |
| Record the Internet Protocol address for applicable assets in the asset inventory. CC ID 06638 | Operational management | Establish/Maintain Documentation | |
| Record trusted keys and certificates in the asset inventory. CC ID 15486 | Operational management | Data and Information Management | |
| Record cipher suites and protocols in the asset inventory. CC ID 15489 | Operational management | Data and Information Management | |
| Link the software asset inventory to the hardware asset inventory. CC ID 12085 | Operational management | Establish/Maintain Documentation | |
| Record the owner for applicable assets in the asset inventory. CC ID 06640 | Operational management | Establish/Maintain Documentation | |
| Record all compliance requirements for applicable assets in the asset inventory. CC ID 15696 | Operational management | Establish/Maintain Documentation | |
| Record all changes to assets in the asset inventory. CC ID 12190 | Operational management | Establish/Maintain Documentation | |
| Record cloud service derived data in the asset inventory. CC ID 13007 | Operational management | Establish/Maintain Documentation | |
| Include cloud service customer data in the asset inventory. CC ID 13006 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a software accountability policy. CC ID 00868 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain software asset management procedures. CC ID 00895 | Operational management | Establish/Maintain Documentation | |
| Prevent users from disabling required software. CC ID 16417 | Operational management | Technical Security | |
| Establish, implement, and maintain software archives procedures. CC ID 00866 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain software distribution procedures. CC ID 00894 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain software documentation management procedures. CC ID 06395 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain software license management procedures. CC ID 06639 | Operational management | Establish/Maintain Documentation | |
| Automate software license monitoring, as necessary. CC ID 07057 | Operational management | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain digital legacy procedures. CC ID 16524 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a system redeployment program. CC ID 06276 | Operational management | Establish/Maintain Documentation | |
| Notify interested personnel and affected parties prior to when the system is redeployed or the system is disposed. CC ID 06400 | Operational management | Behavior | |
| Wipe all data on systems prior to when the system is redeployed or the system is disposed. CC ID 06401 | Operational management | Data and Information Management | |
| Transfer legal ownership of assets when the system is redeployed to a third party. CC ID 06698 | Operational management | Acquisition/Sale of Assets or Services | |
| Document the staff's operating knowledge of the system prior to a personnel status change. CC ID 06937 | Operational management | Establish/Maintain Documentation | |
| Redeploy systems to other organizational units, as necessary. CC ID 11452 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a system disposal program. CC ID 14431 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain disposal procedures. CC ID 16513 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain asset sanitization procedures. CC ID 16511 | Operational management | Establish/Maintain Documentation | |
| Destroy systems in accordance with the system disposal program. CC ID 16457 | Operational management | Business Processes | |
| Approve the release of systems and waste material into the public domain. CC ID 16461 | Operational management | Business Processes | |
| Establish, implement, and maintain system destruction procedures. CC ID 16474 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain printer and multifunction device disposition procedures. CC ID 15216 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a system preventive maintenance program. CC ID 00885 | Operational management | Establish/Maintain Documentation | |
| Establish and maintain maintenance reports. CC ID 11749 | Operational management | Establish/Maintain Documentation | |
| Establish and maintain system inspection reports. CC ID 06346 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a system maintenance policy. CC ID 14032 | Operational management | Establish/Maintain Documentation | |
| Include compliance requirements in the system maintenance policy. CC ID 14217 | Operational management | Establish/Maintain Documentation | |
| Include management commitment in the system maintenance policy. CC ID 14216 | Operational management | Establish/Maintain Documentation | |
| Include roles and responsibilities in the system maintenance policy. CC ID 14215 | Operational management | Establish/Maintain Documentation | |
| Include the scope in the system maintenance policy. CC ID 14214 | Operational management | Establish/Maintain Documentation | |
| Disseminate and communicate the system maintenance policy to interested personnel and affected parties. CC ID 14213 | Operational management | Communicate | |
| Include the purpose in the system maintenance policy. CC ID 14187 | Operational management | Establish/Maintain Documentation | |
| Include coordination amongst entities in the system maintenance policy. CC ID 14181 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain system maintenance procedures. CC ID 14059 | Operational management | Establish/Maintain Documentation | |
| Disseminate and communicate the system maintenance procedures to interested personnel and affected parties. CC ID 14194 | Operational management | Communicate | |
| Establish, implement, and maintain a technology refresh plan. CC ID 13061 | Operational management | Establish/Maintain Documentation | |
| Plan and conduct maintenance so that it does not interfere with scheduled operations. CC ID 06389 | Operational management | Physical and Environmental Protection | |
| Maintain contact with the device manufacturer or component manufacturer for maintenance requests. CC ID 06388 | Operational management | Behavior | |
| Use system components only when third party support is available. CC ID 10644 | Operational management | Maintenance | |
| Obtain justification for the continued use of system components when third party support is no longer available. CC ID 10645 | Operational management | Maintenance | |
| Obtain approval before removing maintenance tools from the facility. CC ID 14298 | Operational management | Business Processes | |
| Control remote maintenance according to the system's asset classification. CC ID 01433 | Operational management | Technical Security | |
| Separate remote maintenance sessions from other network sessions with a logically separate communications path based upon encryption. CC ID 10614 | Operational management | Configuration | |
| Approve all remote maintenance sessions. CC ID 10615 | Operational management | Technical Security | |
| Log the performance of all remote maintenance. CC ID 13202 | Operational management | Log Management | |
| Terminate remote maintenance sessions when the remote maintenance is complete. CC ID 12083 | Operational management | Technical Security | |
| Conduct offsite maintenance in authorized facilities. CC ID 16473 | Operational management | Maintenance | |
| Disconnect non-volatile media from information systems prior to performing maintenance with uncleared personnel. CC ID 14295 | Operational management | Maintenance | |
| Sanitize volatile media in information systems prior to performing maintenance with uncleared personnel. CC ID 14291 | Operational management | Maintenance | |
| Respond to maintenance requests inside the organizationally established time frame. CC ID 04878 | Operational management | Behavior | |
| Establish and maintain an archive of maintenance reports in a maintenance log. CC ID 06202 | Operational management | Establish/Maintain Documentation | |
| Acquire spare parts prior to when maintenance requests are scheduled. CC ID 11833 | Operational management | Acquisition/Sale of Assets or Services | |
| Perform periodic maintenance according to organizational standards. CC ID 01435 | Operational management | Behavior | |
| Restart systems on a periodic basis. CC ID 16498 | Operational management | Maintenance | |
| Remove components being serviced from the information system prior to performing maintenance. CC ID 14251 | Operational management | Maintenance | |
| Employ dedicated systems during system maintenance. CC ID 12108 | Operational management | Technical Security | |
| Isolate dedicated systems used for system maintenance from Internet access. CC ID 12114 | Operational management | Technical Security | |
| Control granting access to appropriate parties performing maintenance on organizational assets. CC ID 11873 | Operational management | Human Resources Management | |
| Identify and authenticate appropriate parties prior to granting access to maintain assets. CC ID 11874 | Operational management | Physical and Environmental Protection | |
| Post calibration limits or calibration tolerances on or near assets requiring calibration. CC ID 06204 | Operational management | Establish/Maintain Documentation | |
| Implement automated mechanisms to transfer predictive maintenance data to a maintenance management system. CC ID 10616 | Operational management | Process or Activity | |
| Disassemble and shut down unnecessary systems or unused systems. CC ID 06280 | Operational management | Business Processes | |
| Establish, implement, and maintain an end-of-life management process. CC ID 16540 | Operational management | Establish/Maintain Documentation | |
| Dispose of hardware and software at their life cycle end. CC ID 06278 | Operational management | Business Processes | |
| Refrain from placing assets being disposed into organizational dumpsters. CC ID 12200 | Operational management | Business Processes | |
| Establish, implement, and maintain disposal contracts. CC ID 12199 | Operational management | Establish/Maintain Documentation | |
| Include disposal procedures in disposal contracts. CC ID 13905 | Operational management | Establish/Maintain Documentation | |
| Remove asset tags prior to disposal of an asset. CC ID 12198 | Operational management | Business Processes | |
| Document the storage information for all systems that are stored instead of being disposed or redeployed. CC ID 06936 | Operational management | Establish/Maintain Documentation | |
| Review each system's operational readiness. CC ID 06275 | Operational management | Systems Design, Build, and Implementation | |
| Establish, implement, and maintain a data stewardship policy. CC ID 06657 | Operational management | Establish/Maintain Documentation | |
| Establish and maintain an unauthorized software list. CC ID 10601 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a customer service program. CC ID 00846 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain an Incident Management program. CC ID 00853 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational management | Business Processes | |
| Establish, implement, and maintain an incident management policy. CC ID 16414 | Operational management | Establish/Maintain Documentation | |
| Define and assign the roles and responsibilities for Incident Management program. CC ID 13055 | Operational management | Human Resources Management | |
| Define the uses and capabilities of the Incident Management program. CC ID 00854 | Operational management | Establish/Maintain Documentation | |
| Include incident escalation procedures in the Incident Management program. CC ID 00856 | Operational management | Establish/Maintain Documentation | |
| Define the characteristics of the Incident Management program. CC ID 00855 | Operational management | Establish/Maintain Documentation | |
| Include the criteria for a data loss event in the Incident Management program. CC ID 12179 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Operational management | Establish/Maintain Documentation | |
| Include the criteria for an incident in the Incident Management program. CC ID 12173 | Operational management | Establish/Maintain Documentation | |
| Include references to, or portions of, the Governance, Risk, and Compliance framework in the incident management program, as necessary. CC ID 13504 | Operational management | Establish/Maintain Documentation | |
| Include detection procedures in the Incident Management program. CC ID 00588 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Operational management | Establish/Maintain Documentation | |
| Categorize the incident following an incident response. CC ID 13208 | Operational management | Technical Security | |
| Define and document impact thresholds to be used in categorizing incidents. CC ID 10033 | Operational management | Establish/Maintain Documentation | |
| Record actions taken by investigators during a forensic investigation in the forensic investigation report. CC ID 07095 | Operational management | Establish/Maintain Documentation | |
| Comply with privacy regulations and civil liberties requirements when sharing data loss event information. CC ID 10036 | Operational management | Data and Information Management | |
| Notify interested personnel and affected parties of an extortion payment in the event of a cybersecurity event. CC ID 16539 | Operational management | Communicate | |
| Notify interested personnel and affected parties of the reasons for the extortion payment, along with any alternative solutions. CC ID 16538 | Operational management | Communicate | |
| Document the justification for not reporting incidents to interested personnel and affected parties. CC ID 16547 | Operational management | Establish/Maintain Documentation | |
| Report to breach notification organizations the reasons for a delay in sending breach notifications. CC ID 16797 | Operational management | Communicate | |
| Report to breach notification organizations the distribution list to which the organization will send data loss event notifications. CC ID 16782 | Operational management | Communicate | |
| Remediate security violations according to organizational standards. CC ID 12338 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5] | Operational management | Business Processes | |
| Include data loss event notifications in the Incident Response program. CC ID 00364 | Operational management | Establish/Maintain Documentation | |
| Include legal requirements for data loss event notifications in the Incident Response program. CC ID 11954 | Operational management | Establish/Maintain Documentation | |
| Include required information in the written request to delay the notification to affected parties. CC ID 16785 | Operational management | Establish/Maintain Documentation | |
| Submit written requests to delay the notification of affected parties. CC ID 16783 | Operational management | Communicate | |
| Revoke the written request to delay the notification. CC ID 16843 | Operational management | Process or Activity | |
| Design the text of the notice for all incident response notifications to be no smaller than 10-point type. CC ID 12985 | Operational management | Establish/Maintain Documentation | |
| Refrain from charging for providing incident response notifications. CC ID 13876 | Operational management | Business Processes | |
| Title breach notifications "Notice of Data Breach". CC ID 12977 | Operational management | Establish/Maintain Documentation | |
| Display titles of incident response notifications clearly and conspicuously. CC ID 12986 | Operational management | Establish/Maintain Documentation | |
| Display headings in incident response notifications clearly and conspicuously. CC ID 12987 | Operational management | Establish/Maintain Documentation | |
| Design the incident response notification to call attention to its nature and significance. CC ID 12984 | Operational management | Establish/Maintain Documentation | |
| Use plain language to write incident response notifications. CC ID 12976 | Operational management | Establish/Maintain Documentation | |
| Include directions for changing the user's authenticator or security questions and answers in the breach notification. CC ID 12983 | Operational management | Establish/Maintain Documentation | |
| Refrain from including restricted information in the incident response notification. CC ID 16806 | Operational management | Actionable Reports or Measurements | |
| Include the affected parties rights in the incident response notification. CC ID 16811 | Operational management | Establish/Maintain Documentation | |
| Include details of the investigation in incident response notifications. CC ID 12296 | Operational management | Establish/Maintain Documentation | |
| Include the issuer's name in incident response notifications. CC ID 12062 | Operational management | Establish/Maintain Documentation | |
| Include a "What Happened" heading in breach notifications. CC ID 12978 | Operational management | Establish/Maintain Documentation | |
| Include a general description of the data loss event in incident response notifications. CC ID 04734 | Operational management | Establish/Maintain Documentation | |
| Include time information in incident response notifications. CC ID 04745 | Operational management | Establish/Maintain Documentation | |
| Include the identification of the data source in incident response notifications. CC ID 12305 | Operational management | Establish/Maintain Documentation | |
| Include a "What Information Was Involved" heading in the breach notification. CC ID 12979 | Operational management | Establish/Maintain Documentation | |
| Include the type of information that was lost in incident response notifications. CC ID 04735 | Operational management | Establish/Maintain Documentation | |
| Include the type of information the organization maintains about the affected parties in incident response notifications. CC ID 04776 | Operational management | Establish/Maintain Documentation | |
| Include a "What We Are Doing" heading in the breach notification. CC ID 12982 | Operational management | Establish/Maintain Documentation | |
| Include what the organization has done to enhance data protection controls in incident response notifications. CC ID 04736 | Operational management | Establish/Maintain Documentation | |
| Include what the organization is offering or has already done to assist affected parties in incident response notifications. CC ID 04737 | Operational management | Establish/Maintain Documentation | |
| Include a "For More Information" heading in breach notifications. CC ID 12981 | Operational management | Establish/Maintain Documentation | |
| Include details of the companies and persons involved in incident response notifications. CC ID 12295 | Operational management | Establish/Maintain Documentation | |
| Include the credit reporting agencies' contact information in incident response notifications. CC ID 04744 | Operational management | Establish/Maintain Documentation | |
| Include the reporting individual's contact information in incident response notifications. CC ID 12297 | Operational management | Establish/Maintain Documentation | |
| Include any consequences in the incident response notifications. CC ID 12604 | Operational management | Establish/Maintain Documentation | |
| Include whether the notification was delayed due to a law enforcement investigation in incident response notifications. CC ID 04746 | Operational management | Establish/Maintain Documentation | |
| Include a "What You Can Do" heading in the breach notification. CC ID 12980 | Operational management | Establish/Maintain Documentation | |
| Include contact information in incident response notifications. CC ID 04739 | Operational management | Establish/Maintain Documentation | |
| Include a copy of the incident response notification in breach notifications, as necessary. CC ID 13085 | Operational management | Communicate | |
| Post the incident response notification on the organization's website. CC ID 16809 | Operational management | Process or Activity | |
| Document the determination for providing a substitute incident response notification. CC ID 16841 | Operational management | Process or Activity | |
| Send electronic substitute incident response notifications to affected parties, as necessary. CC ID 04747 | Operational management | Behavior | |
| Include contact information in the substitute incident response notification. CC ID 16776 | Operational management | Establish/Maintain Documentation | |
| Post substitute incident response notifications to the organization's website, as necessary. CC ID 04748 | Operational management | Establish/Maintain Documentation | |
| Send substitute incident response notifications to breach notification organizations, as necessary. CC ID 04750 | Operational management | Behavior | |
| Publish the substitute incident response notification in a general circulation periodical, as necessary. CC ID 04769 | Operational management | Behavior | |
| Establish, implement, and maintain a containment strategy. CC ID 13480 | Operational management | Establish/Maintain Documentation | |
| Include the containment approach in the containment strategy. CC ID 13486 | Operational management | Establish/Maintain Documentation | |
| Include response times in the containment strategy. CC ID 13485 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a restoration log. CC ID 12745 | Operational management | Establish/Maintain Documentation | |
| Include a description of the restored data that was restored manually in the restoration log. CC ID 15463 | Operational management | Data and Information Management | |
| Include a description of the restored data in the restoration log. CC ID 15462 | Operational management | Data and Information Management | |
| Establish, implement, and maintain compromised system reaccreditation procedures. CC ID 00592 | Operational management | Establish/Maintain Documentation | |
| Analyze security violations in Suspicious Activity Reports. CC ID 00591 | Operational management | Establish/Maintain Documentation | |
| Include lessons learned from analyzing security violations in the Incident Management program. CC ID 01234 | Operational management | Monitor and Evaluate Occurrences | |
| Provide progress reports of the incident investigation to the appropriate roles, as necessary. CC ID 12298 | Operational management | Investigate | |
| Update the incident response procedures using the lessons learned. CC ID 01233 | Operational management | Establish/Maintain Documentation | |
| Include incident monitoring procedures in the Incident Management program. CC ID 01207 [The entity has established policies and procedures that prevent, detect and react to system outages, incidents and events that disrupt system processing, or results in the loss, accidental disclosure or unauthorized modification of the entity's PI. S7.4 Continuity of physical and environmental protections] | Operational management | Establish/Maintain Documentation | |
| Include incident response procedures in the Incident Management program. CC ID 01218 | Operational management | Establish/Maintain Documentation | |
| Integrate configuration management procedures into the incident management program. CC ID 13647 | Operational management | Technical Security | |
| Include incident management procedures in the Incident Management program. CC ID 12689 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain temporary and emergency access revocation procedures. CC ID 15334 | Operational management | Establish/Maintain Documentation | |
| Include after-action analysis procedures in the Incident Management program. CC ID 01219 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain security and breach investigation procedures. CC ID 16844 | Operational management | Establish/Maintain Documentation | |
| Document any potential harm in the incident finding when concluding the incident investigation. CC ID 13830 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain incident management audit logs. CC ID 13514 [The entity creates and maintains a record of detected or reported unauthorized disclosures of PI that is complete, accurate and timely. D6.3 Creates and retains record of detected or reported unauthorized disclosures The entity creates and retains a complete, accurate and timely record of detected or reported unauthorized disclosures (including breaches) of PI to meet the entity's objectives related to privacy. D6.3] | Operational management | Records Management | |
| Log incidents in the Incident Management audit log. CC ID 00857 | Operational management | Establish/Maintain Documentation | |
| Include who the incident was reported to in the incident management audit log. CC ID 16487 | Operational management | Log Management | |
| Include corrective actions in the incident management audit log. CC ID 16466 | Operational management | Establish/Maintain Documentation | |
| Include the organization's business products and services affected by disruptions in the Incident Management audit log. CC ID 12234 | Operational management | Log Management | |
| Include emergency processing priorities in the Incident Management program. CC ID 00859 | Operational management | Establish/Maintain Documentation | |
| Include user's responsibilities for when a theft has occurred in the Incident Management program. CC ID 06387 | Operational management | Establish/Maintain Documentation | |
| Include incident record closure procedures in the Incident Management program. CC ID 01620 | Operational management | Establish/Maintain Documentation | |
| Include incident reporting procedures in the Incident Management program. CC ID 11772 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain incident reporting time frame standards. CC ID 12142 | Operational management | Communicate | |
| Establish, implement, and maintain an Incident Response program. CC ID 00579 | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain an incident response plan. CC ID 12056 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Operational management | Establish/Maintain Documentation | |
| Include addressing external communications in the incident response plan. CC ID 13351 | Operational management | Establish/Maintain Documentation | |
| Include addressing internal communications in the incident response plan. CC ID 13350 | Operational management | Establish/Maintain Documentation | |
| Include change control procedures in the incident response plan. CC ID 15479 | Operational management | Establish/Maintain Documentation | |
| Include addressing information sharing in the incident response plan. CC ID 13349 | Operational management | Establish/Maintain Documentation | |
| Include dynamic reconfiguration in the incident response plan. CC ID 14306 | Operational management | Establish/Maintain Documentation | |
| Include a definition of reportable incidents in the incident response plan. CC ID 14303 | Operational management | Establish/Maintain Documentation | |
| Include the management support needed for incident response in the incident response plan. CC ID 14300 | Operational management | Establish/Maintain Documentation | |
| Include root cause analysis in the incident response plan. CC ID 16423 | Operational management | Establish/Maintain Documentation | |
| Include how incident response fits into the organization in the incident response plan. CC ID 14294 | Operational management | Establish/Maintain Documentation | |
| Include the resources needed for incident response in the incident response plan. CC ID 14292 | Operational management | Establish/Maintain Documentation | |
| Include incident response team services in the Incident Response program. CC ID 11766 | Operational management | Establish/Maintain Documentation | |
| Include the incident response training program in the Incident Response program. CC ID 06750 | Operational management | Establish/Maintain Documentation | |
| Incorporate realistic exercises that are tested into the incident response training program. CC ID 06753 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Operational management | Behavior | |
| Include references to industry best practices in the incident response procedures. CC ID 11956 | Operational management | Establish/Maintain Documentation | |
| Include responding to alerts from security monitoring systems in the incident response procedures. CC ID 11949 | Operational management | Establish/Maintain Documentation | |
| Disseminate and communicate the incident response procedures to all interested personnel and affected parties. CC ID 01215 [The entity has a comprehensive privacy incident and breach management plan which provides examples of unauthorized uses and disclosures, as well as guidelines to determine whether an incident constitutes a breach. The plan is communicated to personnel who handle PI. M1.3 Privacy incident response plan] | Operational management | Establish/Maintain Documentation | |
| Document the results of incident response tests and provide them to senior management. CC ID 14857 | Operational management | Actionable Reports or Measurements | |
| Establish, implement, and maintain a change control program. CC ID 00886 | Operational management | Establish/Maintain Documentation | |
| Manage change requests. CC ID 00887 | Operational management | Business Processes | |
| Approve tested change requests. CC ID 11783 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Operational management | Data and Information Management | |
| Validate the system before implementing approved changes. CC ID 01510 | Operational management | Systems Design, Build, and Implementation | |
| Disseminate and communicate proposed changes to all interested personnel and affected parties. CC ID 06807 | Operational management | Behavior | |
| Implement changes according to the change control program. CC ID 11776 | Operational management | Business Processes | |
| Provide audit trails for all approved changes. CC ID 13120 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Operational management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a Configuration Management program. CC ID 00867 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | System hardening through configuration management | Establish/Maintain Documentation | |
| Establish, implement, and maintain configuration control and Configuration Status Accounting. CC ID 00863 | System hardening through configuration management | Business Processes | |
| Establish, implement, and maintain appropriate system labeling. CC ID 01900 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the identification number of the third party who performed the conformity assessment procedures on all promotional materials. CC ID 15041 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the identification number of the third party who conducted the conformity assessment procedures after the CE marking of conformity. CC ID 15040 | System hardening through configuration management | Establish/Maintain Documentation | |
| Verify configuration files requiring passwords for automation do not contain those passwords after the installation process is complete. CC ID 06555 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain a configuration management policy. CC ID 14023 | System hardening through configuration management | Establish/Maintain Documentation | |
| Establish, implement, and maintain configuration management procedures. CC ID 14074 | System hardening through configuration management | Establish/Maintain Documentation | |
| Disseminate and communicate the configuration management procedures to interested personnel and affected parties. CC ID 14139 | System hardening through configuration management | Communicate | |
| Include compliance requirements in the configuration management policy. CC ID 14072 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include coordination amongst entities in the configuration management policy. CC ID 14071 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include management commitment in the configuration management policy. CC ID 14070 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include roles and responsibilities in the configuration management policy. CC ID 14069 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the scope in the configuration management policy. CC ID 14068 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the purpose in the configuration management policy. CC ID 14067 | System hardening through configuration management | Establish/Maintain Documentation | |
| Disseminate and communicate the configuration management policy to interested personnel and affected parties. CC ID 14066 | System hardening through configuration management | Communicate | |
| Establish, implement, and maintain a configuration management plan. CC ID 01901 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include configuration management procedures in the configuration management plan. CC ID 14248 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include roles and responsibilities in the configuration management plan. CC ID 14247 | System hardening through configuration management | Establish/Maintain Documentation | |
| Approve the configuration management plan. CC ID 14717 | System hardening through configuration management | Business Processes | |
| Establish, implement, and maintain system tracking documentation. CC ID 15266 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include prioritization codes in the system tracking documentation. CC ID 15283 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the type and category of the request in the system tracking documentation. CC ID 15281 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include contact information in the system tracking documentation. CC ID 15280 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the username in the system tracking documentation. CC ID 15278 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include a problem description in the system tracking documentation. CC ID 15276 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include affected systems in the system tracking documentation. CC ID 15275 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include root causes in the system tracking documentation. CC ID 15274 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the name of who is responsible for resolution in the system tracking documentation. CC ID 15273 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include current status in the system tracking documentation. CC ID 15272 | System hardening through configuration management | Establish/Maintain Documentation | |
| Employ the Configuration Management program. CC ID 11904 | System hardening through configuration management | Configuration | |
| Record Configuration Management items in the Configuration Management database. CC ID 00861 | System hardening through configuration management | Establish/Maintain Documentation | |
| Disseminate and communicate the configuration management program to all interested personnel and affected parties. CC ID 11946 | System hardening through configuration management | Communicate | |
| Establish, implement, and maintain a Configuration Management Database with accessible reporting capabilities. CC ID 02132 | System hardening through configuration management | Establish/Maintain Documentation | |
| Document external connections for all systems. CC ID 06415 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain a configuration baseline based on the least functionality principle. CC ID 00862 [The entity has established policies and procedures and technical specifications and requirements for the configuration and credentialing of users and systems prior to granting logical access to information and data about internally and externally managed infrastructure-based platforms, devices and software. The entity's procedures for provisioning and restricting access help make sure that systems and users are registered, authorized, documented and evaluated before access credentials and privileges are established and implemented via the network or from remote access points. User and system authorization and access credentials and privileges are removed and access is disabled when no longer required and when the infrastructure and software are no longer in use. The entity's procedures require that system and user access credentials be periodically revalidated for continued business need. S7.1 Manages credentials for infrastructure and software] | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the measures used to account for any differences in operation between the test environments and production environments in the baseline configuration. CC ID 13285 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the differences between test environments and production environments in the baseline configuration. CC ID 13284 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the applied security patches in the baseline configuration. CC ID 13271 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the installed application software and version numbers in the baseline configuration. CC ID 13270 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include installed custom software in the baseline configuration. CC ID 13274 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include network ports in the baseline configuration. CC ID 13273 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the operating systems and version numbers in the baseline configuration. CC ID 13269 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include backup procedures in the Configuration Management policy. CC ID 01314 | System hardening through configuration management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a system hardening standard. CC ID 00876 | System hardening through configuration management | Establish/Maintain Documentation | |
| Establish, implement, and maintain configuration standards for all systems based upon industry best practices. CC ID 11953 [The entity implements logical access security control software, infrastructures, authentication mechanisms and related architectures and security configuration controls over protected information assets to protect them from security incidents and events that might result in unauthorized access, alteration, destruction or disclosure of that information, and to meet the entity's privacy objectives. S7.1] | System hardening through configuration management | Configuration | |
| Include common security parameter settings in the configuration standards for all systems. CC ID 12544 | System hardening through configuration management | Establish/Maintain Documentation | |
| Apply configuration standards to all systems, as necessary. CC ID 12503 | System hardening through configuration management | Configuration | |
| Document and justify system hardening standard exceptions. CC ID 06845 | System hardening through configuration management | Configuration | |
| Configure security parameter settings on all system components appropriately. CC ID 12041 | System hardening through configuration management | Technical Security | |
| Provide documentation verifying devices are not susceptible to known exploits. CC ID 11987 | System hardening through configuration management | Establish/Maintain Documentation | |
| Establish, implement, and maintain system hardening procedures. CC ID 12001 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure session timeout and reauthentication settings according to organizational standards. CC ID 12460 | System hardening through configuration management | Technical Security | |
| Configure the Intrusion Detection System and Intrusion Prevention System in accordance with organizational standards. CC ID 04831 | System hardening through configuration management | Configuration | |
| Enable historical logging on the Intrusion Detection System and Intrusion Prevention System. CC ID 04836 | System hardening through configuration management | Configuration | |
| Configure automatic logoff to terminate the sessions based on inactivity according to organizational standards. CC ID 04490 | System hardening through configuration management | Configuration | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to detect rogue devices and unauthorized connections. CC ID 04837 | System hardening through configuration management | Configuration | |
| Display an explicit logout message when disconnecting an authenticated communications session. CC ID 10093 | System hardening through configuration management | Configuration | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to alert upon finding rogue devices and unauthorized connections. CC ID 07062 | System hardening through configuration management | Configuration | |
| Invalidate session identifiers upon session termination. CC ID 10649 | System hardening through configuration management | Technical Security | |
| Configure “Docker” to organizational standards. CC ID 14457 | System hardening through configuration management | Configuration | |
| Configure the "autolock" argument to organizational standards. CC ID 14547 | System hardening through configuration management | Configuration | |
| Configure the "COPY" instruction to organizational standards. CC ID 14515 | System hardening through configuration management | Configuration | |
| Configure the "memory" argument to organizational standards. CC ID 14497 | System hardening through configuration management | Configuration | |
| Configure the "docker0" bridge to organizational standards. CC ID 14504 | System hardening through configuration management | Configuration | |
| Configure the "docker exec commands" to organizational standards. CC ID 14502 | System hardening through configuration management | Configuration | |
| Configure the "health-cmd" argument to organizational standards. CC ID 14527 | System hardening through configuration management | Configuration | |
| Configure the maximum number of images to organizational standards. CC ID 14545 | System hardening through configuration management | Configuration | |
| Configure the minimum number of manager nodes to organizational standards. CC ID 14543 | System hardening through configuration management | Configuration | |
| Configure the "on-failure" restart policy to organizational standards. CC ID 14542 | System hardening through configuration management | Configuration | |
| Configure the maximum number of containers to organizational standards. CC ID 14540 | System hardening through configuration management | Configuration | |
| Configure the "lifetime_minutes" to organizational standards. CC ID 14539 | System hardening through configuration management | Configuration | |
| Configure the "Linux kernel capabilities" to organizational standards. CC ID 14531 | System hardening through configuration management | Configuration | |
| Configure the "Docker socket" to organizational standards. CC ID 14506 | System hardening through configuration management | Configuration | |
| Configure the "read-only" argument to organizational standards. CC ID 14498 | System hardening through configuration management | Configuration | |
| Configure the signed image enforcement to organizational standards. CC ID 14517 | System hardening through configuration management | Configuration | |
| Configure the "storage-opt" argument to organizational standards. CC ID 14658 | System hardening through configuration management | Configuration | |
| Configure the "swarm services" to organizational standards. CC ID 14516 | System hardening through configuration management | Configuration | |
| Configure the "experimental" argument to organizational standards. CC ID 14494 | System hardening through configuration management | Configuration | |
| Configure the cluster role-based access control policies to organizational standards. CC ID 14514 | System hardening through configuration management | Configuration | |
| Configure the "secret management commands" to organizational standards. CC ID 14512 | System hardening through configuration management | Configuration | |
| Configure the "renewal_threshold_minutes" to organizational standards. CC ID 14538 | System hardening through configuration management | Configuration | |
| Configure the "docker swarm unlock-key" command to organizational standards. CC ID 14490 | System hardening through configuration management | Configuration | |
| Configure the "per_user_limit" to organizational standards. CC ID 14523 | System hardening through configuration management | Configuration | |
| Configure the "privileged" argument to organizational standards. CC ID 14510 | System hardening through configuration management | Configuration | |
| Configure the "update instructions" to organizational standards. CC ID 14525 | System hardening through configuration management | Configuration | |
| Configure the "swarm mode" to organizational standards. CC ID 14508 | System hardening through configuration management | Configuration | |
| Configure the "USER" directive to organizational standards. CC ID 14507 | System hardening through configuration management | Configuration | |
| Configure the "DOCKER_CONTENT_TRUST" to organizational standards. CC ID 14488 | System hardening through configuration management | Configuration | |
| Configure the "no-new-privileges" argument to organizational standards. CC ID 14474 | System hardening through configuration management | Configuration | |
| Configure the "seccomp-profile" argument to organizational standards. CC ID 14503 | System hardening through configuration management | Configuration | |
| Configure the "cpu-shares" argument to organizational standards. CC ID 14489 | System hardening through configuration management | Configuration | |
| Configure the "volume" argument to organizational standards. CC ID 14533 | System hardening through configuration management | Configuration | |
| Configure the "cgroup-parent" to organizational standards. CC ID 14466 | System hardening through configuration management | Configuration | |
| Configure the "live-restore" argument to organizational standards. CC ID 14465 | System hardening through configuration management | Configuration | |
| Configure the "userland-proxy" argument to organizational standards. CC ID 14464 | System hardening through configuration management | Configuration | |
| Configure the "user namespace support" to organizational standards. CC ID 14462 | System hardening through configuration management | Configuration | |
| Configure "etcd" to organizational standards. CC ID 14535 | System hardening through configuration management | Configuration | |
| Configure the "auto-tls" argument to organizational standards. CC ID 14621 | System hardening through configuration management | Configuration | |
| Configure the "peer-auto-tls" argument to organizational standards. CC ID 14636 | System hardening through configuration management | Configuration | |
| Configure the "peer-client-cert-auth" argument to organizational standards. CC ID 14614 | System hardening through configuration management | Configuration | |
| Configure the "peer-cert-file" argument to organizational standards. CC ID 14606 | System hardening through configuration management | Configuration | |
| Configure the "key-file" argument to organizational standards. CC ID 14604 | System hardening through configuration management | Configuration | |
| Configure the "cert-file" argument to organizational standards. CC ID 14602 | System hardening through configuration management | Configuration | |
| Configure the "client-cert-auth" argument to organizational standards. CC ID 14596 | System hardening through configuration management | Configuration | |
| Configure the "peer-key-file" argument to organizational standards. CC ID 14595 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain container orchestration. CC ID 16350 | System hardening through configuration management | Technical Security | |
| Configure "Kubernetes" to organizational standards. CC ID 14528 | System hardening through configuration management | Configuration | |
| Configure the "ImagePolicyWebhook" admission controller to organizational standards. CC ID 14657 | System hardening through configuration management | Configuration | |
| Configure the "allowedCapabilities" to organizational standards. CC ID 14653 | System hardening through configuration management | Configuration | |
| Configure the "allowPrivilegeEscalation" flag to organizational standards. CC ID 14645 | System hardening through configuration management | Configuration | |
| Configure the "Security Context" to organizational standards. CC ID 14656 | System hardening through configuration management | Configuration | |
| Configure the "cluster-admin" role to organizational standards. CC ID 14642 | System hardening through configuration management | Configuration | |
| Configure the "automountServiceAccountToken" to organizational standards. CC ID 14639 | System hardening through configuration management | Configuration | |
| Configure the "seccomp" profile to organizational standards. CC ID 14652 | System hardening through configuration management | Configuration | |
| Configure the "securityContext.privileged" flag to organizational standards. CC ID 14641 | System hardening through configuration management | Configuration | |
| Configure the "audit-policy-file" to organizational standards. CC ID 14610 | System hardening through configuration management | Configuration | |
| Configure the "bind-address" argument to organizational standards. CC ID 14601 | System hardening through configuration management | Configuration | |
| Configure the "request-timeout" argument to organizational standards. CC ID 14583 | System hardening through configuration management | Configuration | |
| Configure the "secure-port" argument to organizational standards. CC ID 14582 | System hardening through configuration management | Configuration | |
| Configure the "service-account-key-file" argument to organizational standards. CC ID 14581 | System hardening through configuration management | Configuration | |
| Configure the "insecure-bind-address" argument to organizational standards. CC ID 14580 | System hardening through configuration management | Configuration | |
| Configure the "service-account-lookup" argument to organizational standards. CC ID 14579 | System hardening through configuration management | Configuration | |
| Configure the "admission control plugin PodSecurityPolicy" to organizational standards. CC ID 14578 | System hardening through configuration management | Configuration | |
| Configure the "profiling" argument to organizational standards. CC ID 14577 | System hardening through configuration management | Configuration | |
| Configure the "hostNetwork" flag to organizational standards. CC ID 14649 | System hardening through configuration management | Configuration | |
| Configure the "hostPID" flag to organizational standards. CC ID 14648 | System hardening through configuration management | Configuration | |
| Configure the "etcd-certfile" argument to organizational standards. CC ID 14584 | System hardening through configuration management | Configuration | |
| Configure the "runAsUser.rule" to organizational standards. CC ID 14651 | System hardening through configuration management | Configuration | |
| Configure the "requiredDropCapabilities" to organizational standards. CC ID 14650 | System hardening through configuration management | Configuration | |
| Configure the "hostIPC" flag to organizational standards. CC ID 14643 | System hardening through configuration management | Configuration | |
| Configure the "admission control plugin ServiceAccount" to organizational standards. CC ID 14576 | System hardening through configuration management | Configuration | |
| Configure the "insecure-port" argument to organizational standards. CC ID 14575 | System hardening through configuration management | Configuration | |
| Configure the "admission control plugin AlwaysPullImages" to organizational standards. CC ID 14574 | System hardening through configuration management | Configuration | |
| Configure the "pod" to organizational standards. CC ID 14644 | System hardening through configuration management | Configuration | |
| Configure the "ClusterRoles" to organizational standards. CC ID 14637 | System hardening through configuration management | Configuration | |
| Configure the "event-qps" argument to organizational standards. CC ID 14633 | System hardening through configuration management | Configuration | |
| Configure the "Kubelet" to organizational standards. CC ID 14635 | System hardening through configuration management | Configuration | |
| Configure the "NET_RAW" to organizational standards. CC ID 14647 | System hardening through configuration management | Configuration | |
| Configure the "make-iptables-util-chains" argument to organizational standards. CC ID 14638 | System hardening through configuration management | Configuration | |
| Configure the "hostname-override" argument to organizational standards. CC ID 14631 | System hardening through configuration management | Configuration | |
| Configure the "admission control plugin NodeRestriction" to organizational standards. CC ID 14573 | System hardening through configuration management | Configuration | |
| Configure the "admission control plugin AlwaysAdmit" to organizational standards. CC ID 14572 | System hardening through configuration management | Configuration | |
| Configure the "etcd-cafile" argument to organizational standards. CC ID 14592 | System hardening through configuration management | Configuration | |
| Configure the "encryption-provider-config" argument to organizational standards. CC ID 14587 | System hardening through configuration management | Configuration | |
| Configure the "rotate-certificates" argument to organizational standards. CC ID 14640 | System hardening through configuration management | Configuration | |
| Configure the "etcd-keyfile" argument to organizational standards. CC ID 14586 | System hardening through configuration management | Configuration | |
| Configure the "client-ca-file" argument to organizational standards. CC ID 14585 | System hardening through configuration management | Configuration | |
| Configure the "kube-apiserver" to organizational standards. CC ID 14589 | System hardening through configuration management | Configuration | |
| Configure the "tls-private-key-file" argument to organizational standards. CC ID 14590 | System hardening through configuration management | Configuration | |
| Configure the "streaming-connection-idle-timeout" argument to organizational standards. CC ID 14634 | System hardening through configuration management | Configuration | |
| Configure the "RotateKubeletServerCertificate" argument to organizational standards. CC ID 14626 | System hardening through configuration management | Configuration | |
| Configure the "protect-kernel-defaults" argument to organizational standards. CC ID 14629 | System hardening through configuration management | Configuration | |
| Configure the "read-only-port" argument to organizational standards. CC ID 14627 | System hardening through configuration management | Configuration | |
| Configure the "admission control plugin NamespaceLifecycle" to organizational standards. CC ID 14571 | System hardening through configuration management | Configuration | |
| Configure the "terminated-pod-gc-threshold" argument to organizational standards. CC ID 14593 | System hardening through configuration management | Configuration | |
| Configure the "tls-cert-file" argument to organizational standards. CC ID 14588 | System hardening through configuration management | Configuration | |
| Configure the "kubelet-certificate-authority" argument to organizational standards. CC ID 14570 | System hardening through configuration management | Configuration | |
| Configure the "service-account-private-key-file" argument to organizational standards. CC ID 14607 | System hardening through configuration management | Configuration | |
| Configure the "admission control plugin SecurityContextDeny" to organizational standards. CC ID 14569 | System hardening through configuration management | Configuration | |
| Configure the "kubelet-client-certificate" argument to organizational standards. CC ID 14568 | System hardening through configuration management | Configuration | |
| Configure the "root-ca-file" argument to organizational standards. CC ID 14599 | System hardening through configuration management | Configuration | |
| Configure the "admission control plugin EventRateLimit" to organizational standards. CC ID 14567 | System hardening through configuration management | Configuration | |
| Configure the "use-service-account-credentials" argument to organizational standards. CC ID 14594 | System hardening through configuration management | Configuration | |
| Configure the "token-auth-file" argument to organizational standards. CC ID 14566 | System hardening through configuration management | Configuration | |
| Configure the "authorization-mode" argument to organizational standards. CC ID 14565 | System hardening through configuration management | Configuration | |
| Configure the "anonymous-auth" argument to organizational standards. CC ID 14564 | System hardening through configuration management | Configuration | |
| Configure the "kubelet-client-key" argument to organizational standards. CC ID 14563 | System hardening through configuration management | Configuration | |
| Configure the "kubelet-https" argument to organizational standards. CC ID 14561 | System hardening through configuration management | Configuration | |
| Configure the "basic-auth-file" argument to organizational standards. CC ID 14559 | System hardening through configuration management | Configuration | |
| Configure the Remote Deposit Capture system to organizational standards. CC ID 13569 | System hardening through configuration management | Configuration | |
| Prohibit files from containing wild cards, as necessary. CC ID 16318 | System hardening through configuration management | Process or Activity | |
| Block and/or remove unnecessary software and unauthorized software. CC ID 00865 | System hardening through configuration management | Configuration | |
| Assign system hardening to qualified personnel. CC ID 06813 | System hardening through configuration management | Establish Roles | |
| Use the latest approved version of all software. CC ID 00897 | System hardening through configuration management | Technical Security | |
| Install the most current Windows Service Pack. CC ID 01695 | System hardening through configuration management | Configuration | |
| Install critical security updates and important security updates in a timely manner. CC ID 01696 | System hardening through configuration management | Configuration | |
| Include risk information when communicating critical security updates. CC ID 14948 | System hardening through configuration management | Communicate | |
| Change default configurations, as necessary. CC ID 00877 | System hardening through configuration management | Configuration | |
| Configure custom security parameters for X-Windows. CC ID 02168 | System hardening through configuration management | Configuration | |
| Configure custom security settings for Lotus Domino. CC ID 02171 | System hardening through configuration management | Configuration | |
| Configure custom security settings for the Automated Security Enhancement Tool. CC ID 02177 | System hardening through configuration management | Configuration | |
| Configure custom Security settings for Sun Answerbook2. CC ID 02178 | System hardening through configuration management | Configuration | |
| Configure custom security settings for Command (PROM) Monitor. CC ID 02180 | System hardening through configuration management | Configuration | |
| Configure and secure each interface for Executive Interfaces. CC ID 02182 | System hardening through configuration management | Configuration | |
| Reconfigure the default settings and configure the system security for Site Management Complex. CC ID 02183 | System hardening through configuration management | Configuration | |
| Configure the unisys executive (GENNED) GEN tags. CC ID 02184 | System hardening through configuration management | Configuration | |
| Reconfigure the default Console Mode privileges. CC ID 02189 | System hardening through configuration management | Configuration | |
| Restrict access to security-related Console Mode key-in groups based on the security profiles. CC ID 02190 | System hardening through configuration management | Configuration | |
| Configure security profiles for the various Console Mode levels. CC ID 02191 | System hardening through configuration management | Configuration | |
| Configure custom access privileges for all mapper files. CC ID 02194 | System hardening through configuration management | Configuration | |
| Configure custom access privileges for the PSERVER configuration file. CC ID 02195 | System hardening through configuration management | Configuration | |
| Configure custom access privileges for the DEPCON configuration file. CC ID 02196 | System hardening through configuration management | Configuration | |
| Disable the default NetWare user web page unless absolutely necessary. CC ID 04447 | System hardening through configuration management | Configuration | |
| Enable and reset the primary administrator names, primary administrator passwords, root names, and root passwords. CC ID 04448 | System hardening through configuration management | Configuration | |
| Remove unnecessary documentation or unprotected documentation from installed applications. CC ID 04452 | System hardening through configuration management | Configuration | |
| Complete the NetWare eGuide configuration. CC ID 04449 | System hardening through configuration management | Configuration | |
| Verify the usr/aset/masters/uid_aliases file exists and contains an appropriate aliases list. CC ID 04902 | System hardening through configuration management | Configuration | |
| Set the low security directory list properly. CC ID 04903 | System hardening through configuration management | Configuration | |
| Set the medium security directory list properly. CC ID 04904 | System hardening through configuration management | Configuration | |
| Set the high security directory list properly. CC ID 04905 | System hardening through configuration management | Configuration | |
| Set the UID aliases pointer properly. CC ID 04906 | System hardening through configuration management | Configuration | |
| Verify users are listed in the ASET userlist file. CC ID 04907 | System hardening through configuration management | Technical Security | |
| Verify Automated Security Enhancement Tool checks the NIS+ tables, as appropriate. CC ID 04908 | System hardening through configuration management | Testing | |
| Reconfigure the encryption keys from their default setting or previous setting. CC ID 06079 | System hardening through configuration management | Configuration | |
| Change the default Service Set Identifier for Wireless Access Points and wireless bridges. CC ID 06086 | System hardening through configuration management | Configuration | |
| Revoke public execute privileges for all processes or applications that allow such privileges. CC ID 06568 | System hardening through configuration management | Configuration | |
| Configure the system's booting configuration. CC ID 10656 | System hardening through configuration management | Configuration | |
| Configure the system to boot directly to the correct Operating System. CC ID 04509 | System hardening through configuration management | Configuration | |
| Verify an appropriate bootloader is used. CC ID 04900 | System hardening through configuration management | Configuration | |
| Configure the ability to boot from USB devices, as appropriate. CC ID 04901 | System hardening through configuration management | Configuration | |
| Configure the system to boot from hardware enforced read-only media. CC ID 10657 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain procedures to standardize operating system software installation. CC ID 00869 | System hardening through configuration management | Establish/Maintain Documentation | |
| Verify operating system installation plans include software security considerations. CC ID 00870 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Approved Installation Sites for ActiveX Controls" security mechanism properly. CC ID 04909 | System hardening through configuration management | Configuration | |
| Configure Least Functionality and Least Privilege settings to organizational standards. CC ID 07599 | System hardening through configuration management | Configuration | |
| Prohibit directories from having read/write capability, as appropriate. CC ID 16313 | System hardening through configuration management | Configuration | |
| Configure "Block public access (bucket settings)" to organizational standards. CC ID 15444 | System hardening through configuration management | Configuration | |
| Configure S3 Bucket Policies to organizational standards. CC ID 15431 | System hardening through configuration management | Configuration | |
| Configure "Allow suggested apps in Windows Ink Workspace" to organizational standards. CC ID 15417 | System hardening through configuration management | Configuration | |
| Configure "Allow Cloud Search" to organizational standards. CC ID 15416 | System hardening through configuration management | Configuration | |
| Configure "Configure Watson events" to organizational standards. CC ID 15414 | System hardening through configuration management | Configuration | |
| Configure "Allow Clipboard synchronization across devices" to organizational standards. CC ID 15412 | System hardening through configuration management | Configuration | |
| Configure "Prevent users from modifying settings" to organizational standards. CC ID 15411 | System hardening through configuration management | Configuration | |
| Configure "Prevent users from sharing files within their profile" to organizational standards. CC ID 15408 | System hardening through configuration management | Configuration | |
| Configure "Manage preview builds" to organizational standards. CC ID 15405 | System hardening through configuration management | Configuration | |
| Configure "Turn off Help Experience Improvement Program" to organizational standards. CC ID 15403 | System hardening through configuration management | Configuration | |
| Configure "Sign-in and lock last interactive user automatically after a restart" to organizational standards. CC ID 15402 | System hardening through configuration management | Configuration | |
| Configure "Hardened UNC Paths" to organizational standards. CC ID 15400 | System hardening through configuration management | Configuration | |
| Configure "Turn off all Windows spotlight features" to organizational standards. CC ID 15397 | System hardening through configuration management | Configuration | |
| Configure "Allow Message Service Cloud Sync" to organizational standards. CC ID 15396 | System hardening through configuration management | Configuration | |
| Configure "Configure local setting override for reporting to Microsoft MAPS" to organizational standards. CC ID 15394 | System hardening through configuration management | Configuration | |
| Configure "Configure Windows spotlight on lock screen" to organizational standards. CC ID 15391 | System hardening through configuration management | Configuration | |
| Configure "Do not suggest third-party content in Windows spotlight" to organizational standards. CC ID 15389 | System hardening through configuration management | Configuration | |
| Configure "Enable Font Providers" to organizational standards. CC ID 15388 | System hardening through configuration management | Configuration | |
| Configure "Disallow copying of user input methods to the system account for sign-in" to organizational standards. CC ID 15386 | System hardening through configuration management | Configuration | |
| Configure "Do not display network selection UI" to organizational standards. CC ID 15381 | System hardening through configuration management | Configuration | |
| Configure "Turn off KMS Client Online AVS Validation" to organizational standards. CC ID 15380 | System hardening through configuration management | Configuration | |
| Configure "Allow Telemetry" to organizational standards. CC ID 15378 | System hardening through configuration management | Configuration | |
| Configure "Allow users to enable online speech recognition services" to organizational standards. CC ID 15377 | System hardening through configuration management | Configuration | |
| Configure "Prevent enabling lock screen camera" to organizational standards. CC ID 15373 | System hardening through configuration management | Configuration | |
| Configure "Continue experiences on this device" to organizational standards. CC ID 15372 | System hardening through configuration management | Configuration | |
| Configure "Prevent the usage of OneDrive for file storage" to organizational standards. CC ID 15369 | System hardening through configuration management | Configuration | |
| Configure "Do not use diagnostic data for tailored experiences" to organizational standards. CC ID 15367 | System hardening through configuration management | Configuration | |
| Configure "Network access: Restrict clients allowed to make remote calls to SAM" to organizational standards. CC ID 15365 | System hardening through configuration management | Configuration | |
| Configure "Turn off Microsoft consumer experiences" to organizational standards. CC ID 15363 | System hardening through configuration management | Configuration | |
| Configure "Allow Use of Camera" to organizational standards. CC ID 15362 | System hardening through configuration management | Configuration | |
| Configure "Allow Online Tips" to organizational standards. CC ID 15360 | System hardening through configuration management | Configuration | |
| Configure "Turn off cloud optimized content" to organizational standards. CC ID 15357 | System hardening through configuration management | Configuration | |
| Configure "Apply UAC restrictions to local accounts on network logons" to organizational standards. CC ID 15356 | System hardening through configuration management | Configuration | |
| Configure "Toggle user control over Insider builds" to organizational standards. CC ID 15354 | System hardening through configuration management | Configuration | |
| Configure "Allow network connectivity during connected-standby (plugged in)" to organizational standards. CC ID 15353 | System hardening through configuration management | Configuration | |
| Configure "Do not show feedback notifications" to organizational standards. CC ID 15350 | System hardening through configuration management | Configuration | |
| Configure "Prevent enabling lock screen slide show" to organizational standards. CC ID 15349 | System hardening through configuration management | Configuration | |
| Configure "Turn off the advertising ID" to organizational standards. CC ID 15348 | System hardening through configuration management | Configuration | |
| Configure "Allow Windows Ink Workspace" to organizational standards. CC ID 15346 | System hardening through configuration management | Configuration | |
| Configure "Allow a Windows app to share application data between users" to organizational standards. CC ID 15345 | System hardening through configuration management | Configuration | |
| Configure "Turn off handwriting personalization data sharing" to organizational standards. CC ID 15339 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Prevent users from installing printer drivers" to organizational standards. CC ID 07600 | System hardening through configuration management | Configuration | |
| Configure the "Log on as a service" to organizational standards. CC ID 07609 | System hardening through configuration management | Configuration | |
| Configure "Restore files and directories" to organizational standards. CC ID 07610 | System hardening through configuration management | Configuration | |
| Configure the "Back up files and directories" to organizational standards. CC ID 07629 | System hardening through configuration management | Configuration | |
| Configure the "Change the system time" to organizational standards. CC ID 07633 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" to organizational standards. CC ID 07635 | System hardening through configuration management | Configuration | |
| Configure the "Perform volume maintenance tasks" to organizational standards. CC ID 07653 | System hardening through configuration management | Configuration | |
| Configure the "Create global objects" to organizational standards. CC ID 07659 | System hardening through configuration management | Configuration | |
| Configure the "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" to organizational standards. CC ID 07660 | System hardening through configuration management | Configuration | |
| Configure the "DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07671 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Named Pipes that can be accessed anonymously" to organizational standards. CC ID 07676 | System hardening through configuration management | Configuration | |
| Configure the "Change the time zone" to organizational standards. CC ID 07677 | System hardening through configuration management | Configuration | |
| Configure the "Adjust memory quotas for a process" to organizational standards. CC ID 07685 | System hardening through configuration management | Configuration | |
| Configure the "Add workstations to domain" to organizational standards. CC ID 07689 | System hardening through configuration management | Configuration | |
| Configure the "Take ownership of files or other objects" to organizational standards. CC ID 07691 | System hardening through configuration management | Configuration | |
| Configure the "Access this computer from the network" to organizational standards. CC ID 07706 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)" to organizational standards. CC ID 07710 | System hardening through configuration management | Configuration | |
| Configure the "Shutdown: Allow system to be shut down without having to log on" to organizational standards. CC ID 07717 | System hardening through configuration management | Configuration | |
| Configure the "System objects: Require case insensitivity for non-Windows subsystems" to organizational standards. CC ID 07718 | System hardening through configuration management | Configuration | |
| Configure the "Domain controller: Allow server operators to schedule tasks" to organizational standards. CC ID 07722 | System hardening through configuration management | Configuration | |
| Configure the "Debug programs" to organizational standards. CC ID 07729 | System hardening through configuration management | Configuration | |
| Configure the "Increase scheduling priority" to organizational standards. CC ID 07739 | System hardening through configuration management | Configuration | |
| Configure the "Load and unload device drivers" to organizational standards. CC ID 07745 | System hardening through configuration management | Configuration | |
| Configure the "Modify an object label" to organizational standards. CC ID 07755 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on as a service" to organizational standards. CC ID 07762 | System hardening through configuration management | Configuration | |
| Configure the "Recovery console: Allow automatic administrative logon" to organizational standards. CC ID 07770 | System hardening through configuration management | Configuration | |
| Configure the "Create a token object" to organizational standards. CC ID 07774 | System hardening through configuration management | Configuration | |
| Configure the "Create symbolic links" to organizational standards. CC ID 07778 | System hardening through configuration management | Configuration | |
| Configure the "Deny access to this computer from the network" to organizational standards. CC ID 07779 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on locally" to organizational standards. CC ID 07781 | System hardening through configuration management | Configuration | |
| Configure the "Manage auditing and security log" to organizational standards. CC ID 07783 | System hardening through configuration management | Configuration | |
| Configure the "Lock pages in memory" to organizational standards. CC ID 07784 | System hardening through configuration management | Configuration | |
| Configure the "Shutdown: Clear virtual memory pagefile" to organizational standards. CC ID 07787 | System hardening through configuration management | Configuration | |
| Configure the "Increase a process working set" to organizational standards. CC ID 07788 | System hardening through configuration management | Configuration | |
| Configure the "Generate security audits" to organizational standards. CC ID 07796 | System hardening through configuration management | Configuration | |
| Configure the "Remove computer from docking station" to organizational standards. CC ID 07802 | System hardening through configuration management | Configuration | |
| Configure the "System settings: Optional subsystems" to organizational standards. CC ID 07804 | System hardening through configuration management | Configuration | |
| Configure the "Shut down the system" to organizational standards. CC ID 07808 | System hardening through configuration management | Configuration | |
| Configure the "Bypass traverse checking" to organizational standards. CC ID 07809 | System hardening through configuration management | Configuration | |
| Configure the "Always install with elevated privileges" to organizational standards. CC ID 07811 | System hardening through configuration management | Configuration | |
| Configure the "Allow log on through Remote Desktop Services" to organizational standards. CC ID 07813 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)" to organizational standards. CC ID 07814 | System hardening through configuration management | Configuration | |
| Configure the "Create permanent shared objects" to organizational standards. CC ID 07818 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Allow undock without having to log on" to organizational standards. CC ID 07821 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Restrict floppy access to locally logged-on user only" to organizational standards. CC ID 07823 | System hardening through configuration management | Configuration | |
| Configure the "Log on as a batch job" to organizational standards. CC ID 07838 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (AutoShareServer) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 07841 | System hardening through configuration management | Configuration | |
| Configure the "DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax" to organizational standards. CC ID 07842 | System hardening through configuration management | Configuration | |
| Configure the "Replace a process level token" to organizational standards. CC ID 07845 | System hardening through configuration management | Configuration | |
| Configure the "Modify firmware environment values" to organizational standards. CC ID 07847 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on through Remote Desktop Services" to organizational standards. CC ID 07854 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Allowed to format and eject removable media" to organizational standards. CC ID 07862 | System hardening through configuration management | Configuration | |
| Configure the "Profile single process" to organizational standards. CC ID 07866 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Autoplay" to organizational standards. CC ID 07867 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Restrict CD-ROM access to locally logged-on user only" to organizational standards. CC ID 07871 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on as a batch job" to organizational standards. CC ID 07876 | System hardening through configuration management | Configuration | |
| Configure the "Create a pagefile" to organizational standards. CC ID 07878 | System hardening through configuration management | Configuration | |
| Configure the "Profile system performance" to organizational standards. CC ID 07879 | System hardening through configuration management | Configuration | |
| Configure the "Impersonate a client after authentication" to organizational standards. CC ID 07882 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)" to organizational standards. CC ID 07886 | System hardening through configuration management | Configuration | |
| Configure the "Force shutdown from a remote system" to organizational standards. CC ID 07889 | System hardening through configuration management | Configuration | |
| Configure the "Act as part of the operating system" to organizational standards. CC ID 07891 | System hardening through configuration management | Configuration | |
| Configure the "Allow log on locally" to organizational standards. CC ID 07894 | System hardening through configuration management | Configuration | |
| Configure the "Synchronize directory service data" to organizational standards. CC ID 07897 | System hardening through configuration management | Configuration | |
| Configure the "Access Credential Manager as a trusted caller" to organizational standards. CC ID 07898 | System hardening through configuration management | Configuration | |
| Configure the "Enable computer and user accounts to be trusted for delegation" to organizational standards. CC ID 07900 | System hardening through configuration management | Configuration | |
| Configure the "Recovery console: Allow floppy copy and access to all drives and all folders" to organizational standards. CC ID 07901 | System hardening through configuration management | Configuration | |
| Configure the "Software channel permissions" to organizational standards. CC ID 07910 | System hardening through configuration management | Configuration | |
| Configure the "Allow drag and drop or copy and paste files" to organizational standards. CC ID 07915 | System hardening through configuration management | Configuration | |
| Configure the "Disable Per-User Installation of ActiveX Controls" to organizational standards. CC ID 07918 | System hardening through configuration management | Configuration | |
| Configure the "Download signed ActiveX controls" to organizational standards. CC ID 07921 | System hardening through configuration management | Configuration | |
| Configure the "Disable "Configuring History"" to organizational standards. CC ID 07922 | System hardening through configuration management | Configuration | |
| Configure the "Turn off ActiveX opt-in prompt" to organizational standards. CC ID 07928 | System hardening through configuration management | Configuration | |
| Configure the "Allow installation of desktop items" to organizational standards. CC ID 07931 | System hardening through configuration management | Configuration | |
| Configure the "Only allow approved domains to use ActiveX controls without prompt" to organizational standards. CC ID 07936 | System hardening through configuration management | Configuration | |
| Configure the "Initialize and script ActiveX controls not marked as safe" to organizational standards. CC ID 07945 | System hardening through configuration management | Configuration | |
| Configure the "Allow file downloads" to organizational standards. CC ID 07960 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the Security Settings Check feature" to organizational standards. CC ID 07979 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Advanced page" to organizational standards. CC ID 07981 | System hardening through configuration management | Configuration | |
| Configure the "Intranet Sites: Include all network paths (UNCs)" to organizational standards. CC ID 07986 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing Automatic Configuration settings" to organizational standards. CC ID 07992 | System hardening through configuration management | Configuration | |
| Configure the "Turn off "Delete Browsing History" functionality" to organizational standards. CC ID 07993 | System hardening through configuration management | Configuration | |
| Configure the "Allow META REFRESH" to organizational standards. CC ID 07998 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Deleting Temporary Internet Files" to organizational standards. CC ID 08000 | System hardening through configuration management | Configuration | |
| Configure the "Security Zones: Do not allow users to change policies" to organizational standards. CC ID 08001 | System hardening through configuration management | Configuration | |
| Configure the "Only use the ActiveX Installer Service for installation of ActiveX Controls" to organizational standards. CC ID 08003 | System hardening through configuration management | Configuration | |
| Configure the "Prevent "Fix settings" functionality" to organizational standards. CC ID 08010 | System hardening through configuration management | Configuration | |
| Configure the "XAML browser applications" to organizational standards. CC ID 08011 | System hardening through configuration management | Configuration | |
| Configure the "Run .NET Framework-reliant components signed with Authenticode" to organizational standards CC ID 08014 | System hardening through configuration management | Configuration | |
| Configure the "Access data sources across domains" to organizational standards. CC ID 08018 | System hardening through configuration management | Configuration | |
| Configure the "Allow script-initiated windows without size or position constraints" to organizational standards. CC ID 08020 | System hardening through configuration management | Configuration | |
| Configure the "Disable Save this program to disk option" to organizational standards. CC ID 08021 | System hardening through configuration management | Configuration | |
| Configure the "Security Zones: Do not allow users to add/delete sites" to organizational standards. CC ID 08061 | System hardening through configuration management | Configuration | |
| Configure the "Script ActiveX controls marked safe for scripting" to organizational standards. CC ID 08067 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Deleting Cookies" to organizational standards. CC ID 08069 | System hardening through configuration management | Configuration | |
| Configure the "Allow binary and script behaviors" to organizational standards. CC ID 08070 | System hardening through configuration management | Configuration | |
| Configure the "Launching applications and files in an IFRAME" to organizational standards. CC ID 08078 | System hardening through configuration management | Configuration | |
| Configure the "Allow status bar updates via script" to organizational standards. CC ID 08081 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Crash Detection" to organizational standards. CC ID 08085 | System hardening through configuration management | Configuration | |
| Configure the "Security Zones: Use only machine settings" to organizational standards. CC ID 08088 | System hardening through configuration management | Configuration | |
| Configure the "Web sites in less privileged Web content zones can navigate into this zone" to organizational standards. CC ID 08089 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Security page" to organizational standards. CC ID 08090 | System hardening through configuration management | Configuration | |
| Configure the "Automatically check for Internet Explorer updates" to organizational standards. CC ID 08094 | System hardening through configuration management | Configuration | |
| Configure the "Navigate windows and frames across different domains" to organizational standards. CC ID 08107 | System hardening through configuration management | Configuration | |
| Configure the "Allow active scripting" setting to organizational standards. CC ID 08115 | System hardening through configuration management | Configuration | |
| Configure the "Allow font downloads" to organizational standards. CC ID 08116 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing proxy settings" to organizational standards. CC ID 08126 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing connection settings" to organizational standards. CC ID 08129 | System hardening through configuration management | Configuration | |
| Configure the "Run .NET Framework-reliant components not signed with Authenticode" to organizational standards CC ID 08130 | System hardening through configuration management | Configuration | |
| Configure the "Turn off printing over HTTP" to organizational standards. CC ID 08162 | System hardening through configuration management | Configuration | |
| Configure the "Registry policy processing" to organizational standards. CC ID 08169 | System hardening through configuration management | Configuration | |
| Configure the "Disable remote Desktop Sharing" to organizational standards. CC ID 08186 | System hardening through configuration management | Configuration | |
| Configure the "Report operating system errors" to organizational standards. CC ID 08187 | System hardening through configuration management | Configuration | |
| Configure the "Enumerate administrator accounts on elevation" to organizational standards. CC ID 08190 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Update device driver searching" to organizational standards. CC ID 08193 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow drive redirection" to organizational standards. CC ID 08199 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" to organizational standards. CC ID 08204 | System hardening through configuration management | Configuration | |
| Configure the "Turn off downloading of print drivers over HTTP" to organizational standards. CC ID 08218 | System hardening through configuration management | Configuration | |
| Configure the "Do not process the run once list" to organizational standards. CC ID 08219 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on through Terminal Services" to organizational standards. CC ID 08220 | System hardening through configuration management | Configuration | |
| Configure the "Offer Remote Assistance" to organizational standards. CC ID 08222 | System hardening through configuration management | Configuration | |
| Configure the "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" to organizational standards. CC ID 08228 | System hardening through configuration management | Configuration | |
| Configure the "Allow users to connect remotely using Remote Desktop Services" to organizational standards. CC ID 08234 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)" to organizational standards. CC ID 08247 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (NtfsDisable8dot3NameCreation) Enable the computer to stop generating 8.3 style filenames" to organizational standards. CC ID 08253 | System hardening through configuration management | Configuration | |
| Configure the "Solicited Remote Assistance" to organizational standards. CC ID 08265 | System hardening through configuration management | Configuration | |
| Configure "Turn off the "Publish to Web" task for files and folders" to organizational standards. CC ID 08285 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Windows Messenger to be run" to organizational standards. CC ID 08288 | System hardening through configuration management | Configuration | |
| Configure the "Allow log on through Terminal Services" to organizational standards. CC ID 08291 | System hardening through configuration management | Configuration | |
| Configure the "Require trusted path for credential entry." to organizational standards CC ID 08293 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Search Companion content file updates" to organizational standards. CC ID 08302 | System hardening through configuration management | Configuration | |
| Configure the "Prevent access to registry editing tools" to organizational standards. CC ID 08331 | System hardening through configuration management | Configuration | |
| Configure the "Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08347 | System hardening through configuration management | Configuration | |
| Configure the "Turn on SmartScreen Filter scan" to organizational standards. CC ID 08357 | System hardening through configuration management | Configuration | |
| Configure the "Disallow WinRM from storing RunAs credentials" to organizational standards. CC ID 08362 | System hardening through configuration management | Configuration | |
| Configure the "Turn off URL Suggestions" to organizational standards. CC ID 08372 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from bypassing SmartScreen Filter's application reputation warnings about files that are not commonly downloaded from the Internet" to organizational standards. CC ID 08385 | System hardening through configuration management | Configuration | |
| Configure the "Prevent access to Delete Browsing History" to organizational standards. CC ID 08387 | System hardening through configuration management | Configuration | |
| Configure the "Turn off InPrivate Browsing" to organizational standards. CC ID 08421 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Location Provider" to organizational standards. CC ID 08427 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Suggested Sites" to organizational standards. CC ID 08434 | System hardening through configuration management | Configuration | |
| Configure the "Turn off access to the Store" to organizational standards. CC ID 08436 | System hardening through configuration management | Configuration | |
| Configure the "Point and Print Restrictions" to organizational standards. CC ID 08441 | System hardening through configuration management | Configuration | |
| Configure the "Prevent changing proxy settings" to organizational standards. CC ID 08447 | System hardening through configuration management | Configuration | |
| Configure the "Allow deleting browsing history on exit" to organizational standards. CC ID 08456 | System hardening through configuration management | Configuration | |
| Configure the "Allow scripting of Internet Explorer WebBrowser controls" to organizational standards. CC ID 08464 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Managing SmartScreen Filter for Internet Explorer 9" to organizational standards. CC ID 08472 | System hardening through configuration management | Configuration | |
| Configure the "Check Administrator Group Membership" to organizational standards. CC ID 08473 | System hardening through configuration management | Configuration | |
| Configure the "Check if AppLocker is Enabled" to organizational standards. CC ID 08475 | System hardening through configuration management | Configuration | |
| Configure the "Prevent the computer from joining a homegroup" to organizational standards. CC ID 08486 | System hardening through configuration management | Configuration | |
| Configure the "Disable Browser Geolocation" to organizational standards. CC ID 08491 | System hardening through configuration management | Configuration | |
| Configure the "Allow Remote Shell Access" to organizational standards. CC ID 08496 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off the Display (Plugged In)" to organizational standards. CC ID 08502 | System hardening through configuration management | Configuration | |
| Configure the "Do not enumerate connected users on domain-joined computers" to organizational standards. CC ID 08507 | System hardening through configuration management | Configuration | |
| Configure the "Enable dragging of content from different domains across windows" to organizational standards. CC ID 08517 | System hardening through configuration management | Configuration | |
| Configure the "Turn off first-run prompt" to organizational standards. CC ID 08521 | System hardening through configuration management | Configuration | |
| Configure the "Allow Scriptlets" to organizational standards. CC ID 08523 | System hardening through configuration management | Configuration | |
| Configure the "Turn on ActiveX Filtering" to organizational standards. CC ID 08524 | System hardening through configuration management | Configuration | |
| Configure the "Userdata persistence" to organizational standards. CC ID 08533 | System hardening through configuration management | Configuration | |
| Configure the "Enable dragging of content from different domains within a window" to organizational standards. CC ID 08535 | System hardening through configuration management | Configuration | |
| Configure the "Turn off app notifications on the lock screen" to organizational standards. CC ID 08536 | System hardening through configuration management | Configuration | |
| Configure the "Allow updates to status bar via script" to organizational standards. CC ID 08540 | System hardening through configuration management | Configuration | |
| Configure the "Enumerate local users on domain-joined computers" to organizational standards. CC ID 08546 | System hardening through configuration management | Configuration | |
| Configure the "Prevent deleting websites that the user has visited" to organizational standards. CC ID 08547 | System hardening through configuration management | Configuration | |
| Configure the "Install new versions of Internet Explorer automatically" to organizational standards. CC ID 08551 | System hardening through configuration management | Configuration | |
| Configure the "Make proxy settings per-machine (rather than per-user)" to organizational standards. CC ID 08553 | System hardening through configuration management | Configuration | |
| Configure the "Disable external branding of Internet Explorer" to organizational standards. CC ID 08555 | System hardening through configuration management | Configuration | |
| Configure the "Include local path when user is uploading files to a server" to organizational standards. CC ID 08557 | System hardening through configuration management | Configuration | |
| Configure the "Configure Solicited Remote Assistance" to organizational standards. CC ID 08561 | System hardening through configuration management | Configuration | |
| Configure the "Allow loading of XAML files" to organizational standards. CC ID 08562 | System hardening through configuration management | Configuration | |
| Configure the "Do not display the password reveal button" to organizational standards. CC ID 08567 | System hardening through configuration management | Configuration | |
| Configure the "Prevent running First Run wizard" to organizational standards. CC ID 08572 | System hardening through configuration management | Configuration | |
| Configure the "Turn off location" to organizational standards. CC ID 08575 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Enhanced Protected Mode" to organizational standards. CC ID 08577 | System hardening through configuration management | Configuration | |
| Configure the "Turn off browser geolocation" to organizational standards. CC ID 08580 | System hardening through configuration management | Configuration | |
| Configure the "Do not display the reveal password button" to organizational standards. CC ID 08583 | System hardening through configuration management | Configuration | |
| Configure the "Include updated website lists from Microsoft" to organizational standards. CC ID 08593 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Event Viewer "Events.asp" links" to organizational standards. CC ID 08604 | System hardening through configuration management | Configuration | |
| Configure the "Configure Offer Remote Assistance" to organizational standards. CC ID 08605 | System hardening through configuration management | Configuration | |
| Configure the "Prevent specifying the update check interval (in days)" to organizational standards. CC ID 08608 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off the Display (On Battery)" to organizational standards. CC ID 08609 | System hardening through configuration management | Configuration | |
| Configure the "Prevent participation in the Customer Experience Improvement Program" to organizational standards. CC ID 08611 | System hardening through configuration management | Configuration | |
| Configure the "Add a specific list of search providers to the user's search provider list" setting to organizational standards. CC ID 10420 | System hardening through configuration management | Configuration | |
| Configure the "Admin-approved behaviors" setting to organizational standards. CC ID 10421 | System hardening through configuration management | Configuration | |
| Configure the "Allow the display of image download placeholders" setting to organizational standards. CC ID 10422 | System hardening through configuration management | Configuration | |
| Configure the "Allow the printing of background colors and images" setting to organizational standards. CC ID 10423 | System hardening through configuration management | Configuration | |
| Configure the "Audio/Video Player" setting to organizational standards. CC ID 10424 | System hardening through configuration management | Configuration | |
| Configure the "Auto-hide the Toolbars" setting to organizational standards. CC ID 10425 | System hardening through configuration management | Configuration | |
| Configure the "Binary Behavior Security Restriction: All Processes" setting to organizational standards. CC ID 10426 | System hardening through configuration management | Configuration | |
| Configure the "Binary Behavior Security Restriction: Internet Explorer Processes" setting to organizational standards. CC ID 10427 | System hardening through configuration management | Configuration | |
| Configure the "Binary Behavior Security Restriction: Process List" setting to organizational standards. CC ID 10428 | System hardening through configuration management | Configuration | |
| Configure the "Carpoint" setting to organizational standards. CC ID 10429 | System hardening through configuration management | Configuration | |
| Configure the "Configure new tab page default behavior" setting to organizational standards. CC ID 10430 | System hardening through configuration management | Configuration | |
| Configure the "Customize Command Labels" setting to organizational standards. CC ID 10431 | System hardening through configuration management | Configuration | |
| Configure the "Customize User Agent String" setting to organizational standards. CC ID 10432 | System hardening through configuration management | Configuration | |
| Configure the "Deploy default Accelerators" setting to organizational standards. CC ID 10433 | System hardening through configuration management | Configuration | |
| Configure the "Deploy non-default Accelerators" setting to organizational standards. CC ID 10434 | System hardening through configuration management | Configuration | |
| Configure the "DHTML Edit Control" setting to organizational standards. CC ID 10435 | System hardening through configuration management | Configuration | |
| Configure the "Disable caching of Auto-Proxy scripts" setting to organizational standards. CC ID 10436 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing accessibility settings" setting to organizational standards. CC ID 10437 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing Calendar and Contact settings" setting to organizational standards. CC ID 10438 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing color settings" setting to organizational standards. CC ID 10439 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing default browser check" setting to organizational standards. CC ID 10440 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing font settings" setting to organizational standards. CC ID 10441 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing home page settings" setting to organizational standards. CC ID 10442 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing language settings" setting to organizational standards. CC ID 10443 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing link color settings" setting to organizational standards. CC ID 10444 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing Messaging settings" setting to organizational standards. CC ID 10445 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing ratings settings" setting to organizational standards. CC ID 10446 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing secondary home page settings" setting to organizational standards. CC ID 10447 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing Temporary Internet files settings" setting to organizational standards. CC ID 10448 | System hardening through configuration management | Configuration | |
| Configure the "Disable Context menu" setting to organizational standards. CC ID 10449 | System hardening through configuration management | Configuration | |
| Configure the "Disable customizing browser toolbar buttons" setting to organizational standards. CC ID 10450 | System hardening through configuration management | Configuration | |
| Configure the "Disable customizing browser toolbars" setting to organizational standards. CC ID 10451 | System hardening through configuration management | Configuration | |
| Configure the "Disable Import/Export Settings wizard" setting to organizational standards. CC ID 10452 | System hardening through configuration management | Configuration | |
| Configure the "Disable Open in New Window menu option" setting to organizational standards. CC ID 10453 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Connections page" setting to organizational standards. CC ID 10454 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Content page" setting to organizational standards. CC ID 10455 | System hardening through configuration management | Configuration | |
| Configure the "Disable the General page" setting to organizational standards. CC ID 10456 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Programs page" setting to organizational standards. CC ID 10457 | System hardening through configuration management | Configuration | |
| Configure the "Disable toolbars and extensions when InPrivate Browsing starts" setting to organizational standards. CC ID 10458 | System hardening through configuration management | Configuration | |
| Configure the "Display error message on proxy script download failure" setting to organizational standards. CC ID 10459 | System hardening through configuration management | Configuration | |
| Configure the "Do not collect InPrivate Filtering data" setting to organizational standards. CC ID 10460 | System hardening through configuration management | Configuration | |
| Configure the "Do not save encrypted pages to disk" setting to organizational standards. CC ID 10461 | System hardening through configuration management | Configuration | |
| Configure the "Empty Temporary Internet Files folder when browser is closed" setting to organizational standards. CC ID 10462 | System hardening through configuration management | Configuration | |
| Configure the "Enforce Full Screen Mode" setting to organizational standards. CC ID 10463 | System hardening through configuration management | Configuration | |
| Configure the "File menu: Disable closing the browser and Explorer windows" setting to organizational standards. CC ID 10464 | System hardening through configuration management | Configuration | |
| Configure the "File menu: Disable New menu option" setting to organizational standards. CC ID 10465 | System hardening through configuration management | Configuration | |
| Configure the "File menu: Disable Open menu option" setting to organizational standards. CC ID 10466 | System hardening through configuration management | Configuration | |
| Configure the "File menu: Disable Save As Web Page Complete" setting to organizational standards. CC ID 10467 | System hardening through configuration management | Configuration | |
| Configure the "File menu: Disable Save As.. menu option" setting to organizational standards. CC ID 10468 | System hardening through configuration management | Configuration | |
| Configure the "File size limits for Internet zone" setting to organizational standards. CC ID 10469 | System hardening through configuration management | Configuration | |
| Configure the "File size limits for Intranet zone" setting to organizational standards. CC ID 10470 | System hardening through configuration management | Configuration | |
| Configure the "File size limits for Local Machine zone" setting to organizational standards. CC ID 10471 | System hardening through configuration management | Configuration | |
| Configure the "File size limits for Restricted Sites zone" setting to organizational standards. CC ID 10472 | System hardening through configuration management | Configuration | |
| Configure the "File size limits for Trusted Sites zone" setting to organizational standards. CC ID 10473 | System hardening through configuration management | Configuration | |
| Configure the "Help menu: Remove 'Send Feedback' menu option" setting to organizational standards. CC ID 10474 | System hardening through configuration management | Configuration | |
| Configure the "Help menu: Remove 'Tour' menu option" setting to organizational standards. CC ID 10475 | System hardening through configuration management | Configuration | |
| Configure the "Hide Favorites menu" setting to organizational standards. CC ID 10476 | System hardening through configuration management | Configuration | |
| Configure the "Hide the Command Bar" setting to organizational standards. CC ID 10477 | System hardening through configuration management | Configuration | |
| Configure the "Hide the Status Bar" setting to organizational standards. CC ID 10478 | System hardening through configuration management | Configuration | |
| Configure the "InPrivate Filtering Threshold" setting to organizational standards. CC ID 10479 | System hardening through configuration management | Configuration | |
| Configure the "Internet Zone Restricted Protocols" setting to organizational standards. CC ID 10480 | System hardening through configuration management | Configuration | |
| Configure the "Internet Zone Template" setting to organizational standards. CC ID 10481 | System hardening through configuration management | Configuration | |
| Configure the "Intranet Sites: Include all local (intranet) sites not listed in other zones" setting to organizational standards. CC ID 10482 | System hardening through configuration management | Configuration | |
| Configure the "Intranet Sites: Include all sites that bypass the proxy server" setting to organizational standards. CC ID 10483 | System hardening through configuration management | Configuration | |
| Configure the "Intranet Zone Restricted Protocols" setting to organizational standards. CC ID 10484 | System hardening through configuration management | Configuration | |
| Configure the "Intranet Zone Template" setting to organizational standards. CC ID 10485 | System hardening through configuration management | Configuration | |
| Configure the "Investor" setting to organizational standards. CC ID 10486 | System hardening through configuration management | Configuration | |
| Configure the "Local Machine Zone Restricted Protocols" setting to organizational standards. CC ID 10487 | System hardening through configuration management | Configuration | |
| Configure the "Local Machine Zone Template" setting to organizational standards. CC ID 10488 | System hardening through configuration management | Configuration | |
| Configure the "Lock all Toolbars" setting to organizational standards. CC ID 10489 | System hardening through configuration management | Configuration | |
| Configure the "Locked-Down Internet Zone Template" setting to organizational standards. CC ID 10490 | System hardening through configuration management | Configuration | |
| Configure the "Locked-Down Intranet Zone Template" setting to organizational standards. CC ID 10491 | System hardening through configuration management | Configuration | |
| Configure the "Locked-Down Local Machine Zone Template" setting to organizational standards. CC ID 10492 | System hardening through configuration management | Configuration | |
| Configure the "Locked-Down Restricted Sites Zone Template" setting to organizational standards. CC ID 10493 | System hardening through configuration management | Configuration | |
| Configure the "Locked-Down Trusted Sites Zone Template" setting to organizational standards. CC ID 10494 | System hardening through configuration management | Configuration | |
| Configure the "Maximum number of connections per server (HTTP 1.0)" setting to organizational standards. CC ID 10495 | System hardening through configuration management | Configuration | |
| Configure the "Maximum number of connections per server (HTTP 1.1)" setting to organizational standards. CC ID 10496 | System hardening through configuration management | Configuration | |
| Configure the "Menu Controls" setting to organizational standards. CC ID 10497 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Agent" setting to organizational standards. CC ID 10498 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Chat" setting to organizational standards. CC ID 10499 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Scriptlet Component" setting to organizational standards. CC ID 10500 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Survey Control" setting to organizational standards. CC ID 10501 | System hardening through configuration management | Configuration | |
| Configure the "Moving the menu bar above the navigation bar" setting to organizational standards. CC ID 10502 | System hardening through configuration management | Configuration | |
| Configure the "MSNBC" setting to organizational standards. CC ID 10503 | System hardening through configuration management | Configuration | |
| Configure the "NetShow File Transfer Control" setting to organizational standards. CC ID 10504 | System hardening through configuration management | Configuration | |
| Configure the "Network Protocol Lockdown: All Processes" setting to organizational standards. CC ID 10505 | System hardening through configuration management | Configuration | |
| Configure the "Network Protocol Lockdown: Internet Explorer Processes" setting to organizational standards. CC ID 10506 | System hardening through configuration management | Configuration | |
| Configure the "Network Protocol Lockdown: Process List" setting to organizational standards. CC ID 10507 | System hardening through configuration management | Configuration | |
| Configure the "Play animations in web pages" setting to organizational standards. CC ID 10508 | System hardening through configuration management | Configuration | |
| Configure the "Play sounds in web pages" setting to organizational standards. CC ID 10509 | System hardening through configuration management | Configuration | |
| Configure the "Pop-up allow list" setting to organizational standards. CC ID 10510 | System hardening through configuration management | Configuration | |
| Configure the "Prevent configuration of search from the Address bar" setting to organizational standards. CC ID 10511 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Deleting Favorites Site Data" setting to organizational standards. CC ID 10512 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Deleting Form Data" setting to organizational standards. CC ID 10513 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Deleting InPrivate Filtering data" setting to organizational standards. CC ID 10514 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Deleting Passwords" setting to organizational standards. CC ID 10515 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Internet Explorer Search box from displaying" setting to organizational standards. CC ID 10516 | System hardening through configuration management | Configuration | |
| Configure the "Prevent setting of the code download path for each machine" setting to organizational standards. CC ID 10517 | System hardening through configuration management | Configuration | |
| Configure the "Prevent the configuration of cipher strength update information URLs" setting to organizational standards. CC ID 10518 | System hardening through configuration management | Configuration | |
| Configure the "Prevent the use of Windows colors" setting to organizational standards. CC ID 10519 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from choosing default text size" setting to organizational standards. CC ID 10520 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from configuring background color" setting to organizational standards. CC ID 10521 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from configuring text color" setting to organizational standards. CC ID 10522 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from configuring the color of links that have already been clicked" setting to organizational standards. CC ID 10523 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from configuring the color of links that have not yet been clicked" setting to organizational standards. CC ID 10524 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from configuring the hover color" setting to organizational standards. CC ID 10525 | System hardening through configuration management | Configuration | |
| Configure the "Restrict changing the default search provider" setting to organizational standards. CC ID 10526 | System hardening through configuration management | Configuration | |
| Configure the "Restrict search providers to a specific list of providers" setting to organizational standards. CC ID 10527 | System hardening through configuration management | Configuration | |
| Configure the "Restricted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10528 | System hardening through configuration management | Configuration | |
| Configure the "Restricted Sites Zone Template" setting to organizational standards. CC ID 10529 | System hardening through configuration management | Configuration | |
| Configure the "Send internationalized domain names" setting to organizational standards. CC ID 10530 | System hardening through configuration management | Configuration | |
| Configure the "Set location of Stop and Refresh buttons" setting to organizational standards. CC ID 10531 | System hardening through configuration management | Configuration | |
| Configure the "Set tab process growth" setting to organizational standards. CC ID 10532 | System hardening through configuration management | Configuration | |
| Configure the "Flash" setting to organizational standards. CC ID 10533 | System hardening through configuration management | Configuration | |
| Configure the "Tools menu: Disable Internet Options.. menu option" setting to organizational standards. CC ID 10534 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Sites Zone Restricted Protocols" setting to organizational standards. CC ID 10535 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Sites Zone Template" setting to organizational standards. CC ID 10536 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Accelerators" setting to organizational standards. CC ID 10537 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Automatic Crash Recovery Prompt" setting to organizational standards. CC ID 10538 | System hardening through configuration management | Configuration | |
| Configure the "Turn off automatic image resizing" setting to organizational standards. CC ID 10539 | System hardening through configuration management | Configuration | |
| Configure the "Turn off ClearType" setting to organizational standards. CC ID 10540 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Compatibility View button" setting to organizational standards. CC ID 10541 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Compatibility View" setting to organizational standards. CC ID 10542 | System hardening through configuration management | Configuration | |
| Configure the "Turn off configuration of default behavior of new tab creation" setting to organizational standards. CC ID 10543 | System hardening through configuration management | Configuration | |
| Configure the "Turn off configuration of tabbed browsing pop-up behavior" setting to organizational standards. CC ID 10544 | System hardening through configuration management | Configuration | |
| Configure the "Turn off configuration of window reuse" setting to organizational standards. CC ID 10545 | System hardening through configuration management | Configuration | |
| Configure the "Turn off configuring underline links" setting to organizational standards. CC ID 10546 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Cross Document Messaging" setting to organizational standards. CC ID 10547 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Data URI Support" setting to organizational standards. CC ID 10548 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Developer Tools" setting to organizational standards. CC ID 10549 | System hardening through configuration management | Configuration | |
| Configure the "Turn off displaying the Internet Explorer Help Menu" setting to organizational standards. CC ID 10550 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Favorites bar" setting to organizational standards. CC ID 10551 | System hardening through configuration management | Configuration | |
| Configure the "Turn off friendly http error messages" setting to organizational standards. CC ID 10552 | System hardening through configuration management | Configuration | |
| Configure the "Turn off InPrivate Filtering" setting to organizational standards. CC ID 10553 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Managing Pop-up Allow list" setting to organizational standards. CC ID 10554 | System hardening through configuration management | Configuration | |
| Configure the "Turn off managing Pop-up filter level" setting to organizational standards. CC ID 10555 | System hardening through configuration management | Configuration | |
| Configure the "Turn off page zooming functionality" setting to organizational standards. CC ID 10556 | System hardening through configuration management | Configuration | |
| Configure the "Turn off picture display" setting to organizational standards. CC ID 10557 | System hardening through configuration management | Configuration | |
| Configure the "Turn off pop-up management" setting to organizational standards. CC ID 10558 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Print Menu" setting to organizational standards. CC ID 10559 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Quick Tabs functionality" setting to organizational standards. CC ID 10560 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Reopen Last Browsing Session" setting to organizational standards. CC ID 10561 | System hardening through configuration management | Configuration | |
| Configure the "Turn off sending URLs as UTF-8 (requires restart)" setting to organizational standards. CC ID 10562 | System hardening through configuration management | Configuration | |
| Configure the "Turn off smart image dithering" setting to organizational standards. CC ID 10563 | System hardening through configuration management | Configuration | |
| Configure the "Turn off smooth scrolling" setting to organizational standards. CC ID 10564 | System hardening through configuration management | Configuration | |
| Configure the "Turn off suggestions for all user-installed providers" setting to organizational standards. CC ID 10565 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Tab Grouping" setting to organizational standards. CC ID 10566 | System hardening through configuration management | Configuration | |
| Configure the "Turn off tabbed browsing" setting to organizational standards. CC ID 10567 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the activation of the quick pick menu" setting to organizational standards. CC ID 10568 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the auto-complete feature for web addresses" setting to organizational standards. CC ID 10569 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the XDomainRequest Object" setting to organizational standards. CC ID 10570 | System hardening through configuration management | Configuration | |
| Configure the "Turn off toolbar upgrade tool" setting to organizational standards. CC ID 10571 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Search AutoComplete" setting to organizational standards. CC ID 10572 | System hardening through configuration management | Configuration | |
| Configure the "Turn on automatic detection of the intranet" setting to organizational standards. CC ID 10573 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Automatic Signup" setting to organizational standards. CC ID 10574 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Caret Browsing support" setting to organizational standards. CC ID 10575 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Compatibility Logging" setting to organizational standards. CC ID 10576 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Information bar notification for intranet content" setting to organizational standards. CC ID 10577 | System hardening through configuration management | Configuration | |
| Configure the "Turn on inline AutoComplete for Web addresses" setting to organizational standards. CC ID 10578 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Internet Explorer 7 Standards Mode" setting to organizational standards. CC ID 10579 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Internet Explorer Standards Mode for Local Intranet" setting to organizational standards. CC ID 10580 | System hardening through configuration management | Configuration | |
| Configure the "Turn on menu bar by default" setting to organizational standards. CC ID 10581 | System hardening through configuration management | Configuration | |
| Configure the "Turn on the display of a notification about every script error" setting to organizational standards. CC ID 10582 | System hardening through configuration management | Configuration | |
| Configure the "Turn on the hover color option" setting to organizational standards. CC ID 10583 | System hardening through configuration management | Configuration | |
| Configure the "Use Automatic Detection for dial-up connections" setting to organizational standards. CC ID 10584 | System hardening through configuration management | Configuration | |
| Configure the "Use HTTP 1.1 through proxy connections" setting to organizational standards. CC ID 10585 | System hardening through configuration management | Configuration | |
| Configure the "Use HTTP 1.1" setting to organizational standards. CC ID 10586 | System hardening through configuration management | Configuration | |
| Configure the "Use large Icons for Command Buttons" setting to organizational standards. CC ID 10587 | System hardening through configuration management | Configuration | |
| Configure the "Use Policy Accelerators" setting to organizational standards. CC ID 10588 | System hardening through configuration management | Configuration | |
| Configure the "Use Policy List of Internet Explorer 7 sites" setting to organizational standards. CC ID 10589 | System hardening through configuration management | Configuration | |
| Configure the "Use UTF-8 for mailto links" setting to organizational standards. CC ID 10590 | System hardening through configuration management | Configuration | |
| Configure the "View menu: Disable Full Screen menu option" setting to organizational standards. CC ID 10591 | System hardening through configuration management | Configuration | |
| Configure the "View menu: Disable Source menu option" setting to organizational standards. CC ID 10592 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (NoDriveTypeAutoRun) Disable Autorun for all drives (recommended)" setting to organizational standards. CC ID 10607 | System hardening through configuration management | Configuration | |
| Configure the "AutoRun" setting to organizational standards. CC ID 10608 | System hardening through configuration management | Configuration | |
| Implement hardware-based write-protect for system firmware components. CC ID 10659 | System hardening through configuration management | Technical Security | |
| Implement procedures to manually disable hardware-based write-protect to change computer firmware. CC ID 10660 | System hardening through configuration management | Technical Security | |
| Configure the "Disable binding directly to IPropertySetStorage without intermediate layers." setting to organizational standards. CC ID 10861 | System hardening through configuration management | Configuration | |
| Configure the "Disable delete notifications on all volumes" setting to organizational standards. CC ID 10862 | System hardening through configuration management | Configuration | |
| Configure the "Disable IE security prompt for Windows Installer scripts" setting to organizational standards. CC ID 10863 | System hardening through configuration management | Configuration | |
| Configure the "Disable or enable software Secure Attention Sequence" setting to organizational standards. CC ID 10865 | System hardening through configuration management | Configuration | |
| Configure the "Disable text prediction" setting to organizational standards. CC ID 10867 | System hardening through configuration management | Configuration | |
| Configure the "Disable Windows Error Reporting" machine setting should be configured correctly. to organizational standards. CC ID 10868 | System hardening through configuration management | Configuration | |
| Configure the "Disable Windows Installer" setting to organizational standards. CC ID 10869 | System hardening through configuration management | Configuration | |
| Configure the "Display a custom message when installation is prevented by a policy setting" setting to organizational standards. CC ID 10886 | System hardening through configuration management | Configuration | |
| Configure the "Enable/Disable PerfTrack" setting to organizational standards. CC ID 10953 | System hardening through configuration management | Configuration | |
| Configure the "Enforce disk quota limit" setting to organizational standards. CC ID 10956 | System hardening through configuration management | Configuration | |
| Configure the "Limit audio playback quality" setting to organizational standards. CC ID 11006 | System hardening through configuration management | Configuration | |
| Configure the "Limit disk space used by offline files" setting to organizational standards. CC ID 11007 | System hardening through configuration management | Configuration | |
| Configure the "Limit maximum color depth" setting to organizational standards. CC ID 11008 | System hardening through configuration management | Configuration | |
| Configure the "Limit maximum display resolution" setting to organizational standards. CC ID 11009 | System hardening through configuration management | Configuration | |
| Configure the "Limit maximum number of monitors" setting to organizational standards. CC ID 11010 | System hardening through configuration management | Configuration | |
| Configure the "Limit outstanding packets" setting to organizational standards. CC ID 11012 | System hardening through configuration management | Configuration | |
| Configure the "Limit reservable bandwidth" setting to organizational standards. CC ID 11013 | System hardening through configuration management | Configuration | |
| Configure the "Limit the age of files in the BITS Peercache" setting to organizational standards. CC ID 11014 | System hardening through configuration management | Configuration | |
| Configure the "Limit the BITS Peercache size" setting to organizational standards. CC ID 11015 | System hardening through configuration management | Configuration | |
| Configure the "Limit the maximum BITS job download time" setting to organizational standards. CC ID 11016 | System hardening through configuration management | Configuration | |
| Configure the "Limit the maximum number of BITS jobs for each user" setting to organizational standards. CC ID 11018 | System hardening through configuration management | Configuration | |
| Configure the "Limit the maximum number of BITS jobs for this computer" setting to organizational standards. CC ID 11019 | System hardening through configuration management | Configuration | |
| Configure the "Limit the maximum number of ranges that can be added to the file in a BITS job" setting to organizational standards. CC ID 11021 | System hardening through configuration management | Configuration | |
| Configure the "Limit the size of the entire roaming user profile cache" setting to organizational standards. CC ID 11022 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Support Diagnostic Tool: Restrict tool download" setting to organizational standards. CC ID 11044 | System hardening through configuration management | Configuration | |
| Configure the "Prevent access to 16-bit applications" setting to organizational standards. CC ID 11066 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Automatic Updates" setting to organizational standards. CC ID 11067 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Back-ESC mapping" setting to organizational standards. CC ID 11068 | System hardening through configuration management | Configuration | |
| Configure the "Prevent backing up to local disks" setting to organizational standards. CC ID 11069 | System hardening through configuration management | Configuration | |
| Configure the "Prevent backing up to optical media (CD/DVD)" setting to organizational standards. CC ID 11071 | System hardening through configuration management | Configuration | |
| Configure the "Prevent display of the user interface for critical errors" setting to organizational standards. CC ID 11074 | System hardening through configuration management | Configuration | |
| Configure the "Prevent flicks" setting to organizational standards. CC ID 11075 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Flicks Learning Mode" setting to organizational standards. CC ID 11076 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Input Panel tab from appearing" setting to organizational standards. CC ID 11077 | System hardening through configuration management | Configuration | |
| Configure the "Prevent launch an application" setting to organizational standards. CC ID 11081 | System hardening through configuration management | Configuration | |
| Configure the "Prevent license upgrade" setting to organizational standards. CC ID 11082 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Media Sharing" setting to organizational standards. CC ID 11083 | System hardening through configuration management | Configuration | |
| Configure the "Prevent plaintext PINs from being returned by Credential Manager" setting to organizational standards. CC ID 11084 | System hardening through configuration management | Configuration | |
| Configure the "Prevent press and hold" setting to organizational standards. CC ID 11085 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Quick Launch Toolbar Shortcut Creation" setting to organizational standards. CC ID 11086 | System hardening through configuration management | Configuration | |
| Configure the "Prevent restoring local previous versions" setting to organizational standards. CC ID 11087 | System hardening through configuration management | Configuration | |
| Configure the "Prevent restoring previous versions from backups" setting to organizational standards. CC ID 11088 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Roaming Profile changes from propagating to the server" setting to organizational standards. CC ID 11090 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Video Smoothing" setting to organizational standards. CC ID 11091 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Windows Anytime Upgrade from running." setting to organizational standards. CC ID 11092 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit Access of the Windows Connect Now wizards" setting to organizational standards. CC ID 11100 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit Flyweight Patching" setting to organizational standards. CC ID 11101 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit installing or uninstalling color profiles" setting to organizational standards. CC ID 11103 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit patching" setting to organizational standards. CC ID 11104 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit removal of updates" setting to organizational standards. CC ID 11105 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit rollback" setting to organizational standards. CC ID 11106 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit Use of Restart Manager" setting to organizational standards. CC ID 11107 | System hardening through configuration management | Configuration | |
| Configure the "Restrict Internet communication" setting to organizational standards. CC ID 11140 | System hardening through configuration management | Configuration | |
| Configure the "Restrict potentially unsafe HTML Help functions to specified folders" setting to organizational standards. CC ID 11141 | System hardening through configuration management | Configuration | |
| Configure the "Restrict system locales" setting to organizational standards. CC ID 11143 | System hardening through configuration management | Configuration | |
| Configure the "Restrict these programs from being launched from Help" setting to organizational standards. CC ID 11144 | System hardening through configuration management | Configuration | |
| Configure the "Restrict unpacking and installation of gadgets that are not digitally signed." setting to organizational standards. CC ID 11145 | System hardening through configuration management | Configuration | |
| Configure the "Restrict user locales" setting to organizational standards. CC ID 11146 | System hardening through configuration management | Configuration | |
| Configure the "Terminate session when time limits are reached" setting to organizational standards. CC ID 11241 | System hardening through configuration management | Configuration | |
| Configure the "Turn off access to all Windows Update features" setting to organizational standards. CC ID 11254 | System hardening through configuration management | Configuration | |
| Configure the "Turn off access to the OEM and Microsoft branding section" setting to organizational standards. CC ID 11255 | System hardening through configuration management | Configuration | |
| Configure the "Turn off access to the performance center core section" setting to organizational standards. CC ID 11256 | System hardening through configuration management | Configuration | |
| Configure the "Turn off access to the solutions to performance problems section" setting to organizational standards. CC ID 11257 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Active Help" setting to organizational standards. CC ID 11258 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Application Compatibility Engine" setting to organizational standards. CC ID 11261 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Application Telemetry" setting to organizational standards. CC ID 11262 | System hardening through configuration management | Configuration | |
| Configure the "Turn off AutoComplete integration with Input Panel" setting to organizational standards. CC ID 11263 | System hardening through configuration management | Configuration | |
| Configure the "Turn off automatic learning" setting to organizational standards. CC ID 11264 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Automatic Root Certificates Update" setting to organizational standards. CC ID 11265 | System hardening through configuration management | Configuration | |
| Configure the "Turn off automatic termination of applications that block or cancel shutdown" setting to organizational standards. CC ID 11266 | System hardening through configuration management | Configuration | |
| Configure the "Turn off automatic wake" setting to organizational standards. CC ID 11267 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Boot and Resume Optimizations" setting to organizational standards. CC ID 11269 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Configuration" setting to organizational standards. CC ID 11271 | System hardening through configuration management | Configuration | |
| Configure the "Turn off creation of System Restore Checkpoints" setting to organizational standards. CC ID 11273 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Data Execution Prevention for HTML Help Executible" setting to organizational standards. CC ID 11274 | System hardening through configuration management | Configuration | |
| Configure the "Turn off downloading of game information" setting to organizational standards. CC ID 11276 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Fair Share CPU Scheduling" setting to organizational standards. CC ID 11277 | System hardening through configuration management | Configuration | |
| Configure the "Turn off game updates" setting to organizational standards. CC ID 11279 | System hardening through configuration management | Configuration | |
| Configure the "Turn off hardware buttons" setting to organizational standards. CC ID 11280 | System hardening through configuration management | Configuration | |
| Configure the "Turn off location scripting" setting to organizational standards. CC ID 11287 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Global" to organizational standards. CC ID 11290 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Site Local" to organizational standards. CC ID 11292 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Multicast Name Resolution" setting to organizational standards. CC ID 11293 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Non Volatile Cache Feature" setting to organizational standards. CC ID 11294 | System hardening through configuration management | Configuration | |
| Configure the "Turn off numerical sorting in Windows Explorer" setting to organizational standards. CC ID 11295 | System hardening through configuration management | Configuration | |
| Configure the "Turn off pen feedback" setting to organizational standards. CC ID 11297 | System hardening through configuration management | Configuration | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Global" to organizational standards. CC ID 11298 | System hardening through configuration management | Configuration | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Site Local" to organizational standards. CC ID 11300 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Problem Steps Recorder" setting to organizational standards. CC ID 11301 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Program Compatibility Assistant" setting to organizational standards. CC ID 11302 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Program Inventory" setting to organizational standards. CC ID 11303 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Real-Time Monitoring" setting to organizational standards. CC ID 11304 | System hardening through configuration management | Configuration | |
| Configure the "Turn off restore functionality" setting to organizational standards. CC ID 11306 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Routinely Taking Action" setting to organizational standards. CC ID 11308 | System hardening through configuration management | Configuration | |
| Configure the "Turn off sensors" setting to organizational standards. CC ID 11309 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Solid State Mode" setting to organizational standards. CC ID 11310 | System hardening through configuration management | Configuration | |
| Configure the "Turn off SwitchBack Compatibility Engine" setting to organizational standards. CC ID 11311 | System hardening through configuration management | Configuration | |
| Configure the "Turn off System Restore" setting to organizational standards. CC ID 11312 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Tablet PC touch input" setting to organizational standards. CC ID 11313 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the ability to back up data files" setting to organizational standards. CC ID 11315 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the ability to create a system image" setting to organizational standards. CC ID 11316 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the communities features" setting to organizational standards. CC ID 11317 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Touch Panning" setting to organizational standards. CC ID 11320 | System hardening through configuration management | Configuration | |
| Configure the "Turn off tracking of last play time of games in the Games folder" setting to organizational standards. CC ID 11321 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Customer Experience Improvement Program" setting to organizational standards. CC ID 11323 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Defender" setting to organizational standards. CC ID 11324 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows HotStart" setting to organizational standards. CC ID 11325 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Installer RDS Compatibility" setting to organizational standards. CC ID 11326 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Mobility Center" setting to organizational standards. CC ID 11327 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows presentation settings" setting to organizational standards. CC ID 11329 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows SideShow" setting to organizational standards. CC ID 11330 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Startup Sound" setting to organizational standards. CC ID 11331 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain idle session termination and logout capabilities. CC ID 01418 | System hardening through configuration management | Configuration | |
| Refrain from using assertion lifetimes to limit each session. CC ID 13871 | System hardening through configuration management | Technical Security | |
| Configure Session Configuration settings in accordance with organizational standards. CC ID 07698 | System hardening through configuration management | Configuration | |
| Invalidate unexpected session identifiers. CC ID 15307 | System hardening through configuration management | Configuration | |
| Configure the "MaxStartups" settings to organizational standards. CC ID 15329 | System hardening through configuration management | Configuration | |
| Reject session identifiers that are not valid. CC ID 15306 | System hardening through configuration management | Configuration | |
| Configure the "MaxSessions" settings to organizational standards. CC ID 15330 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Message title for users attempting to log on" to organizational standards. CC ID 07699 | System hardening through configuration management | Configuration | |
| Configure the "LoginGraceTime" settings to organizational standards. CC ID 15328 | System hardening through configuration management | Configuration | |
| Configure the "Network security: Force logoff when logon hours expire" to organizational standards. CC ID 07738 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)" to organizational standards. CC ID 07758 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network server: Disconnect clients when logon hours expire" to organizational standards. CC ID 07824 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network server: Amount of idle time required before suspending session" to organizational standards. CC ID 07826 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Do not display last user name" to organizational standards. CC ID 07832 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Display user information when the session is locked" to organizational standards. CC ID 07848 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Message text for users attempting to log on" to organizational standards. CC ID 07870 | System hardening through configuration management | Configuration | |
| Configure the "Always prompt for password upon connection" to organizational standards. CC ID 08229 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Machine inactivity limit" to organizational standards. CC ID 08350 | System hardening through configuration management | Configuration | |
| Install custom applications, only if they are trusted. CC ID 04822 | System hardening through configuration management | Configuration | |
| Configure virtual networks in accordance with the information security policy. CC ID 13165 | System hardening through configuration management | Configuration | |
| Configure Simple Network Management Protocol (SNMP) to organizational standards. CC ID 12423 | System hardening through configuration management | Configuration | |
| Establish access requirements for SNMP community strings. CC ID 16357 | System hardening through configuration management | Technical Security | |
| Configure Simple Network Management Protocol to enable authentication and privacy. CC ID 12427 | System hardening through configuration management | Configuration | |
| Change the community string for Simple Network Management Protocol, as necessary. CC ID 01872 | System hardening through configuration management | Configuration | |
| Configure the system's storage media. CC ID 10618 | System hardening through configuration management | Configuration | |
| Configure the system's electronic storage media's encryption settings. CC ID 11927 | System hardening through configuration management | Configuration | |
| Prohibit the use of sanitization-resistant media in Information Systems. CC ID 10617 | System hardening through configuration management | Configuration | |
| Configure Internet Browser security options according to organizational standards. CC ID 02166 | System hardening through configuration management | Configuration | |
| Configure the "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting. CC ID 04910 | System hardening through configuration management | Configuration | |
| Configure the "Disable Internet Connection wizard" setting. CC ID 02242 | System hardening through configuration management | Configuration | |
| Configure the "Disable Automatic Install of Internet Explorer components" setting. CC ID 04337 | System hardening through configuration management | Configuration | |
| Configure the "Disable Periodic Check for Internet Explorer software updates" setting. CC ID 04338 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow users to enable or disable add-ons" setting in Internet Explorer properly. CC ID 04340 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Crash Detection" setting in Internet Explorer properly. CC ID 04345 | System hardening through configuration management | Configuration | |
| Configure the "internet explorer processes (mk protocol)" setting. CC ID 04347 | System hardening through configuration management | Configuration | |
| Configure the "internet explorer processes (consistent MIME handling)" setting. CC ID 04348 | System hardening through configuration management | Configuration | |
| Configure the "internet explorer processes (MIME sniffing)" setting. CC ID 04349 | System hardening through configuration management | Configuration | |
| Configure the "Internet Explorer Processes (Restrict ActiveX Install)" setting. CC ID 04352 | System hardening through configuration management | Configuration | |
| Configure the "internet explorer processes (restrict file download)" setting. CC ID 04353 | System hardening through configuration management | Configuration | |
| Configure the "Deny all add-ons unless specifically allowed in the Add-on List" setting. CC ID 04354 | System hardening through configuration management | Configuration | |
| Configure the "Disable Save this program to disk option" setting in limited functionality environments properly. CC ID 04366 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Advanced Page" setting in limited functionality environments. CC ID 04367 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Security Page" setting in limited functionality environments properly. CC ID 04368 | System hardening through configuration management | Configuration | |
| Configure the "Disable adding channels" setting in Internet Explorer properly. CC ID 04369 | System hardening through configuration management | Configuration | |
| Configure the "Disable adding schedules for offline pages" setting. CC ID 04370 | System hardening through configuration management | Configuration | |
| Configure the "Disable all scheduled offline pages" setting. CC ID 04371 | System hardening through configuration management | Configuration | |
| Configure the "Disable channel user interface completely" setting. CC ID 04372 | System hardening through configuration management | Configuration | |
| Configure the "Disable downloading of site subscription content" setting. CC ID 04373 | System hardening through configuration management | Configuration | |
| Configure the "Disable editing and creating of schedule groups" setting. CC ID 04374 | System hardening through configuration management | Configuration | |
| Configure the "Disable editing schedules for offline pages" setting. CC ID 04375 | System hardening through configuration management | Configuration | |
| Configure the "Disable offline page hit logging" setting. CC ID 04376 | System hardening through configuration management | Configuration | |
| Configure the "Disable removing channels" setting. CC ID 04377 | System hardening through configuration management | Configuration | |
| Configure the "Disable removing schedules for offline pages" setting. CC ID 04378 | System hardening through configuration management | Configuration | |
| Configure the "Disable 'Configuring History'" setting in specialized security environments properly. CC ID 04405 | System hardening through configuration management | Configuration | |
| Configure the "Disable AutoComplete for forms" setting in limited functionality environments properly. CC ID 04406 | System hardening through configuration management | Configuration | |
| Configure the "Prevent 'fix settings' functionality" setting in limited functionality environments properly. CC ID 04407 | System hardening through configuration management | Configuration | |
| Configure the "Prevent deletion of 'Temporary Internet Files and Cookies'" setting in limited functionality environments properly. CC ID 04408 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off 'Delete Browsing History' Functionality" setting in limited functionality environments properly. CC ID 04409 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the Security Settings Check feature" setting in limited functionality environments properly. CC ID 04410 | System hardening through configuration management | Configuration | |
| Configure the "Prevent ignoring certificate errors" setting in limited functionality environments properly. CC ID 04411 | System hardening through configuration management | Configuration | |
| Configure the "allow install on demand (Internet Explorer)" setting in limited functionality environments properly. CC ID 04412 | System hardening through configuration management | Configuration | |
| Configure the "Check for server certificate revocation" setting in limited functionality environments properly. CC ID 04413 | System hardening through configuration management | Configuration | |
| Configure the "Access data sources across domains" setting. CC ID 04415 | System hardening through configuration management | Configuration | |
| Configure the "Allow active scripting" setting in limited functionality environments properly. CC ID 04416 | System hardening through configuration management | Configuration | |
| Configure the "Allow binary and script behaviors" setting in limited functionality environments properly. CC ID 04417 | System hardening through configuration management | Configuration | |
| Configure the "Allow cut, copy, or paste operations from the clipboard via script" setting. CC ID 04418 | System hardening through configuration management | Configuration | |
| Configure the "Allow drag and drop or copy and paste files" setting. CC ID 04419 | System hardening through configuration management | Configuration | |
| Configure the "Allow file downloads" setting in limited functionality environments properly. CC ID 04420 | System hardening through configuration management | Configuration | |
| Configure the "Allow font downloads" setting in limited functionality environments properly. CC ID 04421 | System hardening through configuration management | Configuration | |
| Configure the "Allow installation of desktop items" setting in limited functionality environments properly. CC ID 04422 | System hardening through configuration management | Configuration | |
| Configure the "Allow META REFRESH" setting in limited functionality environments properly. CC ID 04423 | System hardening through configuration management | Configuration | |
| Configure the "Allow script-initiated windows without size or position constraints" setting in limited functionality environments properly. CC ID 04424 | System hardening through configuration management | Configuration | |
| Configure the "Allow status bar updates via script" setting in limited functionality environments properly. CC ID 04425 | System hardening through configuration management | Configuration | |
| Configure the "Automatic prompting for file downloads" setting in limited functionality environments properly. CC ID 04426 | System hardening through configuration management | Configuration | |
| Configure the "Download signed ActiveX controls" setting in limited functionality environments properly. CC ID 04427 | System hardening through configuration management | Configuration | |
| Configure the "Download unsigned ActiveX controls" setting in limited functionality environments properly. CC ID 04428 | System hardening through configuration management | Configuration | |
| Configure the "Initialize and script ActiveX controls not marked as safe" setting in limited functionality environments properly. CC ID 04429 | System hardening through configuration management | Configuration | |
| Configure the "Java permissions" setting in limited functionality environments properly. CC ID 04430 | System hardening through configuration management | Configuration | |
| Configure the "Launching applications and files in an IFRAME" setting in limited functionality environments properly. CC ID 04431 | System hardening through configuration management | Configuration | |
| Configure the "Logon Options" setting in limited functionality environments. CC ID 04432 | System hardening through configuration management | Configuration | |
| Configure the "Navigate sub-frames across different domains" setting in limited functionality environments properly. CC ID 04433 | System hardening through configuration management | Configuration | |
| Configure the "Open file based on content, not on file extension" setting in limited functionality environments properly. CC ID 04434 | System hardening through configuration management | Configuration | |
| Configure the "Run.NET Framework-reliant components not signed with Authenticode" setting in limited functionality environments properly. CC ID 04435 | System hardening through configuration management | Configuration | |
| Configure the "Run.NET Framework-reliant components signed with Authenticode" setting in limited functionality environments properly. CC ID 04436 | System hardening through configuration management | Configuration | |
| Configure the "Run ActiveX controls and plugins" setting in limited functionality environments properly. CC ID 04437 | System hardening through configuration management | Configuration | |
| Configure the "Script ActiveX controls marked safe for scripting" setting in limited functionality environments properly. CC ID 04438 | System hardening through configuration management | Configuration | |
| Configure the "Scripting of Java applets" setting in limited functionality environments properly. CC ID 04439 | System hardening through configuration management | Configuration | |
| Configure the "Software channel permissions" setting in limited functionality environments properly. CC ID 04440 | System hardening through configuration management | Configuration | |
| Configure the "Use Pop-up Blocker" setting in limited functionality environments properly. CC ID 04441 | System hardening through configuration management | Configuration | |
| Configure the "Web sites in less privileged Web content zones could navigate into this zone" setting in limited functionality environments properly. CC ID 04442 | System hardening through configuration management | Configuration | |
| Configure the .NET Framework to prevent unauthorized mobile code from executing. CC ID 04531 | System hardening through configuration management | Configuration | |
| Configure the "Turn off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools" setting. CC ID 04644 | System hardening through configuration management | Configuration | |
| Configure the "Prevent performance of first run customize settings" setting. CC ID 04645 | System hardening through configuration management | Configuration | |
| Configure the "Allow Scriptlets" setting in limited functionality environments properly. CC ID 02237 | System hardening through configuration management | Configuration | |
| Configure the "Disable showing the splash screen" setting. CC ID 02238 | System hardening through configuration management | Configuration | |
| Configure the "Add-on List" setting. CC ID 02239 | System hardening through configuration management | Configuration | |
| Configure the "Loose XAML" setting in limited functionality environments properly. CC ID 02240 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Privacy page" setting. CC ID 02241 | System hardening through configuration management | Configuration | |
| Configure the "XPS documents" setting in limited functionality environments properly. CC ID 02243 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Managing Phishing filter" setting. CC ID 02244 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Protected Mode" setting in limited functionality environments properly. CC ID 02245 | System hardening through configuration management | Configuration | |
| Configure the "Userdata persistence" setting in limited functionality environments properly. CC ID 02246 | System hardening through configuration management | Configuration | |
| Configure the "Display mixed content" setting in limited functionality environments properly. CC ID 02247 | System hardening through configuration management | Configuration | |
| Configure the "Check for signature on download programs" setting. CC ID 02250 | System hardening through configuration management | Configuration | |
| Configure the "Turn on the Internet Connection Wizard Auto Detect" setting. CC ID 02252 | System hardening through configuration management | Configuration | |
| Configure the "Web Browser Applications" setting for the Restricted Sites Zone properly. CC ID 02254 | System hardening through configuration management | Configuration | |
| Configure the "Turn off page transitions" setting. CC ID 02255 | System hardening through configuration management | Configuration | |
| Configure the "Turn off configuring the update check interval (in days)" setting. CC ID 02257 | System hardening through configuration management | Configuration | |
| Configure the "Web Browser Applications" setting for the Internet Zone properly. CC ID 02259 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off First-Run Opt-In" setting in limited functionality environments properly. CC ID 02261 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow resetting Internet Explorer settings" setting. CC ID 02262 | System hardening through configuration management | Configuration | |
| Configure the "Enable third-party browser extensions" setting. CC ID 02263 | System hardening through configuration management | Configuration | |
| Configure the "Disable the reset Web settings feature" setting. CC ID 02264 | System hardening through configuration management | Configuration | |
| Configure the "Disable external branding of Internet Explorer" setting. CC ID 02266 | System hardening through configuration management | Configuration | |
| Configure the "Enable Native XMLHttp Support" setting. CC ID 02267 | System hardening through configuration management | Configuration | |
| Configure the "Site to Zone Assignment List" to organizational standards. CC ID 08650 | System hardening through configuration management | Configuration | |
| Configure the "Notification bar" setting to organizational standards. CC ID 10008 | System hardening through configuration management | Configuration | |
| Implement only one application or primary function per network component or server. CC ID 00879 | System hardening through configuration management | Systems Design, Build, and Implementation | |
| Remove all unnecessary functionality. CC ID 00882 | System hardening through configuration management | Configuration | |
| Document that all enabled functions support secure configurations. CC ID 11985 | System hardening through configuration management | Establish/Maintain Documentation | |
| Find and eradicate unauthorized world writable files. CC ID 01541 | System hardening through configuration management | Configuration | |
| Strip dangerous/unneeded SUID/SGID system executables. CC ID 01542 | System hardening through configuration management | Configuration | |
| Find and eradicate unauthorized SUID/SGID system executables. CC ID 01543 | System hardening through configuration management | Configuration | |
| Find and eradicate unowned files and unowned directories. CC ID 01544 | System hardening through configuration management | Configuration | |
| Disable logon prompts on serial ports. CC ID 01553 | System hardening through configuration management | Configuration | |
| Disable "nobody" access for Secure RPC. CC ID 01554 | System hardening through configuration management | Configuration | |
| Disable all unnecessary interfaces. CC ID 04826 | System hardening through configuration management | Configuration | |
| Enable or disable all unused USB ports as appropriate. CC ID 06042 | System hardening through configuration management | Configuration | |
| Disable all user-mounted removable file systems. CC ID 01536 | System hardening through configuration management | Configuration | |
| Set the Bluetooth Security Mode to the organizational standard. CC ID 00587 | System hardening through configuration management | Configuration | |
| Secure the Bluetooth headset connections. CC ID 00593 | System hardening through configuration management | Configuration | |
| Disable automatic dial-in access to computers that have installed modems. CC ID 02036 | System hardening through configuration management | Configuration | |
| Configure the "Turn off AutoPlay" setting. CC ID 01787 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Restrict floppy access to locally logged on users only" setting. CC ID 01732 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Restrict CD-ROM access to locally logged on users" setting. CC ID 01731 | System hardening through configuration management | Configuration | |
| Configure the "Remove CD Burning features" setting. CC ID 04379 | System hardening through configuration management | Configuration | |
| Disable Autorun. CC ID 01790 | System hardening through configuration management | Configuration | |
| Disable USB devices (aka hotplugger). CC ID 01545 | System hardening through configuration management | Configuration | |
| Enable or disable all unused auxiliary ports as appropriate. CC ID 06414 | System hardening through configuration management | Configuration | |
| Remove rhosts support unless absolutely necessary. CC ID 01555 | System hardening through configuration management | Configuration | |
| Remove weak authentication services from Pluggable Authentication Modules. CC ID 01556 | System hardening through configuration management | Configuration | |
| Remove the /etc/hosts.equiv file. CC ID 01559 | System hardening through configuration management | Configuration | |
| Create the /etc/ftpd/ftpusers file. CC ID 01560 | System hardening through configuration management | Configuration | |
| Remove the X Wrapper and enable the X Display Manager. CC ID 01564 | System hardening through configuration management | Configuration | |
| Remove empty crontab files and restrict file permissions to the file. CC ID 01571 | System hardening through configuration management | Configuration | |
| Remove all compilers and assemblers from the system. CC ID 01594 | System hardening through configuration management | Configuration | |
| Disable all unnecessary applications unless otherwise noted in a policy exception. CC ID 04827 | System hardening through configuration management | Configuration | |
| Restrict and control the use of privileged utility programs. CC ID 12030 | System hardening through configuration management | Technical Security | |
| Disable the storing of movies in cache in Apple's QuickTime. CC ID 04489 | System hardening through configuration management | Configuration | |
| Install and enable file sharing utilities, as necessary. CC ID 02174 | System hardening through configuration management | Configuration | |
| Disable boot services unless boot services are absolutely necessary. CC ID 01481 | System hardening through configuration management | Configuration | |
| Disable File Services for Macintosh unless File Services for Macintosh are absolutely necessary. CC ID 04279 | System hardening through configuration management | Configuration | |
| Configure the Trivial FTP Daemon service to organizational standards. CC ID 01484 | System hardening through configuration management | Configuration | |
| Disable printer daemons or the printer service unless printer daemons or the printer service is absolutely necessary. CC ID 01487 | System hardening through configuration management | Configuration | |
| Disable web server unless web server is absolutely necessary. CC ID 01490 | System hardening through configuration management | Configuration | |
| Disable portmapper unless portmapper is absolutely necessary. CC ID 01492 | System hardening through configuration management | Configuration | |
| Disable writesrv, pmd, and httpdlite unless writesrv, pmd, and httpdlite are absolutely necessary. CC ID 01498 | System hardening through configuration management | Configuration | |
| Disable hwscan hardware detection unless hwscan hardware detection is absolutely necessary. CC ID 01504 | System hardening through configuration management | Configuration | |
| Configure the “xinetd” service to organizational standards. CC ID 01509 | System hardening through configuration management | Configuration | |
| Configure the /etc/xinetd.conf file permissions as appropriate. CC ID 01568 | System hardening through configuration management | Configuration | |
| Disable inetd unless inetd is absolutely necessary. CC ID 01508 | System hardening through configuration management | Configuration | |
| Disable Network Computing System unless it is absolutely necessary. CC ID 01497 | System hardening through configuration management | Configuration | |
| Disable print server for macintosh unless print server for macintosh is absolutely necessary. CC ID 04284 | System hardening through configuration management | Configuration | |
| Disable Print Server unless Print Server is absolutely necessary. CC ID 01488 | System hardening through configuration management | Configuration | |
| Disable ruser/remote login/remote shell/rcp command, unless it is absolutely necessary. CC ID 01480 | System hardening through configuration management | Configuration | |
| Disable xfsmd unless xfsmd is absolutely necessary. CC ID 02179 | System hardening through configuration management | Configuration | |
| Disable RPC-based services unless RPC-based services are absolutely necessary. CC ID 01455 | System hardening through configuration management | Configuration | |
| Disable netfs script unless netfs script is absolutely necessary. CC ID 01495 | System hardening through configuration management | Configuration | |
| Disable Remote Procedure Calls unless Remote Procedure Calls are absolutely necessary and if enabled, set restrictions. CC ID 01456 | System hardening through configuration management | Configuration | |
| Configure the "RPC Endpoint Mapper Client Authentication" setting. CC ID 04327 | System hardening through configuration management | Configuration | |
| Disable ncpfs Script unless ncpfs Script is absolutely necessary. CC ID 01494 | System hardening through configuration management | Configuration | |
| Disable sendmail server unless sendmail server is absolutely necessary. CC ID 01511 | System hardening through configuration management | Configuration | |
| Disable postfix unless postfix is absolutely necessary. CC ID 01512 | System hardening through configuration management | Configuration | |
| Disable directory server unless directory server is absolutely necessary. CC ID 01464 | System hardening through configuration management | Configuration | |
| Disable Windows-compatibility client processes unless Windows-compatibility client processes are absolutely necessary. CC ID 01471 | System hardening through configuration management | Configuration | |
| Disable Windows-compatibility servers unless Windows-compatibility servers are absolutely necessary. CC ID 01470 | System hardening through configuration management | Configuration | |
| Configure the “Network File System” server to organizational standards CC ID 01472 | System hardening through configuration management | Configuration | |
| Configure NFS to respond or not as appropriate to NFS client requests that do not include a User ID. CC ID 05981 | System hardening through configuration management | Configuration | |
| Configure NFS with appropriate authentication methods. CC ID 05982 | System hardening through configuration management | Configuration | |
| Configure the "AUTH_DES authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08971 | System hardening through configuration management | Configuration | |
| Configure the "AUTH_KERB authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08972 | System hardening through configuration management | Configuration | |
| Configure the "AUTH_NONE authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08973 | System hardening through configuration management | Configuration | |
| Configure the "AUTH_UNIX authentication mechanism" for "NFS server" setting to organizational standards. CC ID 08974 | System hardening through configuration management | Configuration | |
| Disable webmin processes unless the webmin process is absolutely necessary. CC ID 01501 | System hardening through configuration management | Configuration | |
| Disable automount daemon unless automount daemon is absolutely necessary. CC ID 01476 | System hardening through configuration management | Configuration | |
| Disable CDE-related daemons unless CDE-related daemons are absolutely necessary. CC ID 01474 | System hardening through configuration management | Configuration | |
| Disable finger unless finger is absolutely necessary. CC ID 01505 | System hardening through configuration management | Configuration | |
| Disable Rexec unless Rexec is absolutely necessary. CC ID 02164 | System hardening through configuration management | Configuration | |
| Disable Squid cache server unless Squid cache server is absolutely necessary. CC ID 01502 | System hardening through configuration management | Configuration | |
| Disable Kudzu hardware detection unless Kudzu hardware detection is absolutely necessary. CC ID 01503 | System hardening through configuration management | Configuration | |
| Install and enable public Instant Messaging clients as necessary. CC ID 02173 | System hardening through configuration management | Configuration | |
| Disable x font server unless x font server is absolutely necessary. CC ID 01499 | System hardening through configuration management | Configuration | |
| Validate, approve, and document all UNIX shells prior to use. CC ID 02161 | System hardening through configuration management | Establish/Maintain Documentation | |
| Disable NFS client processes unless NFS client processes are absolutely necessary. CC ID 01475 | System hardening through configuration management | Configuration | |
| Disable the use of removable storage media for systems that process restricted data or restricted information, as necessary. CC ID 06681 | System hardening through configuration management | Data and Information Management | |
| Disable removable storage media daemon unless the removable storage media daemon is absolutely necessary. CC ID 01477 | System hardening through configuration management | Configuration | |
| Disable GSS daemon unless GSS daemon is absolutely necessary. CC ID 01465 | System hardening through configuration management | Configuration | |
| Disable Computer Browser unless Computer Browser is absolutely necessary. CC ID 01814 | System hardening through configuration management | Configuration | |
| Configure the Computer Browser ResetBrowser Frames as appropriate. CC ID 05984 | System hardening through configuration management | Configuration | |
| Configure the /etc/samba/smb.conf file file permissions as appropriate. CC ID 05989 | System hardening through configuration management | Configuration | |
| Disable NetMeeting remote desktop sharing unless NetMeeting remote desktop sharing is absolutely necessary. CC ID 01821 | System hardening through configuration management | Configuration | |
| Disable web directory browsing on all web-enabled devices. CC ID 01874 | System hardening through configuration management | Configuration | |
| Disable WWW publishing services unless WWW publishing services are absolutely necessary. CC ID 01833 | System hardening through configuration management | Configuration | |
| Install and enable samba, as necessary. CC ID 02175 | System hardening through configuration management | Configuration | |
| Configure the samba hosts allow option with an appropriate set of networks. CC ID 05985 | System hardening through configuration management | Configuration | |
| Configure the samba security option option as appropriate. CC ID 05986 | System hardening through configuration management | Configuration | |
| Configure the samba encrypt passwords option as appropriate. CC ID 05987 | System hardening through configuration management | Configuration | |
| Configure the Samba 'smb passwd file' option with an appropriate password file or no password file. CC ID 05988 | System hardening through configuration management | Configuration | |
| Disable Usenet Internet news package file capabilities unless Usenet Internet news package file capabilities are absolutely necessary. CC ID 02176 | System hardening through configuration management | Configuration | |
| Disable iPlanet Web Server unless iPlanet Web Server is absolutely necessary. CC ID 02172 | System hardening through configuration management | Configuration | |
| Disable volume manager unless volume manager is absolutely necessary. CC ID 01469 | System hardening through configuration management | Configuration | |
| Disable Solaris Management Console unless Solaris Management Console is absolutely necessary. CC ID 01468 | System hardening through configuration management | Configuration | |
| Disable the Graphical User Interface unless it is absolutely necessary. CC ID 01466 | System hardening through configuration management | Configuration | |
| Disable help and support unless help and support is absolutely necessary. CC ID 04280 | System hardening through configuration management | Configuration | |
| Disable speech recognition unless speech recognition is absolutely necessary. CC ID 04491 | System hardening through configuration management | Configuration | |
| Disable or secure the NetWare QuickFinder search engine. CC ID 04453 | System hardening through configuration management | Configuration | |
| Disable messenger unless messenger is absolutely necessary. CC ID 01819 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Windows Messenger to be run" setting. CC ID 04516 | System hardening through configuration management | Configuration | |
| Configure the "Do not automatically start Windows Messenger initially" setting. CC ID 04517 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the Windows Messenger Customer Experience Improvement Program" setting. CC ID 04330 | System hardening through configuration management | Configuration | |
| Disable automatic updates unless automatic updates are absolutely necessary. CC ID 01811 | System hardening through configuration management | Configuration | |
| Configure automatic update installation and shutdown/restart options and shutdown/restart procedures to organizational standards. CC ID 05979 | System hardening through configuration management | Configuration | |
| Disable Name Service Cache Daemon unless Name Service Cache Daemon is absolutely necessary. CC ID 04846 | System hardening through configuration management | Configuration | |
| Prohibit R-command files from existing for root or administrator. CC ID 16322 | System hardening through configuration management | Configuration | |
| Verify the /bin/rsh file exists or not, as appropriate. CC ID 05101 | System hardening through configuration management | Configuration | |
| Verify the /sbin/rsh file exists or not, as appropriate. CC ID 05102 | System hardening through configuration management | Configuration | |
| Verify the /usr/bin/rsh file exists or not, as appropriate. CC ID 05103 | System hardening through configuration management | Configuration | |
| Verify the /etc/ftpusers file exists or not, as appropriate. CC ID 05104 | System hardening through configuration management | Configuration | |
| Verify the /etc/rsh file exists or not, as appropriate. CC ID 05105 | System hardening through configuration management | Configuration | |
| Install or uninstall the AIDE package, as appropriate. CC ID 05106 | System hardening through configuration management | Configuration | |
| Enable the GNOME automounter (gnome-volume-manager) as necessary. CC ID 05107 | System hardening through configuration management | Configuration | |
| Install or uninstall the setroubleshoot package, as appropriate. CC ID 05108 | System hardening through configuration management | Configuration | |
| Configure Avahi properly. CC ID 05109 | System hardening through configuration management | Configuration | |
| Install or uninstall OpenNTPD, as appropriate. CC ID 05110 | System hardening through configuration management | Configuration | |
| Configure the "httpd" service to organizational standards. CC ID 05111 | System hardening through configuration management | Configuration | |
| Install or uninstall the net-smtp package properly. CC ID 05112 | System hardening through configuration management | Configuration | |
| Configure the apache web service properly. CC ID 05113 | System hardening through configuration management | Configuration | |
| Configure the vlock package properly. CC ID 05114 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain service accounts. CC ID 13861 | System hardening through configuration management | Technical Security | |
| Manage access credentials for service accounts. CC ID 13862 | System hardening through configuration management | Technical Security | |
| Configure the daemon account properly. CC ID 05115 | System hardening through configuration management | Configuration | |
| Configure the bin account properly. CC ID 05116 | System hardening through configuration management | Configuration | |
| Configure the nuucp account properly. CC ID 05117 | System hardening through configuration management | Configuration | |
| Configure the smmsp account properly. CC ID 05118 | System hardening through configuration management | Configuration | |
| Configure the listen account properly. CC ID 05119 | System hardening through configuration management | Configuration | |
| Configure the gdm account properly. CC ID 05120 | System hardening through configuration management | Configuration | |
| Configure the webservd account properly. CC ID 05121 | System hardening through configuration management | Configuration | |
| Configure the nobody account properly. CC ID 05122 | System hardening through configuration management | Configuration | |
| Configure the noaccess account properly. CC ID 05123 | System hardening through configuration management | Configuration | |
| Configure the nobody4 account properly. CC ID 05124 | System hardening through configuration management | Configuration | |
| Configure the sys account properly. CC ID 05125 | System hardening through configuration management | Configuration | |
| Configure the adm account properly. CC ID 05126 | System hardening through configuration management | Configuration | |
| Configure the lp account properly. CC ID 05127 | System hardening through configuration management | Configuration | |
| Configure the uucp account properly. CC ID 05128 | System hardening through configuration management | Configuration | |
| Install or uninstall the tftp-server package, as appropriate. CC ID 05130 | System hardening through configuration management | Configuration | |
| Enable the web console as necessary. CC ID 05131 | System hardening through configuration management | Configuration | |
| Enable rlogin auth by Pluggable Authentication Modules or pam.d properly. CC ID 05132 | System hardening through configuration management | Configuration | |
| Enable rsh auth by Pluggable Authentication Modules properly. CC ID 05133 | System hardening through configuration management | Configuration | |
| Enable the listening sendmail daemon, as appropriate. CC ID 05134 | System hardening through configuration management | Configuration | |
| Configure Squid properly. CC ID 05135 | System hardening through configuration management | Configuration | |
| Configure the "global Package signature checking" setting to organizational standards. CC ID 08735 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Package signature checking" setting for "all configured repositories" to organizational standards. CC ID 08736 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "verify against the package database" setting for "all installed software packages" to organizational standards. CC ID 08737 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "isdn4k-utils" package to organizational standards. CC ID 08738 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "postfix" package to organizational standards. CC ID 08739 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "vsftpd" package to organizational standards. CC ID 08740 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "net-snmpd" package to organizational standards. CC ID 08741 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "rsyslog" package to organizational standards. CC ID 08742 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "ipsec-tools" package to organizational standards. CC ID 08743 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "pam_ccreds" package to organizational standards. CC ID 08744 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "talk-server" package to organizational standards. CC ID 08745 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "talk" package to organizational standards. CC ID 08746 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "irda-utils" package to organizational standards. CC ID 08747 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "/etc/shells" file to organizational standards. CC ID 08978 | System hardening through configuration management | Configuration | |
| Configure the LDAP package to organizational standards. CC ID 09937 | System hardening through configuration management | Configuration | |
| Configure the "FTP server" package to organizational standards. CC ID 09938 | System hardening through configuration management | Configuration | |
| Configure the "HTTP Proxy Server" package to organizational standards. CC ID 09939 | System hardening through configuration management | Configuration | |
| Configure the "prelink" package to organizational standards. CC ID 11379 | System hardening through configuration management | Configuration | |
| Configure the Network Information Service (NIS) package to organizational standards. CC ID 11380 | System hardening through configuration management | Configuration | |
| Configure the "time" setting to organizational standards. CC ID 11381 | System hardening through configuration management | Configuration | |
| Configure the "biosdevname" package to organizational standards. CC ID 11383 | System hardening through configuration management | Configuration | |
| Configure the "ufw" setting to organizational standards. CC ID 11384 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Allow undock without having to log on" setting. CC ID 01728 | System hardening through configuration management | Configuration | |
| Limit the user roles that are allowed to format and eject removable storage media. CC ID 01729 | System hardening through configuration management | Configuration | |
| Prevent users from installing printer drivers. CC ID 01730 | System hardening through configuration management | Configuration | |
| Minimize the inetd.conf file and set the file to the appropriate permissions. CC ID 01506 | System hardening through configuration management | Configuration | |
| Configure the unsigned driver installation behavior. CC ID 01733 | System hardening through configuration management | Configuration | |
| Configure the unsigned non-driver installation behavior. CC ID 02038 | System hardening through configuration management | Configuration | |
| Remove all demonstration applications on the system. CC ID 01875 | System hardening through configuration management | Configuration | |
| Configure the system to disallow optional Subsystems. CC ID 04265 | System hardening through configuration management | Configuration | |
| Configure the "Remove Security tab" setting. CC ID 04380 | System hardening through configuration management | Configuration | |
| Disable all unnecessary services unless otherwise noted in a policy exception. CC ID 00880 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | System hardening through configuration management | Configuration | |
| Disable rquotad unless rquotad is absolutely necessary. CC ID 01473 | System hardening through configuration management | Configuration | |
| Configure the rquotad service to use a static port or a dynamic portmapper port as appropriate. CC ID 05983 | System hardening through configuration management | Configuration | |
| Disable telnet unless telnet use is absolutely necessary. CC ID 01478 | System hardening through configuration management | Configuration | |
| Disable File Transfer Protocol unless File Transfer Protocol use is absolutely necessary. CC ID 01479 | System hardening through configuration management | Configuration | |
| Configure anonymous FTP to restrict the use of restricted data. CC ID 16314 | System hardening through configuration management | Configuration | |
| Disable anonymous access to File Transfer Protocol. CC ID 06739 | System hardening through configuration management | Configuration | |
| Disable Internet Message Access Protocol unless Internet Message Access Protocol use is absolutely necessary. CC ID 01485 | System hardening through configuration management | Configuration | |
| Disable Post Office Protocol unless its use is absolutely necessary. CC ID 01486 | System hardening through configuration management | Configuration | |
| Disable SQLServer processes unless SQLServer processes use is absolutely necessary. CC ID 01500 | System hardening through configuration management | Configuration | |
| Disable alerter unless alerter use is absolutely necessary. CC ID 01810 | System hardening through configuration management | Configuration | |
| Disable Background Intelligent Transfer Service unless Background Intelligent Transfer Service use is absolutely necessary. CC ID 01812 | System hardening through configuration management | Configuration | |
| Disable ClipBook unless ClipBook use is absolutely necessary. CC ID 01813 | System hardening through configuration management | Configuration | |
| Disable Fax Service unless Fax Service use is absolutely necessary. CC ID 01815 | System hardening through configuration management | Configuration | |
| Disable IIS admin service unless IIS admin service use is absolutely necessary. CC ID 01817 | System hardening through configuration management | Configuration | |
| Disable indexing service unless indexing service use is absolutely necessary. CC ID 01818 | System hardening through configuration management | Configuration | |
| Disable net logon unless net logon use is absolutely necessary. CC ID 01820 | System hardening through configuration management | Configuration | |
| Disable Remote Desktop Help Session Manager unless Remote Desktop Help Session Manager use is absolutely necessary. CC ID 01822 | System hardening through configuration management | Configuration | |
| Disable the "Offer Remote Assistance" setting. CC ID 04325 | System hardening through configuration management | Configuration | |
| Disable the "Solicited Remote Assistance" setting. CC ID 04326 | System hardening through configuration management | Configuration | |
| Disable Remote Registry Service unless Remote Registry Service use is absolutely necessary. CC ID 01823 | System hardening through configuration management | Configuration | |
| Disable Routing and Remote Access unless Routing and Remote Access use is necessary. CC ID 01824 | System hardening through configuration management | Configuration | |
| Disable task scheduler unless task scheduler use is absolutely necessary. CC ID 01829 | System hardening through configuration management | Configuration | |
| Disable Terminal Services unless Terminal Services use is absolutely necessary. CC ID 01831 | System hardening through configuration management | Configuration | |
| Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary. CC ID 01832 | System hardening through configuration management | Configuration | |
| Disable File Service Protocol. CC ID 02167 | System hardening through configuration management | Configuration | |
| Disable the License Logging Service unless unless it is absolutely necessary. CC ID 04282 | System hardening through configuration management | Configuration | |
| Disable Remote Access Auto Connection Manager unless Remote Access Auto Connection Manager use is absolutely necessary. CC ID 04285 | System hardening through configuration management | Configuration | |
| Disable Remote Access Connection Manager unless Remote Access Connection Manager use is absolutely necessary. CC ID 04286 | System hardening through configuration management | Configuration | |
| Disable Remote Administration Service unless remote administration management is absolutely necessary. CC ID 04287 | System hardening through configuration management | Configuration | |
| Disable remote installation unless remote installation is absolutely necessary. CC ID 04288 | System hardening through configuration management | Configuration | |
| Disable Remote Server Manager unless Remote Server Manager is absolutely necessary. CC ID 04289 | System hardening through configuration management | Configuration | |
| Disable Remote Server Monitor unless Remote Server Monitor use is absolutely necessary. CC ID 04290 | System hardening through configuration management | Configuration | |
| Disable Remote Storage Notification unless Remote Storage Notification use is absolutely necessary. CC ID 04291 | System hardening through configuration management | Configuration | |
| Disable Remote Storage Server unless Remote Storage Server use is absolutely necessary. CC ID 04292 | System hardening through configuration management | Configuration | |
| Disable telephony services unless telephony services use is absolutely necessary. CC ID 04293 | System hardening through configuration management | Configuration | |
| Disable Wireless Zero Configuration service unless Wireless Zero Configuration service use is absolutely necessary. CC ID 04294 | System hardening through configuration management | Configuration | |
| Disable SSDP/UPnp unless SSDP/UPnP is absolutely necessary. CC ID 04315 | System hardening through configuration management | Configuration | |
| Configure the "ntpd service" setting to organizational standards. CC ID 04911 | System hardening through configuration management | Configuration | |
| Configure the "echo service" setting to organizational standards. CC ID 04912 | System hardening through configuration management | Configuration | |
| Configure the "echo-dgram service" setting to organizational standards. CC ID 09927 | System hardening through configuration management | Configuration | |
| Configure the "echo-stream service" setting to organizational standards. CC ID 09928 | System hardening through configuration management | Configuration | |
| Configure the "AllowTcpForwarding" to organizational standards. CC ID 15327 | System hardening through configuration management | Configuration | |
| Configure the "tcpmux-server" setting to organizational standards. CC ID 09929 | System hardening through configuration management | Configuration | |
| Configure the "netstat service" setting to organizational standards. CC ID 04913 | System hardening through configuration management | Configuration | |
| Configure the "character generator protocol (chargen)" setting to organizational standards. CC ID 04914 | System hardening through configuration management | Configuration | |
| Configure the "tftpd service" setting to organizational standards. CC ID 04915 | System hardening through configuration management | Configuration | |
| Configure the "walld service" setting to organizational standards. CC ID 04916 | System hardening through configuration management | Configuration | |
| Configure the "rstatd service" setting to organizational standards. CC ID 04917 | System hardening through configuration management | Configuration | |
| Configure the "sprayd service" setting to organizational standards. CC ID 04918 | System hardening through configuration management | Configuration | |
| Configure the "rusersd service" setting to organizational standards. CC ID 04919 | System hardening through configuration management | Configuration | |
| Configure the "inn service" setting to organizational standards. CC ID 04920 | System hardening through configuration management | Configuration | |
| Configure the "font service" setting to organizational standards. CC ID 04921 | System hardening through configuration management | Configuration | |
| Configure the "ident service" setting to organizational standards. CC ID 04922 | System hardening through configuration management | Configuration | |
| Configure the "rexd service" setting to organizational standards. CC ID 04923 | System hardening through configuration management | Configuration | |
| Configure the "daytime service" setting to organizational standards. CC ID 04924 | System hardening through configuration management | Configuration | |
| Configure the "dtspc (cde-spc) service" setting to organizational standards. CC ID 04925 | System hardening through configuration management | Configuration | |
| Configure the "cmsd service" setting to organizational standards. CC ID 04926 | System hardening through configuration management | Configuration | |
| Configure the "ToolTalk service" setting to organizational standards. CC ID 04927 | System hardening through configuration management | Configuration | |
| Configure the "discard service" setting to organizational standards. CC ID 04928 | System hardening through configuration management | Configuration | |
| Configure the "vino-server service" setting to organizational standards. CC ID 04929 | System hardening through configuration management | Configuration | |
| Configure the "bind service" setting to organizational standards. CC ID 04930 | System hardening through configuration management | Configuration | |
| Configure the "nfsd service" setting to organizational standards. CC ID 04931 | System hardening through configuration management | Configuration | |
| Configure the "mountd service" setting to organizational standards. CC ID 04932 | System hardening through configuration management | Configuration | |
| Configure the "statd service" setting to organizational standards. CC ID 04933 | System hardening through configuration management | Configuration | |
| Configure the "lockd service" setting to organizational standards. CC ID 04934 | System hardening through configuration management | Configuration | |
| Configure the lockd service to use a static port or a dynamic portmapper port for User Datagram Protocol as appropriate. CC ID 05980 | System hardening through configuration management | Configuration | |
| Configure the "decode sendmail alias" setting to organizational standards. CC ID 04935 | System hardening through configuration management | Configuration | |
| Configure the sendmail vrfy command, as appropriate. CC ID 04936 | System hardening through configuration management | Configuration | |
| Configure the sendmail expn command, as appropriate. CC ID 04937 | System hardening through configuration management | Configuration | |
| Configure .netrc with an appropriate set of services. CC ID 04938 | System hardening through configuration management | Configuration | |
| Enable NFS insecure locks as necessary. CC ID 04939 | System hardening through configuration management | Configuration | |
| Configure the "X server ac" setting to organizational standards. CC ID 04940 | System hardening through configuration management | Configuration | |
| Configure the "X server core" setting to organizational standards. CC ID 04941 | System hardening through configuration management | Configuration | |
| Enable or disable the setroubleshoot service, as appropriate. CC ID 05540 | System hardening through configuration management | Configuration | |
| Configure the "X server nolock" setting to organizational standards. CC ID 04942 | System hardening through configuration management | Configuration | |
| Enable or disable the mcstrans service, as appropriate. CC ID 05541 | System hardening through configuration management | Configuration | |
| Configure the "PAM console" setting to organizational standards. CC ID 04943 | System hardening through configuration management | Configuration | |
| Enable or disable the restorecond service, as appropriate. CC ID 05542 | System hardening through configuration management | Configuration | |
| Enable the rhnsd service as necessary. CC ID 04944 | System hardening through configuration management | Configuration | |
| Enable the yum-updatesd service as necessary. CC ID 04945 | System hardening through configuration management | Configuration | |
| Enable the autofs service as necessary. CC ID 04946 | System hardening through configuration management | Configuration | |
| Enable the ip6tables service as necessary. CC ID 04947 | System hardening through configuration management | Configuration | |
| Configure syslog to organizational standards. CC ID 04949 | System hardening through configuration management | Configuration | |
| Enable the auditd service as necessary. CC ID 04950 | System hardening through configuration management | Configuration | |
| Enable the logwatch service as necessary. CC ID 04951 | System hardening through configuration management | Configuration | |
| Enable the logrotate (syslog rotator) service as necessary. CC ID 04952 | System hardening through configuration management | Configuration | |
| Install or uninstall the telnet server package, only if absolutely necessary. CC ID 04953 | System hardening through configuration management | Configuration | |
| Enable the ypbind service as necessary. CC ID 04954 | System hardening through configuration management | Configuration | |
| Enable the ypserv service as necessary. CC ID 04955 | System hardening through configuration management | Configuration | |
| Enable the firstboot service as necessary. CC ID 04956 | System hardening through configuration management | Configuration | |
| Enable the gpm service as necessary. CC ID 04957 | System hardening through configuration management | Configuration | |
| Enable the irqbalance service as necessary. CC ID 04958 | System hardening through configuration management | Configuration | |
| Enable the isdn service as necessary. CC ID 04959 | System hardening through configuration management | Configuration | |
| Enable the kdump service as necessary. CC ID 04960 | System hardening through configuration management | Configuration | |
| Enable the mdmonitor service as necessary. CC ID 04961 | System hardening through configuration management | Configuration | |
| Enable the microcode_ctl service as necessary. CC ID 04962 | System hardening through configuration management | Configuration | |
| Enable the pcscd service as necessary. CC ID 04963 | System hardening through configuration management | Configuration | |
| Enable the smartd service as necessary. CC ID 04964 | System hardening through configuration management | Configuration | |
| Enable the readahead_early service as necessary. CC ID 04965 | System hardening through configuration management | Configuration | |
| Enable the readahead_later service as necessary. CC ID 04966 | System hardening through configuration management | Configuration | |
| Enable the messagebus service as necessary. CC ID 04967 | System hardening through configuration management | Configuration | |
| Enable the haldaemon service as necessary. CC ID 04968 | System hardening through configuration management | Configuration | |
| Enable the apmd service as necessary. CC ID 04969 | System hardening through configuration management | Configuration | |
| Enable the acpid service as necessary. CC ID 04970 | System hardening through configuration management | Configuration | |
| Enable the cpuspeed service as necessary. CC ID 04971 | System hardening through configuration management | Configuration | |
| Enable the network service as necessary. CC ID 04972 | System hardening through configuration management | Configuration | |
| Enable the hidd service as necessary. CC ID 04973 | System hardening through configuration management | Configuration | |
| Enable the crond service as necessary. CC ID 04974 | System hardening through configuration management | Configuration | |
| Install and enable the anacron service as necessary. CC ID 04975 | System hardening through configuration management | Configuration | |
| Enable the xfs service as necessary. CC ID 04976 | System hardening through configuration management | Configuration | |
| Install and enable the Avahi daemon service, as necessary. CC ID 04977 | System hardening through configuration management | Configuration | |
| Enable the CUPS service, as necessary. CC ID 04978 | System hardening through configuration management | Configuration | |
| Enable the hplip service as necessary. CC ID 04979 | System hardening through configuration management | Configuration | |
| Enable the dhcpd service as necessary. CC ID 04980 | System hardening through configuration management | Configuration | |
| Enable the nfslock service as necessary. CC ID 04981 | System hardening through configuration management | Configuration | |
| Enable the rpcgssd service as necessary. CC ID 04982 | System hardening through configuration management | Configuration | |
| Enable the rpcidmapd service as necessary. CC ID 04983 | System hardening through configuration management | Configuration | |
| Enable the rpcsvcgssd service as necessary. CC ID 04985 | System hardening through configuration management | Configuration | |
| Configure root squashing for all NFS shares, as appropriate. CC ID 04986 | System hardening through configuration management | Configuration | |
| Configure write access to NFS shares, as appropriate. CC ID 04987 | System hardening through configuration management | Configuration | |
| Configure the named service, as appropriate. CC ID 04988 | System hardening through configuration management | Configuration | |
| Configure the vsftpd service, as appropriate. CC ID 04989 | System hardening through configuration management | Configuration | |
| Configure the “dovecot” service to organizational standards. CC ID 04990 | System hardening through configuration management | Configuration | |
| Configure Server Message Block (SMB) to organizational standards. CC ID 04991 | System hardening through configuration management | Configuration | |
| Enable the snmpd service as necessary. CC ID 04992 | System hardening through configuration management | Configuration | |
| Enable the calendar manager as necessary. CC ID 04993 | System hardening through configuration management | Configuration | |
| Enable the GNOME logon service as necessary. CC ID 04994 | System hardening through configuration management | Configuration | |
| Enable the WBEM services as necessary. CC ID 04995 | System hardening through configuration management | Configuration | |
| Enable the keyserv service as necessary. CC ID 04996 | System hardening through configuration management | Configuration | |
| Enable the Generic Security Service daemon as necessary. CC ID 04997 | System hardening through configuration management | Configuration | |
| Enable the volfs service as necessary. CC ID 04998 | System hardening through configuration management | Configuration | |
| Enable the smserver service as necessary. CC ID 04999 | System hardening through configuration management | Configuration | |
| Enable the mpxio-upgrade service as necessary. CC ID 05000 | System hardening through configuration management | Configuration | |
| Enable the metainit service as necessary. CC ID 05001 | System hardening through configuration management | Configuration | |
| Enable the meta service as necessary. CC ID 05003 | System hardening through configuration management | Configuration | |
| Enable the metaed service as necessary. CC ID 05004 | System hardening through configuration management | Configuration | |
| Enable the metamh service as necessary. CC ID 05005 | System hardening through configuration management | Configuration | |
| Enable the Local RPC Port Mapping Service as necessary. CC ID 05006 | System hardening through configuration management | Configuration | |
| Enable the Kerberos kadmind service as necessary. CC ID 05007 | System hardening through configuration management | Configuration | |
| Enable the Kerberos krb5kdc service as necessary. CC ID 05008 | System hardening through configuration management | Configuration | |
| Enable the Kerberos kpropd service as necessary. CC ID 05009 | System hardening through configuration management | Configuration | |
| Enable the Kerberos ktkt_warnd service as necessary. CC ID 05010 | System hardening through configuration management | Configuration | |
| Enable the sadmin service as necessary. CC ID 05011 | System hardening through configuration management | Configuration | |
| Enable the IPP listener as necessary. CC ID 05012 | System hardening through configuration management | Configuration | |
| Enable the serial port listener as necessary. CC ID 05013 | System hardening through configuration management | Configuration | |
| Enable the Smart Card Helper service as necessary. CC ID 05014 | System hardening through configuration management | Configuration | |
| Enable the Application Management service as necessary. CC ID 05015 | System hardening through configuration management | Configuration | |
| Enable the Resultant Set of Policy (RSoP) Provider service as necessary. CC ID 05016 | System hardening through configuration management | Configuration | |
| Enable the Network News Transport Protocol service as necessary. CC ID 05017 | System hardening through configuration management | Configuration | |
| Enable the network Dynamic Data Exchange service as necessary. CC ID 05018 | System hardening through configuration management | Configuration | |
| Enable the Distributed Link Tracking Server service as necessary. CC ID 05019 | System hardening through configuration management | Configuration | |
| Enable the RARP service as necessary. CC ID 05020 | System hardening through configuration management | Configuration | |
| Configure the ".NET Framework service" setting to organizational standards. CC ID 05021 | System hardening through configuration management | Configuration | |
| Enable the Network DDE Share Database Manager service as necessary. CC ID 05022 | System hardening through configuration management | Configuration | |
| Enable the Certificate Services service as necessary. CC ID 05023 | System hardening through configuration management | Configuration | |
| Configure the ATI hotkey poller service properly. CC ID 05024 | System hardening through configuration management | Configuration | |
| Configure the Interix Subsystem Startup service properly. CC ID 05025 | System hardening through configuration management | Configuration | |
| Configure the Cluster Service service properly. CC ID 05026 | System hardening through configuration management | Configuration | |
| Configure the IAS Jet Database Access service properly. CC ID 05027 | System hardening through configuration management | Configuration | |
| Configure the IAS service properly. CC ID 05028 | System hardening through configuration management | Configuration | |
| Configure the IP Version 6 Helper service properly. CC ID 05029 | System hardening through configuration management | Configuration | |
| Configure "Message Queuing service" to organizational standards. CC ID 05030 | System hardening through configuration management | Configuration | |
| Configure the Message Queuing Down Level Clients service properly. CC ID 05031 | System hardening through configuration management | Configuration | |
| Configure the Windows Management Instrumentation Driver Extensions service properly. CC ID 05033 | System hardening through configuration management | Configuration | |
| Configure the TCP/IP NetBIOS Helper Service properly. CC ID 05034 | System hardening through configuration management | Configuration | |
| Configure the Utility Manager service properly. CC ID 05035 | System hardening through configuration management | Configuration | |
| Configure the secondary logon service properly. CC ID 05036 | System hardening through configuration management | Configuration | |
| Configure the Windows Management Instrumentation service properly. CC ID 05037 | System hardening through configuration management | Configuration | |
| Configure the Workstation service properly. CC ID 05038 | System hardening through configuration management | Configuration | |
| Configure the Windows Installer service properly. CC ID 05039 | System hardening through configuration management | Configuration | |
| Configure the Windows System Resource Manager service properly. CC ID 05040 | System hardening through configuration management | Configuration | |
| Configure the WinHTTP Web Proxy Auto-Discovery Service properly. CC ID 05041 | System hardening through configuration management | Configuration | |
| Configure the Services for Unix Client for NFS service properly. CC ID 05042 | System hardening through configuration management | Configuration | |
| Configure the Services for Unix Server for PCNFS service properly. CC ID 05043 | System hardening through configuration management | Configuration | |
| Configure the Services for Unix Perl Socket service properly. CC ID 05044 | System hardening through configuration management | Configuration | |
| Configure the Services for Unix User Name Mapping service properly. CC ID 05045 | System hardening through configuration management | Configuration | |
| Configure the Services for Unix Windows Cron service properly. CC ID 05046 | System hardening through configuration management | Configuration | |
| Configure the Windows Media Services service properly. CC ID 05047 | System hardening through configuration management | Configuration | |
| Configure the Services for Netware Service Advertising Protocol (SAP) Agent properly. CC ID 05048 | System hardening through configuration management | Configuration | |
| Configure the Web Element Manager service properly. CC ID 05049 | System hardening through configuration management | Configuration | |
| Configure the Remote Installation Services Single Instance Storage (SIS) Groveler service properly. CC ID 05050 | System hardening through configuration management | Configuration | |
| Configure the Terminal Services Licensing service properly. CC ID 05051 | System hardening through configuration management | Configuration | |
| Configure the COM+ Event System service properly. CC ID 05052 | System hardening through configuration management | Configuration | |
| Configure the Event Log service properly. CC ID 05053 | System hardening through configuration management | Configuration | |
| Configure the Infrared Monitor service properly. CC ID 05054 | System hardening through configuration management | Configuration | |
| Configure the Services for Unix Server for NFS service properly. CC ID 05055 | System hardening through configuration management | Configuration | |
| Configure the System Event Notification Service properly. CC ID 05056 | System hardening through configuration management | Configuration | |
| Configure the NTLM Security Support Provider service properly. CC ID 05057 | System hardening through configuration management | Configuration | |
| Configure the Performance Logs and Alerts service properly. CC ID 05058 | System hardening through configuration management | Configuration | |
| Configure the Protected Storage service properly. CC ID 05059 | System hardening through configuration management | Configuration | |
| Configure the QoS Admission Control (RSVP) service properly. CC ID 05060 | System hardening through configuration management | Configuration | |
| Configure the Remote Procedure Call service properly. CC ID 05061 | System hardening through configuration management | Configuration | |
| Configure the Removable Storage service properly. CC ID 05062 | System hardening through configuration management | Configuration | |
| Configure the Server service properly. CC ID 05063 | System hardening through configuration management | Configuration | |
| Configure the Security Accounts Manager service properly. CC ID 05064 | System hardening through configuration management | Configuration | |
| Configure the “Network Connections” service to organizational standards. CC ID 05065 | System hardening through configuration management | Configuration | |
| Configure the Logical Disk Manager service properly. CC ID 05066 | System hardening through configuration management | Configuration | |
| Configure the Logical Disk Manager Administrative Service properly. CC ID 05067 | System hardening through configuration management | Configuration | |
| Configure the File Replication service properly. CC ID 05068 | System hardening through configuration management | Configuration | |
| Configure the Kerberos Key Distribution Center service properly. CC ID 05069 | System hardening through configuration management | Configuration | |
| Configure the Intersite Messaging service properly. CC ID 05070 | System hardening through configuration management | Configuration | |
| Configure the Remote Procedure Call locator service properly. CC ID 05071 | System hardening through configuration management | Configuration | |
| Configure the Distributed File System service properly. CC ID 05072 | System hardening through configuration management | Configuration | |
| Configure the Windows Internet Name Service service properly. CC ID 05073 | System hardening through configuration management | Configuration | |
| Configure the FTP Publishing Service properly. CC ID 05074 | System hardening through configuration management | Configuration | |
| Configure the Windows Search service properly. CC ID 05075 | System hardening through configuration management | Configuration | |
| Configure the Microsoft Peer-to-Peer Networking Services service properly. CC ID 05076 | System hardening through configuration management | Configuration | |
| Configure the Remote Shell service properly. CC ID 05077 | System hardening through configuration management | Configuration | |
| Configure Simple TCP/IP services to organizational standards. CC ID 05078 | System hardening through configuration management | Configuration | |
| Configure the Print Services for Unix service properly. CC ID 05079 | System hardening through configuration management | Configuration | |
| Configure the File Shares service to organizational standards. CC ID 05080 | System hardening through configuration management | Configuration | |
| Configure the NetMeeting service properly. CC ID 05081 | System hardening through configuration management | Configuration | |
| Configure the Application Layer Gateway service properly. CC ID 05082 | System hardening through configuration management | Configuration | |
| Configure the Cryptographic Services service properly. CC ID 05083 | System hardening through configuration management | Configuration | |
| Configure the Help and Support Service properly. CC ID 05084 | System hardening through configuration management | Configuration | |
| Configure the Human Interface Device Access service properly. CC ID 05085 | System hardening through configuration management | Configuration | |
| Configure the IMAPI CD-Burning COM service properly. CC ID 05086 | System hardening through configuration management | Configuration | |
| Configure the MS Software Shadow Copy Provider service properly. CC ID 05087 | System hardening through configuration management | Configuration | |
| Configure the Network Location Awareness service properly. CC ID 05088 | System hardening through configuration management | Configuration | |
| Configure the Portable Media Serial Number Service service properly. CC ID 05089 | System hardening through configuration management | Configuration | |
| Configure the System Restore Service service properly. CC ID 05090 | System hardening through configuration management | Configuration | |
| Configure the Themes service properly. CC ID 05091 | System hardening through configuration management | Configuration | |
| Configure the Uninterruptible Power Supply service properly. CC ID 05092 | System hardening through configuration management | Configuration | |
| Configure the Upload Manager service properly. CC ID 05093 | System hardening through configuration management | Configuration | |
| Configure the Volume Shadow Copy Service properly. CC ID 05094 | System hardening through configuration management | Configuration | |
| Configure the WebClient service properly. CC ID 05095 | System hardening through configuration management | Configuration | |
| Configure the Windows Audio service properly. CC ID 05096 | System hardening through configuration management | Configuration | |
| Configure the Windows Image Acquisition service properly. CC ID 05097 | System hardening through configuration management | Configuration | |
| Configure the WMI Performance Adapter service properly. CC ID 05098 | System hardening through configuration management | Configuration | |
| Enable file uploads via vsftpd service, as appropriate. CC ID 05100 | System hardening through configuration management | Configuration | |
| Disable or remove sadmind unless use of sadmind is absolutely necessary. CC ID 06885 | System hardening through configuration management | Configuration | |
| Configure the "SNMP version 1" setting to organizational standards. CC ID 08976 | System hardening through configuration management | Configuration | |
| Configure the "xdmcp service" setting to organizational standards. CC ID 08985 | System hardening through configuration management | Configuration | |
| Disable the automatic display of remote images in HTML-formatted e-mail. CC ID 04494 | System hardening through configuration management | Configuration | |
| Disable Remote Apply Events unless Remote Apply Events are absolutely necessary. CC ID 04495 | System hardening through configuration management | Configuration | |
| Disable Xgrid unless Xgrid is absolutely necessary. CC ID 04496 | System hardening through configuration management | Configuration | |
| Configure the "Do Not Show First Use Dialog Boxes" setting for Windows Media Player properly. CC ID 05136 | System hardening through configuration management | Configuration | |
| Disable Core dumps unless absolutely necessary. CC ID 01507 | System hardening through configuration management | Configuration | |
| Set hard core dump size limits, as appropriate. CC ID 05990 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Desktop Shortcut Creation" setting for Windows Media Player properly. CC ID 05137 | System hardening through configuration management | Configuration | |
| Set the Squid EUID and Squid GUID to an appropriate user and group. CC ID 05138 | System hardening through configuration management | Configuration | |
| Verify groups referenced in /etc/passwd are included in /etc/group, as appropriate. CC ID 05139 | System hardening through configuration management | Configuration | |
| Use of the cron.allow file should be enabled or disabled as appropriate. CC ID 06014 | System hardening through configuration management | Configuration | |
| Use of the at.allow file should be enabled or disabled as appropriate. CC ID 06015 | System hardening through configuration management | Configuration | |
| Enable or disable the Dynamic DNS feature of the DHCP Server as appropriate. CC ID 06039 | System hardening through configuration management | Configuration | |
| Enable or disable each user's Screen saver software, as necessary. CC ID 06050 | System hardening through configuration management | Configuration | |
| Disable any unnecessary scripting languages, as necessary. CC ID 12137 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain the interactive logon settings. CC ID 01739 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the system to refrain from completing authentication methods when a security breach is detected. CC ID 13790 | System hardening through configuration management | Configuration | |
| Allow logon to privileged accounts, as appropriate. CC ID 05281 | System hardening through configuration management | Configuration | |
| Verify the logon accounts include an appropriate GECOS identifier, as appropriate. CC ID 05280 | System hardening through configuration management | Configuration | |
| Configure the "/etc/shadow" settings to organizational standards. CC ID 15332 | System hardening through configuration management | Configuration | |
| Set the default su console properly. CC ID 05279 | System hardening through configuration management | Configuration | |
| Set the default logon console properly. CC ID 05278 | System hardening through configuration management | Configuration | |
| Enable or disable local user logon to the vsftpd service, as appropriate. CC ID 05277 | System hardening through configuration management | Configuration | |
| Enable or disable anonymous root logons, as appropriate. CC ID 05276 | System hardening through configuration management | Configuration | |
| Enable or disable interactive logon to non-root system accounts, as necessary. CC ID 05275 | System hardening through configuration management | Configuration | |
| Enable or disable logins through the primary console device, as appropriate. CC ID 05274 | System hardening through configuration management | Configuration | |
| Enable or disable logins through the named virtual console device, as appropriate. CC ID 05273 | System hardening through configuration management | Configuration | |
| Enable or disable logons through the named virtual console interface, as appropriate. CC ID 05272 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Do not display last user name" setting to organizational standards. CC ID 01740 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Do not require CTRL+ALT+DEL" setting. CC ID 01741 | System hardening through configuration management | Configuration | |
| Configure the system logon banner. CC ID 01742 | System hardening through configuration management | Configuration | |
| Configure the system logon banner message title. CC ID 01743 | System hardening through configuration management | Configuration | |
| Configure the "interactive logon: number of previous logons to cache (in case domain controller is not available" setting. CC ID 01744 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Require Domain Controller authentication to unlock workstation" setting. CC ID 01746 | System hardening through configuration management | Configuration | |
| Configure the Prompt for password on resume from hibernate / suspend setting. CC ID 04356 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Smart card removal behavior" setting. CC ID 01747 | System hardening through configuration management | Configuration | |
| Configure the "Recovery console: Allow automatic administrative logon" setting. CC ID 01776 | System hardening through configuration management | Configuration | |
| Configure the "Recovery console: Allow floppy copy and access to all drivers and all folders" setting. CC ID 01777 | System hardening through configuration management | Configuration | |
| Configure the system to require an Open Firmware password on system startup. CC ID 04479 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Require removal card" setting. CC ID 06053 | System hardening through configuration management | Configuration | |
| Configure the settings of the system registry and the systems objects (for Windows OS only). CC ID 01781 | System hardening through configuration management | Configuration | |
| Configure ICMP timestamp request responses properly. CC ID 05150 | System hardening through configuration management | Configuration | |
| Configure the Administrators group as the default owner for all new objects. CC ID 01782 | System hardening through configuration management | Configuration | |
| Configure the "System objects: Require case-insensitivity for non-Windows systems" setting. CC ID 01783 | System hardening through configuration management | Configuration | |
| Configure the "System objects: Strengthen default permissions of internal system objects" setting. CC ID 01784 | System hardening through configuration management | Configuration | |
| Configure the system to suppress Dr. Watson Crash dumps. CC ID 01785 | System hardening through configuration management | Configuration | |
| Disable automatic execution of the system debugger. CC ID 01786 | System hardening through configuration management | Configuration | |
| Disable automatic logon. CC ID 01788 | System hardening through configuration management | Configuration | |
| Disable automatic reboots after a Blue Screen of Death. CC ID 01789 | System hardening through configuration management | Configuration | |
| Remove administrative shares on workstations. CC ID 01791 | System hardening through configuration management | Configuration | |
| Configure the system to protect against Browser Spoofing attacks. CC ID 01792 | System hardening through configuration management | Configuration | |
| Configure the system to protect against source-routing spoofing. CC ID 01793 | System hardening through configuration management | Configuration | |
| Configure the system to protect the default gateway network setting. CC ID 01794 | System hardening through configuration management | Configuration | |
| Configure the TCP/IP Dead Gateway Detection as appropriate. CC ID 06025 | System hardening through configuration management | Configuration | |
| Configure the system to ensure ICMP routing via the shortest path first. CC ID 01795 | System hardening through configuration management | Configuration | |
| Configure the system to protect against packet fragmentation. CC ID 01796 | System hardening through configuration management | Configuration | |
| Configure the keep-alive times. CC ID 01797 | System hardening through configuration management | Configuration | |
| Configure the system to protect against malicious Name-Release Attacks. CC ID 01798 | System hardening through configuration management | Configuration | |
| Disable Internet Router Discovery Protocol. CC ID 01799 | System hardening through configuration management | Configuration | |
| Configure the system to protect against SYN Flood attacks. CC ID 01800 | System hardening through configuration management | Configuration | |
| Configure the TCP Maximum half-open sockets. CC ID 01801 | System hardening through configuration management | Configuration | |
| Configure the TCP Maximum half-open retired sockets. CC ID 01802 | System hardening through configuration management | Configuration | |
| Configure the number of dropped connect requests to a set maximum. CC ID 04272 | System hardening through configuration management | Configuration | |
| Enable Internet Protocol Security to protect Kerberos RSVP communication. CC ID 01803 | System hardening through configuration management | Configuration | |
| Configure the system to hide workstations from the network browser listing. CC ID 01804 | System hardening through configuration management | Configuration | |
| Enable the safe DSS search mode. CC ID 01805 | System hardening through configuration management | Configuration | |
| Disable WebDAV basic authentication (sp 2 only). CC ID 01806 | System hardening through configuration management | Configuration | |
| Disable basic authentication over a clear channel (sp 2 only). CC ID 01807 | System hardening through configuration management | Configuration | |
| Enable the usb block storage device policy (sp 2 only). CC ID 01808 | System hardening through configuration management | Configuration | |
| Block the Distributed Transaction Coordinator service and set additional Distributed Transaction Coordinator parameters, if necessary. CC ID 01809 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software\Classes. CC ID 02010 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software. CC ID 02011 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software\Microsoft\NetDDE. CC ID 02012 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software\Microsoft\OS/2 Subsystem for NT. CC ID 02013 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software\Microsoft\Windows NT\CurrentVersion\AsrCommands. CC ID 02014 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib. CC ID 02015 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy. CC ID 02016 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Installer. CC ID 02017 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\Software\Microsoft\Windows\CurrentVersion\Policies. CC ID 02018 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System. CC ID 02019 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\Clone. CC ID 02020 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\ControlSet001. CC ID 02021 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\ControlSet00x. CC ID 02022 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\CurrentControlSet\Control\SecurePipeServers\WinReg. CC ID 02023 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\CurrentControlSet\Control\WMI\Security. CC ID 02024 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\CurrentControlSet\Enum. CC ID 02025 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\CurrentControlSet\Hardware Profiles. CC ID 02026 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers. CC ID 02027 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKLM\System\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities. CC ID 02028 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKU\.Default. CC ID 02029 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKU\.Default\Software\Microsoft\NetDDE. CC ID 02030 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKU\.Default\Software\Microsoft\Protected Storage System Provider. CC ID 02031 | System hardening through configuration management | Configuration | |
| Set the registry permission for %SystemDrive%. CC ID 02032 | System hardening through configuration management | Configuration | |
| Enable auditing for HKLM\Software and set its registry permission. CC ID 02033 | System hardening through configuration management | Configuration | |
| Enable auditing for HKLM\System and set its registry permission. CC ID 02034 | System hardening through configuration management | Configuration | |
| Configure the system to a set number of unacknowledged data retransmissions. CC ID 04271 | System hardening through configuration management | Configuration | |
| Configure the system to remap folder types to Notepad. CC ID 04312 | System hardening through configuration management | Configuration | |
| Configure the system to show hidden file types. CC ID 04313 | System hardening through configuration management | Configuration | |
| Configure the "Do not process the legacy run list" setting. CC ID 04322 | System hardening through configuration management | Configuration | |
| Configure the "Do not process the run once list" setting. CC ID 04323 | System hardening through configuration management | Configuration | |
| Configure "Registry policy processing" to organizational standards. CC ID 04324 | System hardening through configuration management | Configuration | |
| Configure the "Restrict Terminal Server users to a single remote session" setting to organizational standards. CC ID 04510 | System hardening through configuration management | Configuration | |
| Configure the "Do not use temporary folders per session" setting to organizational standards. CC ID 04513 | System hardening through configuration management | Configuration | |
| Configure the "Do not delete temp folder upon exit" setting to organizational standards. CC ID 04514 | System hardening through configuration management | Configuration | |
| Configure the "Turn off background refresh of Group Policy" setting to organizational standards. CC ID 04520 | System hardening through configuration management | Configuration | |
| Configure the "Configure Windows NTP Client" setting. CC ID 04522 | System hardening through configuration management | Configuration | |
| Configure the "Disallow installation of printers using kernel-mode drivers" setting to organizational standards. CC ID 04523 | System hardening through configuration management | Configuration | |
| Configure the "Prevent codec download" setting to organizational standards. CC ID 04524 | System hardening through configuration management | Configuration | |
| Verify the Posix registry key does not exist. CC ID 04525 | System hardening through configuration management | Configuration | |
| Configure the Recycle Bin to delete files on assets running Windows Server 2003. CC ID 04526 | System hardening through configuration management | Configuration | |
| Configure the system to allow only administrators with permissions to change the security settings of Distributed Component Object Model objects. CC ID 04529 | System hardening through configuration management | Configuration | |
| Configure the system to allow Distributed Component Object Model calls to be executed only under the calling user's security context. CC ID 04530 | System hardening through configuration management | Configuration | |
| Configure the version string reported by the bind service properly. CC ID 05140 | System hardening through configuration management | Configuration | |
| Enable or disable performing source validation by reverse path, as appropriate. CC ID 05141 | System hardening through configuration management | Configuration | |
| Verify the environment variable "Os2LibPath" exists, as appropriate. CC ID 05142 | System hardening through configuration management | Configuration | |
| Define the path to the Microsoft OS/2 version 1.x library properly. CC ID 05143 | System hardening through configuration management | Configuration | |
| Set the "Specify intranet Microsoft update service location" properly. CC ID 05144 | System hardening through configuration management | Configuration | |
| Set the path to the debugger used for Just-In-Time debugging properly. CC ID 05145 | System hardening through configuration management | Configuration | |
| Set the OS/2 Subsystem location properly. CC ID 05146 | System hardening through configuration management | Configuration | |
| Configure extended TCP reserved ports properly. CC ID 05147 | System hardening through configuration management | Configuration | |
| Enable or disable ICMPv4 redirects, as appropriate. CC ID 05148 | System hardening through configuration management | Configuration | |
| Enable or disable ICMPv6 redirects, as appropriate. CC ID 05149 | System hardening through configuration management | Configuration | |
| Configure ICMP timestamp broadcast request responses properly. CC ID 05151 | System hardening through configuration management | Configuration | |
| Configure Internet Control Message Protocol echo (ping) request responses properly. CC ID 05152 | System hardening through configuration management | Configuration | |
| Configure ICMP netmask request responses properly. CC ID 05153 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_CLASSES_ROOT properly. CC ID 05154 | System hardening through configuration management | Configuration | |
| Set the registry key HKLM\System\CurrentControlSet\Control\Session Manager\SubSystems\Os2 properly. CC ID 05155 | System hardening through configuration management | Configuration | |
| Set the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug\Debugger properly. CC ID 05156 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Regfile\Shell\Open\Command properly. CC ID 05157 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography properly. CC ID 05158 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hlp properly. CC ID 05159 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Classes\helpfile properly. CC ID 05160 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing properly. CC ID 05161 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais properly. CC ID 05162 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell properly. CC ID 05163 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony properly. CC ID 05164 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability properly. CC ID 05165 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell properly. CC ID 05166 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion properly. CC ID 05167 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech properly. CC ID 05168 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC properly. CC ID 05169 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem properly. CC ID 05170 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates properly. CC ID 05171 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports properly. CC ID 05172 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing properly. CC ID 05173 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Policies properly. CC ID 05174 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor properly. CC ID 05175 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ads\Providers\WinNT properly. CC ID 05176 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NWCOMPAT properly. CC ID 05177 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\NDS properly. CC ID 05178 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ADs\Providers\LDAP\Extensions properly. CC ID 05179 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots properly. CC ID 05180 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager properly. CC ID 05181 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Help properly. CC ID 05182 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip properly. CC ID 05183 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Non-Driver Signing properly. CC ID 05184 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DeviceManager properly. CC ID 05185 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ClipSrv\Security properly. CC ID 05186 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP properly. CC ID 05187 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent properly. CC ID 05188 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security properly. CC ID 05189 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI\Security properly. CC ID 05190 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Security properly. CC ID 05191 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\Security properly. CC ID 05192 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\Security properly. CC ID 05193 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Samss\Security properly. CC ID 05194 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security properly. CC ID 05195 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDEdsdm\Security properly. CC ID 05196 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility properly. CC ID 05197 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kdc\Security properly. CC ID 05198 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\Security properly. CC ID 05199 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services properly. CC ID 05200 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers properly. CC ID 05201 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network properly. CC ID 05202 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\LSA\Data properly. CC ID 05203 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\GBG properly. CC ID 05204 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Skew1 properly. CC ID 05205 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\JD properly. CC ID 05206 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control properly. CC ID 05207 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\wbem properly. CC ID 05208 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetDDE\Security properly. CC ID 05209 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font properly. CC ID 05210 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog properly. CC ID 05211 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Shares properly. CC ID 05212 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Windows 3.1 Migration Status properly. CC ID 05213 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Secure properly. CC ID 05214 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups properly. CC ID 05215 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon properly. CC ID 05216 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones properly. CC ID 05217 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping properly. CC ID 05218 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS properly. CC ID 05219 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper properly. CC ID 05220 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Compatibility properly. CC ID 05221 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDebug properly. CC ID 05222 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx properly. CC ID 05223 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce properly. CC ID 05224 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run properly. CC ID 05225 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows properly. CC ID 05226 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Secure properly. CC ID 05227 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RPC properly. CC ID 05228 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options properly. CC ID 05229 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole properly. CC ID 05230 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions properly. CC ID 05231 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout properly. CC ID 05232 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ContentIndex properly. CC ID 05233 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName properly. CC ID 05234 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy properly. CC ID 05235 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule properly. CC ID 05236 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost properly. CC ID 05237 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit properly. CC ID 05238 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList properly. CC ID 05239 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS properly. CC ID 05240 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 properly. CC ID 05241 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Classes properly. CC ID 05242 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion properly. CC ID 05243 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates properly. CC ID 05244 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows properly. CC ID 05245 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole properly. CC ID 05246 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers properly. CC ID 05247 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies properly. CC ID 05248 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSDTC\Security\XAKey properly. CC ID 05249 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UPnP Device Host properly. CC ID 05250 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ratings properly. CC ID 05251 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class properly. CC ID 05252 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Security properly. CC ID 05253 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNSCache properly. CC ID 05254 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ersvc\Security properly. CC ID 05255 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\Security properly. CC ID 05256 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt properly. CC ID 05257 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess properly. CC ID 05259 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Scarddrv\Security properly. CC ID 05260 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Stisvc\Security properly. CC ID 05261 | System hardening through configuration management | Configuration | |
| Set the registry permission for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries properly. CC ID 05262 | System hardening through configuration management | Configuration | |
| Configure the "audit the %SystemDrive% directory" setting to organizational standards. CC ID 10099 | System hardening through configuration management | Configuration | |
| Configure the "audit the HKEY_LOCAL_MACHINESOFTWARE registry key" setting to organizational standards. CC ID 10100 | System hardening through configuration management | Configuration | |
| Configure the "audit the HKEY_LOCAL_MACHINESYSTEM registry key" setting to organizational standards. CC ID 10101 | System hardening through configuration management | Configuration | |
| Configure the "%ProgramFiles%" directory permissions to organizational standards. CC ID 10102 | System hardening through configuration management | Configuration | |
| Configure the "%ProgramFiles%Resource Kit" directory permissions to organizational standards. CC ID 10103 | System hardening through configuration management | Configuration | |
| Configure the "%ProgramFiles%Resource Pro Kit" directory permissions to organizational standards. CC ID 10104 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%" directory permissions to organizational standards. CC ID 10105 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%AUTOEXEC.BAT" file permissions to organizational standards. CC ID 10106 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%BOOT.INI" file permissions to organizational standards. CC ID 10107 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%CONFIG.SYS" file permissions to organizational standards. CC ID 10108 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%Documents and Settings" file permissions to organizational standards. CC ID 10109 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%Documents and SettingsAdministrator" directory permissions to organizational standards. CC ID 10110 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%Documents and SettingsAll Users" directory permissions to organizational standards. CC ID 10111 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersDocumentsDrWatson" directory permissions to organizational standards. CC ID 10112 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersDocumentsDrWatsondrwtsn32.log" file permissions to organizational standards. CC ID 10113 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%Documents and SettingsDefault User" directory permissions to organizational standards. CC ID 10114 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%IO.SYS" file permissions to organizational standards. CC ID 10115 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%MSDOS.SYS" file permissions to organizational standards. CC ID 10116 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%NTBOOTDD.SYS" file permissions to organizational standards. CC ID 10117 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%NTDETECT.COM" file permissions to organizational standards. CC ID 10118 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%NTLDR" file permissions to organizational standards. CC ID 10119 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%Temp" directory permissions to organizational standards. CC ID 10120 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%My Download Files" directory permissions to organizational standards. CC ID 10121 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%System Volume Information" file permissions to organizational standards. CC ID 10122 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%" directory permissions to organizational standards. CC ID 10123 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Driver CacheI386Driver.cab" directory permissions to organizational standards. CC ID 10124 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%$NtServicePackUninstall$" directory permissions to organizational standards. CC ID 10125 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%$NtServicePackUninstall$" directory permissions to organizational standards. CC ID 10126 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%$NtUninstall*" directories permissions to organizational standards. CC ID 10127 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%CSC" directory permissions to organizational standards. CC ID 10128 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Debug" directory permissions to organizational standards. CC ID 10129 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%DebugUserMode" directory permissions to organizational standards. CC ID 10130 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot% egedit.exe" file permissions to organizational standards. CC ID 10131 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%NTDS" directory permissions to organizational standards. CC ID 10132 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Offline Web Pages" directory permissions to organizational standards. CC ID 10133 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Registration" directory permissions to organizational standards. CC ID 10134 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot% epair" directory permissions to organizational standards. CC ID 10135 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%security" directory permissions to organizational standards. CC ID 10136 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%SYSVOL" directory permissions to organizational standards. CC ID 10137 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%SYSVOLdomainPolicies" directory permissions to organizational standards. CC ID 10138 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Temp" directory permissions to organizational standards. CC ID 10139 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32" directory permissions to organizational standards. CC ID 10140 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32arp.exe" directory permissions to organizational standards. CC ID 10141 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32at.exe" file permissions to organizational standards. CC ID 10142 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32CONFIG" file permissions to organizational standards. CC ID 10143 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32CONFIGAppEvent.evt" file permissions to organizational standards. CC ID 10144 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32CONFIG*.evt" file permissions to organizational standards. CC ID 10145 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32dllcache" directory permissions to organizational standards. CC ID 10146 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32DTCLog" directory permissions to organizational standards. CC ID 10147 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32GroupPolicy" directory permissions to organizational standards. CC ID 10148 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32ias" directory permissions to organizational standards. CC ID 10149 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32Ntbackup.exe" file permissions to organizational standards. CC ID 10150 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32NTMSData" directory permissions to organizational standards. CC ID 10151 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32Rcp.exe" file permissions to organizational standards. CC ID 10152 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32Regedt32.exe" file permissions to organizational standards. CC ID 10153 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%system32ReinstallBackups" directory permissions to organizational standards. CC ID 10154 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32Rexec.exe" file permissions to organizational standards. CC ID 10155 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32Rsh.exe" file permissions to organizational standards. CC ID 10156 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32Secedit.exe" file permissions to organizational standards. CC ID 10157 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32Setup" directory permissions to organizational standards. CC ID 10158 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 epl" directory permissions to organizational standards. CC ID 10159 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 eplexport" directory permissions to organizational standards. CC ID 10160 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 eplimport" directory permissions to organizational standards. CC ID 10161 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32spoolPrinters" directory permissions to organizational standards. CC ID 10162 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Tasks" directory permissions to organizational standards. CC ID 10163 | System hardening through configuration management | Configuration | |
| Configure the "%ALL%Program FilesMQSeries" directory permissions to organizational standards. CC ID 10164 | System hardening through configuration management | Configuration | |
| Configure the "%ALL%Program FilesMQSeriesqmggr" directory permissions to organizational standards. CC ID 10165 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%Documents and SettingsAll UsersApplication DataMicrosoftHTML Help ACL" directory permissions to organizational standards. CC ID 10166 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%WINNTSECURITYDatabaseSECEDIT.SDB ACL" directory permissions to organizational standards. CC ID 10167 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_CLASSES_ROOT" registry key permissions to organizational standards. CC ID 10168 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWARE" registry key permissions to organizational standards. CC ID 10169 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasses" registry key permissions to organizational standards. CC ID 10170 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClassesRegfileShellOpenCommand" registry key permissions to organizational standards. CC ID 10171 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftNetDDE" registry key permissions to organizational standards. CC ID 10172 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftOS/2 Subsystem for NT" registry key permissions to organizational standards. CC ID 10173 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAsrCommands" registry key permissions to organizational standards. CC ID 10174 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPerflib" registry key permissions to organizational standards. CC ID 10175 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup Policy" registry key permissions to organizational standards. CC ID 10176 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInstaller" registry key permissions to organizational standards. CC ID 10177 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPolicies" registry key permissions to organizational standards. CC ID 10178 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEM" registry key permissions to organizational standards. CC ID 10179 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMclone" registry key permissions to organizational standards. CC ID 10180 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset001" registry key permissions to organizational standards. CC ID 10181 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset002" registry key permissions to organizational standards. CC ID 10182 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset003" registry key permissions to organizational standards. CC ID 10183 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset004" registry key permissions to organizational standards. CC ID 10184 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset005" registry key permissions to organizational standards. CC ID 10185 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset006" registry key permissions to organizational standards. CC ID 10186 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset007" registry key permissions to organizational standards. CC ID 10187 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset008" registry key permissions to organizational standards. CC ID 10188 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset009" registry key permissions to organizational standards. CC ID 10189 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMcontrolset010" registry key permissions to organizational standards. CC ID 10190 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServerswinreg" registry key permissions to organizational standards. CC ID 10191 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlWmiSecurity" registry key permissions to organizational standards. CC ID 10192 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum" registry key permissions to organizational standards. CC ID 10193 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetHardware Profiles" registry key permissions to organizational standards. CC ID 10194 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersPermittedManagers" registry key permissions to organizational standards. CC ID 10195 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSNMPParametersValidCommunities" registry key permissions to organizational standards. CC ID 10196 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_USERS.DEFAULT " registry key permissions to organizational standards. CC ID 10197 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftNetDDE" registry key permissions to organizational standards. CC ID 10198 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftProtected Storage System Provider" registry key permissions to organizational standards. CC ID 10199 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_CLASSES_ROOT" registry key permissions to organizational standards. CC ID 10200 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 unas.exe" file permissions to organizational standards. CC ID 10222 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAEDebugDebugger" registry key to organizational standards. CC ID 10233 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%perflogs" directory permissions to organizational standards. CC ID 10266 | System hardening through configuration management | Configuration | |
| Configure the "%SystemDrive%i386" directory permissions to organizational standards. CC ID 10267 | System hardening through configuration management | Configuration | |
| Configure the "%ProgramFiles%Common FilesSpeechEnginesTTS" directory permissions to organizational standards. CC ID 10268 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%\_default.plf" file permissions to organizational standards. CC ID 10269 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%addins" directory permissions to organizational standards. CC ID 10270 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%appPatch" directory permissions to organizational standards. CC ID 10271 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%clock.avi" file permissions to organizational standards. CC ID 10272 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Connection Wizard" directory permissions to organizational standards. CC ID 10273 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Driver Cache" file permissions to organizational standards. CC ID 10274 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%explorer.scf" file permissions to organizational standards. CC ID 10275 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%explorer.exe" file permissions to organizational standards. CC ID 10276 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Help" directory permissions to organizational standards. CC ID 10277 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%infunregmp2.exe" file permissions to organizational standards. CC ID 10278 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Java" directory permissions to organizational standards. CC ID 10279 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%mib.bin" file permissions to organizational standards. CC ID 10280 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%msagent" directory permissions to organizational standards. CC ID 10281 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%msdfmap.ini" file permissions to organizational standards. CC ID 10282 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%mui" directory permissions to organizational standards. CC ID 10283 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%security emplates" directory permissions to organizational standards. CC ID 10284 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%speech" directory permissions to organizational standards. CC ID 10285 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%system.ini" file permissions to organizational standards. CC ID 10286 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%systemsetup.inf" file permissions to organizational standards. CC ID 10287 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%systemstdole.tlb" file permissions to organizational standards. CC ID 10288 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot% wain_32" directory permissions to organizational standards. CC ID 10289 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32cacls.exe" directory permissions to organizational standards. CC ID 10290 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32attrib.exe" directory permissions to organizational standards. CC ID 10291 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32CatRoot" directory permissions to organizational standards. CC ID 10292 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32configsystemprofile" directory permissions to organizational standards. CC ID 10293 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32debug.exe" file permissions to organizational standards. CC ID 10294 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32dhcp" directory permissions to organizational standards. CC ID 10295 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32drivers" directory permissions to organizational standards. CC ID 10296 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32eventtriggers.exe" file permissions to organizational standards. CC ID 10297 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32edlin.exe" file permissions to organizational standards. CC ID 10298 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32eventcreate.exe" file permissions to organizational standards. CC ID 10299 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32Export" directory permissions to organizational standards. CC ID 10300 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32ipconfig.exe" file permissions to organizational standards. CC ID 10301 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32\nslookup.exe" file permissions to organizational standards CC ID 10302 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 etstat.exe" file permissions to organizational standards. CC ID 10303 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 btstat.exe" file permissions to organizational standards. CC ID 10304 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32ftp.exe" file permissions to organizational standards. CC ID 10305 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32LogFiles" directory permissions to organizational standards. CC ID 10306 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32mshta.exe" file permissions to organizational standards. CC ID 10307 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32mui" directory permissions to organizational standards. CC ID 10308 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 et.exe" file permissions to organizational standards. CC ID 10309 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 etsh.exe" file permissions to organizational standards. CC ID 10310 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 et1.exe" file permissions to organizational standards. CC ID 10311 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 eg.exe" file permissions to organizational standards. CC ID 10312 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 egini.exe" file permissions to organizational standards. CC ID 10313 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 egsvr32.exe" file permissions to organizational standards. CC ID 10314 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 oute.exe" file permissions to organizational standards. CC ID 10315 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32sc.exe" file permissions to organizational standards. CC ID 10316 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32ShellExt" directory permissions to organizational standards. CC ID 10317 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32subst.exe" file permissions to organizational standards. CC ID 10318 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32systeminfo.exe" file permissions to organizational standards. CC ID 10319 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 elnet.exe" file permissions to organizational standards. CC ID 10320 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 ftp.exe" file permissions to organizational standards. CC ID 10321 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32wbem" directory permissions to organizational standards. CC ID 10322 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32 lntsvr.exe" file permissions to organizational standards. CC ID 10323 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32wbemmof" directory permissions to organizational standards. CC ID 10324 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32wbem epository" directory permissions to organizational standards. CC ID 10325 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32wbemlogs" directory permissions to organizational standards. CC ID 10326 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography" registry key permissions to organizational standards. CC ID 10327 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasses.hlp" registry key permissions to organizational standards. CC ID 10328 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREClasseshelpfile" registry key permissions to organizational standards. CC ID 10329 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftTracing" registry key permissions to organizational standards. CC ID 10330 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptographyCalais" registry key permissions to organizational standards. CC ID 10331 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShell" registry key permissions to organizational standards. CC ID 10332 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionTelephony" registry key permissions to organizational standards. CC ID 10333 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionReliability" registry key permissions to organizational standards. CC ID 10334 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerUser Shell" registry key permissions to organizational standards. CC ID 10335 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion" registry key permissions to organizational standards. CC ID 10336 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSpeech" registry key permissions to organizational standards. CC ID 10337 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftMSDTC" registry key permissions to organizational standards. CC ID 10338 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEventSystem" registry key permissions to organizational standards. CC ID 10339 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEnterpriseCertificates" registry key permissions to organizational standards. CC ID 10340 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPorts" registry key permissions to organizational standards. CC ID 10341 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftDriver Signing" registry key permissions to organizational standards. CC ID 10342 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREPolicies" registry key permissions to organizational standards. CC ID 10343 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor" registry key permissions to organizational standards. CC ID 10344 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdsProvidersWinNT" registry key permissions to organizational standards. CC ID 10345 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersNWCOMPAT" registry key permissions to organizational standards. CC ID 10346 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersNDS" registry key permissions to organizational standards. CC ID 10347 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftADsProvidersLDAPExtensions" registry key permissions to organizational standards. CC ID 10348 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftSystemCertificatesRootProtectedRoots" registry key permissions to organizational standards. CC ID 10349 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession Manager" registry key permissions to organizational standards. CC ID 10350 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsHelp" registry key permissions to organizational standards. CC ID 10351 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpip" registry key permissions to organizational standards. CC ID 10352 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftNon-Driver Signing" registry key permissions to organizational standards. CC ID 10353 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftDeviceManager" registry key permissions to organizational standards. CC ID 10354 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesClipSrvSecurity" registry key permissions to organizational standards. CC ID 10355 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDHCP" registry key permissions to organizational standards. CC ID 10356 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlServiceCurrent" registry key permissions to organizational standards. CC ID 10357 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLogSecurity" registry key permissions to organizational standards. CC ID 10358 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWMISecurity" registry key permissions to organizational standards. CC ID 10359 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeSecurity" registry key permissions to organizational standards. CC ID 10360 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTapiSrvSecurity" registry key permissions to organizational standards. CC ID 10361 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSCardSvrSecurity" registry key permissions to organizational standards. CC ID 10362 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSamssSecurity" registry key permissions to organizational standards. CC ID 10363 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRpcSsSecurity" registry key permissions to organizational standards. CC ID 10364 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDEdsdmSecurity" registry key permissions to organizational standards. CC ID 10365 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAccessibility" registry key permissions to organizational standards. CC ID 10366 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceskdcSecurity" registry key permissions to organizational standards. CC ID 10367 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesAppMgmtSecurity" registry key permissions to organizational standards. CC ID 10368 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices" registry key permissions to organizational standards. CC ID 10369 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurePipeServers" registry key permissions to organizational standards. CC ID 10370 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlNetwork" registry key permissions to organizational standards. CC ID 10371 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAData" registry key permissions to organizational standards. CC ID 10372 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAGBG" registry key permissions to organizational standards. CC ID 10373 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSASkew1" registry key permissions to organizational standards. CC ID 10374 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLSAJD" registry key permissions to organizational standards. CC ID 10375 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl" registry key permissions to organizational standards. CC ID 10376 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftwbem" registry key permissions to organizational standards. CC ID 10377 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetDDESecurity" registry key permissions to organizational standards. CC ID 10378 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFont" registry key permissions to organizational standards. CC ID 10379 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesEventLog" registry key permissions to organizational standards. CC ID 10380 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerShares" registry key permissions to organizational standards. CC ID 10381 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREWindows 3.1 Migration Status" registry key permissions to organizational standards. CC ID 10382 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWARESecure" registry key permissions to organizational standards. CC ID 10383 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREProgram Groups" registry key permissions to organizational standards. CC ID 10384 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon" registry key permissions to organizational standards. CC ID 10385 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTime Zones" registry key permissions to organizational standards. CC ID 10386 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIniFileMapping" registry key permissions to organizational standards. CC ID 10387 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesUPS" registry key permissions to organizational standards. CC ID 10388 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontMapper" registry key permissions to organizational standards. CC ID 10389 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionCompatibility" registry key permissions to organizational standards. CC ID 10390 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAEDebug" registry key permissions to organizational standards. CC ID 10391 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnceEx" registry key permissions to organizational standards. CC ID 10392 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce" registry key permissions to organizational standards. CC ID 10393 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" registry key permissions to organizational standards. CC ID 10394 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows" registry key permissions to organizational standards. CC ID 10395 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecure" registry key permissions to organizational standards. CC ID 10396 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftRPC" registry key permissions to organizational standards. CC ID 10397 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options" registry key permissions to organizational standards. CC ID 10398 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSetupRecoveryConsole" registry key permissions to organizational standards. CC ID 10399 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlProductOptions" registry key permissions to organizational standards. CC ID 10400 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlKeyboard Layout" registry key permissions to organizational standards. CC ID 10401 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlContentIndex" registry key permissions to organizational standards. CC ID 10402 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlComputerName" registry key permissions to organizational standards. CC ID 10403 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionGroup Policy" registry key permissions to organizational standards. CC ID 10404 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSchedule" registry key permissions to organizational standards. CC ID 10405 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost" registry key permissions to organizational standards. CC ID 10406 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSecEdit" registry key permissions to organizational standards. CC ID 10407 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList" registry key permissions to organizational standards. CC ID 10408 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionEFS" registry key permissions to organizational standards. CC ID 10409 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDrivers32" registry key permissions to organizational standards. CC ID 10410 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionClasses" registry key permissions to organizational standards. CC ID 10411 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion" registry key permissions to organizational standards. CC ID 10412 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftSystemCertificates" registry key permissions to organizational standards. CC ID 10413 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows" registry key permissions to organizational standards. CC ID 10414 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%Web" directory permissions to organizational standards. CC ID 10415 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle" registry key permissions to organizational standards. CC ID 10416 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintPrinters" registry key permissions to organizational standards. CC ID 10417 | System hardening through configuration management | Configuration | |
| Configure the "HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionPolicies" registry key permissions to organizational standards. CC ID 10418 | System hardening through configuration management | Configuration | |
| Apply the appropriate warning message to systems. CC ID 01596 | System hardening through configuration management | Configuration | |
| Create a warning message for standard logon services. CC ID 01597 | System hardening through configuration management | Configuration | |
| Create a warning message for graphical logons. CC ID 01598 | System hardening through configuration management | Configuration | |
| Create a warning message for terminal session logons. CC ID 06564 | System hardening through configuration management | Configuration | |
| Create a warning message for FTP daemon. CC ID 01599 | System hardening through configuration management | Configuration | |
| Create a warning message for telnet daemon. CC ID 01600 | System hardening through configuration management | Configuration | |
| Create a power on warning message. CC ID 01601 | System hardening through configuration management | Configuration | |
| Enable the Kerberos TGT expiration warning, as appropriate. CC ID 05263 | System hardening through configuration management | Configuration | |
| Configure the sendmail greeting properly. CC ID 05264 | System hardening through configuration management | Configuration | |
| Set the Electrically-Erasable Programmable Read-Only Memory warning message properly. CC ID 05265 | System hardening through configuration management | Configuration | |
| Set the warning messages switchpoint distance to an appropriate value. CC ID 05266 | System hardening through configuration management | Configuration | |
| Enable logon authentication management techniques. CC ID 00553 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | System hardening through configuration management | Configuration | |
| Configure the system to log all access attempts to all systems. CC ID 00554 | System hardening through configuration management | Configuration | |
| Include the date and time that access was granted in the system record. CC ID 15174 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include the access level granted in the system record. CC ID 15173 | System hardening through configuration management | Establish/Maintain Documentation | |
| Include when access is withdrawn in the system record. CC ID 15172 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure devices and users to re-authenticate, as necessary. CC ID 10609 | System hardening through configuration management | Configuration | |
| Restrict logons by specified source addresses. CC ID 16394 | System hardening through configuration management | Technical Security | |
| Configure the "Lockout Enabled" setting to organizational standards. CC ID 09859 | System hardening through configuration management | Configuration | |
| Prohibit the use of cached authenticators and credentials after a defined period of time. CC ID 10610 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain authenticators. CC ID 15305 | System hardening through configuration management | Technical Security | |
| Establish, implement, and maintain an authenticator standard. CC ID 01702 | System hardening through configuration management | Establish/Maintain Documentation | |
| Disallow personal data in authenticators. CC ID 13864 | System hardening through configuration management | Technical Security | |
| Establish, implement, and maintain an authenticator management system. CC ID 12031 | System hardening through configuration management | Establish/Maintain Documentation | |
| Establish, implement, and maintain a repository of authenticators. CC ID 16372 | System hardening through configuration management | Data and Information Management | |
| Establish, implement, and maintain authenticator procedures. CC ID 12002 | System hardening through configuration management | Establish/Maintain Documentation | |
| Restrict access to authentication files to authorized personnel, as necessary. CC ID 12127 | System hardening through configuration management | Technical Security | |
| Configure authenticators to comply with organizational standards. CC ID 06412 | System hardening through configuration management | Configuration | |
| Configure the system to require new users to change their authenticator on first use. CC ID 05268 | System hardening through configuration management | Configuration | |
| Configure authenticators so that group authenticators or shared authenticators are prohibited. CC ID 00519 | System hardening through configuration management | Configuration | |
| Configure the system to prevent unencrypted authenticator use. CC ID 04457 | System hardening through configuration management | Configuration | |
| Disable store passwords using reversible encryption. CC ID 01708 | System hardening through configuration management | Configuration | |
| Configure the system to encrypt authenticators. CC ID 06735 | System hardening through configuration management | Configuration | |
| Configure the system to mask authenticators. CC ID 02037 | System hardening through configuration management | Configuration | |
| Configure the authenticator policy to ban the use of usernames or user identifiers in authenticators. CC ID 05992 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of digits required for new passwords" setting to organizational standards. CC ID 08717 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "minimum number of upper case characters required for new passwords" setting to organizational standards. CC ID 08718 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the system to refrain from specifying the type of information used as password hints. CC ID 13783 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of lower case characters required for new passwords" setting to organizational standards. CC ID 08719 | System hardening through configuration management | Establish/Maintain Documentation | |
| Disable machine account password changes. CC ID 01737 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of special characters required for new passwords" setting to organizational standards. CC ID 08720 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "require new passwords to differ from old ones by the appropriate minimum number of characters" setting to organizational standards. CC ID 08722 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "password reuse" setting to organizational standards. CC ID 08724 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Disable Remember Password" setting. CC ID 05270 | System hardening through configuration management | Configuration | |
| Configure the "Minimum password age" to organizational standards. CC ID 01703 | System hardening through configuration management | Configuration | |
| Configure the LILO/GRUB password. CC ID 01576 | System hardening through configuration management | Configuration | |
| Configure the system to use Apple's Keychain Access to store passwords and certificates. CC ID 04481 | System hardening through configuration management | Configuration | |
| Change the default password to Apple's Keychain. CC ID 04482 | System hardening through configuration management | Configuration | |
| Configure Apple's Keychain items to ask for the Keychain password. CC ID 04483 | System hardening through configuration management | Configuration | |
| Configure the Syskey Encryption Key and associated password. CC ID 05978 | System hardening through configuration management | Configuration | |
| Configure the "Accounts: Limit local account use of blank passwords to console logon only" setting. CC ID 04505 | System hardening through configuration management | Configuration | |
| Configure the "System cryptography: Force strong key protection for user keys stored in the computer" setting. CC ID 04534 | System hardening through configuration management | Configuration | |
| Configure interactive logon for accounts that do not have assigned authenticators in accordance with organizational standards. CC ID 05267 | System hardening through configuration management | Configuration | |
| Enable or disable remote connections from accounts with empty authenticators, as appropriate. CC ID 05269 | System hardening through configuration management | Configuration | |
| Configure the "Send LanMan compatible password" setting. CC ID 05271 | System hardening through configuration management | Configuration | |
| Configure the authenticator policy to ban or allow authenticators as words found in dictionaries, as appropriate. CC ID 05993 | System hardening through configuration management | Configuration | |
| Set the most number of characters required for the BitLocker Startup PIN correctly. CC ID 06054 | System hardening through configuration management | Configuration | |
| Set the default folder for BitLocker recovery passwords correctly. CC ID 06055 | System hardening through configuration management | Configuration | |
| Notify affected parties to keep authenticators confidential. CC ID 06787 | System hardening through configuration management | Behavior | |
| Discourage affected parties from recording authenticators. CC ID 06788 | System hardening through configuration management | Behavior | |
| Configure the "shadow password for all accounts in /etc/passwd" setting to organizational standards. CC ID 08721 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "password hashing algorithm" setting to organizational standards. CC ID 08723 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Disable password strength validation for Peer Grouping" setting to organizational standards. CC ID 10866 | System hardening through configuration management | Configuration | |
| Configure the "Set the interval between synchronization retries for Password Synchronization" setting to organizational standards. CC ID 11185 | System hardening through configuration management | Configuration | |
| Configure the "Set the number of synchronization retries for servers running Password Synchronization" setting to organizational standards. CC ID 11187 | System hardening through configuration management | Configuration | |
| Configure the "Turn off password security in Input Panel" setting to organizational standards. CC ID 11296 | System hardening through configuration management | Configuration | |
| Configure the "Turn on the Windows to NIS password synchronization for users that have been migrated to Active Directory" setting to organizational standards. CC ID 11355 | System hardening through configuration management | Configuration | |
| Configure the authenticator display screen to organizational standards. CC ID 13794 | System hardening through configuration management | Configuration | |
| Configure the authenticator field to disallow memorized secrets found in the memorized secret list. CC ID 13808 | System hardening through configuration management | Configuration | |
| Configure the authenticator display screen to display the memorized secret as an option. CC ID 13806 | System hardening through configuration management | Configuration | |
| Disseminate and communicate with the end user when a memorized secret entered into an authenticator field matches one found in the memorized secret list. CC ID 13807 | System hardening through configuration management | Communicate | |
| Configure the memorized secret verifiers to refrain from allowing anonymous users to access memorized secret hints. CC ID 13823 | System hardening through configuration management | Configuration | |
| Configure the system to allow paste functionality for the authenticator field. CC ID 13819 | System hardening through configuration management | Configuration | |
| Configure the system to require successful authentication before an authenticator for a user account is changed. CC ID 13821 | System hardening through configuration management | Configuration | |
| Protect authenticators or authentication factors from unauthorized modification and disclosure. CC ID 15317 | System hardening through configuration management | Technical Security | |
| Obscure authentication information during the login process. CC ID 15316 | System hardening through configuration management | Configuration | |
| Change authenticators, as necessary. CC ID 15315 | System hardening through configuration management | Configuration | |
| Implement safeguards to protect authenticators from unauthorized access. CC ID 15310 | System hardening through configuration management | Technical Security | |
| Change all default authenticators. CC ID 15309 | System hardening through configuration management | Configuration | |
| Configure each system's security alerts to organizational standards. CC ID 12113 | System hardening through configuration management | Technical Security | |
| Configure the system to issue a security alert when an administrator account is created. CC ID 12122 | System hardening through configuration management | Configuration | |
| Configure the system security parameters to prevent system misuse or information misappropriation. CC ID 00881 | System hardening through configuration management | Configuration | |
| Configure Hypertext Transfer Protocol headers in accordance with organizational standards. CC ID 16851 | System hardening through configuration management | Configuration | |
| Configure Hypertext Transfer Protocol security headers in accordance with organizational standards. CC ID 16488 | System hardening through configuration management | Configuration | |
| Configure "Enable Structured Exception Handling Overwrite Protection (SEHOP)" to organizational standards. CC ID 15385 | System hardening through configuration management | Configuration | |
| Configure Microsoft Attack Surface Reduction rules in accordance with organizational standards. CC ID 16478 | System hardening through configuration management | Configuration | |
| Configure "Remote host allows delegation of non-exportable credentials" to organizational standards. CC ID 15379 | System hardening through configuration management | Configuration | |
| Configure "Configure enhanced anti-spoofing" to organizational standards. CC ID 15376 | System hardening through configuration management | Configuration | |
| Configure "Block user from showing account details on sign-in" to organizational standards. CC ID 15374 | System hardening through configuration management | Configuration | |
| Configure "Configure Attack Surface Reduction rules" to organizational standards. CC ID 15370 | System hardening through configuration management | Configuration | |
| Configure "Turn on e-mail scanning" to organizational standards. CC ID 15361 | System hardening through configuration management | Configuration | |
| Configure "Prevent users and apps from accessing dangerous websites" to organizational standards. CC ID 15359 | System hardening through configuration management | Configuration | |
| Configure "Enumeration policy for external devices incompatible with Kernel DMA Protection" to organizational standards. CC ID 15352 | System hardening through configuration management | Configuration | |
| Configure "Prevent Internet Explorer security prompt for Windows Installer scripts" to organizational standards. CC ID 15351 | System hardening through configuration management | Configuration | |
| Store state information from applications and software separately. CC ID 14767 | System hardening through configuration management | Configuration | |
| Configure the "aufs storage" to organizational standards. CC ID 14461 | System hardening through configuration management | Configuration | |
| Configure the "AppArmor Profile" to organizational standards. CC ID 14496 | System hardening through configuration management | Configuration | |
| Configure the "device" argument to organizational standards. CC ID 14536 | System hardening through configuration management | Configuration | |
| Configure the "Docker" group ownership to organizational standards. CC ID 14495 | System hardening through configuration management | Configuration | |
| Configure the "Docker" user ownership to organizational standards. CC ID 14505 | System hardening through configuration management | Configuration | |
| Configure "Allow upload of User Activities" to organizational standards. CC ID 15338 | System hardening through configuration management | Configuration | |
| Configure the system to restrict Core dumps to a protected directory. CC ID 01513 | System hardening through configuration management | Configuration | |
| Configure the system to enable Stack protection. CC ID 01514 | System hardening through configuration management | Configuration | |
| Configure the system to restrict NFS client requests to privileged ports. CC ID 01515 | System hardening through configuration management | Configuration | |
| Configure the system to use better TCP Sequence Numbers. CC ID 01516 | System hardening through configuration management | Configuration | |
| Configure the system to a default secure level. CC ID 01519 | System hardening through configuration management | Configuration | |
| Configure the system to block users from viewing un-owned processes. CC ID 01520 | System hardening through configuration management | Configuration | |
| Configure the system to block users from viewing processes in other groups. CC ID 01521 | System hardening through configuration management | Configuration | |
| Add the "nosuid" option to /etc/rmmount.conf. CC ID 01532 | System hardening through configuration management | Configuration | |
| Configure the system to block non-privileged mountd requests. CC ID 01533 | System hardening through configuration management | Configuration | |
| Use host-based or Internet Protocol-based export lists for mountd. CC ID 06887 | System hardening through configuration management | Configuration | |
| Add the "nodev" option to the appropriate partitions in /etc/fstab. CC ID 01534 | System hardening through configuration management | Configuration | |
| Add the "nosuid" option and "nodev" option for removable storage media in the /etc/fstab file. CC ID 01535 | System hardening through configuration management | Configuration | |
| Configure the sticky bit on world-writable directories. CC ID 01540 | System hardening through configuration management | Configuration | |
| Verify system files are not world-writable. CC ID 01546 | System hardening through configuration management | Technical Security | |
| Verify backup directories containing patches are not accessible. CC ID 01547 | System hardening through configuration management | Technical Security | |
| Run hp_checkperms. CC ID 01548 | System hardening through configuration management | Configuration | |
| Run fix-modes. CC ID 01549 | System hardening through configuration management | Configuration | |
| Convert the system to "Trusted Mode", if possible. CC ID 01550 | System hardening through configuration management | Configuration | |
| Configure the sadmind service to a higher Security level. CC ID 01551 | System hardening through configuration management | Configuration | |
| Use host-based or Internet Protocol-based export lists for sadmind. CC ID 06886 | System hardening through configuration management | Configuration | |
| Configure all.rhosts files to be readable only by their owners. CC ID 01557 | System hardening through configuration management | Configuration | |
| Set the symlink /etc/hosts.equiv file to /dev/null. CC ID 01558 | System hardening through configuration management | Configuration | |
| Configure the default locking Screen saver timeout to a predetermined time period. CC ID 01570 | System hardening through configuration management | Configuration | |
| Configure the Security Center (Domain PCs only). CC ID 01967 | System hardening through configuration management | Configuration | |
| Configure the system to immediately protect the computer after the Screen saver is activated by setting the time before the Screen saver grace period expires to a predefined amount. CC ID 04276 | System hardening through configuration management | Configuration | |
| Configure the system to require a password before it unlocks the Screen saver software. CC ID 04443 | System hardening through configuration management | Configuration | |
| Enable the safe DLL search mode. CC ID 04273 | System hardening through configuration management | Configuration | |
| Configure the computer to stop generating 8.3 filename formats. CC ID 04274 | System hardening through configuration management | Configuration | |
| Configure the system to use certificate rules for software restriction policies. CC ID 04266 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow drive redirection" setting. CC ID 04316 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the 'Publish to Web' task for files and folders" setting. CC ID 04328 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Internet download for Web publishing and online ordering wizards" setting. CC ID 04329 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Search Companion content file updates" setting. CC ID 04331 | System hardening through configuration management | Configuration | |
| Configure the "Turn off printing over HTTP" setting. CC ID 04332 | System hardening through configuration management | Configuration | |
| Configure the "Turn off downloading of print drivers over HTTP" setting. CC ID 04333 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Update device driver searching" setting. CC ID 04334 | System hardening through configuration management | Configuration | |
| Configure the "Display Error Notification" setting to organizational standards. CC ID 04335 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows error reporting" setting to organizational standards. CC ID 04336 | System hardening through configuration management | Configuration | |
| Configure the "Disable software update shell notifications on program launch" setting. CC ID 04339 | System hardening through configuration management | Configuration | |
| Configure the "Make proxy settings per-machine (rather than per-user)" setting. CC ID 04341 | System hardening through configuration management | Configuration | |
| Configure the "Security Zones: Do not allow users to add/delete sites" setting. CC ID 04342 | System hardening through configuration management | Configuration | |
| Configure the "Security Zones: Do not allow users to change policies" setting. CC ID 04343 | System hardening through configuration management | Configuration | |
| Configure the "Security Zones: Use only machine settings" setting. CC ID 04344 | System hardening through configuration management | Configuration | |
| Configure the "Allow software to run or install even if the signature is invalid" setting. CC ID 04346 | System hardening through configuration management | Configuration | |
| Configure the "internet explorer processes (scripted window security restrictions)" setting. CC ID 04350 | System hardening through configuration management | Configuration | |
| Configure the "internet explorer processes (zone elevation protection)" setting. CC ID 04351 | System hardening through configuration management | Configuration | |
| Configure the "Prevent access to registry editing tools" setting. CC ID 04355 | System hardening through configuration management | Configuration | |
| Configure the "Do not preserve zone information in file attachments" setting. CC ID 04357 | System hardening through configuration management | Configuration | |
| Configure the "Hide mechanisms to remove zone information" setting. CC ID 04358 | System hardening through configuration management | Configuration | |
| Configure the "Notify antivirus programs when opening attachments" setting. CC ID 04359 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook Express" setting. CC ID 04360 | System hardening through configuration management | Configuration | |
| Configure the "Disable Changing Automatic Configuration settings" setting. CC ID 04361 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing certificate settings" setting. CC ID 04362 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing connection settings" setting. CC ID 04363 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing proxy settings" setting. CC ID 04364 | System hardening through configuration management | Configuration | |
| Configure the "Turn on the auto-complete feature for user names and passwords on forms" setting. CC ID 04365 | System hardening through configuration management | Configuration | |
| Configure the NetWare bindery contexts. CC ID 04444 | System hardening through configuration management | Configuration | |
| Configure the NetWare console's SECURE.NCF settings. CC ID 04445 | System hardening through configuration management | Configuration | |
| Configure the CPU Hog Timeout setting. CC ID 04446 | System hardening through configuration management | Configuration | |
| Configure the "Check Equivalent to Me" setting. CC ID 04463 | System hardening through configuration management | Configuration | |
| Configure the /etc/sshd_config file. CC ID 04475 | System hardening through configuration management | Configuration | |
| Configure the .Mac preferences. CC ID 04484 | System hardening through configuration management | Configuration | |
| Configure the Fast User Switching setting. CC ID 04485 | System hardening through configuration management | Configuration | |
| Configure the Recent Items List (servers, applications, documents) setting. CC ID 04486 | System hardening through configuration management | Configuration | |
| Configure Apple's Dock preferences. CC ID 04487 | System hardening through configuration management | Configuration | |
| Configure the "ulimit" to organizational standards. CC ID 14499 | System hardening through configuration management | Configuration | |
| Configure the Energy Saver preferences. CC ID 04488 | System hardening through configuration management | Configuration | |
| Configure the local system search preferences to directories that do not contain restricted data or restricted information. CC ID 04492 | System hardening through configuration management | Configuration | |
| Digitally sign and encrypt e-mail, as necessary. CC ID 04493 | System hardening through configuration management | Technical Security | |
| Manage temporary files, as necessary. CC ID 04847 | System hardening through configuration management | Technical Security | |
| Configure the computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender properly. CC ID 05282 | System hardening through configuration management | Configuration | |
| Enable or disable the ability of users to perform interactive startups, as appropriate. CC ID 05283 | System hardening through configuration management | Configuration | |
| Set the /etc/passwd file's NIS file inclusions properly. CC ID 05284 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Help Ratings" setting. CC ID 05285 | System hardening through configuration management | Configuration | |
| Configure the "Decoy Admin Account Not Disabled" policy properly. CC ID 05286 | System hardening through configuration management | Configuration | |
| Configure the "Additional restrictions for anonymous connections" policy properly. CC ID 05287 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous access to the registry" policy properly. CC ID 05288 | System hardening through configuration management | Configuration | |
| Configure the File System Checker and Popups setting. CC ID 05289 | System hardening through configuration management | Configuration | |
| Configure the System File Checker setting. CC ID 05290 | System hardening through configuration management | Configuration | |
| Configure the System File Checker Progress Meter setting. CC ID 05291 | System hardening through configuration management | Configuration | |
| Configure the Protect Kernel object attributes properly. CC ID 05292 | System hardening through configuration management | Configuration | |
| Configure the "Deleted Cached Copies of Roaming Profiles" policy properly. CC ID 05293 | System hardening through configuration management | Configuration | |
| Verify that the X*.hosts file lists all authorized X-clients. CC ID 05294 | System hardening through configuration management | Configuration | |
| Verify all files are owned by an existing account and group. CC ID 05295 | System hardening through configuration management | Configuration | |
| Verify programs executed through the aliases file are owned by an appropriate user or group. CC ID 05296 | System hardening through configuration management | Configuration | |
| Verify programs executed through the aliases file are stored in a directory with an appropriate owner. CC ID 05297 | System hardening through configuration management | Configuration | |
| Verify the at directory is owned by an appropriate user or group. CC ID 05298 | System hardening through configuration management | Configuration | |
| Verify the at.allow file is owned by an appropriate user or group. CC ID 05299 | System hardening through configuration management | Configuration | |
| Verify the at.deny file is owned by an appropriate user or group. CC ID 05300 | System hardening through configuration management | Configuration | |
| Verify the crontab directories are owned by an appropriate user or group. CC ID 05302 | System hardening through configuration management | Configuration | |
| Verify the cron.allow file is owned by an appropriate user or group. CC ID 05303 | System hardening through configuration management | Configuration | |
| Verify the cron.deny file is owned by an appropriate user or group. CC ID 05304 | System hardening through configuration management | Configuration | |
| Verify crontab files are owned by an appropriate user or group. CC ID 05305 | System hardening through configuration management | Configuration | |
| Verify the /etc/resolv.conf file is owned by an appropriate user or group. CC ID 05306 | System hardening through configuration management | Configuration | |
| Verify the /etc/named.boot file is owned by an appropriate user or group. CC ID 05307 | System hardening through configuration management | Configuration | |
| Verify the /etc/named.conf file is owned by an appropriate user or group. CC ID 05308 | System hardening through configuration management | Configuration | |
| Verify the /var/named/chroot/etc/named.conf file is owned by an appropriate user or group. CC ID 05309 | System hardening through configuration management | Configuration | |
| Verify home directories are owned by an appropriate user or group. CC ID 05310 | System hardening through configuration management | Configuration | |
| Verify the inetd.conf file is owned by an appropriate user or group. CC ID 05311 | System hardening through configuration management | Configuration | |
| Verify /etc/exports are owned by an appropriate user or group. CC ID 05312 | System hardening through configuration management | Configuration | |
| Verify exported files and exported directories are owned by an appropriate user or group. CC ID 05313 | System hardening through configuration management | Configuration | |
| Restrict the exporting of files and directories, as necessary. CC ID 16315 | System hardening through configuration management | Technical Security | |
| Verify the /etc/services file is owned by an appropriate user or group. CC ID 05314 | System hardening through configuration management | Configuration | |
| Verify the /etc/notrouter file is owned by an appropriate user or group. CC ID 05315 | System hardening through configuration management | Configuration | |
| Verify the /etc/samba/smb.conf file is owned by an appropriate user or group. CC ID 05316 | System hardening through configuration management | Configuration | |
| Verify the smbpasswd file and smbpasswd executable are owned by an appropriate user or group. CC ID 05317 | System hardening through configuration management | Configuration | |
| Verify the aliases file is owned by an appropriate user or group. CC ID 05318 | System hardening through configuration management | Configuration | |
| Verify the log file configured to capture critical sendmail messages is owned by an appropriate user or group. CC ID 05319 | System hardening through configuration management | Log Management | |
| Verify Shell files are owned by an appropriate user or group. CC ID 05320 | System hardening through configuration management | Configuration | |
| Verify the snmpd.conf file is owned by an appropriate user or group. CC ID 05321 | System hardening through configuration management | Configuration | |
| Verify the /etc/syslog.conf file is owned by an appropriate user or group. CC ID 05322 | System hardening through configuration management | Configuration | |
| Verify the traceroute executable is owned by an appropriate user or group. CC ID 05323 | System hardening through configuration management | Configuration | |
| Verify the /usr/lib/sendmail file is owned by an appropriate user or group. CC ID 05324 | System hardening through configuration management | Technical Security | |
| Verify the /etc/passwd file is owned by an appropriate user or group. CC ID 05325 | System hardening through configuration management | Configuration | |
| Verify the /etc/shadow file is owned by an appropriate user or group. CC ID 05326 | System hardening through configuration management | Configuration | |
| Verify the /etc/security/audit/config file is owned by an appropriate user or group. CC ID 05327 | System hardening through configuration management | Configuration | |
| Verify the /etc/securit/audit/events file is owned by an appropriate user or group. CC ID 05328 | System hardening through configuration management | Configuration | |
| Verify the /etc/security/audit/objects file is owned by an appropriate user or group. CC ID 05329 | System hardening through configuration management | Configuration | |
| Verify the /usr/lib/trcload file is owned by an appropriate user or group. CC ID 05330 | System hardening through configuration management | Configuration | |
| Verify the /usr/lib/semutil file is owned by an appropriate user or group. CC ID 05331 | System hardening through configuration management | Configuration | |
| Verify system files are owned by an appropriate user or group. CC ID 05332 | System hardening through configuration management | Configuration | |
| Verify the default/skeleton dot files are owned by an appropriate user or group. CC ID 05333 | System hardening through configuration management | Configuration | |
| Verify the global initialization files are owned by an appropriate user or group. CC ID 05334 | System hardening through configuration management | Configuration | |
| Verify the /etc/rc.config.d/auditing file is owned by an appropriate user or group. CC ID 05335 | System hardening through configuration management | Configuration | |
| Verify the /etc/init.d file is owned by an appropriate user or group. CC ID 05336 | System hardening through configuration management | Configuration | |
| Verify the /etc/hosts.lpd file is owned by an appropriate user or group. CC ID 05337 | System hardening through configuration management | Configuration | |
| Verify the /etc/auto.master file is owned by an appropriate user or group. CC ID 05338 | System hardening through configuration management | Configuration | |
| Verify the /etc/auto.misc file is owned by an appropriate user or group. CC ID 05339 | System hardening through configuration management | Configuration | |
| Verify the /etc/auto.net file is owned by an appropriate user or group. CC ID 05340 | System hardening through configuration management | Configuration | |
| Verify the boot/grub/grub.conf file is owned by an appropriate user or group. CC ID 05341 | System hardening through configuration management | Configuration | |
| Verify the /etc/lilo.conf file is owned by an appropriate user or group. CC ID 05342 | System hardening through configuration management | Configuration | |
| Verify the /etc/login.access file is owned by an appropriate user or group. CC ID 05343 | System hardening through configuration management | Configuration | |
| Verify the /etc/security/access.conf file is owned by an appropriate user or group. CC ID 05344 | System hardening through configuration management | Configuration | |
| Verify the /etc/sysctl.conf file is owned by an appropriate user or group. CC ID 05345 | System hardening through configuration management | Configuration | |
| Configure the "secure_redirects" setting to organizational standards. CC ID 09941 | System hardening through configuration management | Configuration | |
| Configure the "icmp_ignore_bogus_error_responses" setting to organizational standards. CC ID 09942 | System hardening through configuration management | Configuration | |
| Configure the "rp_filter" setting to organizational standards. CC ID 09943 | System hardening through configuration management | Configuration | |
| Verify the /etc/securetty file is owned by an appropriate user or group. CC ID 05346 | System hardening through configuration management | Configuration | |
| Verify the /etc/audit/auditd.conf file is owned by an appropriate user or group. CC ID 05347 | System hardening through configuration management | Configuration | |
| Verify the audit.rules file is owned by an appropriate user or group. CC ID 05348 | System hardening through configuration management | Configuration | |
| Verify the /etc/group file is owned by an appropriate user or group. CC ID 05349 | System hardening through configuration management | Configuration | |
| Verify the /etc/gshadow file is owned by an appropriate user or group. CC ID 05350 | System hardening through configuration management | Configuration | |
| Verify the /usr/sbin/userhelper file is owned by an appropriate user or group. CC ID 05351 | System hardening through configuration management | Configuration | |
| Verify all syslog log files are owned by an appropriate user or group. CC ID 05352 | System hardening through configuration management | Configuration | |
| Verify the /etc/anacrontab file is owned by an appropriate user or group. CC ID 05353 | System hardening through configuration management | Configuration | |
| Verify the /etc/pki/tls/ldap file is owned by an appropriate user or group. CC ID 05354 | System hardening through configuration management | Configuration | |
| Verify the /etc/pki/tls/ldap/serverkey.pem file is owned by an appropriate user or group. CC ID 05355 | System hardening through configuration management | Configuration | |
| Verify the /etc/pki/tls/CA/cacert.pem file is owned by an appropriate user or group. CC ID 05356 | System hardening through configuration management | Configuration | |
| Verify the /etc/pki/tls/ldap/servercert.pem file is owned by an appropriate user or group. CC ID 05357 | System hardening through configuration management | Configuration | |
| Verify the var/lib/ldap/* files are owned by an appropriate user or group. CC ID 05358 | System hardening through configuration management | Configuration | |
| Verify the /etc/httpd/conf/* files are owned by an appropriate user or group. CC ID 05359 | System hardening through configuration management | Configuration | |
| Verify the /etc/auto_* file is owned by an appropriate user. CC ID 05360 | System hardening through configuration management | Configuration | |
| Verify the /etc/rmmount.conf file is owned by an appropriate user or group. CC ID 05361 | System hardening through configuration management | Configuration | |
| Verify the /var/log/pamlog log is owned by an appropriate user or group. CC ID 05362 | System hardening through configuration management | Configuration | |
| Verify the /etc/security/audit_control file is owned by an appropriate user or group. CC ID 05363 | System hardening through configuration management | Configuration | |
| Verify the /etc/security/audit_class file is owned by an appropriate user or group. CC ID 05364 | System hardening through configuration management | Configuration | |
| Verify the /etc/security/audit_event file is owned by an appropriate user or group. CC ID 05365 | System hardening through configuration management | Configuration | |
| Verify the ASET userlist file is owned by an appropriate user or group. CC ID 05366 | System hardening through configuration management | Configuration | |
| Verify the /var directory is owned by an appropriate user. CC ID 05367 | System hardening through configuration management | Configuration | |
| Verify the /var/log directory is owned by an appropriate user. CC ID 05368 | System hardening through configuration management | Configuration | |
| Verify the /var/adm directory is owned by an appropriate user. CC ID 05369 | System hardening through configuration management | Configuration | |
| Restrict the debug level daemon logging file owner and daemon debug group owner. CC ID 05370 | System hardening through configuration management | Configuration | |
| Restrict the Cron log file owner and Cron group owner. CC ID 05371 | System hardening through configuration management | Configuration | |
| Restrict the system accounting file owner and system accounting group owner. CC ID 05372 | System hardening through configuration management | Configuration | |
| Restrict audit log file ownership and audit group ownership. CC ID 05373 | System hardening through configuration management | Configuration | |
| Set the X server timeout properly. CC ID 05374 | System hardening through configuration management | Configuration | |
| Configure each user's authentication mechanism (system attribute) properly. CC ID 05375 | System hardening through configuration management | Configuration | |
| Enable or disable SeLinux, as appropriate. CC ID 05376 | System hardening through configuration management | Configuration | |
| Set the SELinux state properly. CC ID 05377 | System hardening through configuration management | Configuration | |
| Set the SELinux policy properly. CC ID 05378 | System hardening through configuration management | Configuration | |
| Configure Dovecot properly. CC ID 05379 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit Access of the Windows Connect Now Wizards" setting. CC ID 05380 | System hardening through configuration management | Configuration | |
| Configure the "Allow remote access to the PnP interface" setting. CC ID 05381 | System hardening through configuration management | Configuration | |
| Configure the "Do not create system restore point when new device driver installed" setting. CC ID 05382 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Access to All Windows Update Feature" setting. CC ID 05383 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Automatic Root Certificates Update" setting. CC ID 05384 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Event Views 'Events.asp' Links" setting. CC ID 05385 | System hardening through configuration management | Configuration | |
| Configure "Turn Off Handwriting Recognition Error Reporting" to organizational standards. CC ID 05386 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Help and Support Center 'Did You Know?' content" setting. CC ID 05387 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting. CC ID 05388 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Internet File Association Service" setting. CC ID 05389 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting. CC ID 05390 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the 'Order Prints' Picture task" setting. CC ID 05391 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Windows Movie Maker Online Web Links" setting. CC ID 05392 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting. CC ID 05393 | System hardening through configuration management | Configuration | |
| Configure the "Don't Display the Getting Started Welcome Screen at Logon" setting. CC ID 05394 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Startup Sound" setting. CC ID 05395 | System hardening through configuration management | Configuration | |
| Configure the "Allow only Vista or later connections" setting. CC ID 05396 | System hardening through configuration management | Configuration | |
| Configure the "Turn on bandwidth optimization" setting. CC ID 05397 | System hardening through configuration management | Configuration | |
| Configure the "Prevent IIS Installation" setting. CC ID 05398 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Active Help" setting. CC ID 05399 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Untrusted Content" setting. CC ID 05400 | System hardening through configuration management | Configuration | |
| Configure the "Turn off downloading of enclosures" setting. CC ID 05401 | System hardening through configuration management | Configuration | |
| Configure "Allow indexing of encrypted files" to organizational standards. CC ID 05402 | System hardening through configuration management | Configuration | |
| Configure the "Prevent indexing uncached Exchange folders" setting. CC ID 05403 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Calendar" setting. CC ID 05404 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Defender" setting. CC ID 05405 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Heap termination on corruption" setting to organizational standards. CC ID 05406 | System hardening through configuration management | Configuration | |
| Configure the "Turn off shell protocol protected mode" setting to organizational standards. CC ID 05407 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit non-administrators from applying vendor signed updates" setting. CC ID 05408 | System hardening through configuration management | Configuration | |
| Configure the "Report when logon server was not available during user logon" setting. CC ID 05409 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the communication features" setting. CC ID 05410 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Mail application" setting. CC ID 05411 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Windows Media DRM Internet Access" setting. CC ID 05412 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Meeting Space" setting. CC ID 05413 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Windows Meeting Space auditing" setting. CC ID 05414 | System hardening through configuration management | Configuration | |
| Configure the "Disable unpacking and installation of gadgets that are not digitally signed" setting. CC ID 05415 | System hardening through configuration management | Configuration | |
| Configure the "Override the More Gadgets Link" setting. CC ID 05416 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off User Installed Windows Sidebar Gadgets" setting. CC ID 05417 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Digital Locker to run" setting. CC ID 05418 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Downloading of Game Information" setting. CC ID 05419 | System hardening through configuration management | Configuration | |
| Configure "Turn on Responder (RSPNDR) driver" to organizational standards. CC ID 05420 | System hardening through configuration management | Configuration | |
| Verify ExecShield has been randomly placed in Virtual Memory regions. CC ID 05436 | System hardening through configuration management | Configuration | |
| Enable the ExecShield, as appropriate. CC ID 05421 | System hardening through configuration management | Configuration | |
| Configure Kernel support for the XD/NX processor feature, as appropriate. CC ID 05422 | System hardening through configuration management | Configuration | |
| Configure the XD/NX processor feature in the BIOS, as appropriate. CC ID 05423 | System hardening through configuration management | Configuration | |
| Configure the Shell for the bin account properly. CC ID 05424 | System hardening through configuration management | Configuration | |
| Configure the Shell for the nuucp account properly. CC ID 05425 | System hardening through configuration management | Configuration | |
| Configure the Shell for the smmsp account properly. CC ID 05426 | System hardening through configuration management | Configuration | |
| Configure the Shell for the listen account properly. CC ID 05427 | System hardening through configuration management | Configuration | |
| Configure the Shell for the gdm account properly. CC ID 05428 | System hardening through configuration management | Configuration | |
| Configure the Shell for the webservd account properly. CC ID 05429 | System hardening through configuration management | Configuration | |
| Configure the Shell for the nobody account properly. CC ID 05430 | System hardening through configuration management | Configuration | |
| Configure the Shell for the noaccess account properly. CC ID 05431 | System hardening through configuration management | Configuration | |
| Configure the Shell for the nobody4 account properly. CC ID 05432 | System hardening through configuration management | Configuration | |
| Configure the Shell for the adm account properly. CC ID 05433 | System hardening through configuration management | Configuration | |
| Configure the Shell for the lp account properly. CC ID 05434 | System hardening through configuration management | Configuration | |
| Configure the Shell for the uucp account properly. CC ID 05435 | System hardening through configuration management | Configuration | |
| Set the noexec_user_stack parameter properly. CC ID 05437 | System hardening through configuration management | Configuration | |
| Set the no_exec_user_stack_log parameter properly. CC ID 05438 | System hardening through configuration management | Configuration | |
| Set the noexec_user_stack flag on the user stack properly. CC ID 05439 | System hardening through configuration management | Configuration | |
| Set the TCP max connection limit properly. CC ID 05440 | System hardening through configuration management | Configuration | |
| Set the TCP abort interval properly. CC ID 05441 | System hardening through configuration management | Configuration | |
| Enable or disable the GNOME screenlock, as appropriate. CC ID 05442 | System hardening through configuration management | Configuration | |
| Set the ARP cache cleanup interval properly. CC ID 05443 | System hardening through configuration management | Configuration | |
| Set the ARP IRE scan rate properly. CC ID 05444 | System hardening through configuration management | Configuration | |
| Disable proxy ARP on all interfaces. CC ID 06570 | System hardening through configuration management | Configuration | |
| Set the FileSpaceSwitch variable to an appropriate value. CC ID 05445 | System hardening through configuration management | Configuration | |
| Set the wakeup switchpoint frequency to an appropriate time interval. CC ID 05446 | System hardening through configuration management | Configuration | |
| Enable or disable the setuid option on removable storage media, as appropriate. CC ID 05447 | System hardening through configuration management | Configuration | |
| Configure TCP/IP PMTU Discovery, as appropriate. CC ID 05991 | System hardening through configuration management | Configuration | |
| Configure Secure Shell to enable or disable empty passwords, as appropriate. CC ID 06016 | System hardening through configuration management | Configuration | |
| Configure each user's Screen Saver Executable Name. CC ID 06027 | System hardening through configuration management | Configuration | |
| Configure the NIS+ server to operate at an appropriate security level. CC ID 06038 | System hardening through configuration management | Configuration | |
| Configure the "restrict guest access to system log" policy, as appropriate. CC ID 06047 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Open XML file types" setting, as appropriate. CC ID 06048 | System hardening through configuration management | Configuration | |
| Enable or disable user-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence for keyboards. CC ID 06051 | System hardening through configuration management | Configuration | |
| Configure the "Syskey mode" to organizational standards. CC ID 06052 | System hardening through configuration management | Configuration | |
| Configure the Trusted Platform Module (TPM) platform validation profile, as appropriate. CC ID 06056 | System hardening through configuration management | Configuration | |
| Configure the "Allow Remote Shell Access" setting, as appropriate. CC ID 06057 | System hardening through configuration management | Configuration | |
| Configure the "Prevent the computer from joining a homegroup" setting, as appropriate. CC ID 06058 | System hardening through configuration management | Configuration | |
| Enable or disable the authenticator requirement after waking, as appropriate. CC ID 06059 | System hardening through configuration management | Configuration | |
| Enable or disable the standby states, as appropriate. CC ID 06060 | System hardening through configuration management | Configuration | |
| Configure the Trusted Platform Module startup options properly. CC ID 06061 | System hardening through configuration management | Configuration | |
| Configure the system to purge Policy Caches. CC ID 06569 | System hardening through configuration management | Configuration | |
| Separate authenticator files and application system data on different file systems. CC ID 06790 | System hardening through configuration management | Configuration | |
| Configure Application Programming Interfaces to limit or shut down interactivity based upon a rate limit. CC ID 06811 | System hardening through configuration management | Configuration | |
| Configure the "all world-writable directories" user ownership to organizational standards. CC ID 08714 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "all rsyslog log" files group ownership to organizational standards. CC ID 08715 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "all rsyslog log" files user ownership to organizational standards. CC ID 08716 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Executable stack" setting to organizational standards. CC ID 08969 | System hardening through configuration management | Configuration | |
| Configure the "smbpasswd executable" user ownership to organizational standards. CC ID 08975 | System hardening through configuration management | Configuration | |
| Configure the "traceroute executable" group ownership to organizational standards. CC ID 08980 | System hardening through configuration management | Configuration | |
| Configure the "traceroute executable" user ownership to organizational standards. CC ID 08981 | System hardening through configuration management | Configuration | |
| Configure the "Apache configuration" directory group ownership to organizational standards. CC ID 08991 | System hardening through configuration management | Configuration | |
| Configure the "Apache configuration" directory user ownership to organizational standards. CC ID 08992 | System hardening through configuration management | Configuration | |
| Configure the "/var/log/httpd/" file group ownership to organizational standards. CC ID 09027 | System hardening through configuration management | Configuration | |
| Configure the "/etc/httpd/conf.d" file group ownership to organizational standards. CC ID 09028 | System hardening through configuration management | Configuration | |
| Configure the "/etc/httpd/conf/passwd" file group ownership to organizational standards. CC ID 09029 | System hardening through configuration management | Configuration | |
| Configure the "/usr/sbin/apachectl" file group ownership to organizational standards. CC ID 09030 | System hardening through configuration management | Configuration | |
| Configure the "/usr/sbin/httpd" file group ownership to organizational standards. CC ID 09031 | System hardening through configuration management | Configuration | |
| Configure the "/var/www/html" file group ownership to organizational standards. CC ID 09032 | System hardening through configuration management | Configuration | |
| Configure the "log files" the "/var/log/httpd/" directory user ownership to organizational standards. CC ID 09034 | System hardening through configuration management | Configuration | |
| Configure the "/etc/httpd/conf.d" file ownership to organizational standards. CC ID 09035 | System hardening through configuration management | Configuration | |
| Configure the "/etc/httpd/conf/passwd" file ownership to organizational standards. CC ID 09036 | System hardening through configuration management | Configuration | |
| Configure the "/usr/sbin/apachectl" file ownership to organizational standards. CC ID 09037 | System hardening through configuration management | Configuration | |
| Configure the "/usr/sbin/httpd" file ownership to organizational standards. CC ID 09038 | System hardening through configuration management | Configuration | |
| Configure the "/var/www/html" file ownership to organizational standards. CC ID 09039 | System hardening through configuration management | Configuration | |
| Configure the "httpd.conf" file user ownership to organizational standards. CC ID 09055 | System hardening through configuration management | Configuration | |
| Configure the "httpd.conf" group ownership to organizational standards. CC ID 09056 | System hardening through configuration management | Configuration | |
| Configure the "htpasswd" file user ownership to organizational standards. CC ID 09058 | System hardening through configuration management | Configuration | |
| Configure the "htpasswd" file group ownership to organizational standards. CC ID 09059 | System hardening through configuration management | Configuration | |
| Configure the "files specified by CustomLog" user ownership to organizational standards. CC ID 09074 | System hardening through configuration management | Configuration | |
| Configure the "files specified by CustomLog" group ownership to organizational standards. CC ID 09075 | System hardening through configuration management | Configuration | |
| Configure the "files specified by ErrorLog" user ownership to organizational standards. CC ID 09076 | System hardening through configuration management | Configuration | |
| Configure the "files specified by ErrorLog" group ownership to organizational standards. CC ID 09077 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by ScriptAlias" user ownership to organizational standards. CC ID 09079 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by ScriptAlias" group ownership to organizational standards. CC ID 09080 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by ScriptAliasMatch" user ownership to organizational standards. CC ID 09082 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by ScriptAliasMatch" group ownership to organizational standards. CC ID 09083 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by DocumentRoot" user ownership to organizational standards. CC ID 09085 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by DocumentRoot" group ownership to organizational standards. CC ID 09086 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by Alias" user ownership to organizational standards. CC ID 09088 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by Alias" group ownership to organizational standards. CC ID 09089 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by ServerRoot" user ownership to organizational standards. CC ID 09091 | System hardening through configuration management | Configuration | |
| Configure the "directories specified by ServerRoot" group ownership to organizational standards. CC ID 09092 | System hardening through configuration management | Configuration | |
| Configure the "apache /bin" directory user ownership to organizational standards. CC ID 09094 | System hardening through configuration management | Configuration | |
| Configure the "apache /bin" directory group ownership to organizational standards. CC ID 09095 | System hardening through configuration management | Configuration | |
| Configure the "apache /logs" directory user ownership to organizational standards. CC ID 09097 | System hardening through configuration management | Configuration | |
| Configure the "apache /logs" directory group ownership to organizational standards. CC ID 09098 | System hardening through configuration management | Configuration | |
| Configure the "apache /htdocs" directory user ownership to organizational standards. CC ID 09100 | System hardening through configuration management | Configuration | |
| Configure the "apache /htdocs" directory group ownership to organizational standards. CC ID 09101 | System hardening through configuration management | Configuration | |
| Configure the "apache /cgi-bin" directory group ownership to organizational standards. CC ID 09104 | System hardening through configuration management | Configuration | |
| Configure the "User-specific directories" setting to organizational standards. CC ID 09123 | System hardening through configuration management | Configuration | |
| Configure the "apache process ID" file user ownership to organizational standards. CC ID 09125 | System hardening through configuration management | Configuration | |
| Configure the "apache process ID" file group ownership to organizational standards. CC ID 09126 | System hardening through configuration management | Configuration | |
| Configure the "apache scoreboard" file user ownership to organizational standards. CC ID 09128 | System hardening through configuration management | Configuration | |
| Configure the "apache scoreboard" file group ownership to organizational standards. CC ID 09129 | System hardening through configuration management | Configuration | |
| Configure the "Ownership of the asymmetric keys" setting to organizational standards. CC ID 09289 | System hardening through configuration management | Configuration | |
| Configure the "SQLServer2005ReportServerUser" registry key permissions to organizational standards. CC ID 09326 | System hardening through configuration management | Configuration | |
| Configure the "SQLServerADHelperUser" registry key permissions to organizational standards. CC ID 09329 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat home" directory user ownership to organizational standards. CC ID 09772 | System hardening through configuration management | Configuration | |
| Configure the "group" setting for the "Tomcat installation" to organizational standards. CC ID 09773 | System hardening through configuration management | Configuration | |
| Configure the "tomcat conf/" directory user ownership to organizational standards. CC ID 09774 | System hardening through configuration management | Configuration | |
| Configure the "tomcat conf/" directory group ownership to organizational standards. CC ID 09775 | System hardening through configuration management | Configuration | |
| Configure the "tomcat-users.xml" file user ownership to organizational standards. CC ID 09776 | System hardening through configuration management | Configuration | |
| Configure the "tomcat-users.xml" file group ownership to organizational standards. CC ID 09777 | System hardening through configuration management | Configuration | |
| Configure the "group membership" setting for "Tomcat" to organizational standards. CC ID 09793 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat home" directory group ownership to organizational standards. CC ID 09798 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat home/conf/" directory user ownership to organizational standards. CC ID 09800 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat home/conf/" directory group ownership to organizational standards. CC ID 09801 | System hardening through configuration management | Configuration | |
| Configure the "system" files permissions to organizational standards. CC ID 09922 | System hardening through configuration management | Configuration | |
| Configure the "size limit" setting for the "application log" to organizational standards. CC ID 10063 | System hardening through configuration management | Configuration | |
| Configure the "restrict guest access to security log" setting to organizational standards. CC ID 10064 | System hardening through configuration management | Configuration | |
| Configure the "size limit" setting for the "system log" to organizational standards. CC ID 10065 | System hardening through configuration management | Configuration | |
| Configure the "Automatic Update service" setting to organizational standards. CC ID 10066 | System hardening through configuration management | Configuration | |
| Configure the "Safe DLL Search Mode" setting to organizational standards. CC ID 10067 | System hardening through configuration management | Configuration | |
| Configure the "screensaver" setting to organizational standards. CC ID 10068 | System hardening through configuration management | Configuration | |
| Configure the "screensaver" setting for the "default" user to organizational standards. CC ID 10069 | System hardening through configuration management | Configuration | |
| Configure the "Enable User Control Over Installs" setting to organizational standards. CC ID 10070 | System hardening through configuration management | Configuration | |
| Configure the "Enable User to Browser for Source While Elevated" setting to organizational standards. CC ID 10071 | System hardening through configuration management | Configuration | |
| Configure the "Enable User to Use Media Source While Elevated" setting to organizational standards. CC ID 10072 | System hardening through configuration management | Configuration | |
| Configure the "Allow Administrator to Install from Terminal Services Session" setting to organizational standards. CC ID 10073 | System hardening through configuration management | Configuration | |
| Configure the "Enable User to Patch Elevated Products" setting to organizational standards. CC ID 10074 | System hardening through configuration management | Configuration | |
| Configure the "Cache Transforms in Secure Location" setting to organizational standards. CC ID 10075 | System hardening through configuration management | Configuration | |
| Configure the "Disable Media Player for automatic updates" setting to organizational standards. CC ID 10076 | System hardening through configuration management | Configuration | |
| Configure the "Internet access for Windows Messenger" setting to organizational standards. CC ID 10077 | System hardening through configuration management | Configuration | |
| Configure the "Do Not Automatically Start Windows Messenger" setting to organizational standards. CC ID 10078 | System hardening through configuration management | Configuration | |
| Configure the "Hide Property Pages" setting for the "task scheduler" to organizational standards. CC ID 10079 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit New Task Creation" setting for the "task scheduler" to organizational standards. CC ID 10080 | System hardening through configuration management | Configuration | |
| Configure "Set time limit for disconnected sessions" to organizational standards. CC ID 10081 | System hardening through configuration management | Configuration | |
| Configure the "Set time limit for idle sessions" setting to organizational standards. CC ID 10082 | System hardening through configuration management | Configuration | |
| Configure the "Enable Keep-Alive Messages" setting to organizational standards. CC ID 10083 | System hardening through configuration management | Configuration | |
| Configure the "Automatic Updates detection frequency" setting to organizational standards. CC ID 10084 | System hardening through configuration management | Configuration | |
| Configure the "TCPMaxPortsExhausted" setting to organizational standards. CC ID 10085 | System hardening through configuration management | Configuration | |
| Configure the "built-in Administrator" account to organizational standards. CC ID 10086 | System hardening through configuration management | Configuration | |
| Configure the "Prevent System Maintenance of Computer Account Password" setting to organizational standards. CC ID 10087 | System hardening through configuration management | Configuration | |
| Configure the "Digitally Sign Client Communication (When Possible)" setting to organizational standards. CC ID 10088 | System hardening through configuration management | Configuration | |
| Configure the "number of SYN-ACK retransmissions sent when attempting to respond to a SYN request" setting to organizational standards. CC ID 10089 | System hardening through configuration management | Configuration | |
| Configure the "warning level" setting for the "audit log" to organizational standards. CC ID 10090 | System hardening through configuration management | Configuration | |
| Configure the "Change Password" setting for the "Ctrl+Alt+Del dialog" to organizational standards. CC ID 10091 | System hardening through configuration management | Configuration | |
| Configure the "account description" setting for the "built-in Administrator" account to organizational standards. CC ID 10092 | System hardening through configuration management | Configuration | |
| Configure the "Decoy Admin Account Not Disabled" setting to organizational standards. CC ID 10201 | System hardening through configuration management | Configuration | |
| Configure the "when maximum log size is reached" setting for the "Application log" to organizational standards. CC ID 10202 | System hardening through configuration management | Configuration | |
| Configure the "password filtering DLL" setting to organizational standards. CC ID 10203 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous access to the registry" setting to organizational standards. CC ID 10204 | System hardening through configuration management | Configuration | |
| Configure the "Automatic Execution" setting for the "System Debugger" to organizational standards. CC ID 10205 | System hardening through configuration management | Configuration | |
| Configure the "CD-ROM Autorun" setting to organizational standards. CC ID 10206 | System hardening through configuration management | Configuration | |
| Configure the "ResetBrowser Frames" setting to organizational standards. CC ID 10207 | System hardening through configuration management | Configuration | |
| Configure the "Dr. Watson Crash Dumps" setting to organizational standards. CC ID 10208 | System hardening through configuration management | Configuration | |
| Configure the "File System Checker and Popups" setting to organizational standards. CC ID 10209 | System hardening through configuration management | Configuration | |
| Configure the "System File Checker" setting to organizational standards. CC ID 10210 | System hardening through configuration management | Configuration | |
| Configure the "System File Checker Progress Meter" setting to organizational standards. CC ID 10211 | System hardening through configuration management | Configuration | |
| Configure the "number of TCP/IP Maximum Half-open Sockets" setting to organizational standards. CC ID 10212 | System hardening through configuration management | Configuration | |
| Configure the "number of TCP/IP Maximum Retried Half-open Sockets" setting to organizational standards. CC ID 10213 | System hardening through configuration management | Configuration | |
| Configure the "Protect Kernel object attributes" setting to organizational standards. CC ID 10214 | System hardening through configuration management | Configuration | |
| Configure the "Unsigned Non-Driver Installation Behavior" setting to organizational standards. CC ID 10215 | System hardening through configuration management | Configuration | |
| Configure the "Automatically Log Off Users When Logon Time Expires (local)" setting to organizational standards. CC ID 10216 | System hardening through configuration management | Configuration | |
| Configure the "Local volumes" setting to organizational standards. CC ID 10217 | System hardening through configuration management | Configuration | |
| Configure the "Unused USB Ports" setting to organizational standards. CC ID 10218 | System hardening through configuration management | Configuration | |
| Configure the "Set Safe for Scripting" setting to organizational standards. CC ID 10219 | System hardening through configuration management | Configuration | |
| Configure the "Use of the Recycle Bin on file deletion" setting to organizational standards. CC ID 10220 | System hardening through configuration management | Configuration | |
| Configure the "Membership in the Power Users group" setting to organizational standards. CC ID 10224 | System hardening through configuration management | Configuration | |
| Configure the "AutoBackupLogFiles" setting for the "security log" to organizational standards. CC ID 10225 | System hardening through configuration management | Configuration | |
| Configure the "AutoBackupLogFiles" setting for the "application log" to organizational standards. CC ID 10226 | System hardening through configuration management | Configuration | |
| Configure the "AutoBackupLogFiles" setting for the "system log" to organizational standards. CC ID 10227 | System hardening through configuration management | Configuration | |
| Configure the "Syskey Encryption Key location and password method" setting to organizational standards. CC ID 10228 | System hardening through configuration management | Configuration | |
| Configure the "Os2LibPath environmental variable" setting to organizational standards. CC ID 10229 | System hardening through configuration management | Configuration | |
| Configure the "path to the Microsoft OS/2 version 1.x library" setting to organizational standards. CC ID 10230 | System hardening through configuration management | Configuration | |
| Configure the "location of the OS/2 subsystem" setting to organizational standards. CC ID 10231 | System hardening through configuration management | Configuration | |
| Configure the "location of the POSIX subsystem" setting to organizational standards. CC ID 10232 | System hardening through configuration management | Configuration | |
| Configure the "path to the debugger used for Just-In-Time debugging" setting to organizational standards. CC ID 10234 | System hardening through configuration management | Configuration | |
| Configure the "Distributed Component Object Model (DCOM)" setting to organizational standards. CC ID 10235 | System hardening through configuration management | Configuration | |
| Configure the "The "encryption algorithm" setting for "EFS"" setting to organizational standards. CC ID 10236 | System hardening through configuration management | Configuration | |
| Configure the "Interix Subsystem Startup service startup type" setting to organizational standards. CC ID 10238 | System hardening through configuration management | Configuration | |
| Configure the "Services for Unix Perl Socket service startup type" setting to organizational standards. CC ID 10247 | System hardening through configuration management | Configuration | |
| Configure the "Services for Unix Windows Cron service startup type" setting to organizational standards. CC ID 10248 | System hardening through configuration management | Configuration | |
| Configure the "fDisableCdm" setting to organizational standards. CC ID 10259 | System hardening through configuration management | Configuration | |
| Configure the "fDisableClip" setting to organizational standards. CC ID 10260 | System hardening through configuration management | Configuration | |
| Configure the "Inheritance of the shadow setting" setting to organizational standards. CC ID 10261 | System hardening through configuration management | Configuration | |
| Configure the "remote control configuration" setting to organizational standards. CC ID 10262 | System hardening through configuration management | Configuration | |
| Configure the "fDisableCam" setting to organizational standards. CC ID 10263 | System hardening through configuration management | Configuration | |
| Configure the "fDisableCcm" setting to organizational standards. CC ID 10264 | System hardening through configuration management | Configuration | |
| Configure the "fDisableLPT" setting to organizational standards. CC ID 10265 | System hardening through configuration management | Configuration | |
| Configure the "ActiveX installation policy for sites in Trusted zones" setting to organizational standards. CC ID 10691 | System hardening through configuration management | Configuration | |
| Configure the "Add the Administrators security group to roaming user profiles" setting to organizational standards. CC ID 10694 | System hardening through configuration management | Configuration | |
| Configure the "Administratively assigned offline files" setting to organizational standards. CC ID 10695 | System hardening through configuration management | Configuration | |
| Configure the "Apply policy to removable media" setting to organizational standards. CC ID 10756 | System hardening through configuration management | Configuration | |
| Configure the "Baseline file cache maximum size" setting to organizational standards. CC ID 10763 | System hardening through configuration management | Configuration | |
| Configure the "Check for New Signatures Before Scheduled Scans" setting to organizational standards. CC ID 10770 | System hardening through configuration management | Configuration | |
| Configure the "Check published state" setting to organizational standards. CC ID 10771 | System hardening through configuration management | Configuration | |
| Configure the "Communities" setting to organizational standards. CC ID 10772 | System hardening through configuration management | Configuration | |
| Configure the "Computer location" setting to organizational standards. CC ID 10773 | System hardening through configuration management | Configuration | |
| Configure the "Background Sync" setting to organizational standards. CC ID 10775 | System hardening through configuration management | Configuration | |
| Configure the "Corporate Windows Error Reporting" setting to organizational standards. CC ID 10777 | System hardening through configuration management | Configuration | |
| Configure the "Corrupted File Recovery Behavior" setting to organizational standards. CC ID 10778 | System hardening through configuration management | Configuration | |
| Configure the "Default consent" setting to organizational standards. CC ID 10780 | System hardening through configuration management | Configuration | |
| Configure the "list of IEEE 1667 silos usable on your computer" setting to organizational standards. CC ID 10792 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft SpyNet Reporting" setting to organizational standards. CC ID 10794 | System hardening through configuration management | Configuration | |
| Configure the "MSI Corrupted File Recovery Behavior" setting to organizational standards. CC ID 10795 | System hardening through configuration management | Configuration | |
| Configure the "Reliability WMI Providers" setting to organizational standards. CC ID 10804 | System hardening through configuration management | Configuration | |
| Configure the "Report Archive" setting to organizational standards. CC ID 10805 | System hardening through configuration management | Configuration | |
| Configure the "Report Queue" setting to organizational standards. CC ID 10806 | System hardening through configuration management | Configuration | |
| Configure the "root certificate clean up" setting to organizational standards. CC ID 10807 | System hardening through configuration management | Configuration | |
| Configure the "Security Policy for Scripted Diagnostics" setting to organizational standards. CC ID 10816 | System hardening through configuration management | Configuration | |
| Configure the "list of blocked TPM commands" setting to organizational standards. CC ID 10822 | System hardening through configuration management | Configuration | |
| Configure the "refresh interval for Server Manager" setting to organizational standards. CC ID 10823 | System hardening through configuration management | Configuration | |
| Configure the "server address, refresh interval, and issuer certificate authority of a target Subscription Manager" setting to organizational standards. CC ID 10824 | System hardening through configuration management | Configuration | |
| Configure the "Customize consent settings" setting to organizational standards. CC ID 10837 | System hardening through configuration management | Configuration | |
| Configure the "Default behavior for AutoRun" setting to organizational standards. CC ID 10839 | System hardening through configuration management | Configuration | |
| Configure the "Define Activation Security Check exemptions" setting to organizational standards. CC ID 10841 | System hardening through configuration management | Configuration | |
| Configure the "Define host name-to-Kerberos realm mappings" setting to organizational standards. CC ID 10842 | System hardening through configuration management | Configuration | |
| Configure the "Define interoperable Kerberos V5 realm settings" setting to organizational standards. CC ID 10843 | System hardening through configuration management | Configuration | |
| Configure the "Delay Restart for scheduled installations" setting to organizational standards. CC ID 10844 | System hardening through configuration management | Configuration | |
| Configure the "Delete cached copies of roaming profiles" setting to organizational standards. CC ID 10845 | System hardening through configuration management | Configuration | |
| Configure the "Delete user profiles older than a specified number of days on system restart" setting to organizational standards. CC ID 10847 | System hardening through configuration management | Configuration | |
| Configure the "Diagnostics: Configure scenario retention" setting to organizational standards. CC ID 10857 | System hardening through configuration management | Configuration | |
| Configure the "Directory pruning interval" setting to organizational standards. CC ID 10858 | System hardening through configuration management | Configuration | |
| Configure the "Directory pruning priority" setting to organizational standards. CC ID 10859 | System hardening through configuration management | Configuration | |
| Configure the "Directory pruning retry" setting to organizational standards. CC ID 10860 | System hardening through configuration management | Configuration | |
| Configure the "Disk Diagnostic: Configure custom alert text" setting to organizational standards. CC ID 10882 | System hardening through configuration management | Configuration | |
| Configure the "Display Shutdown Event Tracker" setting to organizational standards. CC ID 10888 | System hardening through configuration management | Configuration | |
| Configure the "Display string when smart card is blocked" setting to organizational standards. CC ID 10889 | System hardening through configuration management | Configuration | |
| Configure the "Do not automatically encrypt files moved to encrypted folders" setting to organizational standards. CC ID 10924 | System hardening through configuration management | Configuration | |
| Configure the "Do not check for user ownership of Roaming Profile Folders" setting to organizational standards. CC ID 10925 | System hardening through configuration management | Configuration | |
| Configure the "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" setting to organizational standards. CC ID 10932 | System hardening through configuration management | Configuration | |
| Configure the "Do not send additional data" machine setting should be configured correctly. to organizational standards. CC ID 10934 | System hardening through configuration management | Configuration | |
| Configure the "Domain Controller Address Type Returned" setting to organizational standards. CC ID 10939 | System hardening through configuration management | Configuration | |
| Configure the "Domain Location Determination URL" setting to organizational standards. CC ID 10940 | System hardening through configuration management | Configuration | |
| Configure the "Don't set the always do this checkbox" setting to organizational standards. CC ID 10941 | System hardening through configuration management | Configuration | |
| Configure the "Download missing COM components" setting to organizational standards. CC ID 10942 | System hardening through configuration management | Configuration | |
| Configure the "Dynamic Update" setting to organizational standards. CC ID 10944 | System hardening through configuration management | Configuration | |
| Configure the "Enable client-side targeting" setting to organizational standards. CC ID 10946 | System hardening through configuration management | Configuration | |
| Configure the "Enable NTFS pagefile encryption" setting to organizational standards. CC ID 10948 | System hardening through configuration management | Configuration | |
| Configure the "Enable Persistent Time Stamp" setting to organizational standards. CC ID 10949 | System hardening through configuration management | Configuration | |
| Configure the "Enable Transparent Caching" setting to organizational standards. CC ID 10950 | System hardening through configuration management | Configuration | |
| Configure the "Enable Windows NTP Client" setting to organizational standards. CC ID 10951 | System hardening through configuration management | Configuration | |
| Configure the "Enable Windows NTP Server" setting to organizational standards. CC ID 10952 | System hardening through configuration management | Configuration | |
| Configure the "Encrypt the Offline Files cache" setting to organizational standards. CC ID 10955 | System hardening through configuration management | Configuration | |
| Configure the "Enforce upgrade component rules" setting to organizational standards. CC ID 10958 | System hardening through configuration management | Configuration | |
| Configure the "Events.asp program" setting to organizational standards. CC ID 10959 | System hardening through configuration management | Configuration | |
| Configure the "Events.asp program command line parameters" setting to organizational standards. CC ID 10960 | System hardening through configuration management | Configuration | |
| Configure the "Events.asp URL" setting to organizational standards. CC ID 10961 | System hardening through configuration management | Configuration | |
| Configure the "Exclude credential providers" setting to organizational standards. CC ID 10962 | System hardening through configuration management | Configuration | |
| Configure the "Exclude files from being cached" setting to organizational standards. CC ID 10963 | System hardening through configuration management | Configuration | |
| Configure the "Final DC Discovery Retry Setting for Background Callers" setting to organizational standards. CC ID 10968 | System hardening through configuration management | Configuration | |
| Configure the "For tablet pen input, don't show the Input Panel icon" setting to organizational standards. CC ID 10973 | System hardening through configuration management | Configuration | |
| Configure the "For touch input, don't show the Input Panel icon" setting to organizational standards. CC ID 10974 | System hardening through configuration management | Configuration | |
| Configure the "Force Rediscovery Interval" setting to organizational standards. CC ID 10975 | System hardening through configuration management | Configuration | |
| Configure the "Force selected system UI language to overwrite the user UI language" setting to organizational standards. CC ID 10976 | System hardening through configuration management | Configuration | |
| Configure the "Force the reading of all certificates from the smart card" setting to organizational standards. CC ID 10977 | System hardening through configuration management | Configuration | |
| Configure the "ForwarderResourceUsage" setting to organizational standards. CC ID 10978 | System hardening through configuration management | Configuration | |
| Configure the "Global Configuration Settings" setting to organizational standards. CC ID 10979 | System hardening through configuration management | Configuration | |
| Configure the "Hash Publication for BranchCache" setting to organizational standards. CC ID 10986 | System hardening through configuration management | Configuration | |
| Configure the "Hide entry points for Fast User Switching" setting to organizational standards. CC ID 10987 | System hardening through configuration management | Configuration | |
| Configure the "Hide notifications about RD Licensing problems that affect the RD Session Host server" setting to organizational standards. CC ID 10988 | System hardening through configuration management | Configuration | |
| Configure the "Hide previous versions list for local files" setting to organizational standards. CC ID 10989 | System hardening through configuration management | Configuration | |
| Configure the "Hide previous versions of files on backup location" setting to organizational standards. CC ID 10991 | System hardening through configuration management | Configuration | |
| Configure the "Ignore custom consent settings" setting to organizational standards. CC ID 10992 | System hardening through configuration management | Configuration | |
| Configure the "Ignore Delegation Failure" setting to organizational standards. CC ID 10993 | System hardening through configuration management | Configuration | |
| Configure the "Ignore the default list of blocked TPM commands" setting to organizational standards. CC ID 10994 | System hardening through configuration management | Configuration | |
| Configure the "Ignore the local list of blocked TPM commands" setting to organizational standards. CC ID 10995 | System hardening through configuration management | Configuration | |
| Configure the "Include rarely used Chinese, Kanji, or Hanja characters" setting to organizational standards. CC ID 10996 | System hardening through configuration management | Configuration | |
| Configure the "Initial DC Discovery Retry Setting for Background Callers" setting to organizational standards. CC ID 10997 | System hardening through configuration management | Configuration | |
| Configure the "IP-HTTPS State" setting to organizational standards. CC ID 11000 | System hardening through configuration management | Configuration | |
| Configure the "ISATAP Router Name" setting to organizational standards. CC ID 11001 | System hardening through configuration management | Configuration | |
| Configure the "ISATAP State" setting to organizational standards. CC ID 11002 | System hardening through configuration management | Configuration | |
| Configure the "License server security group" setting to organizational standards. CC ID 11005 | System hardening through configuration management | Configuration | |
| Configure the "List of applications to be excluded" setting to organizational standards. CC ID 11023 | System hardening through configuration management | Configuration | |
| Configure the "Lock Enhanced Storage when the computer is locked" setting to organizational standards. CC ID 11025 | System hardening through configuration management | Configuration | |
| Configure the "Make Parental Controls control panel visible on a Domain" setting to organizational standards. CC ID 11039 | System hardening through configuration management | Configuration | |
| Configure the "MaxConcurrentUsers" setting to organizational standards. CC ID 11040 | System hardening through configuration management | Configuration | |
| Configure the "Maximum DC Discovery Retry Interval Setting for Background Callers" setting to organizational standards. CC ID 11041 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" setting to organizational standards. CC ID 11045 | System hardening through configuration management | Configuration | |
| Configure the "Negative DC Discovery Cache Setting" setting to organizational standards. CC ID 11047 | System hardening through configuration management | Configuration | |
| Configure the "Non-conforming packets" setting to organizational standards. CC ID 11053 | System hardening through configuration management | Configuration | |
| Configure the "Notify blocked drivers" setting to organizational standards. CC ID 11054 | System hardening through configuration management | Configuration | |
| Configure the "Notify user of successful smart card driver installation" setting to organizational standards. CC ID 11055 | System hardening through configuration management | Configuration | |
| Configure the "Permitted Managers" setting to organizational standards. CC ID 11062 | System hardening through configuration management | Configuration | |
| Configure the "Positive Periodic DC Cache Refresh for Background Callers" setting to organizational standards. CC ID 11063 | System hardening through configuration management | Configuration | |
| Configure the "Positive Periodic DC Cache Refresh for Non-Background Callers" setting to organizational standards. CC ID 11064 | System hardening through configuration management | Configuration | |
| Configure the "Prioritize all digitally signed drivers equally during the driver ranking and selection process" setting to organizational standards. CC ID 11098 | System hardening through configuration management | Configuration | |
| Configure the "Prompt for credentials on the client computer" setting to organizational standards. CC ID 11108 | System hardening through configuration management | Configuration | |
| Configure the "Propagation of extended error information" setting to organizational standards. CC ID 11110 | System hardening through configuration management | Configuration | |
| Configure the "Register PTR Records" setting to organizational standards. CC ID 11121 | System hardening through configuration management | Configuration | |
| Configure the "Registration Refresh Interval" setting to organizational standards. CC ID 11122 | System hardening through configuration management | Configuration | |
| Configure the "Remove Program Compatibility Property Page" setting to organizational standards. CC ID 11128 | System hardening through configuration management | Configuration | |
| Configure the "Remove users ability to invoke machine policy refresh" setting to organizational standards. CC ID 11129 | System hardening through configuration management | Configuration | |
| Configure the "Remove Windows Security item from Start menu" setting to organizational standards. CC ID 11130 | System hardening through configuration management | Configuration | |
| Configure the "Re-prompt for restart with scheduled installations" setting to organizational standards. CC ID 11131 | System hardening through configuration management | Configuration | |
| Configure the "Require secure RPC communication" setting to organizational standards. CC ID 11134 | System hardening through configuration management | Configuration | |
| Configure the "Require strict KDC validation" setting to organizational standards. CC ID 11135 | System hardening through configuration management | Configuration | |
| Configure the "Reverse the subject name stored in a certificate when displaying" setting to organizational standards. CC ID 11148 | System hardening through configuration management | Configuration | |
| Configure the "RPC Troubleshooting State Information" setting to organizational standards. CC ID 11150 | System hardening through configuration management | Configuration | |
| Configure the "Run shutdown scripts visible" setting to organizational standards. CC ID 11152 | System hardening through configuration management | Configuration | |
| Configure the "Run startup scripts asynchronously" setting to organizational standards. CC ID 11153 | System hardening through configuration management | Configuration | |
| Configure the "Run startup scripts visible" setting to organizational standards. CC ID 11154 | System hardening through configuration management | Configuration | |
| Configure the "Scavenge Interval" setting to organizational standards. CC ID 11158 | System hardening through configuration management | Configuration | |
| Configure the "Server Authentication Certificate Template" setting to organizational standards. CC ID 11170 | System hardening through configuration management | Configuration | |
| Configure the "Set BranchCache Distributed Cache mode" setting to organizational standards. CC ID 11172 | System hardening through configuration management | Configuration | |
| Configure the "Set BranchCache Hosted Cache mode" setting to organizational standards. CC ID 11173 | System hardening through configuration management | Configuration | |
| Configure the "Set compression algorithm for RDP data" setting to organizational standards. CC ID 11174 | System hardening through configuration management | Configuration | |
| Configure the "Set percentage of disk space used for client computer cache" setting to organizational standards. CC ID 11177 | System hardening through configuration management | Configuration | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Global" to organizational standards. CC ID 11178 | System hardening through configuration management | Configuration | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Site Local" to organizational standards. CC ID 11180 | System hardening through configuration management | Configuration | |
| Configure the "Set the Email IDs to which notifications are to be sent" setting to organizational standards. CC ID 11184 | System hardening through configuration management | Configuration | |
| Configure the "Set the map update interval for NIS subordinate servers" setting to organizational standards. CC ID 11186 | System hardening through configuration management | Configuration | |
| Configure the "Set the Seed Server" setting for "IPv6 Global" to organizational standards. CC ID 11189 | System hardening through configuration management | Configuration | |
| Configure the "Set the Seed Server" setting for "IPv6 Site Local" to organizational standards. CC ID 11191 | System hardening through configuration management | Configuration | |
| Configure the "Set the SMTP Server used to send notifications" setting to organizational standards. CC ID 11192 | System hardening through configuration management | Configuration | |
| Configure the "Set timer resolution" setting to organizational standards. CC ID 11196 | System hardening through configuration management | Configuration | |
| Configure the "Sets how often a DFS Client discovers DC's" setting to organizational standards. CC ID 11199 | System hardening through configuration management | Configuration | |
| Configure the "Short name creation options" setting to organizational standards. CC ID 11200 | System hardening through configuration management | Configuration | |
| Configure the "Site Name" setting to organizational standards. CC ID 11201 | System hardening through configuration management | Configuration | |
| Configure the "Specify a default color" setting to organizational standards. CC ID 11208 | System hardening through configuration management | Configuration | |
| Configure the "Specify idle Timeout" setting to organizational standards. CC ID 11210 | System hardening through configuration management | Configuration | |
| Configure the "Specify maximum amount of memory in MB per Shell" setting to organizational standards. CC ID 11211 | System hardening through configuration management | Configuration | |
| Configure the "Specify maximum number of processes per Shell" setting to organizational standards. CC ID 11212 | System hardening through configuration management | Configuration | |
| Configure the "Specify Shell Timeout" setting to organizational standards. CC ID 11216 | System hardening through configuration management | Configuration | |
| Configure the "Specify Windows installation file location" setting to organizational standards. CC ID 11225 | System hardening through configuration management | Configuration | |
| Configure the "Specify Windows Service Pack installation file location" setting to organizational standards. CC ID 11226 | System hardening through configuration management | Configuration | |
| Configure the "SSL Cipher Suite Order" setting to organizational standards. CC ID 11227 | System hardening through configuration management | Configuration | |
| Configure the "Switch to the Simplified Chinese (PRC) gestures" setting to organizational standards. CC ID 11230 | System hardening through configuration management | Configuration | |
| Configure the "Sysvol share compatibility" setting to organizational standards. CC ID 11231 | System hardening through configuration management | Configuration | |
| Configure the "Tag Windows Customer Experience Improvement data with Study Identifier" setting to organizational standards. CC ID 11232 | System hardening through configuration management | Configuration | |
| Configure the "Teredo Client Port" setting to organizational standards. CC ID 11236 | System hardening through configuration management | Configuration | |
| Configure the "Teredo Default Qualified" setting to organizational standards. CC ID 11237 | System hardening through configuration management | Configuration | |
| Configure the "Teredo Refresh Rate" setting to organizational standards. CC ID 11238 | System hardening through configuration management | Configuration | |
| Configure the "Teredo Server Name" setting to organizational standards. CC ID 11239 | System hardening through configuration management | Configuration | |
| Configure the "Teredo State" setting to organizational standards. CC ID 11240 | System hardening through configuration management | Configuration | |
| Configure the "Time (in seconds) to force reboot" setting to organizational standards. CC ID 11242 | System hardening through configuration management | Configuration | |
| Configure the "Time (in seconds) to force reboot when required for policy changes to take effect" setting to organizational standards. CC ID 11243 | System hardening through configuration management | Configuration | |
| Configure the "Timeout for fast user switching events" setting to organizational standards. CC ID 11244 | System hardening through configuration management | Configuration | |
| Configure the "Traps for public community" setting to organizational standards. CC ID 11246 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Hosts" setting to organizational standards. CC ID 11249 | System hardening through configuration management | Configuration | |
| Configure the "Try Next Closest Site" setting to organizational standards. CC ID 11250 | System hardening through configuration management | Configuration | |
| Configure the "TTL Set in the A and PTR records" setting to organizational standards. CC ID 11251 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Accounting for WSRM" setting to organizational standards. CC ID 11333 | System hardening through configuration management | Configuration | |
| Configure the "Turn on BranchCache" setting to organizational standards. CC ID 11334 | System hardening through configuration management | Configuration | |
| Configure the "Turn on certificate propagation from smart card" setting to organizational standards. CC ID 11335 | System hardening through configuration management | Configuration | |
| Configure the "Turn On Compatibility HTTP Listener" setting to organizational standards. CC ID 11336 | System hardening through configuration management | Configuration | |
| Configure the "Turn On Compatibility HTTPS Listener" setting to organizational standards. CC ID 11337 | System hardening through configuration management | Configuration | |
| Configure the "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" setting to organizational standards. CC ID 11338 | System hardening through configuration management | Configuration | |
| Configure the "Turn on definition updates through both WSUS and Windows Update" setting to organizational standards. CC ID 11339 | System hardening through configuration management | Configuration | |
| Configure the "Turn on economical application of administratively assigned Offline Files" setting to organizational standards. CC ID 11342 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Mapper I/O (LLTDIO) driver" setting to organizational standards. CC ID 11346 | System hardening through configuration management | Configuration | |
| Configure the "Turn on recommended updates via Automatic Updates" setting to organizational standards. CC ID 11347 | System hardening through configuration management | Configuration | |
| Configure the "Turn on root certificate propagation from smart card" setting to organizational standards. CC ID 11349 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Software Notifications" setting to organizational standards. CC ID 11352 | System hardening through configuration management | Configuration | |
| Configure the "Turn on TPM backup to Active Directory Domain Services" setting to organizational standards. CC ID 11356 | System hardening through configuration management | Configuration | |
| Configure the "Use forest search order" setting for "Key Distribution Center (KDC) searches" to organizational standards. CC ID 11359 | System hardening through configuration management | Configuration | |
| Configure the "Use forest search order" setting for "Kerberos client searches" to organizational standards. CC ID 11360 | System hardening through configuration management | Configuration | |
| Configure the "Use IP Address Redirection" setting to organizational standards. CC ID 11361 | System hardening through configuration management | Configuration | |
| Configure the "Use localized subfolder names when redirecting Start Menu and My Documents" setting to organizational standards. CC ID 11362 | System hardening through configuration management | Configuration | |
| Configure the "Use mandatory profiles on the RD Session Host server" setting to organizational standards. CC ID 11363 | System hardening through configuration management | Configuration | |
| Configure the "Verbose vs normal status messages" setting to organizational standards. CC ID 11368 | System hardening through configuration management | Configuration | |
| Configure the "Verify old and new Folder Redirection targets point to the same share before redirecting" setting to organizational standards. CC ID 11369 | System hardening through configuration management | Configuration | |
| Configure the "Windows Scaling Heuristics State" setting to organizational standards. CC ID 11372 | System hardening through configuration management | Configuration | |
| Configure the "Obtain Software Package Updates with apt-get" setting to organizational standards. CC ID 11375 | System hardening through configuration management | Configuration | |
| Configure the "display a banner before authentication" setting for "LightDM" to organizational standards. CC ID 11385 | System hardening through configuration management | Configuration | |
| Configure the "shadow" group to organizational standards. CC ID 11386 | System hardening through configuration management | Configuration | |
| Configure the "AppArmor" setting to organizational standards. CC ID 11387 | System hardening through configuration management | Configuration | |
| Configure knowledge-based authentication tools in accordance with organizational standards. CC ID 13740 | System hardening through configuration management | Configuration | |
| Configure the session timeout for the knowledge-based authentication tool used for the identity proofing process according to organizational standards. CC ID 13754 | System hardening through configuration management | Configuration | |
| Configure the knowledge-based authentication tool to restart after a session timeout. CC ID 13753 | System hardening through configuration management | Configuration | |
| Configure the number of attempts allowed to complete the knowledge-based authentication in the knowledge-based authentication tool. CC ID 13751 | System hardening through configuration management | Configuration | |
| Disable or configure the e-mail server, as necessary. CC ID 06563 | System hardening through configuration management | Configuration | |
| Configure e-mail servers to enable receiver-side verification. CC ID 12223 | System hardening through configuration management | Configuration | |
| Configure the e-mail server to prevent it from listening to external interfaces. CC ID 01561 | System hardening through configuration management | Configuration | |
| Configure the "Local-Only Mode" setting for the "Mail Transfer Agent" to organizational standards. CC ID 09940 | System hardening through configuration management | Configuration | |
| Configure the system account settings and the permission settings in accordance with the organizational standards. CC ID 01538 | System hardening through configuration management | Configuration | |
| Configure Windows User Account Control in accordance with organizational standards. CC ID 16437 | System hardening through configuration management | Configuration | |
| Configure the at.allow file with the users who are permitted to use the at facility, as appropriate. CC ID 06005 | System hardening through configuration management | Configuration | |
| Configure the /etc/xinetd.conf file group permissions, as appropriate. CC ID 05994 | System hardening through configuration management | Configuration | |
| Create the default adduser.conf file. CC ID 01581 | System hardening through configuration management | Configuration | |
| Configure user accounts. CC ID 07036 | System hardening through configuration management | Configuration | |
| Configure account expiration parameters on active accounts. CC ID 01580 | System hardening through configuration management | Configuration | |
| Remove unnecessary default accounts. CC ID 01539 | System hardening through configuration management | Configuration | |
| Disable all unnecessary user identifiers. CC ID 02185 | System hardening through configuration management | Configuration | |
| Remove unnecessary user credentials. CC ID 16409 | System hardening through configuration management | Configuration | |
| Remove the root user as appropriate. CC ID 01582 | System hardening through configuration management | Configuration | |
| Disable or remove the null account. CC ID 06572 | System hardening through configuration management | Configuration | |
| Change default accounts. CC ID 16468 | System hardening through configuration management | Process or Activity | |
| Configure accounts with administrative privilege. CC ID 07033 | System hardening through configuration management | Configuration | |
| Employ multifactor authentication for accounts with administrative privilege. CC ID 12496 | System hardening through configuration management | Technical Security | |
| Disable root logons or limit the logons to the system console. CC ID 01573 | System hardening through configuration management | Configuration | |
| Encrypt non-console administrative access. CC ID 00883 | System hardening through configuration management | Configuration | |
| Invoke a strong encryption method before requesting an authenticator. CC ID 11986 | System hardening through configuration management | Technical Security | |
| Configure the default group for the root user. CC ID 01586 | System hardening through configuration management | Configuration | |
| Rename or disable the Administrator Account. CC ID 01721 | System hardening through configuration management | Configuration | |
| Create a backup administrator account. CC ID 04497 | System hardening through configuration management | Configuration | |
| Configure the general user ID parameters. CC ID 02186 | System hardening through configuration management | Configuration | |
| Configure the Master user ID parameters inside the Site Management Complex. CC ID 02187 | System hardening through configuration management | Configuration | |
| Configure the subadministrators user ID parameters. CC ID 02188 | System hardening through configuration management | Configuration | |
| Configure the user account expiration date. CC ID 07101 | System hardening through configuration management | Configuration | |
| Configure User Rights. CC ID 07034 | System hardening through configuration management | Configuration | |
| Configure the "Access this computer from the network" User Right. CC ID 01834 | System hardening through configuration management | Configuration | |
| Configure the "Act as a part of the operating system" User Right. CC ID 01835 | System hardening through configuration management | Configuration | |
| Configure the "Add workstations to domain" User Right setting to organizational standards. CC ID 01836 | System hardening through configuration management | Configuration | |
| Configure the "Adjust memory quotas for a process" User Right. CC ID 01837 | System hardening through configuration management | Configuration | |
| Configure the "Allow log on through Terminal Services" User Right setting to organizational standards. CC ID 01838 | System hardening through configuration management | Configuration | |
| Configure the "Back up files and directories" User Right. CC ID 01839 | System hardening through configuration management | Configuration | |
| Configure the "Bypass traverse checking" User Right. CC ID 01840 | System hardening through configuration management | Configuration | |
| Configure the "Change the system time" User Right. CC ID 01841 | System hardening through configuration management | Configuration | |
| Configure the "Change the time zone" User Right. CC ID 04382 | System hardening through configuration management | Configuration | |
| Configure the "Create a pagefile" User Right. CC ID 01842 | System hardening through configuration management | Configuration | |
| Configure the "Create a token object" User Right. CC ID 01843 | System hardening through configuration management | Configuration | |
| Configure the "Create permanent shared objects" User Right. CC ID 01844 | System hardening through configuration management | Configuration | |
| Configure the "Debug programs" User Right. CC ID 01845 | System hardening through configuration management | Configuration | |
| Configure the "Deny access to this computer from the network" User Right. CC ID 01846 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on as a batch job" User Right setting to organizational standards. CC ID 01847 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on as a service" User Right setting to organizational standards. CC ID 01848 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on locally" User Right setting to organizational standards. CC ID 01849 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on through Terminal Service" User Right setting to organizational standards. CC ID 01850 | System hardening through configuration management | Configuration | |
| Configure the "Enable computer and user accounts to be trusted for delegation" User Right. CC ID 01851 | System hardening through configuration management | Configuration | |
| Configure the "Force shutdown from a remote system" User Right. CC ID 01852 | System hardening through configuration management | Configuration | |
| Configure the "Generate security audits" User Right. CC ID 01853 | System hardening through configuration management | Configuration | |
| Configure the "Increase scheduling priority" User Right. CC ID 01854 | System hardening through configuration management | Configuration | |
| Configure the "Load and unload device drivers" User Right. CC ID 01855 | System hardening through configuration management | Configuration | |
| Configure the "Lock pages in memory" User Right. CC ID 01856 | System hardening through configuration management | Configuration | |
| Configure the "Lock Inactive User Accounts" setting to organizational standards. CC ID 09921 | System hardening through configuration management | Configuration | |
| Configure the "Log on as a batch job" User Right. CC ID 01857 | System hardening through configuration management | Configuration | |
| Configure the "Log on as a service" User Right. CC ID 01858 | System hardening through configuration management | Configuration | |
| Configure the "Allow log on locally" User Right setting to organizational standards. CC ID 01859 | System hardening through configuration management | Configuration | |
| Configure the "Manage auditing and security log" User Right. CC ID 01860 | System hardening through configuration management | Configuration | |
| Configure the "Modify firmware environment values" User Right. CC ID 01861 | System hardening through configuration management | Configuration | |
| Configure the "Perform volume maintenance tasks" User Right. CC ID 01862 | System hardening through configuration management | Configuration | |
| Configure the "Profile single process" User Right. CC ID 01863 | System hardening through configuration management | Configuration | |
| Configure the "Profile system performance" User Right. CC ID 01864 | System hardening through configuration management | Configuration | |
| Configure the "Remove computer from docking station" User Right. CC ID 01865 | System hardening through configuration management | Configuration | |
| Configure the "Replace a process level token" User Right. CC ID 01866 | System hardening through configuration management | Configuration | |
| Configure the "Restore files and directories" User Right. CC ID 01867 | System hardening through configuration management | Configuration | |
| Configure the "Shut down the system" User Right. CC ID 01868 | System hardening through configuration management | Configuration | |
| Configure the "Synchronize directory service data" User Right setting to organizational standards. CC ID 01869 | System hardening through configuration management | Configuration | |
| Configure the "Take ownership of files or other objects" User Right. CC ID 01870 | System hardening through configuration management | Configuration | |
| Configure the "Create global objects" User Right. CC ID 04383 | System hardening through configuration management | Configuration | |
| Configure the "Create symbolic links" User Right. CC ID 04384 | System hardening through configuration management | Configuration | |
| Configure the "Impersonate a client after authentication" User Right. CC ID 04385 | System hardening through configuration management | Configuration | |
| Configure the "Increase a process working set" User Right. CC ID 04386 | System hardening through configuration management | Configuration | |
| Configure file permissions and directory permissions to organizational standards. CC ID 07035 | System hardening through configuration management | Configuration | |
| Configure "SYSVOL" to organizational standards. CC ID 15398 | System hardening through configuration management | Configuration | |
| Configure the Cron log file permissions, as appropriate. CC ID 05998 | System hardening through configuration management | Configuration | |
| Configure the "docker.service" file ownership to organizational standards. CC ID 14477 | System hardening through configuration management | Configuration | |
| Establish and verify the file permissions for the passwd files, the shadow files, and the group files. CC ID 01537 | System hardening through configuration management | Technical Security | |
| Verify uneven file permissions and uneven directory permissions do not occur, except on the WWW directory. CC ID 02159 | System hardening through configuration management | Configuration | |
| Configure the "/dev/kmem" file permissions to organizational standards. CC ID 05449 | System hardening through configuration management | Configuration | |
| Configure the "/dev/mem" file permissions to organizational standards. CC ID 05450 | System hardening through configuration management | Configuration | |
| Configure the "/dev/null" file permissions to organizational standards. CC ID 05451 | System hardening through configuration management | Configuration | |
| Configure the "resolv.conf" file permissions to organizational standards. CC ID 05452 | System hardening through configuration management | Configuration | |
| Configure the "/etc/named.conf" file permissions to organizational standards. CC ID 05453 | System hardening through configuration management | Configuration | |
| Configure the "/etc/group" file permissions to organizational standards. CC ID 05454 | System hardening through configuration management | Configuration | |
| Set the /etc/exports file file permissions properly. CC ID 05455 | System hardening through configuration management | Configuration | |
| Set the /usr/bin/at file file permissions properly. CC ID 05456 | System hardening through configuration management | Configuration | |
| Configure the "/usr/bin/rdist" file permissions to organizational standards. CC ID 05457 | System hardening through configuration management | Configuration | |
| Configure the "/usr/sbin/sync" file permissions to organizational standards. CC ID 05458 | System hardening through configuration management | Configuration | |
| Configure the "aliases" file permissions to organizational standards. CC ID 05460 | System hardening through configuration management | Configuration | |
| Set the file permissions for log file that is configured to capture critical sendmail messages properly. CC ID 05461 | System hardening through configuration management | Log Management | |
| Set the file permissions for all files executed through /etc/aliases file entries properly. CC ID 05462 | System hardening through configuration management | Configuration | |
| Configure the "/bin/csh" file permissions to organizational standards. CC ID 05463 | System hardening through configuration management | Configuration | |
| Configure the "/bin/jsh" file permissions to organizational standards. CC ID 05464 | System hardening through configuration management | Configuration | |
| Configure the "/bin/ksh" file permissions to organizational standards. CC ID 05465 | System hardening through configuration management | Configuration | |
| Configure the "/bin/sh" file permissions to organizational standards. CC ID 05466 | System hardening through configuration management | Configuration | |
| Configure the "/bin/bash" file permissions to organizational standards. CC ID 05467 | System hardening through configuration management | Configuration | |
| Configure the "/sbin/csh" file permissions to organizational standards. CC ID 05468 | System hardening through configuration management | Configuration | |
| Configure the "/sbin/jsh" file permissions to organizational standards. CC ID 05469 | System hardening through configuration management | Configuration | |
| Configure the "/sbin/ksh" file permissions to organizational standards. CC ID 05470 | System hardening through configuration management | Configuration | |
| Configure the "/sbin/sh" file permissions to organizational standards. CC ID 05471 | System hardening through configuration management | Configuration | |
| Configure the "/sbin/bash" file permissions to organizational standards. CC ID 05472 | System hardening through configuration management | Configuration | |
| Configure the "/usr/bin/csh" file permissions to organizational standards. CC ID 05473 | System hardening through configuration management | Configuration | |
| Configure the "/usr/bin/jsh" file permissions to organizational standards. CC ID 05474 | System hardening through configuration management | Configuration | |
| Configure the "/usr/bin/ksh" file permissions to organizational standards. CC ID 05475 | System hardening through configuration management | Configuration | |
| Configure the "/usr/bin/sh" file permissions to organizational standards. CC ID 05476 | System hardening through configuration management | Configuration | |
| Configure the "/usr/bin/bash" file permissions to organizational standards. CC ID 05477 | System hardening through configuration management | Configuration | |
| Configure the "snmpd.conf" file permissions to organizational standards. CC ID 05478 | System hardening through configuration management | Configuration | |
| Configure the "/tmp" file permissions to organizational standards. CC ID 05479 | System hardening through configuration management | Configuration | |
| Configure the "/usr/tmp" file permissions to organizational standards. CC ID 05480 | System hardening through configuration management | Configuration | |
| Configure the ".Xauthority" file permissions to organizational standards. CC ID 05481 | System hardening through configuration management | Configuration | |
| Configure the "/etc/aliases" file permissions to organizational standards. CC ID 05482 | System hardening through configuration management | Configuration | |
| Configure the "/etc/csh" file permissions to organizational standards. CC ID 05483 | System hardening through configuration management | Configuration | |
| Configure the "/etc/default/docker" file permissions to organizational standards. CC ID 14487 | System hardening through configuration management | Configuration | |
| Configure the "/etc/default/docker" file ownership to organizational standards. CC ID 14484 | System hardening through configuration management | Configuration | |
| Configure the "/etc/default/*" file permissions to organizational standards. CC ID 05484 | System hardening through configuration management | Configuration | |
| Configure the "/etc/docker" directory permissions to organizational standards. CC ID 14470 | System hardening through configuration management | Configuration | |
| Configure the "/etc/docker" directory ownership to organizational standards. CC ID 14469 | System hardening through configuration management | Configuration | |
| Set the file permissions for /etc/default/login properly. CC ID 05485 | System hardening through configuration management | Configuration | |
| Configure the "/etc/gshadow" file permissions to organizational standards. CC ID 05486 | System hardening through configuration management | Configuration | |
| Configure the "/etc/host.lpd" file permissions to organizational standards. CC ID 05487 | System hardening through configuration management | Configuration | |
| Configure the "/etc/hostname*" file permissions to organizational standards. CC ID 05488 | System hardening through configuration management | Configuration | |
| Configure the "/etc/hosts" file permissions to organizational standards. CC ID 05489 | System hardening through configuration management | Configuration | |
| Set the /etc/inetd.conf file file permissions properly. CC ID 05490 | System hardening through configuration management | Configuration | |
| Configure the "/etc/issue" file permissions to organizational standards. CC ID 05491 | System hardening through configuration management | Configuration | |
| Configure the "/etc/jsh" file permissions to organizational standards. CC ID 05492 | System hardening through configuration management | Configuration | |
| Configure the "/etc/kubernetes/pki/*.crt" file permissions to organizational standards. CC ID 14562 | System hardening through configuration management | Configuration | |
| Configure the "/etc/kubernetes/pki/*.key" file permissions to organizational standards. CC ID 14557 | System hardening through configuration management | Configuration | |
| Configure the "/etc/kubernetes/pki" file ownership to organizational standards. CC ID 14555 | System hardening through configuration management | Configuration | |
| Configure the "/etc/ksh" file permissions to organizational standards. CC ID 05493 | System hardening through configuration management | Configuration | |
| Configure the "/etc/mail/aliases" file permissions to organizational standards. CC ID 05494 | System hardening through configuration management | Configuration | |
| Configure the "/etc/motd" file permissions to organizational standards. CC ID 05495 | System hardening through configuration management | Configuration | |
| Configure the "/etc/netconfig" file permissions to organizational standards. CC ID 05496 | System hardening through configuration management | Configuration | |
| Configure the "/etc/notrouter" file permissions to organizational standards. CC ID 05497 | System hardening through configuration management | Configuration | |
| Configure the "/etc/passwd" file permissions to organizational standards. CC ID 05498 | System hardening through configuration management | Configuration | |
| Configure the "/etc/security" file permissions to organizational standards. CC ID 05499 | System hardening through configuration management | Configuration | |
| Configure the "/etc/services" file permissions to organizational standards. CC ID 05500 | System hardening through configuration management | Configuration | |
| Configure the "/etc/sysconfig/docker" file ownership to organizational standards. CC ID 14491 | System hardening through configuration management | Configuration | |
| Configure the "/etc/sh" file permissions to organizational standards. CC ID 05501 | System hardening through configuration management | Configuration | |
| Configure the "/etc/sysconfig/docker" file permissions to organizational standards. CC ID 14486 | System hardening through configuration management | Configuration | |
| Configure the "/etc/shadow" file permissions to organizational standards. CC ID 05502 | System hardening through configuration management | Configuration | |
| Configure the "docker.socket" file ownership to organizational standards. CC ID 14472 | System hardening through configuration management | Configuration | |
| Configure the "/etc/syslog.conf" file permissions to organizational standards. CC ID 05503 | System hardening through configuration management | Configuration | |
| Configure the "/etc/fstab" file permissions to organizational standards. CC ID 05504 | System hardening through configuration management | Configuration | |
| Configure the "docker.socket" file permissions to organizational standards. CC ID 14468 | System hardening through configuration management | Configuration | |
| Configure the "/var/adm/messages" file permissions to organizational standards. CC ID 05505 | System hardening through configuration management | Configuration | |
| Configure the "/var/adm/sulog" file permissions to organizational standards. CC ID 05506 | System hardening through configuration management | Configuration | |
| Configure the "/var/adm/utmp" file permissions to organizational standards. CC ID 05507 | System hardening through configuration management | Configuration | |
| Configure the "/var/adm/wtmp" file permissions to organizational standards. CC ID 05508 | System hardening through configuration management | Configuration | |
| Configure the "/var/adm/authlog" file permissions to organizational standards. CC ID 05509 | System hardening through configuration management | Configuration | |
| Configure the "/var/adm/syslog" file permissions to organizational standards. CC ID 05510 | System hardening through configuration management | Configuration | |
| Configure the "/var/mail" file permissions to organizational standards. CC ID 05511 | System hardening through configuration management | Configuration | |
| Configure the "/var/tmp" file permissions to organizational standards. CC ID 05512 | System hardening through configuration management | Configuration | |
| Configure the "/usr/lib/pt_chmod" file permissions to organizational standards. CC ID 05513 | System hardening through configuration management | Configuration | |
| Configure the "/usr/lib/embedded_us" file permissions to organizational standards. CC ID 05514 | System hardening through configuration management | Configuration | |
| Configure the "/usr/kerberos/bin/rsh" file permissions to organizational standards. CC ID 05515 | System hardening through configuration management | Configuration | |
| Configure the "/var/spool/mail" file permissions to organizational standards. CC ID 05516 | System hardening through configuration management | Configuration | |
| Configure the "smbpasswd" file permissions to organizational standards. CC ID 05517 | System hardening through configuration management | Configuration | |
| Configure the "/usr/lib/sendmail" file permissions to organizational standards. CC ID 05518 | System hardening through configuration management | Configuration | |
| Set the /etc/security/audit/config file file permissions properly. CC ID 05519 | System hardening through configuration management | Configuration | |
| Set the /etc/security/audit/events file file permissions properly. CC ID 05520 | System hardening through configuration management | Configuration | |
| Set the /etc/security/audit/objects file file permissions properly. CC ID 05521 | System hardening through configuration management | Configuration | |
| Set the /usr/lib/trcload file file permissions properly. CC ID 05522 | System hardening through configuration management | Configuration | |
| Set the /usr/lib/semutil file file permissions properly. CC ID 05523 | System hardening through configuration management | Configuration | |
| Set the /etc/rc.config.d/auditing file file permissions properly. CC ID 05524 | System hardening through configuration management | Configuration | |
| Configure the "/etc/init.d" file permissions to organizational standards. CC ID 05525 | System hardening through configuration management | Configuration | |
| Set the /etc/hosts.lpd file file permissions properly. CC ID 05526 | System hardening through configuration management | Configuration | |
| Configure the "/etc/pam.conf" file permissions to organizational standards. CC ID 05527 | System hardening through configuration management | Configuration | |
| Configure the "/boot/grub/grub.conf" file permissions to organizational standards. CC ID 05528 | System hardening through configuration management | Configuration | |
| Configure the "/etc/grub.conf" file permissions to organizational standards. CC ID 05529 | System hardening through configuration management | Configuration | |
| Configure the "/etc/lilo.conf" file permissions to organizational standards. CC ID 05530 | System hardening through configuration management | Configuration | |
| Set the file permissions for /etc/login.access properly. CC ID 05531 | System hardening through configuration management | Configuration | |
| Configure the "docker.service" file permissions to organizational standards. CC ID 14479 | System hardening through configuration management | Configuration | |
| Configure the "/etc/security/access.conf" file permissions to organizational standards. CC ID 05532 | System hardening through configuration management | Configuration | |
| Configure the "/etc/sysctl.conf" file permissions to organizational standards. CC ID 05533 | System hardening through configuration management | Configuration | |
| Configure the "/etc/securetty" file permissions to organizational standards. CC ID 05534 | System hardening through configuration management | Configuration | |
| Configure the "/etc/audit/auditd.conf" file permissions to organizational standards. CC ID 05535 | System hardening through configuration management | Configuration | |
| Configure the "audit.rules" file permissions to organizational standards. CC ID 05536 | System hardening through configuration management | Configuration | |
| Set the /usr/sbin/userhelper file file permissions properly. CC ID 05537 | System hardening through configuration management | Configuration | |
| Set the file permissions for all syslog log files properly. CC ID 05538 | System hardening through configuration management | Configuration | |
| Set the /etc/anacrontab file file permissions properly. CC ID 05543 | System hardening through configuration management | Configuration | |
| Set the /etc/pki/tls/CA/cacert.pem file file permissions properly. CC ID 05544 | System hardening through configuration management | Configuration | |
| Set the /etc/pki/tls/ldap/serverkey.pem file file permissions properly. CC ID 05545 | System hardening through configuration management | Configuration | |
| Set the /etc/pki/tls/ldap/servercert.pem file file permissions properly. CC ID 05546 | System hardening through configuration management | Configuration | |
| Set the /etc/pki/tls/ldap file file permissions properly. CC ID 05547 | System hardening through configuration management | Configuration | |
| Set the /etc/httpd/conf file file permissions properly. CC ID 05548 | System hardening through configuration management | Configuration | |
| Set the /etc/httpd/conf/* file file permissions properly. CC ID 05549 | System hardening through configuration management | Configuration | |
| Set the /usr/sbin/httpd file file permissions properly. CC ID 05550 | System hardening through configuration management | Configuration | |
| Set the /var/log/httpd file file permissions properly. CC ID 05551 | System hardening through configuration management | Configuration | |
| Set the daemon debug log file file permissions properly. CC ID 05552 | System hardening through configuration management | Configuration | |
| Set the Cron log file file permissions properly. CC ID 05553 | System hardening through configuration management | Configuration | |
| Set the file permissions for system accounting properly. CC ID 05554 | System hardening through configuration management | Configuration | |
| Set the /etc/dfs file file permissions properly. CC ID 05555 | System hardening through configuration management | Configuration | |
| Set the /etc/fs file permissions properly. CC ID 05556 | System hardening through configuration management | Configuration | |
| Set the /etc/ufs file file permissions properly. CC ID 05557 | System hardening through configuration management | Configuration | |
| Set the /etc/vfstab file file permissions properly. CC ID 05558 | System hardening through configuration management | Configuration | |
| Set the vold.conf file permissions properly. CC ID 05559 | System hardening through configuration management | Configuration | |
| Configure the "Docker socket" file ownership to organizational standards. CC ID 14493 | System hardening through configuration management | Configuration | |
| Configure the "daemon.json" file permissions to organizational standards. CC ID 14492 | System hardening through configuration management | Configuration | |
| Set the ASET userlist file permissions properly. CC ID 05560 | System hardening through configuration management | Configuration | |
| Set the /etc/rmmount.conf file file permissions properly. CC ID 05561 | System hardening through configuration management | Configuration | |
| Configure the "Docker server certificate" file ownership to organizational standards. CC ID 14471 | System hardening through configuration management | Configuration | |
| Configure the "Docker server certificate key" file permissions to organizational standards. CC ID 14485 | System hardening through configuration management | Configuration | |
| Set the /etc/security/audit_control file file permissions properly. CC ID 05563 | System hardening through configuration management | Configuration | |
| Configure the "daemon.json" file ownership to organizational standards. CC ID 14482 | System hardening through configuration management | Configuration | |
| Configure the "Docker socket" file permissions to organizational standards. CC ID 14480 | System hardening through configuration management | Configuration | |
| Set the /etc/security/audit_class file file permissions properly. CC ID 05564 | System hardening through configuration management | Configuration | |
| Configure the "Docker server certificate key" file ownership to organizational standards. CC ID 14478 | System hardening through configuration management | Configuration | |
| Configure the "admin.conf" file ownership to organizational standards. CC ID 14556 | System hardening through configuration management | Configuration | |
| Set the /etc/security/audit_event file file permissions properly. CC ID 05565 | System hardening through configuration management | Configuration | |
| Configure the "admin.conf" file permissions to organizational standards. CC ID 14554 | System hardening through configuration management | Configuration | |
| Configure the "Certificate Authority" file ownership to organizational standards. CC ID 14630 | System hardening through configuration management | Configuration | |
| Configure the "Docker server certificate" file permissions to organizational standards. CC ID 14476 | System hardening through configuration management | Configuration | |
| Configure the "etcd" data directory ownership to organizational standards. CC ID 14620 | System hardening through configuration management | Configuration | |
| Configure the "etcd" data directory permissions to organizational standards. CC ID 14618 | System hardening through configuration management | Configuration | |
| Configure the "etcd.yaml" file ownership to organizational standards. CC ID 14615 | System hardening through configuration management | Configuration | |
| Configure the "etcd.yaml" file permissions to organizational standards. CC ID 14609 | System hardening through configuration management | Configuration | |
| Configure the file permissions for at.allow, as appropriate. CC ID 05995 | System hardening through configuration management | Configuration | |
| Configure the file permissions for at.deny, as appropriate. CC ID 05996 | System hardening through configuration management | Configuration | |
| Configure the file permissions for cron.allow, as appropriate. CC ID 05999 | System hardening through configuration management | Configuration | |
| Configure the file permissions for cron.deny, as appropriate. CC ID 06000 | System hardening through configuration management | Configuration | |
| Configure the "Certificate Authority" file permissions to organizational standards. CC ID 14623 | System hardening through configuration management | Configuration | |
| Configure the file permissions for /usr/bin/at file, as appropriate. CC ID 06001 | System hardening through configuration management | Configuration | |
| Configure the "kubelet --config" file ownership to organizational standards. CC ID 14632 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the /etc/cron.daily file, as appropriate. CC ID 06008 | System hardening through configuration management | Configuration | |
| Configure the "kubelet.conf" file ownership to organizational standards. CC ID 14628 | System hardening through configuration management | Configuration | |
| Configure the "kubelet --config" file permissions to organizational standards. CC ID 14625 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the /etc/cron.weekly file, as appropriate. CC ID 06009 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the /etc/cron.hourly file, as appropriate. CC ID 06010 | System hardening through configuration management | Configuration | |
| Configure the "kubelet service" file permissions to organizational standards. CC ID 14660 | System hardening through configuration management | Configuration | |
| Configure the "kubelet.conf" file permissions to organizational standards. CC ID 14619 | System hardening through configuration management | Configuration | |
| Configure the "controller-manager.conf" file ownership to organizational standards. CC ID 14560 | System hardening through configuration management | Configuration | |
| Configure the "kubeconfig" file ownership to organizational standards. CC ID 14617 | System hardening through configuration management | Configuration | |
| Configure the "kubeconfig" file permissions to organizational standards. CC ID 14616 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the /etc/cron.monthly file, as appropriate. CC ID 06013 | System hardening through configuration management | Configuration | |
| Configure the "kubelet service" file ownership to organizational standards. CC ID 14612 | System hardening through configuration management | Configuration | |
| Configure the "kube-scheduler.yaml" file ownership to organizational standards. CC ID 14611 | System hardening through configuration management | Configuration | |
| Configure the file permissions for all user home directories, as appropriate. CC ID 06019 | System hardening through configuration management | Configuration | |
| Configure the "kube-scheduler.yaml" file permissions to organizational standards. CC ID 14603 | System hardening through configuration management | Configuration | |
| Configure the "kube-controller-manager.yaml" file ownership to organizational standards. CC ID 14600 | System hardening through configuration management | Configuration | |
| Configure the "kube-controller-manager.yaml" file permissions to organizational standards. CC ID 14598 | System hardening through configuration management | Configuration | |
| Configure the "kube-apiserver.yaml" file ownership to organizational standards. CC ID 14597 | System hardening through configuration management | Configuration | |
| Configure the "scheduler.conf" file ownership to organizational standards. CC ID 14558 | System hardening through configuration management | Configuration | |
| Configure the .netrc file permissions, as necessary. CC ID 06022 | System hardening through configuration management | Configuration | |
| Configure the "all rsyslog log files" permissions to organizational standards. CC ID 08748 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "controller-manager.conf" file permissions to organizational standards. CC ID 14553 | System hardening through configuration management | Configuration | |
| Configure the "Container Network Interface" file ownership to organizational standards. CC ID 14552 | System hardening through configuration management | Configuration | |
| Configure the "Container Network Interface" file permissions to organizational standards. CC ID 14550 | System hardening through configuration management | Configuration | |
| Configure the "crontab" directory permissions to organizational standards. CC ID 08967 | System hardening through configuration management | Configuration | |
| Configure the "scheduler.conf" file permissions to organizational standards. CC ID 14551 | System hardening through configuration management | Configuration | |
| Configure the "crontab" file permissions to organizational standards. CC ID 08968 | System hardening through configuration management | Configuration | |
| Configure the "kube-apiserver.yaml" file permissions to organizational standards. CC ID 14549 | System hardening through configuration management | Configuration | |
| Configure the "traceroute executable" file permissions to organizational standards. CC ID 08979 | System hardening through configuration management | Configuration | |
| Configure the "httpd.conf" file permissions to organizational standards. CC ID 09041 | System hardening through configuration management | Configuration | |
| Configure the "/etc/httpd/conf/passwd" file permissions to organizational standards. CC ID 09042 | System hardening through configuration management | Configuration | |
| Configure the "/usr/sbin/apachectl" file permissions to organizational standards. CC ID 09043 | System hardening through configuration management | Configuration | |
| Configure the "/var/www/html" file permissions to organizational standards. CC ID 09044 | System hardening through configuration management | Configuration | |
| Configure the "apache configuration" directory permissions to organizational standards. CC ID 09045 | System hardening through configuration management | Configuration | |
| Configure the "htpasswd" file permissions to organizational standards. CC ID 09057 | System hardening through configuration management | Configuration | |
| Configure all "files specified by CustomLogs" file permissions to organizational standards. CC ID 09073 | System hardening through configuration management | Configuration | |
| Configure the "apache /bin" directory permissions to organizational standards. CC ID 09093 | System hardening through configuration management | Configuration | |
| Configure the "apache /logs" directory permissions to organizational standards. CC ID 09096 | System hardening through configuration management | Configuration | |
| Configure the "registry certificate" file permissions to organizational standards. CC ID 14483 | System hardening through configuration management | Configuration | |
| Configure the "apache /htdocs" directory permissions to organizational standards. CC ID 09099 | System hardening through configuration management | Configuration | |
| Configure the "registry certificate" file ownership to organizational standards. CC ID 14481 | System hardening through configuration management | Configuration | |
| Configure the "apache /cgi-bin" directory permissions to organizational standards. CC ID 09102 | System hardening through configuration management | Configuration | |
| Configure the "cgi-bin" directory permissions to organizational standards. CC ID 09103 | System hardening through configuration management | Configuration | |
| Configure the "apache process ID" file permissions to organizational standards. CC ID 09124 | System hardening through configuration management | Configuration | |
| Configure the "apache scoreboard" file permissions to organizational standards. CC ID 09127 | System hardening through configuration management | Configuration | |
| Configure the "htpasswd.exe" file permissions to organizational standards. CC ID 09143 | System hardening through configuration management | Configuration | |
| Configure the "setgid" permissions to organizational standards. CC ID 14513 | System hardening through configuration management | Configuration | |
| Configure the "TLS CA certificate" file permissions to organizational standards. CC ID 14475 | System hardening through configuration management | Configuration | |
| Configure the "TLS CA certificate" file ownership to organizational standards. CC ID 14473 | System hardening through configuration management | Configuration | |
| Configure the "apache /config" directory permissions to organizational standards. CC ID 09144 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32wscript.exe" file permissions to organizational standards. CC ID 09145 | System hardening through configuration management | Configuration | |
| Configure the "%SystemRoot%System32cscript.exe" file permissions to organizational standards. CC ID 09146 | System hardening through configuration management | Configuration | |
| Configure the "apache's process ID" file permissions to organizational standards. CC ID 09148 | System hardening through configuration management | Configuration | |
| Configure the "/etc/httpd/conf.d" file permissions to organizational standards. CC ID 09149 | System hardening through configuration management | Configuration | |
| Configure the "setuid" permissions to organizational standards. CC ID 14509 | System hardening through configuration management | Configuration | |
| Configure the "Web Root 'Images'" directory permissions to organizational standards. CC ID 09191 | System hardening through configuration management | Configuration | |
| Configure the "Web Root 'scripts'" directory permissions to organizational standards. CC ID 09192 | System hardening through configuration management | Configuration | |
| Configure the "Web Root 'executables'" directory permissions to organizational standards. CC ID 09193 | System hardening through configuration management | Configuration | |
| Configure the "Web Root 'docs'" directory permissions to organizational standards. CC ID 09194 | System hardening through configuration management | Configuration | |
| Configure the "Web Root 'home'" directory permissions to organizational standards. CC ID 09195 | System hardening through configuration management | Configuration | |
| Configure the "Web Root 'include'" directory permissions to organizational standards. CC ID 09196 | System hardening through configuration management | Configuration | |
| Configure the "default Logfiles" directory permissions to organizational standards. CC ID 09197 | System hardening through configuration management | Configuration | |
| Configure the "Inetpub" directory permissions to organizational standards. CC ID 09221 | System hardening through configuration management | Configuration | |
| Configure the "inetsrv" directory permissions to organizational standards. CC ID 09222 | System hardening through configuration management | Configuration | |
| Configure the "inetsrvasp.dll" file permissions to organizational standards. CC ID 09223 | System hardening through configuration management | Configuration | |
| Configure the "Web Root" directory permissions . to organizational standards CC ID 09224 | System hardening through configuration management | Configuration | |
| Configure the "files located in the folder specified by the Logger component (server.xml)" file permissions to organizational standards. CC ID 09733 | System hardening through configuration management | Configuration | |
| Configure the "webapps" directory permissions to organizational standards. CC ID 09734 | System hardening through configuration management | Configuration | |
| Configure the "tomcat installation" directory permissions to organizational standards. CC ID 09735 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /bin" directory permissions to organizational standards. CC ID 09736 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /common" directory permissions to organizational standards. CC ID 09737 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /conf" directory permissions to organizational standards. CC ID 09738 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /logs" directory permissions to organizational standards. CC ID 09739 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /server" directory permissions to organizational standards. CC ID 09740 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /shared" directory permissions to organizational standards. CC ID 09741 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /webapps" directory permissions to organizational standards. CC ID 09742 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /work" directory permissions to organizational standards. CC ID 09743 | System hardening through configuration management | Configuration | |
| Configure the "tomcat /temp" directory permissions to organizational standards. CC ID 09744 | System hardening through configuration management | Configuration | |
| Configure the "tomcat-users.xml" file permissions to organizational standards. CC ID 09778 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat home" directory permissions to organizational standards. CC ID 09799 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat home/conf/" directory permissions to organizational standards. CC ID 09802 | System hardening through configuration management | Configuration | |
| Configure the "SerializedSystemIni.dat" file permissions to organizational standards. CC ID 09860 | System hardening through configuration management | Configuration | |
| Configure the "Keystore" file permissions to organizational standards. CC ID 09900 | System hardening through configuration management | Configuration | |
| Configure the "Weblogic Server Product Installation" directory permissions to organizational standards. CC ID 09902 | System hardening through configuration management | Configuration | |
| Configure the "Domain Home" directory permissions to organizational standards. CC ID 09903 | System hardening through configuration management | Configuration | |
| Configure the "Middleware Home" directory permissions to organizational standards. CC ID 09907 | System hardening through configuration management | Configuration | |
| Restrict at/cron to authorized users. CC ID 01572 | System hardening through configuration management | Configuration | |
| Configure the system to need authentication for single user mode. CC ID 01577 | System hardening through configuration management | Configuration | |
| Configure the system to block certain system accounts. CC ID 01578 | System hardening through configuration management | Configuration | |
| Verify that there are no accounts with empty password fields. CC ID 01579 | System hardening through configuration management | Configuration | |
| Use standards-based encryption for encryption, hashing, and signing. CC ID 01583 | System hardening through configuration management | Configuration | |
| Configure the "dCOM: Machine access restrictions in Security Descriptor Definition Language (sddl)" setting. CC ID 01726 | System hardening through configuration management | Configuration | |
| Configure the "dCOM: Machine launch restrictions in Security Descriptor Definition Language (sddl)" setting to organizational standards. CC ID 01727 | System hardening through configuration management | Configuration | |
| Configure the root $PATH to not have any "." directories, group directories or world writable directories. CC ID 01587 | System hardening through configuration management | Configuration | |
| Configure user home directories to be mode 750 or more restrictive. CC ID 01588 | System hardening through configuration management | Configuration | |
| Configure user dot-files to not be group or world-writable. CC ID 01589 | System hardening through configuration management | Configuration | |
| Remove .netrc files. CC ID 01590 | System hardening through configuration management | Configuration | |
| Configure default UMASK for users. CC ID 01591 | System hardening through configuration management | Configuration | |
| Configure the default UMASK for FTP users. CC ID 01592 | System hardening through configuration management | Configuration | |
| Configure the "mesg n" as default for all users. CC ID 01593 | System hardening through configuration management | Configuration | |
| Configure the system to restrict access to the root user from the su command. CC ID 01595 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain an account lockout policy. CC ID 01709 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure Restricted groups. CC ID 01928 | System hardening through configuration management | Configuration | |
| Configure the run control scripts permissions. CC ID 02160 | System hardening through configuration management | Configuration | |
| Configure root to be the Traceroute command owner. CC ID 02165 | System hardening through configuration management | Configuration | |
| Coordinate the User ID access restrictions with the site-unique configuration file, the UOSS control file, and the Tape File Configuration Transfer file. CC ID 02192 | System hardening through configuration management | Configuration | |
| Refrain from displaying user information when the system is locked. CC ID 04302 | System hardening through configuration management | Configuration | |
| Configure systems to prevent dial-up passwords from being saved. CC ID 04303 | System hardening through configuration management | Configuration | |
| Configure the "Always prompt client for password upon connection" setting. CC ID 04317 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow passwords to be saved" setting. CC ID 04320 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting. CC ID 04388 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" setting. CC ID 04389 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Behavior of the elevation prompt for standard users" setting. CC ID 04390 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Detect application installations and prompt for elevation" setting. CC ID 04391 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Only elevate executables that are signed and validated" setting. CC ID 04392 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" setting. CC ID 04393 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Run all administrators in Admin Approval Mode" setting. CC ID 04394 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" setting. CC ID 04395 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" setting. CC ID 04396 | System hardening through configuration management | Configuration | |
| Configure the "Enumerate administrator accounts on elevation" setting. CC ID 04403 | System hardening through configuration management | Configuration | |
| Configure the "Required trusted path for credential entry" setting. CC ID 04404 | System hardening through configuration management | Configuration | |
| Require proper authentication prior to accessing NetWare's eGuide. CC ID 04450 | System hardening through configuration management | Configuration | |
| Disable the SAdmin account and SDebug account in NetWare. CC ID 04458 | System hardening through configuration management | Configuration | |
| Configure the system to prevent helper applications from changing client rights. CC ID 04464 | System hardening through configuration management | Configuration | |
| Delete authenticator hint field contents or authenticator hint field files. CC ID 04477 | System hardening through configuration management | Configuration | |
| Configure the "Limit number of simultaneous connections" setting to organizational standards. CC ID 04511 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow local administrators to customize permissions" setting to organizational standards. CC ID 04512 | System hardening through configuration management | Configuration | |
| Configure the default Distributed Component Object Model authorization level to 'connect' or higher. CC ID 04528 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Shares that can be accessed anonymously" setting. CC ID 04533 | System hardening through configuration management | Configuration | |
| Configure domain-connected workstations to not have any local user accounts. CC ID 04535 | System hardening through configuration management | Configuration | |
| Configure printers to only accept print jobs from known print spoolers. CC ID 04812 | System hardening through configuration management | Configuration | |
| Configure print spoolers to accept jobs from authorized users only. CC ID 04813 | System hardening through configuration management | Configuration | |
| Prevent Multi-Function Devices from connecting to networks routing restricted data, unless authorized. CC ID 04815 | System hardening through configuration management | Configuration | |
| Restrict access to remote file shares. CC ID 04817 | System hardening through configuration management | Configuration | |
| Configure Multi-Function Devices to prevent non-printer administrators from altering the global configuration file. CC ID 04818 | System hardening through configuration management | Configuration | |
| Configure the user's .forward file to mode 600. CC ID 04848 | System hardening through configuration management | Configuration | |
| Configure the GID of accounts other than root and locked system accounts properly. CC ID 05448 | System hardening through configuration management | Configuration | |
| Set the smbpasswd executable permissions properly. CC ID 05459 | System hardening through configuration management | Configuration | |
| Grant or reject sudo privileges to the wheel group, as appropriate. CC ID 05539 | System hardening through configuration management | Configuration | |
| Set the /var/log/pamlog log permissions properly. CC ID 05562 | System hardening through configuration management | Configuration | |
| Restrict the audit log permissions. CC ID 05566 | System hardening through configuration management | Configuration | |
| Use the pkgchk utility to force default settings and to verify the ownership, group ownership, and access permissions for installed packages. CC ID 05567 | System hardening through configuration management | Configuration | |
| Configure role-based access control (RBAC) caching elements to organizational standards. CC ID 05568 | System hardening through configuration management | Configuration | |
| Verify all device files are located in an appropriate directory. CC ID 05571 | System hardening through configuration management | Records Management | |
| Configure the read-only option for all NFS exports. CC ID 05572 | System hardening through configuration management | Configuration | |
| Configure access controls through /etc/login.access and access.conf for non-superusers. CC ID 05573 | System hardening through configuration management | Configuration | |
| Enable or disable root login via Secure Shell, as appropriate. CC ID 05574 | System hardening through configuration management | Configuration | |
| Verify the ftpusers file restricts access to certain accounts. CC ID 05575 | System hardening through configuration management | Configuration | |
| Enable or disable SSH host-based authentication, as appropriate. CC ID 05576 | System hardening through configuration management | Configuration | |
| Configure the environmental variable path properly. CC ID 05577 | System hardening through configuration management | Configuration | |
| Configure local initialization files and global initialization files to allow or deny write access to the terminal, as appropriate. CC ID 05578 | System hardening through configuration management | Configuration | |
| Verify user .shosts files exist or not, as appropriate. CC ID 05579 | System hardening through configuration management | Configuration | |
| Set the default umask for the bash shell properly for all users. CC ID 05580 | System hardening through configuration management | Configuration | |
| Set the default umask for the csh shell properly for all users. CC ID 05581 | System hardening through configuration management | Configuration | |
| Configure the system umask properly. CC ID 05582 | System hardening through configuration management | Configuration | |
| Verify console device ownership is restricted to root-only, as appropriate. CC ID 05583 | System hardening through configuration management | Configuration | |
| Configure the "Access credential Manager as a trusted caller" User Right properly. CC ID 05584 | System hardening through configuration management | Configuration | |
| Restrict the right of modifying an Object label. CC ID 05585 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Allow UIAccess applications to prompt for elevation" setting. CC ID 05586 | System hardening through configuration management | Configuration | |
| Configure the "Do Not Allow New Client Connections" policy for Terminal Services properly. CC ID 05587 | System hardening through configuration management | Configuration | |
| Configure the "Remote Control Settings" policy for Terminal Services properly. CC ID 05588 | System hardening through configuration management | Configuration | |
| Configure the Cron directory permissions to organizational standards. CC ID 05997 | System hardening through configuration management | Configuration | |
| Configure the cron.allow file with the user group permitted to use the cron facility, as appropriate. CC ID 06002 | System hardening through configuration management | Configuration | |
| Configure the cron.deny file with the user set permitted to use the cron facility, as appropriate. CC ID 06003 | System hardening through configuration management | Configuration | |
| Configure the Cron directories to be owned by an appropriate user and group. CC ID 06004 | System hardening through configuration management | Configuration | |
| Configure the at.deny file with the user set permitted to use the at facility, as appropriate. CC ID 06006 | System hardening through configuration management | Configuration | |
| Configure the /etc/cron.monthly file to be owned by an appropriate user or group. CC ID 06007 | System hardening through configuration management | Configuration | |
| Configure /etc/cron.hourly to be owned by an appropriate user or group. CC ID 06011 | System hardening through configuration management | Configuration | |
| Configure /etc/cron.daily to be owned by an appropriate user or group. CC ID 06012 | System hardening through configuration management | Configuration | |
| Configure the home directory for the root user, as appropriate. CC ID 06017 | System hardening through configuration management | Configuration | |
| Configure the home directory for each user account, as appropriate. CC ID 06018 | System hardening through configuration management | Configuration | |
| Configure the home directory permissions for the Superuser account, as appropriate. CC ID 06020 | System hardening through configuration management | Configuration | |
| Configure each user home directory to be owned by an appropriate user or group. CC ID 06021 | System hardening through configuration management | Configuration | |
| Configure the world-write permissions for all files, as appropriate. CC ID 06026 | System hardening through configuration management | Configuration | |
| Configure and assign the correct service permissions for the SNMP Service. CC ID 06041 | System hardening through configuration management | Configuration | |
| Configure the service permissions for NetMeeting, as appropriate. CC ID 06045 | System hardening through configuration management | Configuration | |
| Configure the "Allow log on through Remote Desktop Services" User Right properly. CC ID 06062 | System hardening through configuration management | Configuration | |
| Configure the "Deny log on through Remote Desktop Services" User Right properly. CC ID 06063 | System hardening through configuration management | Configuration | |
| Remove all members found in the Windows OS Power Users Group. CC ID 06573 | System hardening through configuration management | Configuration | |
| Configure the "sudo" to organizational standards. CC ID 15325 | System hardening through configuration management | Configuration | |
| Require users to use the 'sudo' command when accessing the root account. CC ID 06736 | System hardening through configuration management | Configuration | |
| Configure the "log all su (switch user) activity" setting to organizational standards. CC ID 08965 | System hardening through configuration management | Configuration | |
| Configure the "status" of the "apache" account to organizational standards. CC ID 09018 | System hardening through configuration management | Configuration | |
| Configure the "apache" account group membership to organizational standards. CC ID 09033 | System hardening through configuration management | Configuration | |
| Configure the "CustomLog" files permissions to organizational standards. CC ID 09051 | System hardening through configuration management | Configuration | |
| Configure the "ErrorLog" files permissions to organizational standards. CC ID 09052 | System hardening through configuration management | Configuration | |
| Configure the "default webpage" for "all readable apache web document directories" to organizational standards. CC ID 09071 | System hardening through configuration management | Configuration | |
| Configure the "ScriptAlias" directories permissions to organizational standards. CC ID 09078 | System hardening through configuration management | Configuration | |
| Configure the "ScriptAliasMatch" directories permissions to organizational standards. CC ID 09081 | System hardening through configuration management | Configuration | |
| Configure the "DocumentRoot" directories permissions to organizational standards. CC ID 09084 | System hardening through configuration management | Configuration | |
| Configure the "Alias" directories permissions to organizational standards. CC ID 09087 | System hardening through configuration management | Configuration | |
| Configure the "ServerRoot" directories permissions to organizational standards. CC ID 09090 | System hardening through configuration management | Configuration | |
| Configure the "Enable Logging" setting for the "master home directory" to organizational standards. CC ID 09156 | System hardening through configuration management | Configuration | |
| Configure the "Read" permission for the "master home directory" to organizational standards. CC ID 09157 | System hardening through configuration management | Configuration | |
| Configure the "Write" permission for the "master home directory" to organizational standards. CC ID 09158 | System hardening through configuration management | Configuration | |
| Configure the "Script Source Access" permission for the "master home directory" to organizational standards. CC ID 09159 | System hardening through configuration management | Configuration | |
| Configure the "Directory Browsing" permission for the "master home directory" to organizational standards. CC ID 09160 | System hardening through configuration management | Configuration | |
| Configure the "Log Visits" permission for the "master home directory" to organizational standards. CC ID 09161 | System hardening through configuration management | Configuration | |
| Configure the "Index this resource" permission for the "master home directory" to organizational standards. CC ID 09162 | System hardening through configuration management | Configuration | |
| Configure the "Execute Permissions" permission for the "master home directory" to organizational standards. CC ID 09163 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous Access" permission for the "master home directory" to organizational standards. CC ID 09164 | System hardening through configuration management | Configuration | |
| Configure the "Basic Authentication" setting for the "master home directory" to organizational standards. CC ID 09165 | System hardening through configuration management | Configuration | |
| Configure the "Integrated Windows Authentication" setting for the "master home directory" to organizational standards. CC ID 09166 | System hardening through configuration management | Configuration | |
| Configure the "Read" permission" for the "website home directory" to organizational standards. CC ID 09168 | System hardening through configuration management | Configuration | |
| Configure the "Write" privilege for the "website home directory" to organizational standards. CC ID 09169 | System hardening through configuration management | Configuration | |
| Configure the "Script Source Access" permission for the "website home directory" to organizational standards. CC ID 09170 | System hardening through configuration management | Configuration | |
| Configure the "Directory Browsing" permission for the "website home directory" to organizational standards. CC ID 09171 | System hardening through configuration management | Configuration | |
| Configure the "Log Visits" permission for the "website home directory" to organizational standards. CC ID 09172 | System hardening through configuration management | Configuration | |
| Configure the "Index this resource" permission for the "website home directory" to organizational standards. CC ID 09173 | System hardening through configuration management | Configuration | |
| Configure the "Execute Permissions" permission to organizational standards. CC ID 09174 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous Access" permission for the "website home directory" to organizational standards. CC ID 09175 | System hardening through configuration management | Configuration | |
| Configure the "file auditing" setting for the "\%SystemRoot%System32Inetsrv" directory to organizational standards. CC ID 09198 | System hardening through configuration management | Configuration | |
| Configure the "membership" of the "IUSR" account to organizational standards. CC ID 09213 | System hardening through configuration management | Configuration | |
| Configure the "IUSR" account to organizational standards. CC ID 09214 | System hardening through configuration management | Configuration | |
| Configure the "file auditing" setting for the "Inetpub" directory to organizational standards. CC ID 09225 | System hardening through configuration management | Configuration | |
| Configure the "file auditing" setting for the "Web Root" directory to organizational standards. CC ID 09226 | System hardening through configuration management | Configuration | |
| Configure the "file auditing" setting for the "Metaback" directory to organizational standards. CC ID 09227 | System hardening through configuration management | Configuration | |
| Configure the "IWAM" account to organizational standards. CC ID 09228 | System hardening through configuration management | Configuration | |
| Configure the "Application object owner" accounts to organizational standards. CC ID 09257 | System hardening through configuration management | Configuration | |
| Configure the "system tables" permissions to organizational standards. CC ID 09260 | System hardening through configuration management | Configuration | |
| Configure the "DDL" permissions to organizational standards. CC ID 09261 | System hardening through configuration management | Configuration | |
| Configure the "WITH GRANT OPTION" permissions to organizational standards. CC ID 09262 | System hardening through configuration management | Configuration | |
| Configure the "Object" permissions for the "PUBLIC or GUEST" account to organizational standards. CC ID 09263 | System hardening through configuration management | Configuration | |
| Configure the "restore database data or other DBMS configurations, features or objects" permissions to organizational standards. CC ID 09267 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server Database Service" account to organizational standards. CC ID 09273 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server Agent" account to organizational standards. CC ID 09274 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server registry keys and sub-keys" permissions to organizational standards. CC ID 09276 | System hardening through configuration management | Configuration | |
| Configure the "built-in sa" account to organizational standards. CC ID 09298 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "ErrorDumpDir" directory to organizational standards. CC ID 09299 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "DefaultLog " file to organizational standards. CC ID 09300 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "ErrorLog" File to organizational standards. CC ID 09301 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "SQLPath " directory to organizational standards. CC ID 09302 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the " BackupDirectory " directory to organizational standards. CC ID 09303 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "FullTextDefaultPath " directory to organizational standards. CC ID 09304 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "WorkingDirectory " directory to organizational standards. CC ID 09305 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "SQLBinRoot " directory to organizational standards. CC ID 09306 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "SQLDataRoot " directory to organizational standards. CC ID 09307 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "SQLProgramDir " directory to organizational standards. CC ID 09308 | System hardening through configuration management | Configuration | |
| Configure the "audit access" setting for the "DataDir " directory to organizational standards. CC ID 09309 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services" account to organizational standards. CC ID 09318 | System hardening through configuration management | Configuration | |
| Configure the "Integration Services" account to organizational standards. CC ID 09319 | System hardening through configuration management | Configuration | |
| Configure the "Reporting Services" account to organizational standards. CC ID 09320 | System hardening through configuration management | Configuration | |
| Configure the "Notification Services" account to organizational standards. CC ID 09321 | System hardening through configuration management | Configuration | |
| Configure the "Full Text Search" account to organizational standards. CC ID 09322 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server Browser" account to organizational standards. CC ID 09323 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server Active Directory Helper" account to organizational standards. CC ID 09324 | System hardening through configuration management | Configuration | |
| Configure the "SQL Writer" account to organizational standards. CC ID 09325 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server MSSearch" registry key permissions to organizational standards. CC ID 09327 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server Agent" registry key permissions to organizational standards. CC ID 09328 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server RS" registry key permissions to organizational standards. CC ID 09330 | System hardening through configuration management | Configuration | |
| Configure the "Reporting Services Windows Integrated Security" accounts to organizational standards. CC ID 09347 | System hardening through configuration management | Configuration | |
| Configure the "permissions" of the "SQL Server Agent proxy" accounts to organizational standards. CC ID 09352 | System hardening through configuration management | Configuration | |
| Configure the "default webpage" for "all readable Tomcat Apache web document" directories to organizational standards. CC ID 09729 | System hardening through configuration management | Configuration | |
| Configure the "account" setting for "Tomcat" to organizational standards. CC ID 09792 | System hardening through configuration management | Configuration | |
| Configure the "specified codebase" permissions to organizational standards. CC ID 09796 | System hardening through configuration management | Configuration | |
| Configure the "property read permission" for the "Tomcat web application JVM" to organizational standards. CC ID 09813 | System hardening through configuration management | Configuration | |
| Configure the "property write permission" for the "Tomcat web application JVM" to organizational standards. CC ID 09814 | System hardening through configuration management | Configuration | |
| Configure the "status of the "Tomcat" account to organizational standards. CC ID 09815 | System hardening through configuration management | Configuration | |
| Configure the "user account" for "Oracle WebLogic Server" to organizational standards. CC ID 09823 | System hardening through configuration management | Configuration | |
| Configure the "Keystores" permission in "directories" to organizational standards. CC ID 09901 | System hardening through configuration management | Configuration | |
| Implement a reference monitor to implement the Access Control policies. CC ID 10096 | System hardening through configuration management | Configuration | |
| Configure the "Add Printer wizard - Network scan page (Managed network)" setting to organizational standards. CC ID 10692 | System hardening through configuration management | Configuration | |
| Configure the "Add Printer wizard - Network scan page (Unmanaged network)" setting to organizational standards. CC ID 10693 | System hardening through configuration management | Configuration | |
| Configure the "All Removable Storage classes: Deny all access" setting to organizational standards. CC ID 10696 | System hardening through configuration management | Configuration | |
| Configure the "All Removable Storage: Allow direct access in remote sessions" setting to organizational standards. CC ID 10697 | System hardening through configuration management | Configuration | |
| Configure the "Allowrdp files from unknown publishers" setting to organizational standards. CC ID 10698 | System hardening through configuration management | Configuration | |
| Configure the "Allowrdp files from valid publishers and user's defaultrdp settings" setting to organizational standards. CC ID 10699 | System hardening through configuration management | Configuration | |
| Configure the "Allow admin to install from Remote Desktop Services session" setting to organizational standards. CC ID 10700 | System hardening through configuration management | Configuration | |
| Configure the "Allow administrators to override Device Installation Restriction policies" setting to organizational standards. CC ID 10701 | System hardening through configuration management | Configuration | |
| Configure the "Allow Applications to Prevent Automatic Sleep (On Battery)" setting to organizational standards. CC ID 10702 | System hardening through configuration management | Configuration | |
| Configure the "Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services" setting to organizational standards. CC ID 10704 | System hardening through configuration management | Configuration | |
| Configure the "Allow audio and video playback redirection" setting to organizational standards. CC ID 10705 | System hardening through configuration management | Configuration | |
| Configure the "Allow audio recording redirection" setting to organizational standards. CC ID 10706 | System hardening through configuration management | Configuration | |
| Configure the "Allow automatic configuration of listeners" setting to organizational standards. CC ID 10707 | System hardening through configuration management | Configuration | |
| Configure the "Allow Automatic Sleep with Open Network Files (On Battery)" setting to organizational standards. CC ID 10708 | System hardening through configuration management | Configuration | |
| Configure the "Allow Automatic Updates immediate installation" setting to organizational standards. CC ID 10710 | System hardening through configuration management | Configuration | |
| Configure the "Allow BITS Peercaching" setting to organizational standards. CC ID 10711 | System hardening through configuration management | Configuration | |
| Configure the "Allow certificates with no extended key usage certificate attribute" setting to organizational standards. CC ID 10712 | System hardening through configuration management | Configuration | |
| Configure the "Allow Corporate redirection of Customer Experience Improvement uploads" setting to organizational standards. CC ID 10713 | System hardening through configuration management | Configuration | |
| Configure the "Allow CredSSP authentication" setting for the "WinRM client" to organizational standards. CC ID 10714 | System hardening through configuration management | Configuration | |
| Configure the "Allow Cross-Forest User Policy and Roaming User Profiles" setting to organizational standards. CC ID 10716 | System hardening through configuration management | Configuration | |
| Configure the "Allow cryptography algorithms compatible with Windows NT 4.0" setting to organizational standards. CC ID 10717 | System hardening through configuration management | Configuration | |
| Configure the "Allow Delegating Default Credentials" setting to organizational standards. CC ID 10718 | System hardening through configuration management | Configuration | |
| Configure the "Allow Delegating Default Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10719 | System hardening through configuration management | Configuration | |
| Configure the "Allow Delegating Fresh Credentials" setting to organizational standards. CC ID 10720 | System hardening through configuration management | Configuration | |
| Configure the "Allow Delegating Fresh Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10721 | System hardening through configuration management | Configuration | |
| Configure the "Allow Delegating Saved Credentials" setting to organizational standards. CC ID 10722 | System hardening through configuration management | Configuration | |
| Configure the "Allow Delegating Saved Credentials with NTLM-only Server Authentication" setting to organizational standards. CC ID 10723 | System hardening through configuration management | Configuration | |
| Configure the "Allow desktop composition for remote desktop sessions" setting to organizational standards. CC ID 10724 | System hardening through configuration management | Configuration | |
| Configure the "Allow DNS Suffix Appending to Unqualified Multi-Label Name Queries" setting to organizational standards. CC ID 10725 | System hardening through configuration management | Configuration | |
| Configure the "Allow domain users to log on using biometrics" setting to organizational standards. CC ID 10726 | System hardening through configuration management | Configuration | |
| Configure the "Allow ECC certificates to be used for logon and authentication" setting to organizational standards. CC ID 10727 | System hardening through configuration management | Configuration | |
| Configure the "Allow Enhanced Storage certificate provisioning" setting to organizational standards. CC ID 10728 | System hardening through configuration management | Configuration | |
| Configure the "Allow installation of devices that match any of these device IDs" setting to organizational standards. CC ID 10729 | System hardening through configuration management | Configuration | |
| Configure the "Allow installation of devices using drivers that match these device setup classes" setting to organizational standards. CC ID 10730 | System hardening through configuration management | Configuration | |
| Configure the "Allow Integrated Unblock screen to be displayed at the time of logon" setting to organizational standards. CC ID 10731 | System hardening through configuration management | Configuration | |
| Configure the "Allow local activation security check exemptions" setting to organizational standards. CC ID 10732 | System hardening through configuration management | Configuration | |
| Configure the "Allow logon scripts when NetBIOS or WINS is disabled" setting to organizational standards. CC ID 10733 | System hardening through configuration management | Configuration | |
| Configure the "Allow non-administrators to install drivers for these device setup classes" setting to organizational standards. CC ID 10734 | System hardening through configuration management | Configuration | |
| Configure the "Allow non-administrators to receive update notifications" setting to organizational standards. CC ID 10735 | System hardening through configuration management | Configuration | |
| Configure the "Allow only system backup" setting to organizational standards. CC ID 10736 | System hardening through configuration management | Configuration | |
| Configure the "Allow only USB root hub connected Enhanced Storage devices" setting to organizational standards. CC ID 10737 | System hardening through configuration management | Configuration | |
| Configure the "Allow or Disallow use of the Offline Files feature" setting to organizational standards. CC ID 10738 | System hardening through configuration management | Configuration | |
| Configure the "Allow Print Spooler to accept client connections" setting to organizational standards. CC ID 10739 | System hardening through configuration management | Configuration | |
| Configure the "Allow printers to be published" setting to organizational standards. CC ID 10740 | System hardening through configuration management | Configuration | |
| Configure the "Allow pruning of published printers" setting to organizational standards. CC ID 10741 | System hardening through configuration management | Configuration | |
| Configure the "Allow remote start of unlisted programs" setting to organizational standards. CC ID 10743 | System hardening through configuration management | Configuration | |
| Configure the "Allow restore of system to default state" setting to organizational standards. CC ID 10744 | System hardening through configuration management | Configuration | |
| Configure the "Allow signature keys valid for Logon" setting to organizational standards. CC ID 10745 | System hardening through configuration management | Configuration | |
| Configure the "Allow signed updates from an intranet Microsoft update service location" setting to organizational standards. CC ID 10746 | System hardening through configuration management | Configuration | |
| Configure the "Allow the Network Access Protection client to support the 802.1x Enforcement Client component" setting to organizational standards. CC ID 10747 | System hardening through configuration management | Configuration | |
| Configure the "Allow time invalid certificates" setting to organizational standards. CC ID 10748 | System hardening through configuration management | Configuration | |
| Configure the "Allow time zone redirection" setting to organizational standards. CC ID 10749 | System hardening through configuration management | Configuration | |
| Configure the "Allow user name hint" setting to organizational standards. CC ID 10750 | System hardening through configuration management | Configuration | |
| Configure the "Allow users to log on using biometrics" setting to organizational standards. CC ID 10751 | System hardening through configuration management | Configuration | |
| Configure the "Always render print jobs on the server" setting to organizational standards. CC ID 10752 | System hardening through configuration management | Configuration | |
| Configure the "Always use classic logon" setting to organizational standards. CC ID 10754 | System hardening through configuration management | Configuration | |
| Configure the "Always use custom logon background" setting to organizational standards. CC ID 10755 | System hardening through configuration management | Configuration | |
| Configure the "Apply the default user logon picture to all users" setting to organizational standards. CC ID 10757 | System hardening through configuration management | Configuration | |
| Configure the "Assign a default domain for logon" setting to organizational standards. CC ID 10758 | System hardening through configuration management | Configuration | |
| Configure the "CD and DVD: Deny execute access" setting to organizational standards. CC ID 10767 | System hardening through configuration management | Configuration | |
| Configure the "CD and DVD: Deny read access" setting to organizational standards. CC ID 10768 | System hardening through configuration management | Configuration | |
| Configure the "CD and DVD: Deny write access" setting to organizational standards. CC ID 10769 | System hardening through configuration management | Configuration | |
| Configure the "Printers preference logging and tracing" setting to organizational standards. CC ID 10799 | System hardening through configuration management | Configuration | |
| Configure the "Contact PDC on logon failure" setting to organizational standards. CC ID 10825 | System hardening through configuration management | Configuration | |
| Configure the "Custom Classes: Deny read access" setting to organizational standards. CC ID 10835 | System hardening through configuration management | Configuration | |
| Configure the "Custom Classes: Deny write access" setting to organizational standards. CC ID 10836 | System hardening through configuration management | Configuration | |
| Configure the "Deny Delegating Default Credentials" setting to organizational standards. CC ID 10848 | System hardening through configuration management | Configuration | |
| Configure the "Deny Delegating Fresh Credentials" setting to organizational standards. CC ID 10849 | System hardening through configuration management | Configuration | |
| Configure the "Deny Delegating Saved Credentials" setting to organizational standards. CC ID 10850 | System hardening through configuration management | Configuration | |
| Configure the "Disallow changing of geographic location" setting to organizational standards. CC ID 10870 | System hardening through configuration management | Configuration | |
| Configure the "Disallow Interactive Users from generating Resultant Set of Policy data" setting to organizational standards. CC ID 10871 | System hardening through configuration management | Configuration | |
| Configure the "Disallow Kerberos authentication" setting for the "WinRM client" to organizational standards. CC ID 10872 | System hardening through configuration management | Configuration | |
| Configure the "Disallow locally attached storage as backup target" setting to organizational standards. CC ID 10874 | System hardening through configuration management | Configuration | |
| Configure the "Disallow Negotiate authentication" setting for the "WinRM client" to organizational standards. CC ID 10875 | System hardening through configuration management | Configuration | |
| Configure the "Disallow network as backup target" setting to organizational standards. CC ID 10877 | System hardening through configuration management | Configuration | |
| Configure the "Disallow optical media as backup target" setting to organizational standards. CC ID 10878 | System hardening through configuration management | Configuration | |
| Configure the "Disallow run-once backups" setting to organizational standards. CC ID 10879 | System hardening through configuration management | Configuration | |
| Configure the "Disallow selection of Custom Locales" setting to organizational standards. CC ID 10880 | System hardening through configuration management | Configuration | |
| Configure the "Disallow user override of locale settings" setting to organizational standards. CC ID 10881 | System hardening through configuration management | Configuration | |
| Configure the "Display information about previous logons during user logon" setting to organizational standards. CC ID 10887 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow adding new targets via manual configuration" setting to organizational standards. CC ID 10891 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow additional session logins" setting to organizational standards. CC ID 10892 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow changes to initiator CHAP secret" setting to organizational standards. CC ID 10893 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow changes to initiator iqn name" setting to organizational standards. CC ID 10894 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow client printer redirection" setting to organizational standards. CC ID 10895 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow clipboard redirection" setting to organizational standards. CC ID 10896 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow color changes" setting to organizational standards. CC ID 10897 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow COM port redirection" setting to organizational standards. CC ID 10898 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow compression on all NTFS volumes" setting to organizational standards. CC ID 10899 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow connections without IPSec" setting to organizational standards. CC ID 10900 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow desktop composition" setting to organizational standards. CC ID 10901 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow encryption on all NTFS volumes" setting to organizational standards. CC ID 10902 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Flip3D invocation" setting to organizational standards. CC ID 10903 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow font smoothing" setting to organizational standards. CC ID 10904 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow LPT port redirection" setting to organizational standards. CC ID 10905 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow manual configuration of discovered targets" setting to organizational standards. CC ID 10906 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow manual configuration of iSNS servers" setting to organizational standards. CC ID 10907 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow manual configuration of target portals" setting to organizational standards. CC ID 10908 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow non-Enhanced Storage removable devices" setting to organizational standards. CC ID 10909 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow password authentication of Enhanced Storage devices" setting to organizational standards. CC ID 10910 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow sessions without mutual CHAP" setting to organizational standards. CC ID 10912 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow sessions without one way CHAP" setting to organizational standards. CC ID 10913 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow smart card device redirection" setting to organizational standards. CC ID 10914 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Snipping Tool to run" setting to organizational standards. CC ID 10915 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Sound Recorder to run" setting to organizational standards. CC ID 10916 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow the BITS client to use Windows Branch Cache" setting to organizational standards. CC ID 10918 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow the computer to act as a BITS Peercaching client" setting to organizational standards. CC ID 10919 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow the computer to act as a BITS Peercaching server" setting to organizational standards. CC ID 10920 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow window animations" setting to organizational standards. CC ID 10921 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Windows Media Center to run" setting to organizational standards. CC ID 10923 | System hardening through configuration management | Configuration | |
| Configure the "Do not display Initial Configuration Tasks window automatically at logon" setting to organizational standards. CC ID 10927 | System hardening through configuration management | Configuration | |
| Configure the "Do not display Manage Your Server page at logon" setting to organizational standards. CC ID 10928 | System hardening through configuration management | Configuration | |
| Configure the "Do not display Server Manager automatically at logon" setting to organizational standards. CC ID 10929 | System hardening through configuration management | Configuration | |
| Configure the "Do not set default client printer to be default printer in a session" setting to organizational standards. CC ID 10935 | System hardening through configuration management | Configuration | |
| Configure the "Execute print drivers in isolated processes" setting to organizational standards. CC ID 10964 | System hardening through configuration management | Configuration | |
| Configure the "Expected dial-up delay on logon" setting to organizational standards. CC ID 10965 | System hardening through configuration management | Configuration | |
| Configure the "Extend Point and Print connection to search Windows Update" setting to organizational standards. CC ID 10966 | System hardening through configuration management | Configuration | |
| Configure the "Filter duplicate logon certificates" setting to organizational standards. CC ID 10967 | System hardening through configuration management | Configuration | |
| Configure the "Floppy Drives: Deny execute access" setting to organizational standards. CC ID 10969 | System hardening through configuration management | Configuration | |
| Configure the "Floppy Drives: Deny read access" setting to organizational standards. CC ID 10970 | System hardening through configuration management | Configuration | |
| Configure the "Floppy Drives: Deny write access" setting to organizational standards. CC ID 10971 | System hardening through configuration management | Configuration | |
| Configure the "Limit the maximum number of files allowed in a BITS job" setting to organizational standards. CC ID 11020 | System hardening through configuration management | Configuration | |
| Configure the "Netlogon share compatibility" setting to organizational standards. CC ID 11048 | System hardening through configuration management | Configuration | |
| Configure the "Only allow local user profiles" setting to organizational standards. CC ID 11056 | System hardening through configuration management | Configuration | |
| Configure the "Only use Package Point and print" setting to organizational standards. CC ID 11057 | System hardening through configuration management | Configuration | |
| Configure the "Override print driver execution compatibility setting reported by print driver" setting to organizational standards. CC ID 11059 | System hardening through configuration management | Configuration | |
| Configure the "Package Point and print - Approved servers" setting to organizational standards. CC ID 11061 | System hardening through configuration management | Configuration | |
| Configure the "Pre-populate printer search location text" setting to organizational standards. CC ID 11065 | System hardening through configuration management | Configuration | |
| Configure the "Printer browsing" setting to organizational standards. CC ID 11097 | System hardening through configuration management | Configuration | |
| Configure the "Provide information about previous logons to client computers" setting to organizational standards. CC ID 11111 | System hardening through configuration management | Configuration | |
| Configure the "Prune printers that are not automatically republished" setting to organizational standards. CC ID 11112 | System hardening through configuration management | Configuration | |
| Configure the "Redirect only the default client printer" setting to organizational standards. CC ID 11116 | System hardening through configuration management | Configuration | |
| Configure the "Removable Disks: Deny execute access" setting to organizational standards. CC ID 11123 | System hardening through configuration management | Configuration | |
| Configure the "Removable Disks: Deny read access" setting to organizational standards. CC ID 11124 | System hardening through configuration management | Configuration | |
| Configure the "Removable Disks: Deny write access" setting to organizational standards. CC ID 11125 | System hardening through configuration management | Configuration | |
| Configure the "Run logon scripts synchronously" setting to organizational standards. CC ID 11151 | System hardening through configuration management | Configuration | |
| Configure the "Run these programs at user logon" setting to organizational standards. CC ID 11155 | System hardening through configuration management | Configuration | |
| Configure the "Selectively allow the evaluation of a symbolic link" setting to organizational standards. CC ID 11169 | System hardening through configuration management | Configuration | |
| Configure the "Specify SHA1 thumbprints of certificates representing trustedrdp publishers" setting to organizational standards. CC ID 11215 | System hardening through configuration management | Configuration | |
| Configure the "Tape Drives: Deny execute access" setting to organizational standards. CC ID 11233 | System hardening through configuration management | Configuration | |
| Configure the "Tape Drives: Deny read access" setting to organizational standards. CC ID 11234 | System hardening through configuration management | Configuration | |
| Configure the "Tape Drives: Deny write access" setting to organizational standards. CC ID 11235 | System hardening through configuration management | Configuration | |
| Configure the "Timeout for hung logon sessions during shutdown" setting to organizational standards. CC ID 11245 | System hardening through configuration management | Configuration | |
| Configure the "Troubleshooting: Allow users to access and run Troubleshooting Wizards" setting to organizational standards. CC ID 11247 | System hardening through configuration management | Configuration | |
| Configure the "Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)" setting to organizational standards. CC ID 11248 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the "Order Prints" picture task" setting to organizational standards. CC ID 11314 | System hardening through configuration management | Configuration | |
| Configure the "Use Remote Desktop Easy Print printer driver first" setting to organizational standards. CC ID 11365 | System hardening through configuration management | Configuration | |
| Establish and maintain specific directory installation rules and domain controller installation rules. CC ID 01734 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Domain controller: Allow server operators to schedule tasks" setting. CC ID 01735 | System hardening through configuration management | Configuration | |
| Configure the "domain member: require strong (Windows 2000 or later) session key" setting. CC ID 01738 | System hardening through configuration management | Configuration | |
| Configure the "Enforce user logon restrictions" setting. CC ID 04500 | System hardening through configuration management | Configuration | |
| Configure the "Maximum lifetime for service ticket" setting. CC ID 04501 | System hardening through configuration management | Configuration | |
| Configure the "Maximum lifetime for user ticket" setting. CC ID 04502 | System hardening through configuration management | Configuration | |
| Configure the "Maximum lifetime for user ticket renewal" setting. CC ID 04503 | System hardening through configuration management | Configuration | |
| Configure the "Maximum tolerance for computer clock synchronization" setting. CC ID 04504 | System hardening through configuration management | Configuration | |
| Verify the Trusted Computing Base is installed, as appropriate. CC ID 05589 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain appropriate shutdown procedures. CC ID 01778 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Shutdown: Allow system to be shut down without having to log on" setting. CC ID 01779 | System hardening through configuration management | Configuration | |
| Configure the "Shutdown: Clear virtual memory pagefile" setting. CC ID 01780 | System hardening through configuration management | Configuration | |
| Configure Multi-Function Devices to clear their hard drives in between jobs. CC ID 04816 | System hardening through configuration management | Configuration | |
| Configure shared volumes to use the appropriate file system for the network protocols being operated (NT File System in Windows OS or Netware SS), and configure the security parameters. CC ID 01927 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\at.exe. CC ID 01929 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\attrib.exe. CC ID 01930 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\cacls.exe. CC ID 01931 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\debug.exe. CC ID 01932 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\drwatson.exe. CC ID 01933 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\drwtsn32.exe. CC ID 01934 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\edlin.exe. CC ID 01935 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\eventcreate.exe. CC ID 01936 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\eventtriggers.exe. CC ID 01937 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\ftp.exe. CC ID 01938 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\net.exe. CC ID 01939 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\net1.exe. CC ID 01940 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\netsh.exe. CC ID 01941 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\rcp.exe. CC ID 01942 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\reg.exe. CC ID 01943 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\regedit.exe. CC ID 01944 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\regedt32.exe. CC ID 01945 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\regsvr32.exe. CC ID 01946 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\rexec.exe. CC ID 01947 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\rsh.exe. CC ID 01948 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\runas.exe. CC ID 01949 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\sc.exe. CC ID 01950 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\subst.exe. CC ID 01951 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\telnet.exe. CC ID 01952 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\tftp.exe. CC ID 01953 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\tlntsvr.exe. CC ID 01954 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\. CC ID 01968 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\autoexec.bat. CC ID 01969 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\boot.ini. CC ID 01970 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\config.sys. CC ID 01971 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\io.sys. CC ID 01972 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\msdos.sys. CC ID 01973 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\ntbootdd.sys. CC ID 01974 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\ntdetect.com. CC ID 01975 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\ntldr. CC ID 01976 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Documents and Settings. CC ID 01977 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\Administrator. CC ID 01978 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users. CC ID 01979 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson. CC ID 01980 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Documents and Setting\Default User. CC ID 01981 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\System Volume Information. CC ID 01982 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Temp. CC ID 01983 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %ProgramFiles%. CC ID 01984 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Program Files\Resource Kit. CC ID 01985 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%. CC ID 01986 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\$NTServicePackUninstall$. CC ID 01987 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\CSC. CC ID 01988 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Debug. CC ID 01989 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Debug\UserMode. CC ID 01990 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Offline Web Pages. CC ID 01991 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Registration. CC ID 01992 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Repair. CC ID 01993 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\security. CC ID 01994 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32. CC ID 01995 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\Ntbackup.exe. CC ID 01996 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\secedit.exe. CC ID 01997 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\appmgmt. CC ID 01998 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\config. CC ID 01999 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\dllcache. CC ID 02000 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\DTCLog. CC ID 02001 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\GroupPolicy. CC ID 02002 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\ias. CC ID 02003 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\NTMSData. CC ID 02004 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\reinstallbackups. CC ID 02005 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\Setup. CC ID 02006 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\spool\printers. CC ID 02007 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Tasks. CC ID 02008 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Temp. CC ID 02009 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Program Files\Resource Pro Kit. CC ID 04301 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\arp.exe. CC ID 04304 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\nbstat.exe. CC ID 04305 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\netstat.exe. CC ID 04306 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\nslookup.exe. CC ID 04307 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\regini.exe. CC ID 04308 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\route.exe. CC ID 04310 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\systeminfo.exe. CC ID 04311 | System hardening through configuration management | Configuration | |
| Disable DOSFAT.NSS. CC ID 04462 | System hardening through configuration management | Configuration | |
| Enable user directory data encryption. CC ID 04467 | System hardening through configuration management | Configuration | |
| Verify iPrint/NDPS are not on the system volume (sys). CC ID 04468 | System hardening through configuration management | Technical Security | |
| Purge files immediately after deletion. CC ID 04469 | System hardening through configuration management | Technical Security | |
| Remove the SYS:Mail directory. CC ID 04470 | System hardening through configuration management | Configuration | |
| Configure the largest folder size (storage capacity) restrictions for user directories. CC ID 04471 | System hardening through configuration management | Configuration | |
| Verify only necessary system files are located on the server's system volume (sys) or boot volume. CC ID 04472 | System hardening through configuration management | Testing | |
| Configure the file permissions for %SystemRoot%\System32\Config\AppEvent.evt. CC ID 04506 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\Config\SecEvent.evt. CC ID 04507 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\Config\SysEvent.evt. CC ID 04508 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDirectory%. CC ID 04532 | System hardening through configuration management | Configuration | |
| Configure the file permissions appropriately for all shell executables. CC ID 05619 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the remote copy (rcp) binary properly. CC ID 05620 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the remote login (rlogin) binary properly. CC ID 05621 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the rlogind binary properly. CC ID 05622 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the remote shell (rsh) binary properly. CC ID 05623 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the rshd binary properly. CC ID 05624 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the tftp binary properly. CC ID 05625 | System hardening through configuration management | Configuration | |
| Configure the file permissions for the tftpd binary properly. CC ID 05626 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemDrive%\Documents and Settings\All Users\Documents\DrWatson\drwts32.log properly. CC ID 05627 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemDrive%\My Download Files properly. CC ID 05628 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\Driver Cache\I386\Driver.cab properly. CC ID 05629 | System hardening through configuration management | Configuration | |
| Configure the permissions for the %SystemRoot%\$NtUninstall* directories properly. CC ID 05630 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemDrive%\NTDS properly. CC ID 05631 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\SYSVOL properly. CC ID 05632 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\SYSVOL\domain\Policies properly. CC ID 05633 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\repl properly. CC ID 05634 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\repl\export properly. CC ID 05635 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\repl\import properly. CC ID 05636 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %ALL% properly. CC ID 05637 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %ALL%\Program Files\MQSeries properly. CC ID 05638 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %ALL%\Program Files\MQSeries\qmggr properly. CC ID 05639 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ACL properly. CC ID 05640 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemDrive%\WINNT\SECURITY\Database\SECEDIT.SDB ACL properly. CC ID 05641 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemDrive%\perflogs properly. CC ID 05642 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemDrive%\i386 properly. CC ID 05643 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %ProgramFiles%\Common Files\SpeechEngines\TTS properly. CC ID 05644 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\_default.plf properly. CC ID 05645 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\addins properly. CC ID 05646 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\appPatch properly. CC ID 05647 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\clock.avi properly. CC ID 05648 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\Connection Wizard properly. CC ID 05649 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Driver Cache properly. CC ID 05650 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\explorer.scf properly. CC ID 05651 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\explorer.exe properly. CC ID 05652 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\Help properly. CC ID 05653 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\inf\unregmp2.exe properly. CC ID 05654 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\Java properly. CC ID 05655 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\mib.bin properly. CC ID 05656 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\msagent properly. CC ID 05657 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\msdfmap.ini properly. CC ID 05658 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\mui properly. CC ID 05659 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\security\templates properly. CC ID 05660 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\speech properly. CC ID 05661 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system.ini properly. CC ID 05662 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system\setup.inf properly. CC ID 05663 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system\stdole.tlb properly. CC ID 05664 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\twain_32 properly. CC ID 05665 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\CatRoot properly. CC ID 05666 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\configf\systemprofile properly. CC ID 05667 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\dhcp properly. CC ID 05668 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\drivers properly. CC ID 05669 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\Export properly. CC ID 05670 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\ipconfig.exe properly. CC ID 05671 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\LogFiles properly. CC ID 05672 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\mshta.exe properly. CC ID 05673 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\mui properly. CC ID 05674 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\ShellExt properly. CC ID 05675 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\wbem properly. CC ID 05676 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\mof properly. CC ID 05677 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\repository properly. CC ID 05678 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\wbem\logs properly. CC ID 05679 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile% properly. CC ID 05680 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Application Data properly. CC ID 05681 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft properly. CC ID 05682 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Crypto\DSSHKLMKeys properly. CC ID 05683 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Crypto\RSAHKLMKeys properly. CC ID 05684 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Dr Watson properly. CC ID 05685 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\Dr Watson\drwtsn32.log properly. CC ID 05686 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\HTML Help properly. CC ID 05687 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Application Data\Microsoft\MediaIndex properly. CC ID 05688 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\Documents\desktop.ini properly. CC ID 05689 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %AllUsersProfile%\DRM properly. CC ID 05690 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\Debug\UserMode\userenv.log properly. CC ID 05691 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Installer properly. CC ID 05692 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\Prefetch properly. CC ID 05693 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\Registration\CRMLog properly. CC ID 05694 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\ciadv.msc properly. CC ID 05695 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\Com\comexp.msc properly. CC ID 05696 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\compmgmt.msc properly. CC ID 05697 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\Config properly. CC ID 05698 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\Config\*.evt properly. CC ID 05699 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\devmgmt.msc properly. CC ID 05700 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\dfrg.msc properly. CC ID 05701 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\diskmgmt.msc properly. CC ID 05702 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\system32\eventvwr.msc properly. CC ID 05703 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\fsmgmt.msc properly. CC ID 05704 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\gpedit.msc properly. CC ID 05705 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\lusrmgr.msg properly. CC ID 05706 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\System32\MSDTC properly. CC ID 05707 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\ntmsoprq.msc properly. CC ID 05708 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\ntmsmgr.msc properly. CC ID 05709 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\perfmon.msc properly. CC ID 05710 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\RSoP.msc properly. CC ID 05711 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\secpol.msc properly. CC ID 05712 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\services.msc properly. CC ID 05713 | System hardening through configuration management | Configuration | |
| Configure the file permissions for %SystemRoot%\System32\wmimgmt.msc properly. CC ID 05714 | System hardening through configuration management | Configuration | |
| Configure the directory permissions for %SystemRoot%\Web properly. CC ID 05715 | System hardening through configuration management | Configuration | |
| Configure the BitLocker setting appropriately for fixed disk drives and removable disk drives. CC ID 06064 | System hardening through configuration management | Configuration | |
| Configure the settings for fixed disk drives, removable disk drives, and operating system disk drives. CC ID 06065 | System hardening through configuration management | Configuration | |
| Configure the BitLocker identifiers. CC ID 06066 | System hardening through configuration management | Configuration | |
| Configure utility and device driver software in accordance with organizational standards. CC ID 12340 | System hardening through configuration management | Configuration | |
| Restrict utility programs from interfering with Information Technology operations. CC ID 13087 | System hardening through configuration management | Configuration | |
| Configure appropriate Partitioning schemes. CC ID 02162 | System hardening through configuration management | Configuration | |
| Verify the /home file system, /export/home file system, and /var file system each has its own partition. CC ID 02163 | System hardening through configuration management | Configuration | |
| Verify the root shell environment is located outside the /usr directory in a partitioned environment. CC ID 02158 | System hardening through configuration management | Configuration | |
| Verify the primary filesystem partition uses an appropriate filesystem. CC ID 05716 | System hardening through configuration management | Configuration | |
| Enable the OS/2 subsystem, as appropriate. CC ID 05717 | System hardening through configuration management | Configuration | |
| Configure the "nodev" option for "/tmp" setting to organizational standards. CC ID 08725 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "nodev" option for "/dev/shm" setting to organizational standards. CC ID 08726 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "/tmp filesystem partition" setting to organizational standards. CC ID 08727 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "var/log" filesystem to organizational standards. CC ID 08728 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the “var/log/audit” filesystem to organizational standards. CC ID 08729 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "nosuid" setting on the "/tmp" directory to organizational standards. CC ID 08730 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "noexec" setting on the "/tmp" directory to organizational standards. CC ID 08731 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "nosuid" setting on the "/dev/shm" directory to organizational standards. CC ID 08732 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "noexec" option for "/dev/shm" to organizational standards. CC ID 08733 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "/var/tmp filesystem partition" setting to organizational standards. CC ID 08734 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "nodev" option for "/run/shm" to organizational standards. CC ID 11376 | System hardening through configuration management | Configuration | |
| Configure the "nosuid" option for "/run/shm" to organizational standards. CC ID 11377 | System hardening through configuration management | Configuration | |
| Configure the "noexec" option for "/run/shm" to organizational standards. CC ID 11378 | System hardening through configuration management | Configuration | |
| Configure attached printers and shared printers. CC ID 04499 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain network parameter modification procedures. CC ID 01517 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the IPsec security association lifetime to organizational standards. CC ID 16508 | System hardening through configuration management | Configuration | |
| Configure route filtering to organizational standards. CC ID 16359 | System hardening through configuration management | Configuration | |
| Refrain from accepting routes from unauthorized parties. CC ID 16397 | System hardening through configuration management | Technical Security | |
| Configure security gateways to organizational standards. CC ID 16352 | System hardening through configuration management | Configuration | |
| Configure network elements to organizational standards. CC ID 16361 | System hardening through configuration management | Configuration | |
| Configure devices having access to network elements to organizational standards. CC ID 16408 | System hardening through configuration management | Configuration | |
| Configure routing tables to organizational standards. CC ID 15438 | System hardening through configuration management | Configuration | |
| Configure "NetBT NodeType configuration" to organizational standards. CC ID 15383 | System hardening through configuration management | Configuration | |
| Configure "Allow remote server management through WinRM" to organizational standards. CC ID 15364 | System hardening through configuration management | Configuration | |
| Configure "Allow network connectivity during connected-standby (on battery)" to organizational standards. CC ID 15342 | System hardening through configuration management | Configuration | |
| Configure BOOTP queries to be accepted or denied by the DHCP Server, as appropriate. CC ID 06040 | System hardening through configuration management | Configuration | |
| Enable TCP wrappers. CC ID 01567 | System hardening through configuration management | Configuration | |
| Configure TCP wrappers. CC ID 01566 | System hardening through configuration management | Configuration | |
| Configure devices to block or avoid outbound connections. CC ID 04807 | System hardening through configuration management | Configuration | |
| Configure devices to deny inbound connections. CC ID 04805 | System hardening through configuration management | Configuration | |
| Review and restrict network addresses and network protocols. CC ID 01518 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain a network addressing plan. CC ID 16399 | System hardening through configuration management | Establish/Maintain Documentation | |
| Define the location requirements for network elements and network devices. CC ID 16379 | System hardening through configuration management | Process or Activity | |
| Disable wireless access if it is not necessary. CC ID 12100 | System hardening through configuration management | Configuration | |
| Configure wireless access to be restricted to authorized wireless networks. CC ID 12099 | System hardening through configuration management | Technical Security | |
| Configure Network Address Translation to organizational standards. CC ID 16395 | System hardening through configuration management | Configuration | |
| Enable Network Address Translation or Port Address Translation for internal networks on all network access and control points. CC ID 00545 | System hardening through configuration management | Configuration | |
| Disable NIS Server Daemons unless NIS Server Daemons are absolutely necessary. CC ID 01457 | System hardening through configuration management | Configuration | |
| Disable NIS Client Daemons unless NIS Client Daemons are absolutely necessary. CC ID 01458 | System hardening through configuration management | Configuration | |
| Disable NIS+ daemons unless NIS+ daemons are absolutely necessary. CC ID 01459 | System hardening through configuration management | Configuration | |
| Disable Kerberos server daemons unless Kerberos server daemons are absolutely necessary. CC ID 01461 | System hardening through configuration management | Configuration | |
| Disable Kerberos client daemons unless Kerberos client daemons are absolutely necessary. CC ID 01462 | System hardening through configuration management | Configuration | |
| Disable Kerberos-related daemons unless Kerberos-related daemons are absolutely necessary. CC ID 01463 | System hardening through configuration management | Configuration | |
| Disable DHCP Server unless DHCP Server is absolutely necessary. CC ID 01482 | System hardening through configuration management | Configuration | |
| Disable Domain Name Server unless Domain Name Server is absolutely necessary. CC ID 01483 | System hardening through configuration management | Configuration | |
| Disable Simple Network Management Protocol unless it is absolutely necessary. CC ID 01491 | System hardening through configuration management | Configuration | |
| Enable or disable tunneling, as necessary. CC ID 15235 | System hardening through configuration management | Configuration | |
| Disable Internet Protocol version 6 unless it is absolutely necessary. CC ID 01493 | System hardening through configuration management | Configuration | |
| Disable Simple Mail Transport Protocol unless it is absolutely necessary. CC ID 01825 | System hardening through configuration management | Configuration | |
| Disable SNMP trap unless SNMP trap is absolutely necessary. CC ID 01828 | System hardening through configuration management | Configuration | |
| Disable UNIX-to-UNIX Copy Program unless it is absolutely necessary. CC ID 02169 | System hardening through configuration management | Configuration | |
| Disable the ugidd daemon unless the ugidd daemon is absolutely necessary. CC ID 02181 | System hardening through configuration management | Configuration | |
| Disable IP Routing unless it is absolutely necessary. CC ID 02170 | System hardening through configuration management | Configuration | |
| Disable Client Service for NetWare unless it is absolutely necessary. CC ID 04277 | System hardening through configuration management | Configuration | |
| Disable HyperText Transfer Protocol Secure Socket Layer unless it is absolutely necessary. CC ID 04281 | System hardening through configuration management | Configuration | |
| Disable network connections unless network connections are absolutely necessary. CC ID 04283 | System hardening through configuration management | Configuration | |
| Disable Boot Protocol unless it is absolutely necessary. CC ID 04809 | System hardening through configuration management | Configuration | |
| Disable Pre-boot eXecution Environment unless it is absolutely necessary. CC ID 04819 | System hardening through configuration management | Configuration | |
| Disable Bluetooth unless Bluetooth is absolutely necessary. CC ID 04476 | System hardening through configuration management | Configuration | |
| Disable Internetwork Packet Exchange/Sequenced Packet Exchange. CC ID 04800 | System hardening through configuration management | Configuration | |
| Disable AppleTalk. CC ID 04799 | System hardening through configuration management | Configuration | |
| Disable Network Basic Input/Output System. CC ID 01925 | System hardening through configuration management | Configuration | |
| Assign or reserve static IP addresses in Dynamic Host Configuration Protocol. CC ID 04801 | System hardening through configuration management | Configuration | |
| Disable wireless networking on Multi-Function Devices, unless absolutely necessary. CC ID 04821 | System hardening through configuration management | Configuration | |
| Configure mountd to use a static port or a dynamic portmapper port, as appropriate. CC ID 06023 | System hardening through configuration management | Configuration | |
| Configure the Avahi daemon to serve via Internet Protocol version 4, Internet Protocol version 6, as appropriate. CC ID 06024 | System hardening through configuration management | Configuration | |
| Validate and check Simple Network Management Protocol using snmpwalk. CC ID 06941 | System hardening through configuration management | Configuration | |
| Disable the XDMCP port. CC ID 01563 | System hardening through configuration management | Configuration | |
| Prevent syslog from accepting messages from the network. CC ID 01562 | System hardening through configuration management | Configuration | |
| Prevent X server from listening on port 6000/tcp. CC ID 01565 | System hardening through configuration management | Configuration | |
| Configure the Intrusion Detection System and the Intrusion Prevention System to accept the organizational vulnerability scanning host or vendor's originating IP address. CC ID 01645 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Allow anonymous SID/Name translation" setting to organizational standards. CC ID 01717 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" setting. CC ID 01718 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting. CC ID 01719 | System hardening through configuration management | Configuration | |
| Enable Data Execution Protection for all applications. CC ID 01720 | System hardening through configuration management | Configuration | |
| Enable digital encryption or digital signatures of secure channel data. CC ID 01736 | System hardening through configuration management | Configuration | |
| Enable digital signatures of communications using the Server Message Block protocol. CC ID 01762 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network client: Send unencrypted password to connect to third-party SMB servers" setting. CC ID 01764 | System hardening through configuration management | Configuration | |
| Configure the amount of idle time required before disconnecting an idle session. CC ID 01763 | System hardening through configuration management | Configuration | |
| Configure the "Allow reconnection from original client only" setting to organizational standards. CC ID 04515 | System hardening through configuration management | Configuration | |
| Enable the disconnect clients setting (server) or force logoff setting (client) if the account's allotted logon period expire. CC ID 01765 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" setting. CC ID 01766 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Let Everyone permissions apply to anonymous users" setting. CC ID 01767 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Named pipes that can be accessed anonymously" setting. CC ID 01768 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Remotely accessible registry paths" setting. CC ID 01769 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Sharing and security model for local accounts" setting. CC ID 01771 | System hardening through configuration management | Configuration | |
| Configure the "Network security: Do not store LAN Manager hash value on next password change" setting. CC ID 01772 | System hardening through configuration management | Configuration | |
| Configure the "Network security: LAN Manager authentication level" setting. CC ID 01773 | System hardening through configuration management | Configuration | |
| Configure the "Network security: LDAP client signing requirements" setting. CC ID 01774 | System hardening through configuration management | Configuration | |
| Configure Lightweight Directory Access Protocol connections for security. CC ID 04451 | System hardening through configuration management | Configuration | |
| Configure the least session security for NT LM Security Support Provider based clients (including secure RPC) and servers settings. CC ID 01775 | System hardening through configuration management | Configuration | |
| Enable the LDAP cache manager as necessary. CC ID 01460 | System hardening through configuration management | Configuration | |
| Configure firewalls in accordance with organizational standards. CC ID 01926 | System hardening through configuration management | Configuration | |
| Control inbound connections to the firewall. CC ID 04397 | System hardening through configuration management | Configuration | |
| Control outbound connections to the firewall. CC ID 04398 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Do not allow exceptions" setting. CC ID 04318 | System hardening through configuration management | Configuration | |
| Configure the firewall to define program exceptions as necessary. CC ID 04319 | System hardening through configuration management | Configuration | |
| Configure the firewall to display notifications. CC ID 04399 | System hardening through configuration management | Configuration | |
| Configure the firewall to allow Unicast responses. CC ID 04400 | System hardening through configuration management | Configuration | |
| Configure the firewall to apply local connection security rules. CC ID 04402 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain firewall rules in accordance with organizational standards. CC ID 16353 | System hardening through configuration management | Establish/Maintain Documentation | |
| Review and approve the firewall rules, as necessary. CC ID 06745 | System hardening through configuration management | Configuration | |
| Disable Internet Connection Sharing. CC ID 02035 | System hardening through configuration management | Configuration | |
| Disable anonymous DDP. CC ID 02193 | System hardening through configuration management | Configuration | |
| Configure the "Set client connection encryption level" setting. CC ID 04321 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Restrict anonymous access to named pipes and shares" setting to organizational standards. CC ID 04381 | System hardening through configuration management | Configuration | |
| Configure the "Intranet Sites: Include all network paths (UNCs)" setting. CC ID 04414 | System hardening through configuration management | Configuration | |
| Configure RConsoleJ in NetWare. CC ID 04460 | System hardening through configuration management | Configuration | |
| Configure Secure Console in NetWare. CC ID 04461 | System hardening through configuration management | Configuration | |
| Disable Universal Description, Discovery, and Integration. CC ID 04466 | System hardening through configuration management | Configuration | |
| Enable encryption for connections that transfer restricted data over HyperText Transfer Protocol. CC ID 04473 | System hardening through configuration management | Configuration | |
| Use HyperText Transfer Protocol Secure to protect authenticators or other restricted data or restricted information. CC ID 04474 | System hardening through configuration management | Configuration | |
| Configure Windows Messenger to prevent access to the internet. CC ID 04518 | System hardening through configuration management | Configuration | |
| Configure the "Always wait for the network at computer startup and logon" setting to organizational standards. CC ID 04519 | System hardening through configuration management | Configuration | |
| Do not Configure anonymous File Transfer Protocol on computers located inside a defined security perimeter. CC ID 04527 | System hardening through configuration management | Configuration | |
| Create an access control list on Network Access and Control Points to restrict access. CC ID 04810 | System hardening through configuration management | Configuration | |
| Configure the Access Control List to restrict connections between untrusted networks and any system that holds restricted data or restricted information. CC ID 06077 | System hardening through configuration management | Configuration | |
| Configure the Access Control List (ACL) so that internal network addresses cannot pass from the Internet into the Demilitarized Zone (DMZ). CC ID 06421 | System hardening through configuration management | Configuration | |
| Configure the Access Control List so that outbound network traffic from protected subnets can only access IP Addresses inside the Demilitarized Zone. CC ID 06422 | System hardening through configuration management | Configuration | |
| Configure Print Services to use port 9100 and/or port 515. CC ID 04811 | System hardening through configuration management | Configuration | |
| Configure the SSH server in accordance with organizational standards. CC ID 04843 | System hardening through configuration management | Configuration | |
| Configure permissions for SSH private host key files to organizational standards. CC ID 15331 | System hardening through configuration management | Configuration | |
| Configure permissions for SSH public host key files to organizational standards. CC ID 15333 | System hardening through configuration management | Configuration | |
| Disable Secure Shell version 1 and use Secure Shell version 2. CC ID 04465 | System hardening through configuration management | Configuration | |
| Allow or deny inbound connections to the secure shell port, as appropriate. CC ID 05746 | System hardening through configuration management | Configuration | |
| Enable or disable the emulation of the rsh command through the SSH server, as appropriate. CC ID 05747 | System hardening through configuration management | Configuration | |
| Configure SSH X11 forwarding to organizational standards. CC ID 05748 | System hardening through configuration management | Configuration | |
| Set the SSH authentication log retry limit. CC ID 05750 | System hardening through configuration management | Configuration | |
| Configure SSH integration with .rhosts to organizational standards. CC ID 05751 | System hardening through configuration management | Configuration | |
| Configure SSH integration with hosts.equiv to organizational standards. CC ID 05752 | System hardening through configuration management | Configuration | |
| Enable or disable SSH Rhosts RSA Authentication, as appropriate. CC ID 05753 | System hardening through configuration management | Configuration | |
| Use Secure Shell for remote logins and file transfers. CC ID 06562 | System hardening through configuration management | Configuration | |
| Configure the "/etc/hosts.deny" file: Content to organizational standards. CC ID 09924 | System hardening through configuration management | Configuration | |
| Configure the "hosts.deny" file permissions to organizational standards. CC ID 09925 | System hardening through configuration management | Configuration | |
| Configure the "PermitEmptyPasswords" setting to organizational standards. CC ID 09926 | System hardening through configuration management | Configuration | |
| Configure the "SSH IgnoreRhosts" setting to organizational standards. CC ID 09951 | System hardening through configuration management | Configuration | |
| Configure the "allowed users and groups" setting for "SSH" to organizational standards. CC ID 09952 | System hardening through configuration management | Configuration | |
| Configure Network Time Protocol. CC ID 04844 | System hardening through configuration management | Configuration | |
| Configure multicasting. CC ID 04845 | System hardening through configuration management | Configuration | |
| Set the apache2 server's ServerTokens value properly. CC ID 05720 | System hardening through configuration management | Configuration | |
| Set the apache2 server's ServerSignature value properly. CC ID 05721 | System hardening through configuration management | Configuration | |
| Configure "Configuration of wireless settings using Windows Connect Now" to organizational standards. CC ID 05722 | System hardening through configuration management | Configuration | |
| Configure X11 forwarding via Secure Shell, as appropriate. CC ID 05723 | System hardening through configuration management | Configuration | |
| Enable the NIS passwd daemon as necessary. CC ID 05725 | System hardening through configuration management | Configuration | |
| Enable the NIS update daemon as necessary. CC ID 05726 | System hardening through configuration management | Configuration | |
| Enable the NIS xfr daemon as necessary. CC ID 05727 | System hardening through configuration management | Configuration | |
| Enable or disable strict destination multihoming, as appropriate. CC ID 05728 | System hardening through configuration management | Configuration | |
| Enable or disable IPv4 strict multihoming, as appropriate. CC ID 05729 | System hardening through configuration management | Configuration | |
| Enable the appropriate tunneling protocol for Internet Protocol version 6. CC ID 05730 | System hardening through configuration management | Configuration | |
| Enable or disable the automatic loading of the IPv6 kernel module, as appropriate. CC ID 05731 | System hardening through configuration management | Configuration | |
| Configure the router advertisements settings to organizational standards. CC ID 05732 | System hardening through configuration management | Configuration | |
| Configure IPv6 privacy extensions properly. CC ID 05733 | System hardening through configuration management | Configuration | |
| Set the default number of global unicast IPv6 addresses allowed per network interface properly. CC ID 05734 | System hardening through configuration management | Configuration | |
| Set the default number of IPv6 router solicitations for network interfaces to send properly. CC ID 05735 | System hardening through configuration management | Configuration | |
| Set the default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured network address properly. CC ID 05736 | System hardening through configuration management | Configuration | |
| Enable or disable IPv6 strict multihoming, as appropriate. CC ID 05737 | System hardening through configuration management | Configuration | |
| Enable or disable IP routing, as appropriate. CC ID 05738 | System hardening through configuration management | Configuration | |
| Enable or disable reverse source routed packets, as appropriate. CC ID 05739 | System hardening through configuration management | Configuration | |
| Restrict packet forwarding, as appropriate. CC ID 05740 | System hardening through configuration management | Configuration | |
| Set unestablished TCP connection queues and established TCP connection queues properly. CC ID 05741 | System hardening through configuration management | Configuration | |
| Enable or disable the LDAP dynamic updates feature, as appropriate. CC ID 05742 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit use of Internet Connection Firewall on your DNS domain network" setting properly. CC ID 05743 | System hardening through configuration management | Configuration | |
| Enable or disable printing services through inetd, as appropriate. CC ID 05744 | System hardening through configuration management | Configuration | |
| Enable or disable firewall access to printing services, as appropriate. CC ID 05745 | System hardening through configuration management | Configuration | |
| Set the Secure Shell largest number for authentication retries. CC ID 05749 | System hardening through configuration management | Configuration | |
| Configure the "Server SPN target name validation level" properly. CC ID 06067 | System hardening through configuration management | Configuration | |
| Configure the "Allow Local System NULL session fallback" setting properly. CC ID 06068 | System hardening through configuration management | Configuration | |
| Configure the "Restrict NTLM" settings properly. CC ID 06069 | System hardening through configuration management | Configuration | |
| Configure the "Allow Local System to use computer identity for NTLM" setting properly. CC ID 06070 | System hardening through configuration management | Configuration | |
| Configure the "Configure encryption types allowed for Kerberos" setting properly. CC ID 06071 | System hardening through configuration management | Configuration | |
| Configure the "Allow PKU2U authentication requests to this computer to use online identities" setting properly. CC ID 06072 | System hardening through configuration management | Configuration | |
| Configure wireless communication to be encrypted using strong cryptography. CC ID 06078 | System hardening through configuration management | Configuration | |
| Reserve the use of VLAN1 to in-band management. CC ID 06413 | System hardening through configuration management | Configuration | |
| Disallow Internet Protocol (IP) directed broadcasts. CC ID 06571 | System hardening through configuration management | Configuration | |
| Configure the "source-routed packets" setting to organizational standards. CC ID 08977 | System hardening through configuration management | Configuration | |
| Disable feedback on protocol format validation errors. CC ID 10646 | System hardening through configuration management | Configuration | |
| Configure the "6to4 Relay Name" setting to organizational standards. CC ID 10688 | System hardening through configuration management | Configuration | |
| Configure the "6to4 Relay Name Resolution Interval" setting to organizational standards. CC ID 10689 | System hardening through configuration management | Configuration | |
| Configure the "6to4 State" setting to organizational standards. CC ID 10690 | System hardening through configuration management | Configuration | |
| Configure the "Automated Site Coverage by the DC Locator DNS SRV Records" setting to organizational standards. CC ID 10759 | System hardening through configuration management | Configuration | |
| Configure the "Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10764 | System hardening through configuration management | Configuration | |
| Configure the "Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10765 | System hardening through configuration management | Configuration | |
| Configure the "Best effort service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10766 | System hardening through configuration management | Configuration | |
| Configure the "BranchCache for network files" setting to organizational standards. CC ID 10776 | System hardening through configuration management | Configuration | |
| Configure the "Network Options preference logging and tracing" setting to organizational standards. CC ID 10796 | System hardening through configuration management | Configuration | |
| Configure the "Network Shares preference logging and tracing" setting to organizational standards. CC ID 10797 | System hardening through configuration management | Configuration | |
| Configure the "slow-link mode" setting to organizational standards. CC ID 10820 | System hardening through configuration management | Configuration | |
| Configure the "Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10826 | System hardening through configuration management | Configuration | |
| Configure the "Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10827 | System hardening through configuration management | Configuration | |
| Configure the "Controlled load service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10828 | System hardening through configuration management | Configuration | |
| Configure the "Corporate DNS Probe Host Address" setting to organizational standards. CC ID 10829 | System hardening through configuration management | Configuration | |
| Configure the "Corporate DNS Probe Host Name" setting to organizational standards. CC ID 10830 | System hardening through configuration management | Configuration | |
| Configure the "Corporate Site Prefix List" setting to organizational standards. CC ID 10831 | System hardening through configuration management | Configuration | |
| Configure the "Corporate Website Probe URL" setting to organizational standards. CC ID 10832 | System hardening through configuration management | Configuration | |
| Configure the "DC Locator DNS records not registered by the DCs" setting to organizational standards. CC ID 10838 | System hardening through configuration management | Configuration | |
| Configure the "DNS Suffix Search List" setting to organizational standards. CC ID 10890 | System hardening through configuration management | Configuration | |
| Configure the "Do not detect slow network connections" setting to organizational standards. CC ID 10926 | System hardening through configuration management | Configuration | |
| Configure the "Do not show the "local access only" network icon" setting to organizational standards. CC ID 10936 | System hardening through configuration management | Configuration | |
| Configure the "Dynamic Registration of the DC Locator DNS Records" setting to organizational standards. CC ID 10943 | System hardening through configuration management | Configuration | |
| Configure the "Group Policy slow link detection" setting to organizational standards. CC ID 10982 | System hardening through configuration management | Configuration | |
| Configure the "Guaranteed service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 10983 | System hardening through configuration management | Configuration | |
| Configure the "Guaranteed service type Layer-3 Differentiated Services Code Point for packets that do not conform to the flow specification" setting to organizational standards. CC ID 10984 | System hardening through configuration management | Configuration | |
| Configure the "Guaranteed service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 10985 | System hardening through configuration management | Configuration | |
| Configure the "Limit the maximum network bandwidth used for Peercaching" setting to organizational standards. CC ID 11017 | System hardening through configuration management | Configuration | |
| Configure the "Location of the DCs hosting a domain with single label DNS name" setting to organizational standards. CC ID 11024 | System hardening through configuration management | Configuration | |
| Configure the "Minimum Idle Connection Timeout for RPC/HTTP connections" setting to organizational standards. CC ID 11046 | System hardening through configuration management | Configuration | |
| Configure the "Network control service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 11049 | System hardening through configuration management | Configuration | |
| Configure the "Network control service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 11050 | System hardening through configuration management | Configuration | |
| Configure the "Network control service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 11051 | System hardening through configuration management | Configuration | |
| Configure the "Network Projector Port Setting" setting to organizational standards. CC ID 11052 | System hardening through configuration management | Configuration | |
| Configure the "Override the More Gadgets link" setting to organizational standards. CC ID 11060 | System hardening through configuration management | Configuration | |
| Configure the "Prevent backing up to network location" setting to organizational standards. CC ID 11070 | System hardening through configuration management | Configuration | |
| Configure the "Primary DNS Suffix" setting to organizational standards. CC ID 11094 | System hardening through configuration management | Configuration | |
| Configure the "Primary DNS Suffix Devolution" setting to organizational standards. CC ID 11095 | System hardening through configuration management | Configuration | |
| Configure the "Priority Set in the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11099 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit installation and configuration of Network Bridge on your DNS domain network" setting to organizational standards. CC ID 11102 | System hardening through configuration management | Configuration | |
| Configure the "Prompt user when a slow network connection is detected" setting to organizational standards. CC ID 11109 | System hardening through configuration management | Configuration | |
| Configure the "Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards. CC ID 11113 | System hardening through configuration management | Configuration | |
| Configure the "Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards. CC ID 11114 | System hardening through configuration management | Configuration | |
| Configure the "Qualitative service type link layer (Layer-2) priority value" setting to organizational standards. CC ID 11115 | System hardening through configuration management | Configuration | |
| Configure the "Refresh Interval of the DC Locator DNS Records" setting to organizational standards. CC ID 11119 | System hardening through configuration management | Configuration | |
| Configure the "Register DNS records with connection-specific DNS suffix" setting to organizational standards. CC ID 11120 | System hardening through configuration management | Configuration | |
| Configure the "Require domain users to elevate when setting a network's location" setting to organizational standards. CC ID 11133 | System hardening through configuration management | Configuration | |
| Configure the "Route all traffic through the internal network" setting to organizational standards. CC ID 11149 | System hardening through configuration management | Configuration | |
| Configure the "Set a support web page link" setting to organizational standards. CC ID 11171 | System hardening through configuration management | Configuration | |
| Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Link Local" to organizational standards. CC ID 11179 | System hardening through configuration management | Configuration | |
| Configure the "Set the Seed Server" setting for "IPv6 Link Local" to organizational standards. CC ID 11190 | System hardening through configuration management | Configuration | |
| Configure the "Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers" setting to organizational standards. CC ID 11197 | System hardening through configuration management | Configuration | |
| Configure the "Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers" setting to organizational standards. CC ID 11198 | System hardening through configuration management | Configuration | |
| Configure the "Sites Covered by the Application Directory Partition Locator DNS SRV Records" setting to organizational standards. CC ID 11202 | System hardening through configuration management | Configuration | |
| Configure the "Sites Covered by the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11203 | System hardening through configuration management | Configuration | |
| Configure the "Sites Covered by the GC Locator DNS SRV Records" setting to organizational standards. CC ID 11204 | System hardening through configuration management | Configuration | |
| Configure the "Slow network connection timeout for user profiles" setting to organizational standards. CC ID 11205 | System hardening through configuration management | Configuration | |
| Configure the "TTL Set in the DC Locator DNS Records" setting to organizational standards. CC ID 11252 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Connect to a Network Projector" setting to organizational standards. CC ID 11272 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com" setting to organizational standards. CC ID 11283 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Microsoft Peer-to-Peer Networking Services" setting to organizational standards. CC ID 11289 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Link Local" to organizational standards. CC ID 11291 | System hardening through configuration management | Configuration | |
| Configure the "Turn off PNRP cloud creation" setting for "IPv6 Link Local" to organizational standards. CC ID 11299 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Registration if URL connection is referring to Microsoft.com" setting to organizational standards. CC ID 11305 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Network Connectivity Status Indicator active tests" setting to organizational standards. CC ID 11328 | System hardening through configuration management | Configuration | |
| Configure the "Weight Set in the DC Locator DNS SRV Records" setting to organizational standards. CC ID 11371 | System hardening through configuration management | Configuration | |
| Configure Automated Teller Machines in accordance with organizational standards. CC ID 12542 | System hardening through configuration management | Configuration | |
| Enable or disable remote print browsing, as appropriate. CC ID 05718 | System hardening through configuration management | Configuration | |
| Allow or deny remote print browsing Common Unix Printing System the ability to listen for incoming printer information, as appropriate. CC ID 05719 | System hardening through configuration management | Configuration | |
| Configure the time server in accordance with organizational standards. CC ID 06426 | System hardening through configuration management | Configuration | |
| Configure the time server to synchronize with specifically designated hosts. CC ID 06427 | System hardening through configuration management | Configuration | |
| Restrict access to time server configuration to personnel with a business need. CC ID 06858 | System hardening through configuration management | Configuration | |
| Keep current the time synchronization technology. CC ID 12548 | System hardening through configuration management | Technical Security | |
| Verify the organization has Emergency Power Supplies available for the systems. CC ID 01912 | System hardening through configuration management | Systems Continuity | |
| Verify enough emergency power is available for a graceful shutdown if the primary power system fails. CC ID 01913 | System hardening through configuration management | Systems Continuity | |
| Verify emergency power continuity procedures are in place to transfer power to a secondary source if the primary power system fails. CC ID 01914 | System hardening through configuration management | Systems Continuity | |
| Enable or disable the Uninterruptible Power Supply service, as appropriate. CC ID 06037 | System hardening through configuration management | Configuration | |
| Configure Private Branch Exchanges in accordance with organizational standards. CC ID 02219 | System hardening through configuration management | Configuration | |
| Enable Direct Inward System Access, only when necessary. CC ID 02220 | System hardening through configuration management | Configuration | |
| Configure voicemail security inside each Private Branch Exchange. CC ID 02221 | System hardening through configuration management | Configuration | |
| Configure Wireless Access Points in accordance with organizational standards. CC ID 12477 | System hardening through configuration management | Configuration | |
| Enable MAC address filtering for Wireless Access Points. CC ID 04592 | System hardening through configuration management | Configuration | |
| Disable Service Set Identifier broadcast. CC ID 04590 | System hardening through configuration management | Configuration | |
| Configure Service Set Identifiers in accordance with organizational standards. CC ID 16447 | System hardening through configuration management | Configuration | |
| Configure the Wireless Access Point transmit power setting to the lowest level possible. CC ID 04593 | System hardening through configuration management | Configuration | |
| Enable two-factor authentication for identifying and authenticating Wireless Local Area Network users. CC ID 04595 | System hardening through configuration management | Configuration | |
| Enable an authorized version of Wi-Fi Protected Access. CC ID 04832 | System hardening through configuration management | Configuration | |
| Synchronize the Wireless Access Points' clocks. CC ID 04834 | System hardening through configuration management | Configuration | |
| Disable unnecessary applications, ports, and protocols on Wireless Access Points. CC ID 04835 | System hardening through configuration management | Configuration | |
| Enable or disable all BIOS wireless devices, as appropriate. CC ID 05754 | System hardening through configuration management | Configuration | |
| Enable or disable all wireless interfaces, as necessary. CC ID 05755 | System hardening through configuration management | Configuration | |
| Include or exclude device drivers for wireless devices from the kernel, as appropriate. CC ID 05756 | System hardening through configuration management | Configuration | |
| Configure mobile device settings in accordance with organizational standards. CC ID 04600 | System hardening through configuration management | Configuration | |
| Configure mobile devices to enable remote wipe. CC ID 12212 | System hardening through configuration management | Configuration | |
| Configure prohibiting the circumvention of security controls on mobile devices. CC ID 12335 | System hardening through configuration management | Configuration | |
| Configure Apple iOS to Organizational Standards. CC ID 09986 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "VPN" setting to organizational standards. CC ID 09987 | System hardening through configuration management | Configuration | |
| Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 09988 | System hardening through configuration management | Configuration | |
| Configure the "With Authentication" setting to organizational standards. CC ID 09989 | System hardening through configuration management | Configuration | |
| Configure the "Auto-Join" setting to organizational standards. CC ID 09990 | System hardening through configuration management | Configuration | |
| Configure the "AirDrop Discoverability" setting to organizational standards. CC ID 09991 | System hardening through configuration management | Configuration | |
| Configure the "Wi-Fi" setting to organizational standards. CC ID 09992 | System hardening through configuration management | Configuration | |
| Configure the "Personal Hotspot" setting to organizational standards. CC ID 09994 | System hardening through configuration management | Configuration | |
| Configure the "Notifications View" setting for "Access on Lock Screen" to organizational standards. CC ID 09995 | System hardening through configuration management | Configuration | |
| Configure the "Find My iPhone" setting to organizational standards. CC ID 09996 | System hardening through configuration management | Configuration | |
| Configure the "iPhone Unlock" setting to organizational standards. CC ID 09997 | System hardening through configuration management | Configuration | |
| Configure the "Access on Lock Screen" setting to organizational standards. CC ID 09998 | System hardening through configuration management | Configuration | |
| Configure the "Forget this Network" setting to organizational standards. CC ID 09999 | System hardening through configuration management | Configuration | |
| Configure the "Ask to Join Networks" setting to organizational standards. CC ID 10000 | System hardening through configuration management | Configuration | |
| Configure the "Fraudulent Website Warning" setting to organizational standards. CC ID 10001 | System hardening through configuration management | Configuration | |
| Configure the "Credit Cards" setting to organizational standards. CC ID 10002 | System hardening through configuration management | Configuration | |
| Configure the "Saved Credit Card Information" setting to organizational standards. CC ID 10003 | System hardening through configuration management | Configuration | |
| Configure the "Do Not Track" setting to organizational standards. CC ID 10004 | System hardening through configuration management | Configuration | |
| Configure the "With Authentication" setting to organizational standards. CC ID 10005 | System hardening through configuration management | Configuration | |
| Configure the "Allow Move" setting to organizational standards. CC ID 10006 | System hardening through configuration management | Configuration | |
| Configure the "Use Only in Mail" setting to organizational standards. CC ID 10007 | System hardening through configuration management | Configuration | |
| Configure mobile devices to organizational standards. CC ID 04639 | System hardening through configuration management | Configuration | |
| Configure mobile devices to separate organizational data from personal data. CC ID 16463 | System hardening through configuration management | Configuration | |
| Configure the mobile device properties to organizational standards. CC ID 04640 | System hardening through configuration management | Configuration | |
| Configure the mobile device menu items to organizational standards. CC ID 04641 | System hardening through configuration management | Configuration | |
| Configure the BlackBerry handheld device driver settings. CC ID 04642 | System hardening through configuration management | Configuration | |
| Verify only BlackBerry Enterprise Server e-mail software and e-mail hardware is being used. CC ID 04601 | System hardening through configuration management | Technical Security | |
| Configure the BlackBerry Enterprise Server with either BlackBerry DMZ Solution or the BlackBerry firewall solution. CC ID 04602 | System hardening through configuration management | Configuration | |
| Configure automatic master key generation on the BlackBerry Enterprise Server. CC ID 04608 | System hardening through configuration management | Configuration | |
| Train BlackBerry handheld device users on the Bluetooth Smart Card Reader's proper usage. CC ID 04603 | System hardening through configuration management | Behavior | |
| Verify metamessage software is not installed on BlackBerry handheld devices. CC ID 04604 | System hardening through configuration management | Technical Security | |
| Configure e-mail messages to not display a signature line stating the message was sent from a Portable Electronic Device. CC ID 04605 | System hardening through configuration management | Configuration | |
| Verify only the specific mobile device web browser software is installed. CC ID 04606 | System hardening through configuration management | Configuration | |
| Update the software and master keys for mobile Personal Electronic Devices every 30 days. CC ID 04607 | System hardening through configuration management | Configuration | |
| Enable content protection on mobile devices. CC ID 04609 | System hardening through configuration management | Configuration | |
| Configure the application policy groups for each mobile Personal Electronic Device. CC ID 04610 | System hardening through configuration management | Configuration | |
| Configure the BlackBerry Messenger policy group settings. CC ID 04611 | System hardening through configuration management | Configuration | |
| Configure the Camera policy group settings. CC ID 04614 | System hardening through configuration management | Configuration | |
| Configure the Bluetooth policy group settings. CC ID 04612 | System hardening through configuration management | Configuration | |
| Configure the Bluetooth Smart Card Reader policy group settings. CC ID 04613 | System hardening through configuration management | Configuration | |
| Configure the Browser policy group settings. CC ID 04615 | System hardening through configuration management | Configuration | |
| Configure the Certificate Sync policy group settings. CC ID 04616 | System hardening through configuration management | Configuration | |
| Configure the CMIME policy group settings. CC ID 04617 | System hardening through configuration management | Configuration | |
| Configure the Common policy group settings. CC ID 04618 | System hardening through configuration management | Configuration | |
| Configure the Desktop-only policy group settings. CC ID 04619 | System hardening through configuration management | Configuration | |
| Configure the IOT Application policy group settings. CC ID 04620 | System hardening through configuration management | Configuration | |
| Configure the Device-only policy group settings. CC ID 04621 | System hardening through configuration management | Configuration | |
| Configure the Desktop policy group settings. CC ID 04622 | System hardening through configuration management | Configuration | |
| Configure the Global items policy group settings. CC ID 04623 | System hardening through configuration management | Configuration | |
| Configure the Location Based Services policy group settings. CC ID 04624 | System hardening through configuration management | Configuration | |
| Configure the MDS policy group settings. CC ID 04625 | System hardening through configuration management | Configuration | |
| Configure the On-Device Help policy group settings. CC ID 04626 | System hardening through configuration management | Configuration | |
| Configure the Password policy group settings. CC ID 04627 | System hardening through configuration management | Configuration | |
| Configure the PIM Sync policy group settings. CC ID 04628 | System hardening through configuration management | Configuration | |
| Configure the Secure E-mail policy group settings. CC ID 04629 | System hardening through configuration management | Configuration | |
| Configure the Memory Cleaner policy group settings. CC ID 04630 | System hardening through configuration management | Configuration | |
| Configure the Security policy group settings. CC ID 04631 | System hardening through configuration management | Configuration | |
| Configure the Service Exclusivity policy group settings. CC ID 04632 | System hardening through configuration management | Configuration | |
| Configure the SIM Application Toolkit policy group settings. CC ID 04633 | System hardening through configuration management | Configuration | |
| Configure the Smart Dialing policy group settings. CC ID 04634 | System hardening through configuration management | Configuration | |
| Configure the S/MIME policy group settings. CC ID 04635 | System hardening through configuration management | Configuration | |
| Configure the TCP policy group settings. CC ID 04636 | System hardening through configuration management | Configuration | |
| Configure the WTLS (Application) policy group settings. CC ID 04638 | System hardening through configuration management | Configuration | |
| Configure emergency and critical e-mail notifications so that they are digitally signed. CC ID 04841 | System hardening through configuration management | Configuration | |
| Enable data-at-rest encryption on mobile devices. CC ID 04842 | System hardening through configuration management | Configuration | |
| Disable the capability to automatically execute code on mobile devices absent user direction. CC ID 08705 | System hardening through configuration management | Configuration | |
| Configure environmental sensors on mobile devices. CC ID 10667 | System hardening through configuration management | Configuration | |
| Prohibit the remote activation of environmental sensors on mobile devices. CC ID 10666 | System hardening through configuration management | Configuration | |
| Configure the mobile device to explicitly show when an environmental sensor is in use. CC ID 10668 | System hardening through configuration management | Configuration | |
| Configure the environmental sensor to report collected data to designated personnel only. CC ID 10669 | System hardening through configuration management | Configuration | |
| Configure Cisco-specific applications and service in accordance with organizational standards. CC ID 06557 | System hardening through configuration management | Configuration | |
| Disable Cisco Discovery Protocol service unless the Cisco Discovery Protocol service is absolutely necessary. CC ID 06556 | System hardening through configuration management | Configuration | |
| Disable configuration autoloading unless configuration autoloading is absolutely necessary. CC ID 06558 | System hardening through configuration management | Configuration | |
| Disable exec on aux unless exec on aux is absolutely necessary. CC ID 06559 | System hardening through configuration management | Configuration | |
| Define and configure the Cisco loopback interface. CC ID 06560 | System hardening through configuration management | Configuration | |
| Configure custom Oracle-specific applications and services in accordance with organizational standards. CC ID 06565 | System hardening through configuration management | Configuration | |
| Set the Oracle Listener password. CC ID 06566 | System hardening through configuration management | Configuration | |
| Configure Oracle batch processes to not use passwords in parameters or variables. CC ID 06567 | System hardening through configuration management | Configuration | |
| Configure the Global Positioning System settings as appropriate. CC ID 06888 | System hardening through configuration management | Configuration | |
| Configure the Global Positioning System monitor carrier-to-noise density ratio to the range of 48-50 bbhrtz. CC ID 06889 | System hardening through configuration management | Configuration | |
| Configure endpoint security tools in accordance with organizational standards. CC ID 07049 | System hardening through configuration management | Configuration | |
| Secure endpoint security tool configuration settings from unauthorized change. CC ID 07050 | System hardening through configuration management | Configuration | |
| Configure e-mail security settings in accordance with organizational standards. CC ID 07055 | System hardening through configuration management | Configuration | |
| Configure e-mail to limit the number of recipients per message. CC ID 07056 | System hardening through configuration management | Configuration | |
| Configure web server security settings in accordance with organizational standards. CC ID 07059 | System hardening through configuration management | Configuration | |
| Configure the web server to hide the directory of files in a folder. CC ID 07060 | System hardening through configuration management | Configuration | |
| Certify the system before releasing it into a production environment. CC ID 06419 | System hardening through configuration management | Configuration | |
| Document the system's accreditation and residual risks. CC ID 06728 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain virtualization configuration settings. CC ID 07110 | System hardening through configuration management | Configuration | |
| Implement the security features of hypervisor to protect virtual machines. CC ID 12176 | System hardening through configuration management | Configuration | |
| Execute code in confined virtual machine environments. CC ID 10648 | System hardening through configuration management | Configuration | |
| Configure Microsoft Office to Organizational Standards. CC ID 07147 | System hardening through configuration management | Configuration | |
| Set custom Microsoft Office security options in accordance with organizational standards. CC ID 05757 | System hardening through configuration management | Configuration | |
| Configure the "Disable VBA for Office applications" setting properly. CC ID 05758 | System hardening through configuration management | Configuration | |
| Configure the "ActiveX Control Initialization" setting to organizational standards. CC ID 05759 | System hardening through configuration management | Configuration | |
| Configure the "Online content options" setting properly. CC ID 05760 | System hardening through configuration management | Configuration | |
| Configure the "VBA Macro Warning Settings" setting properly. CC ID 05761 | System hardening through configuration management | Configuration | |
| Configure the "Trust access to Visual Basic Project" setting properly. CC ID 05762 | System hardening through configuration management | Configuration | |
| Configure the "Configure Add-In Trust Level" setting properly. CC ID 05763 | System hardening through configuration management | Configuration | |
| Configure the "Minimum encryption settings" setting properly. CC ID 05764 | System hardening through configuration management | Configuration | |
| Configure the "Do not check e-mail address against address of certificates being used" setting to organizational standards. CC ID 05765 | System hardening through configuration management | Configuration | |
| Configure the "Send all signed messages as clear signed messages" setting properly. CC ID 05766 | System hardening through configuration management | Configuration | |
| Configure the "Request an S/MIME receipt for all S/MIME signed messages" setting properly. CC ID 05767 | System hardening through configuration management | Configuration | |
| Configure the "Do not display 'Publish to GAL' button" setting properly. CC ID 05768 | System hardening through configuration management | Configuration | |
| Configure the "Signature Warning" setting properly. CC ID 05769 | System hardening through configuration management | Configuration | |
| Configure the "Enable Cryptography Icons" setting properly. CC ID 05770 | System hardening through configuration management | Configuration | |
| Configure the "Retrieving CRLs (Certificate Revocation Lists)" setting properly. CC ID 05771 | System hardening through configuration management | Configuration | |
| Configure the "Warn before printing, saving, or sending a file that contains tracked changes or comments" setting properly. CC ID 05772 | System hardening through configuration management | Configuration | |
| Configure the "Underline hyperlinks" setting properly. CC ID 05773 | System hardening through configuration management | Configuration | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins" setting properly. CC ID 05774 | System hardening through configuration management | Configuration | |
| Configure the "Disable all application add-ins" setting properly. CC ID 05775 | System hardening through configuration management | Configuration | |
| Configure the "Required that application add-ins are signed by Trusted Publisher" setting properly. CC ID 05776 | System hardening through configuration management | Configuration | |
| Configure the "Disable all trusted locations" setting properly. CC ID 05777 | System hardening through configuration management | Configuration | |
| Configure the "Allow Trusted Locations not on the computer" setting properly. CC ID 05778 | System hardening through configuration management | Configuration | |
| Configure the "Modal Trust Decision Only" setting properly. CC ID 05779 | System hardening through configuration management | Configuration | |
| Configure the "Disable commands" setting properly. CC ID 05780 | System hardening through configuration management | Configuration | |
| Configure the "Database Tools | Macro | Convert Macros to Visual Basic" setting to organizational standards. CC ID 05781 | System hardening through configuration management | Configuration | |
| Configure the "Database Tools | Macro | Create Shortcut Menu from Macro" setting to organizational standards. CC ID 05782 | System hardening through configuration management | Configuration | |
| Configure the "Disable shortcut keys" setting properly. CC ID 05783 | System hardening through configuration management | Configuration | |
| Configure the "Default file format" setting properly. CC ID 05784 | System hardening through configuration management | Configuration | |
| Configure the "Do not prompt to convert older databases" setting properly. CC ID 05785 | System hardening through configuration management | Configuration | |
| Configure the "Internet and network paths as hyperlinks" setting properly. CC ID 05786 | System hardening through configuration management | Configuration | |
| Configure the "Save files" setting properly. CC ID 05787 | System hardening through configuration management | Configuration | |
| Configure the "Disable AutoRepublish" setting properly. CC ID 05788 | System hardening through configuration management | Configuration | |
| Configure the "Autorepublish warning alert" setting properly. CC ID 05789 | System hardening through configuration management | Configuration | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks" setting properly. CC ID 05790 | System hardening through configuration management | Configuration | |
| Configure the "Force file extension to match file type" setting properly. CC ID 05791 | System hardening through configuration management | Configuration | |
| Configure the "Store macro in Personal Macro Workbook by default" setting properly. CC ID 05792 | System hardening through configuration management | Configuration | |
| Configure the "Ignore other applications" setting properly. CC ID 05793 | System hardening through configuration management | Configuration | |
| Configure the "Ask to update automatic links" setting properly. CC ID 05794 | System hardening through configuration management | Configuration | |
| Configure the "Save any additional data necessary to maintain formulas" setting properly. CC ID 05795 | System hardening through configuration management | Configuration | |
| Configure the "Load pictures from Web pages not created in Excel" setting properly. CC ID 05796 | System hardening through configuration management | Configuration | |
| Configure the "Do not show data extraction options when opening corrupt workbooks" setting properly. CC ID 05797 | System hardening through configuration management | Configuration | |
| Configure the "Assume structured storage format of workbook is intact when recovering data" setting to organizational standards. CC ID 05798 | System hardening through configuration management | Configuration | |
| Configure the "Corrupt formula conversion (Convert unrecoverable references to: values | #REF or #NAME)" setting to organizational standards. CC ID 05799 | System hardening through configuration management | Configuration | |
| Configure the "Connection File Locations" setting to organizational standards. CC ID 05800 | System hardening through configuration management | Configuration | |
| Configure the "Automatic Query Refresh (Prompt for all workbooks | Do not prompt; do not allow auto refresh | Do not prompt; allow auto refresh)" setting to organizational standards. CC ID 05801 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of" setting properly. CC ID 05802 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of" setting properly. CC ID 05803 | System hardening through configuration management | Configuration | |
| Configure the "Locally cache network file storages" setting to organizational standards. CC ID 05804 | System hardening through configuration management | Configuration | |
| Configure the "Locally cache PivotTable reports" setting to organizational standards. CC ID 05805 | System hardening through configuration management | Configuration | |
| Configure the "OLAP PivotTable User Defined Function (UDF) security setting" setting properly. CC ID 05806 | System hardening through configuration management | Configuration | |
| Configure the "Recognize SmartTags" setting to organizational standards. CC ID 05807 | System hardening through configuration management | Configuration | |
| Configure the "Offline Mode Status" setting properly. CC ID 05808 | System hardening through configuration management | Configuration | |
| Configure the "Control behavior for Windows SharePoint Services gradual upgrade" setting properly. CC ID 05809 | System hardening through configuration management | Configuration | |
| Configure the "Disable opening of solutions from the Internet security zone" setting properly. CC ID 05810 | System hardening through configuration management | Configuration | |
| Configure the "Allow the use of ActiveX Custom Controls in InfoPath forms" setting properly. CC ID 05811 | System hardening through configuration management | Configuration | |
| Configure the "Run forms in restricted mode if they do not specify a publish location and use only features introduced before InfoPath 2003 SP1" setting to organizational standards. CC ID 05812 | System hardening through configuration management | Configuration | |
| Configure the "Allow file types as attachments to forms" setting properly. CC ID 05813 | System hardening through configuration management | Configuration | |
| Configure the "Block specific file types as attachments to forms" setting properly. CC ID 05814 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from allowing unsafe file types to be attached to forms" setting properly. CC ID 05815 | System hardening through configuration management | Configuration | |
| Configure the "Display a warning that a form is digitally signed" setting properly. CC ID 05816 | System hardening through configuration management | Configuration | |
| Configure the "Control behavior when opening forms" setting properly. CC ID 05817 | System hardening through configuration management | Configuration | |
| Configure the "Beaconing UI for forms" setting properly. CC ID 05818 | System hardening through configuration management | Configuration | |
| Configure the "Disable sending form template with e-mail forms" setting properly. CC ID 05819 | System hardening through configuration management | Configuration | |
| Configure the "Disable dynamic caching of the form template in InfoPath e-mail forms" setting properly. CC ID 05820 | System hardening through configuration management | Configuration | |
| Configure the "Disable sending InfoPath 2003 Forms as e-mail forms" setting properly. CC ID 05821 | System hardening through configuration management | Configuration | |
| Configure the "Disable e-mail forms" setting properly. CC ID 05822 | System hardening through configuration management | Configuration | |
| Configure the "Disable InfoPath e-mail forms in Outlook" setting properly. CC ID 05823 | System hardening through configuration management | Configuration | |
| Configure the "Information Rights Management" setting to organizational standards. CC ID 05824 | System hardening through configuration management | Configuration | |
| Configure the "Custom code" setting properly. CC ID 05825 | System hardening through configuration management | Configuration | |
| Configure the "E-mail forms beaconing UI" setting properly. CC ID 05826 | System hardening through configuration management | Configuration | |
| Configure the "Disable user customization of Quick Access Toolbar via UI" setting properly. CC ID 05827 | System hardening through configuration management | Configuration | |
| Configure the "Disable all user customization of Quick Access Toolar" setting properly. CC ID 05828 | System hardening through configuration management | Configuration | |
| Configure the "Disable UI extending from documents and templates" setting properly. CC ID 05829 | System hardening through configuration management | Configuration | |
| Configure the "Recognize smart tags in Excel" setting properly. CC ID 05830 | System hardening through configuration management | Configuration | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office Online website" setting properly. CC ID 05831 | System hardening through configuration management | Configuration | |
| Configure the "Disable template downloads from the client and from Office Online website" setting properly. CC ID 05832 | System hardening through configuration management | Configuration | |
| Configure the "Disable access to updates, add-ins, and patches on the Office Online website" setting properly. CC ID 05833 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from uploading document templates to the Office Online community" setting to organizational standards. CC ID 05834 | System hardening through configuration management | Configuration | |
| Configure the "Disable training practice downloads from the Office Online website" setting properly. CC ID 05835 | System hardening through configuration management | Configuration | |
| Configure the "Disable customer-submitted templates downloads from Office Online" setting properly. CC ID 05836 | System hardening through configuration management | Configuration | |
| Configure the "Open Office documents as read/write while browsing" setting properly. CC ID 05837 | System hardening through configuration management | Configuration | |
| Configure the "Rely on VML for displaying graphics in browsers" setting properly. CC ID 05838 | System hardening through configuration management | Configuration | |
| Configure the "Allow PNG as an output format" setting properly. CC ID 05839 | System hardening through configuration management | Configuration | |
| Configure the "Improve Proofing Tools" setting properly. CC ID 05840 | System hardening through configuration management | Configuration | |
| Configure the "Disable Opt-in Wizard on first run" setting properly. CC ID 05841 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Office Online" setting to organizational standards. CC ID 05842 | System hardening through configuration management | Configuration | |
| Configure the "Disable Password Caching" setting properly. CC ID 05843 | System hardening through configuration management | Configuration | |
| Configure the "Disable all Trust Bar notifications for security issues" setting properly. CC ID 05844 | System hardening through configuration management | Configuration | |
| Configure the "Protect document metadata" setting properly. CC ID 05845 | System hardening through configuration management | Configuration | |
| Configure the "Encryption type for password protected" setting properly. CC ID 05846 | System hardening through configuration management | Configuration | |
| Configure the "Load controls in Forms3" setting properly. CC ID 05847 | System hardening through configuration management | Configuration | |
| Configure the "Automation Security" setting properly. CC ID 05848 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Word and Excel from loading managed code extensions" setting properly. CC ID 05849 | System hardening through configuration management | Configuration | |
| Configure the "Disable hyperlink warnings" setting properly. CC ID 05850 | System hardening through configuration management | Configuration | |
| Configure the "Disable password to open UI" setting properly. CC ID 05851 | System hardening through configuration management | Configuration | |
| Configure the "Download Office Controls" setting to organizational standards. CC ID 05852 | System hardening through configuration management | Configuration | |
| Configure the "Disable All ActiveX" setting properly. CC ID 05853 | System hardening through configuration management | Configuration | |
| Configure the "Allow mix of policy and user locations" setting properly. CC ID 05854 | System hardening through configuration management | Configuration | |
| Configure the "Disable Smart Document's use of manifests" setting properly. CC ID 05855 | System hardening through configuration management | Configuration | |
| Configure the "Completely disable the Smart Documents feature in Word and Excel" setting to organizational standards. CC ID 05856 | System hardening through configuration management | Configuration | |
| Configure the "Disable Internet Fax feature" setting properly. CC ID 05857 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from changing permissions on rights managed content" setting properly. CC ID 05858 | System hardening through configuration management | Configuration | |
| Configure the "Allow users with earlier versions of Office to read with browsers." setting properly. CC ID 05859 | System hardening through configuration management | Configuration | |
| Configure the "Always require users to connect to verify permission" setting properly. CC ID 05860 | System hardening through configuration management | Configuration | |
| Configure the "Always expand groups in Office when restricting permission for documents" setting properly. CC ID 05861 | System hardening through configuration management | Configuration | |
| Configure the "Never allow users to specify groups when restricting permission for documents" setting properly. CC ID 05862 | System hardening through configuration management | Configuration | |
| Configure the "Disable Microsoft Passport service for content with restricted permission" setting properly. CC ID 05863 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow users to upgrade Information Rights Management configuration" setting to organizational standards. CC ID 05864 | System hardening through configuration management | Configuration | |
| Configure the "Key Usage Filtering" setting properly. CC ID 05865 | System hardening through configuration management | Configuration | |
| Configure the "EKU filtering" setting properly. CC ID 05866 | System hardening through configuration management | Configuration | |
| Configure the "Legacy format signatures" setting properly. CC ID 05867 | System hardening through configuration management | Configuration | |
| Configure the "Suppress Office Signing Providers" setting properly. CC ID 05868 | System hardening through configuration management | Configuration | |
| Configure the "Suppress external signature services menu item" setting properly. CC ID 05869 | System hardening through configuration management | Configuration | |
| Configure the "Disable Check For Solutions" setting properly. CC ID 05870 | System hardening through configuration management | Configuration | |
| Configure the "Disable inclusion of document properties in PDF and XPS output" setting properly. CC ID 05871 | System hardening through configuration management | Configuration | |
| Configure the "Disable Document Information Panel" setting properly. CC ID 05872 | System hardening through configuration management | Configuration | |
| Configure the "Document information panel beaconing UI" setting properly. CC ID 05873 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Office client from polling the Office server for published links" setting properly. CC ID 05874 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats" setting properly. CC ID 05875 | System hardening through configuration management | Configuration | |
| Configure the "Control Blogging" setting properly. CC ID 05876 | System hardening through configuration management | Configuration | |
| Configure the "Enable Smart Resume" setting to organizational standards. CC ID 05877 | System hardening through configuration management | Configuration | |
| Configure the "Do not upload media files" setting to organizational standards. CC ID 05878 | System hardening through configuration management | Configuration | |
| Configure the "Disable hyperlinks to web templates in File | New and task panes" setting properly. CC ID 05879 | System hardening through configuration management | Configuration | |
| Configure the "Prevent access to Web-based file storage" setting to organizational standards. CC ID 05880 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow attachment previewing in Outlook" setting properly. CC ID 05881 | System hardening through configuration management | Configuration | |
| Configure the "Read e-mail as plain text" setting properly. CC ID 05882 | System hardening through configuration management | Configuration | |
| Configure the "Read signed e-mail as plain text" setting properly. CC ID 05883 | System hardening through configuration management | Configuration | |
| Configure the "Prevent publishing to Office Online" setting properly. CC ID 05884 | System hardening through configuration management | Configuration | |
| Configure the "Prevent publishing to a DAV server" setting properly. CC ID 05885 | System hardening through configuration management | Configuration | |
| Configure the "Restrict level of calendar details users can publish" setting properly. CC ID 05886 | System hardening through configuration management | Configuration | |
| Configure the "Access to published calendars" setting properly. CC ID 05887 | System hardening through configuration management | Configuration | |
| Configure the "Restrict upload method" setting properly. CC ID 05888 | System hardening through configuration management | Configuration | |
| Configure the "Hide Junk Mail UI" setting properly. CC ID 05889 | System hardening through configuration management | Configuration | |
| Configure the "Junk E-mail Protection Level" setting properly. CC ID 05890 | System hardening through configuration management | Configuration | |
| Configure the "Trust E-mail from Contacts" setting properly. CC ID 05891 | System hardening through configuration management | Configuration | |
| Configure the "Add e-mail recipients to users' Safe Senders Lists" setting properly. CC ID 05892 | System hardening through configuration management | Configuration | |
| Configure the "Dial-up options" setting properly. CC ID 05893 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow creating, replying, or forwarding signatures for e-mail messages" setting properly. CC ID 05894 | System hardening through configuration management | Configuration | |
| Configure the "Send copy of pictures with HTML messages instead of reference to Internet location" setting to organizational standards. CC ID 05895 | System hardening through configuration management | Configuration | |
| Configure the "Outlook rich text options" setting properly. CC ID 05896 | System hardening through configuration management | Configuration | |
| Configure the "Plain text options" setting properly. CC ID 05897 | System hardening through configuration management | Configuration | |
| Configure the "Set message format" setting properly. CC ID 05898 | System hardening through configuration management | Configuration | |
| Configure the "Make Outlook the default program for E-mail, Contacts, and Calendar" setting properly. CC ID 05899 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow folders in non-default stores to be set as folder home pages" setting properly. CC ID 05900 | System hardening through configuration management | Configuration | |
| Configure the "Use Unicode format when dragging e-mail message to file system" setting properly. CC ID 05901 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Outlook object model scripts to run" setting properly. CC ID 05902 | System hardening through configuration management | Configuration | |
| Configure the "set maximum level of online status on a person name (do not allow | allow everywhere except to and cc field | allow everywhere)" setting properly. CC ID 05903 | System hardening through configuration management | Configuration | |
| Configure the "Display online status on a person name" setting properly. CC ID 05904 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Enable the Person Names Smart Tag option" setting properly. CC ID 05905 | System hardening through configuration management | Configuration | |
| Configure the "Outlook security mode" setting properly. CC ID 05906 | System hardening through configuration management | Configuration | |
| Configure the "Display Level 1 attachments" setting properly. CC ID 05907 | System hardening through configuration management | Configuration | |
| Configure the "Allow users to demote attachments to Level 2" setting properly. CC ID 05908 | System hardening through configuration management | Configuration | |
| Configure the "Do not prompt about Level 1 attachments" setting properly. CC ID 05909 | System hardening through configuration management | Configuration | |
| Configure the "Allow in-place activation of embedded OLE objects" setting to organizational standards. CC ID 05910 | System hardening through configuration management | Configuration | |
| Configure the "Display OLE package objects" setting properly. CC ID 05911 | System hardening through configuration management | Configuration | |
| Configure the "Add file extensions to block" setting properly. CC ID 05912 | System hardening through configuration management | Configuration | |
| Configure the "Remove file extensions blocked" setting properly. CC ID 05913 | System hardening through configuration management | Configuration | |
| Configure the "Allow scripts in one-off Outlook forms" setting properly. CC ID 05914 | System hardening through configuration management | Configuration | |
| Configure the "Set Outlook object model custom actions execution prompt" setting properly. CC ID 05915 | System hardening through configuration management | Configuration | |
| Configure the "Set control itemproperty pompt" setting properly. CC ID 05916 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook object model prompt" setting properly. CC ID 05917 | System hardening through configuration management | Configuration | |
| Configure the "Required Certificate Authority" setting properly. CC ID 05918 | System hardening through configuration management | Configuration | |
| Configure the "S/MIME interoperability with external clients:" setting properly. CC ID 05919 | System hardening through configuration management | Configuration | |
| Configure the "Always use Rich Text formatting in S/MIME messages" setting to organizational standards. CC ID 05920 | System hardening through configuration management | Configuration | |
| Configure the "S/MIME password settings" setting properly. CC ID 05921 | System hardening through configuration management | Configuration | |
| Configure the "Message Formats" setting properly. CC ID 05922 | System hardening through configuration management | Configuration | |
| Configure the "Do not provide Continue option on Encryption warning dialog boxes" setting properly for Microsoft Office 2007. CC ID 05923 | System hardening through configuration management | Configuration | |
| Configure the "Run in FIPS compliant mode" setting properly. CC ID 05925 | System hardening through configuration management | Configuration | |
| Configure the "URL for S/MIME certificates" setting properly. CC ID 05926 | System hardening through configuration management | Configuration | |
| Configure the "Ensure all S/MIME signed messages have a label" setting properly. CC ID 05927 | System hardening through configuration management | Configuration | |
| Configure the "S/MIME receipt requests" setting properly. CC ID 05954 | System hardening through configuration management | Configuration | |
| Configure the "Fortezza certificate policies" setting properly. CC ID 05928 | System hardening through configuration management | Configuration | |
| Configure the "Require SuiteB algorithms for S/MIME operations" setting properly. CC ID 05929 | System hardening through configuration management | Configuration | |
| Configure the "Missing CRLs" setting properly. CC ID 05930 | System hardening through configuration management | Configuration | |
| Configure the "Missing root certificates" setting properly. CC ID 05931 | System hardening through configuration management | Configuration | |
| Configure the "Promote Level 2 errors as errors, not warnings" setting properly. CC ID 05932 | System hardening through configuration management | Configuration | |
| Configure the "Attachment Secure Temporary Folder" setting properly. CC ID 05933 | System hardening through configuration management | Configuration | |
| Configure the "Display pictures and external content in HTML e-mail" setting properly. CC ID 05934 | System hardening through configuration management | Configuration | |
| Configure the "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" setting properly. CC ID 05935 | System hardening through configuration management | Configuration | |
| Configure the "Do not permit download of content from safe zones" setting properly. CC ID 05936 | System hardening through configuration management | Configuration | |
| Configure the "Block Trusted Zones" setting properly. CC ID 05937 | System hardening through configuration management | Configuration | |
| Configure the "Include Internet in Safe Zones for Automatic Picture Download" setting properly. CC ID 05938 | System hardening through configuration management | Configuration | |
| Configure the "Include Intranet in Safe Zones for Automatic Picture Download" setting properly. CC ID 05939 | System hardening through configuration management | Configuration | |
| Configure the "security setting for macros (always warn | never warn, disable all | warn for signed, disable unsigned | no security check)" setting properly. CC ID 05940 | System hardening through configuration management | Configuration | |
| Configure the "Enable links in e-mail messages" setting properly. CC ID 05941 | System hardening through configuration management | Configuration | |
| Configure the "Apply macro security settings to macros, add-ins, and SmartTags" setting properly. CC ID 05942 | System hardening through configuration management | Configuration | |
| Configure the "Automatically configure profile based on Active Directory Primary SMTP address" setting properly. CC ID 05943 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow users to change permissions on folders" setting properly. CC ID 05944 | System hardening through configuration management | Configuration | |
| Configure the "Enable RPC encryption" setting properly. CC ID 05945 | System hardening through configuration management | Configuration | |
| Configure the "Authentication with Exchange server" setting properly. CC ID 05946 | System hardening through configuration management | Configuration | |
| Configure the "Synchronize Outlook RSS Feeds with Common Feed List" setting properly. CC ID 05947 | System hardening through configuration management | Configuration | |
| Configure the "Turn off RSS feature" setting properly. CC ID 05948 | System hardening through configuration management | Configuration | |
| Configure the "Automatically download enclosures" setting to organizational standards. CC ID 05949 | System hardening through configuration management | Configuration | |
| Configure the "Download full text of articles as HTML attachments" setting properly. CC ID 05950 | System hardening through configuration management | Configuration | |
| Configure the "Automatically download attachments" setting properly. CC ID 05951 | System hardening through configuration management | Configuration | |
| Configure the "Do not include Internet Calendar integration in Outlook" setting properly. CC ID 05952 | System hardening through configuration management | Configuration | |
| Configure the "Disable user entries to server list" setting properly. CC ID 05953 | System hardening through configuration management | Configuration | |
| Configure the "Do not expand distribution lists" setting properly. CC ID 05955 | System hardening through configuration management | Configuration | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations" setting properly. CC ID 05956 | System hardening through configuration management | Configuration | |
| Configure the "Run programs" setting properly. CC ID 05957 | System hardening through configuration management | Configuration | |
| Configure the "Make hidden markup visible" setting properly. CC ID 05958 | System hardening through configuration management | Configuration | |
| Configure the "Unblock automatic download of linked images" setting properly. CC ID 05959 | System hardening through configuration management | Configuration | |
| Configure the "Disable Slide Update" setting to organizational standards. CC ID 05960 | System hardening through configuration management | Configuration | |
| Configure the "Hidden text" setting properly. CC ID 05961 | System hardening through configuration management | Configuration | |
| Configure the "Update automatic links at Open" setting properly. CC ID 05962 | System hardening through configuration management | Configuration | |
| Configure the "Save smart tags in e-mail" setting to organizational standards. CC ID 05963 | System hardening through configuration management | Configuration | |
| Configure the "Determine where to force encrypted macros to be scanned in Microsoft Word Open XML documents" setting properly. CC ID 05964 | System hardening through configuration management | Configuration | |
| Configure the "InfoPath APTCA Assembly Whitelist" setting properly. CC ID 05965 | System hardening through configuration management | Configuration | |
| Configure the "Windows Internet Explorer Feature Control Opt-In" setting properly. CC ID 05966 | System hardening through configuration management | Configuration | |
| Configure the "Disable Package Repair" setting to organizational standards. CC ID 05967 | System hardening through configuration management | Configuration | |
| Configure the "Disable user name and password" setting properly. CC ID 05968 | System hardening through configuration management | Configuration | |
| Configure the "Bind to object" setting properly. CC ID 05969 | System hardening through configuration management | Configuration | |
| Configure the "Saved from URL" setting properly. CC ID 05970 | System hardening through configuration management | Configuration | |
| Configure the "Navigate URL" setting properly. CC ID 05971 | System hardening through configuration management | Configuration | |
| Configure the "Block popups" setting properly. CC ID 05972 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from customizing attachment security settings" setting properly. CC ID 05973 | System hardening through configuration management | Configuration | |
| Configure the "Macro Security Level" setting properly. CC ID 05974 | System hardening through configuration management | Configuration | |
| Configure the "Trust all installed add-ins and templates" setting properly. CC ID 05975 | System hardening through configuration management | Configuration | |
| Configure the "Store random number to improve merge accuracy" setting properly. CC ID 05976 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Users from Changing Office Encryption Settings" setting properly. CC ID 05977 | System hardening through configuration management | Configuration | |
| Configure Universal settings for Microsoft Office in accordance with organizational standards. CC ID 07211 | System hardening through configuration management | Configuration | |
| Configure the "Disable VBA for Office applications" to organizational standards. CC ID 07212 | System hardening through configuration management | Configuration | |
| Configure the "Navigate URL" to organizational standards. CC ID 07213 | System hardening through configuration management | Configuration | |
| Configure the "Block popups" to organizational standards. CC ID 07214 | System hardening through configuration management | Configuration | |
| Configure the "Bind to object" to organizational standards. CC ID 07215 | System hardening through configuration management | Configuration | |
| Configure the "Disable Package Repair" to organizational standards. CC ID 07216 | System hardening through configuration management | Configuration | |
| Configure the "Disable user name and password" to organizational standards. CC ID 07217 | System hardening through configuration management | Configuration | |
| Configure the "Saved from URL" to organizational standards. CC ID 07218 | System hardening through configuration management | Configuration | |
| Configure the "Allow mix of policy and user locations" to organizational standards. CC ID 07284 | System hardening through configuration management | Configuration | |
| Configure the "ActiveX Control Initialization" to organizational standards. CC ID 07285 | System hardening through configuration management | Configuration | |
| Configure the "Allow users with earlier versions of Office to read with browsers." to organizational standards CC ID 07287 | System hardening through configuration management | Configuration | |
| Configure the "Always expand groups in Office when restricting permission for documents" to organizational standards. CC ID 07288 | System hardening through configuration management | Configuration | |
| Configure the "Allow PNG as an output format" to organizational standards. CC ID 07289 | System hardening through configuration management | Configuration | |
| Configure the "Automatically receive small updates to improve reliability" to organizational standards. CC ID 07290 | System hardening through configuration management | Configuration | |
| Configure the "Always require users to connect to verify permission" to organizational standards. CC ID 07291 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2007 through the Compatibility Pack for the 2007 Office system and PowerPoint 2007 Converter" to organizational standards. CC ID 07292 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2007 through the Compatibility Pack for the 2007 Office system and Word 2007 Open XML/Word 97-2003 Format Converter" to organizational standards. CC ID 07294 | System hardening through configuration management | Configuration | |
| Configure the "Block updates from the Office Update Site from applying" to organizational standards. CC ID 07295 | System hardening through configuration management | Configuration | |
| Configure the "Control Blogging" to organizational standards. CC ID 07296 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats new to Excel 2007 through the Compatibility Pack for the 2007 Office system and Excel 2007 Converter" to organizational standards. CC ID 07297 | System hardening through configuration management | Configuration | |
| Configure the "Disable All ActiveX" to organizational standards. CC ID 07298 | System hardening through configuration management | Configuration | |
| Configure the "Disable all Trust Bar notifications for security issues" to organizational standards. CC ID 07299 | System hardening through configuration management | Configuration | |
| Configure the "Disable access to updates, add-ins, and patches on the Office Online website" to organizational standards. CC ID 07300 | System hardening through configuration management | Configuration | |
| Configure the "Disable Check For Solutions" to organizational standards. CC ID 07301 | System hardening through configuration management | Configuration | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office Online website" to organizational standards. CC ID 07302 | System hardening through configuration management | Configuration | |
| Configure the "Disable all user customization of Quick Access Toolbar" to organizational standards. CC ID 07303 | System hardening through configuration management | Configuration | |
| Configure the "Disable Document Information Panel" to organizational standards. CC ID 07304 | System hardening through configuration management | Configuration | |
| Configure the "Disable hyperlink warnings" to organizational standards. CC ID 07305 | System hardening through configuration management | Configuration | |
| Configure the "Disable customer-submitted templates downloads from Office Online" to organizational standards. CC ID 07306 | System hardening through configuration management | Configuration | |
| Configure the "Disable inclusion of document properties in PDF and XPS output" to organizational standards. CC ID 07307 | System hardening through configuration management | Configuration | |
| Configure the "Disable Internet Fax feature" to organizational standards. CC ID 07308 | System hardening through configuration management | Configuration | |
| Configure the "Disable hyperlinks to web templates in File | New and task panes" to organizational standards. CC ID 07309 | System hardening through configuration management | Configuration | |
| Configure the "Disable password to open UI" to organizational standards. CC ID 07311 | System hardening through configuration management | Configuration | |
| Configure the "Disable Microsoft Passport service for content with restricted permission" to organizational standards. CC ID 07312 | System hardening through configuration management | Configuration | |
| Configure the "Disable Smart Document's use of manifests" to organizational standards. CC ID 07313 | System hardening through configuration management | Configuration | |
| Configure the "Disable template downloads from the client and from Office Online website" to organizational standards. CC ID 07314 | System hardening through configuration management | Configuration | |
| Configure the "Automation Security" to organizational standards. CC ID 07315 | System hardening through configuration management | Configuration | |
| Configure the "Disable training practice downloads from the Office Online website" to organizational standards. CC ID 07316 | System hardening through configuration management | Configuration | |
| Configure the "Disable Update Diagnostic" to organizational standards. CC ID 07317 | System hardening through configuration management | Configuration | |
| Configure the "Disable UI extending from documents and templates" to organizational standards. CC ID 07318 | System hardening through configuration management | Configuration | |
| Configure the "Disable Opt-in Wizard on first run" to organizational standards. CC ID 07319 | System hardening through configuration management | Configuration | |
| Configure the "Document Information Panel Beaconing UI" to organizational standards. CC ID 07320 | System hardening through configuration management | Configuration | |
| Configure the "EKU filtering" to organizational standards. CC ID 07321 | System hardening through configuration management | Configuration | |
| Configure the "Encryption type for password protected Office 97-2003 files" to organizational standards. CC ID 07323 | System hardening through configuration management | Configuration | |
| Configure the "Enable Customer Experience Improvement Program" to organizational standards. CC ID 07324 | System hardening through configuration management | Configuration | |
| Configure the "Encryption type for password protected Office Open XML files" to organizational standards. CC ID 07325 | System hardening through configuration management | Configuration | |
| Configure the "Key Usage Filtering" to organizational standards. CC ID 07326 | System hardening through configuration management | Configuration | |
| Configure the "Improve Proofing Tools" to organizational standards. CC ID 07327 | System hardening through configuration management | Configuration | |
| Configure the "Never allow users to specify groups when restricting permission for documents" to organizational standards. CC ID 07328 | System hardening through configuration management | Configuration | |
| Configure the "Legacy format signatures" to organizational standards. CC ID 07329 | System hardening through configuration management | Configuration | |
| Configure the "Load Controls in Forms3" to organizational standards. CC ID 07330 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from changing permissions on rights managed content" to organizational standards. CC ID 07331 | System hardening through configuration management | Configuration | |
| Configure the "Online content options" to organizational standards. CC ID 07332 | System hardening through configuration management | Configuration | |
| Configure the "Disable user customization of Quick Access Toolbar via UI" to organizational standards. CC ID 07333 | System hardening through configuration management | Configuration | |
| Configure the "Protect document metadata for password protected files" to organizational standards. CC ID 07334 | System hardening through configuration management | Configuration | |
| Configure the "Prevents users from uploading document templates to the Office Online community." to organizational standards CC ID 07335 | System hardening through configuration management | Configuration | |
| Configure the "Recognize smart tags in Excel" to organizational standards. CC ID 07336 | System hardening through configuration management | Configuration | |
| Configure the "Rely on VML for displaying graphics in browsers" to organizational standards. CC ID 07337 | System hardening through configuration management | Configuration | |
| Configure the "Protect document metadata for rights managed Office Open XML Files" to organizational standards. CC ID 07338 | System hardening through configuration management | Configuration | |
| Configure the "Suppress Office Signing Providers" to organizational standards. CC ID 07339 | System hardening through configuration management | Configuration | |
| Configure the "Suppress external signature services menu item" to organizational standards. CC ID 07340 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Office client from polling the Office server for published links" to organizational standards. CC ID 07361 | System hardening through configuration management | Configuration | |
| Configure the "Open Office documents as read/write while browsing" to organizational standards. CC ID 07380 | System hardening through configuration management | Configuration | |
| Configure the "Specify CNG salt length" to organizational standards. CC ID 07905 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #6" to organizational standards. CC ID 07919 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #9" to organizational standards. CC ID 07920 | System hardening through configuration management | Configuration | |
| Configure the "Disable template downloads from the client and from Office.com" to organizational standards. CC ID 07942 | System hardening through configuration management | Configuration | |
| Configure the "Disable customer-submitted templates downloads from Office.com" to organizational standards. CC ID 07949 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #15" to organizational standards. CC ID 07953 | System hardening through configuration management | Configuration | |
| Configure the "Prevents users from uploading document templates to the Office.com Community." to organizational standards CC ID 08017 | System hardening through configuration management | Configuration | |
| Configure the "Disable training practice downloads from Office.com" to organizational standards. CC ID 08027 | System hardening through configuration management | Configuration | |
| Configure the "Disable Clip Art and Media downloads from the client and from Office.com" to organizational standards. CC ID 08049 | System hardening through configuration management | Configuration | |
| Configure the "Allow Trusted Locations on the network" to organizational standards. CC ID 08053 | System hardening through configuration management | Configuration | |
| Configure the "Turn off all user customizations" to organizational standards. CC ID 08084 | System hardening through configuration management | Configuration | |
| Configure the "Disable access to updates, add-ins, and patches on Office.com" to organizational standards. CC ID 08137 | System hardening through configuration management | Configuration | |
| Configure Microsoft InfoPath settings for Microsoft Office in accordance with organizational standards. CC ID 07219 | System hardening through configuration management | Configuration | |
| Configure the "InfoPath APTCA Assembly allowable list" to organizational standards. CC ID 07220 | System hardening through configuration management | Configuration | |
| Configure the "InfoPath APTCA Assembly Allowable List Enforcement" to organizational standards. CC ID 07221 | System hardening through configuration management | Configuration | |
| Configure the "Allow file types as attachments to forms" to organizational standards. CC ID 07260 | System hardening through configuration management | Configuration | |
| Configure the "Beaconing UI for forms opened in InfoPath" to organizational standards. CC ID 07262 | System hardening through configuration management | Configuration | |
| Configure the "Control behavior for Windows SharePoint Services gradual upgrade" to organizational standards. CC ID 07264 | System hardening through configuration management | Configuration | |
| Configure the "Control behavior when opening forms in the Intranet security zone" to organizational standards. CC ID 07266 | System hardening through configuration management | Configuration | |
| Configure the "Custom code" to organizational standards. CC ID 07267 | System hardening through configuration management | Configuration | |
| Configure the "Beaconing UI for forms opened in InfoPath Editor ActiveX" to organizational standards. CC ID 07268 | System hardening through configuration management | Configuration | |
| Configure the "Control behavior when opening InfoPath e-mail forms containing code or script" to organizational standards. CC ID 07269 | System hardening through configuration management | Configuration | |
| Configure the "Disable dynamic caching of the form template in InfoPath e-mail forms" to organizational standards. CC ID 07270 | System hardening through configuration management | Configuration | |
| Configure the "Disable e-mail forms from the Full Trust security zone" to organizational standards. CC ID 07271 | System hardening through configuration management | Configuration | |
| Configure the "Control behavior when opening forms in the Trusted Site security zone" to organizational standards. CC ID 07272 | System hardening through configuration management | Configuration | |
| Configure the "Control behavior when opening forms in the Internet security zone" to organizational standards. CC ID 07273 | System hardening through configuration management | Configuration | |
| Configure the "Disable e-mail forms from the Intranet security zone" to organizational standards. CC ID 07274 | System hardening through configuration management | Configuration | |
| Configure the "Block specific file types as attachments to forms" to organizational standards. CC ID 07276 | System hardening through configuration management | Configuration | |
| Configure the "Disable e-mail forms from the Internet security zone" to organizational standards. CC ID 07277 | System hardening through configuration management | Configuration | |
| Configure the "Disable fully trusted solutions full access to computer" to organizational standards. CC ID 07278 | System hardening through configuration management | Configuration | |
| Configure the "Disable sending form template with e-mail forms" to organizational standards. CC ID 07279 | System hardening through configuration management | Configuration | |
| Configure the "Disable InfoPath e-mail forms in Outlook" to organizational standards. CC ID 07280 | System hardening through configuration management | Configuration | |
| Configure the "Email Forms Beaconing UI" to organizational standards. CC ID 07281 | System hardening through configuration management | Configuration | |
| Configure the "Disable e-mail forms running in restricted security level" to organizational standards. CC ID 07282 | System hardening through configuration management | Configuration | |
| Configure the "Disable sending InfoPath 2003 Forms as e-mail forms" to organizational standards. CC ID 07283 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from allowing unsafe file types to be attached to forms" to organizational standards. CC ID 07286 | System hardening through configuration management | Configuration | |
| Configure the "Information Rights Management" to organizational standards. CC ID 07293 | System hardening through configuration management | Configuration | |
| Configure the "Disable opening of solutions from the Internet security zone" to organizational standards. CC ID 07310 | System hardening through configuration management | Configuration | |
| Configure the "Offline Mode status" to organizational standards. CC ID 07322 | System hardening through configuration management | Configuration | |
| Configure Microsoft Access settings for Microsoft Office in accordance with organizational standards. CC ID 07222 | System hardening through configuration management | Configuration | |
| Configure the "Disable all application add-ins" to organizational standards. CC ID 07223 | System hardening through configuration management | Configuration | |
| Configure the "Allow Trusted Locations not on the computer" to organizational standards. CC ID 07224 | System hardening through configuration management | Configuration | |
| Configure the "Disable commands" to organizational standards. CC ID 07225 | System hardening through configuration management | Configuration | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins" to organizational standards. CC ID 07226 | System hardening through configuration management | Configuration | |
| Configure the "Disable all trusted locations" to organizational standards. CC ID 07227 | System hardening through configuration management | Configuration | |
| Configure the "Disable shortcut keys" to organizational standards. CC ID 07228 | System hardening through configuration management | Configuration | |
| Configure the "Do not prompt to convert older databases" to organizational standards. CC ID 07229 | System hardening through configuration management | Configuration | |
| Configure the "Modal Trust Decision Only" to organizational standards. CC ID 07230 | System hardening through configuration management | Configuration | |
| Configure the "Default file format" to organizational standards. CC ID 07231 | System hardening through configuration management | Configuration | |
| Configure the "Require that application add-ins are signed by Trusted Publisher" to organizational standards. CC ID 07233 | System hardening through configuration management | Configuration | |
| Configure the "VBA Macro Warning Settings" to organizational standards. CC ID 07234 | System hardening through configuration management | Configuration | |
| Configure the "Underline hyperlinks" to organizational standards. CC ID 07235 | System hardening through configuration management | Configuration | |
| Configure Microsoft Excel settings for Microsoft Office in accordance with organizational standards. CC ID 07232 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Binary file types" to organizational standards. CC ID 07236 | System hardening through configuration management | Configuration | |
| Configure the "AutoRepublish Warning Alert" to organizational standards. CC ID 07237 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of DIF and SYLK file types" to organizational standards. CC ID 07238 | System hardening through configuration management | Configuration | |
| Configure the "Ask to update automatic links" to organizational standards. CC ID 07239 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Open XML file types" to organizational standards. CC ID 07240 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Xll file type" to organizational standards. CC ID 07241 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Xml file types" to organizational standards. CC ID 07242 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Text file types" to organizational standards. CC ID 07243 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Binary file types" to organizational standards. CC ID 07244 | System hardening through configuration management | Configuration | |
| Configure the "Block saving DIF and SYLK file types" to organizational standards. CC ID 07245 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of files created by pre-release versions of Excel 2007" to organizational standards. CC ID 07246 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Text file types" to organizational standards. CC ID 07247 | System hardening through configuration management | Configuration | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Excel Open XML workbooks" to organizational standards. CC ID 07248 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Html and Xmlss file types" to organizational standards. CC ID 07249 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Binary 12 file types" to organizational standards. CC ID 07250 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Open XML file types" to organizational standards. CC ID 07251 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Binary12 file types" to organizational standards. CC ID 07252 | System hardening through configuration management | Configuration | |
| Configure the "Disable AutoRepublish" to organizational standards. CC ID 07253 | System hardening through configuration management | Configuration | |
| Configure the "Do not show data extraction options when opening corrupt workbooks" to organizational standards. CC ID 07254 | System hardening through configuration management | Configuration | |
| Configure the "Internet and network paths as hyperlinks" to organizational standards. CC ID 07255 | System hardening through configuration management | Configuration | |
| Configure the "Load pictures from Web pages not created in Excel" to organizational standards. CC ID 07256 | System hardening through configuration management | Configuration | |
| Configure the "Save any additional data necessary to maintain formulas" to organizational standards. CC ID 07257 | System hardening through configuration management | Configuration | |
| Configure the "Store macro in Personal Macro Workbook by default" to organizational standards. CC ID 07258 | System hardening through configuration management | Configuration | |
| Configure the "Save Excel files as" to organizational standards. CC ID 07259 | System hardening through configuration management | Configuration | |
| Configure the "Trust access to Visual Basic Project" to organizational standards. CC ID 07261 | System hardening through configuration management | Configuration | |
| Configure the "Force file extension to match file type" to organizational standards. CC ID 07263 | System hardening through configuration management | Configuration | |
| Configure the "Ignore other applications" to organizational standards. CC ID 07265 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Html and Xmlss file types" to organizational standards. CC ID 07275 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #10" to organizational standards. CC ID 07927 | System hardening through configuration management | Configuration | |
| Configure the "Configure CNG cipher chaining mode" to organizational standards. CC ID 07934 | System hardening through configuration management | Configuration | |
| Configure the "Disable Trust Bar Notification for unsigned application add-ins and block them" to organizational standards. CC ID 07938 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #20" to organizational standards. CC ID 07947 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #18" to organizational standards. CC ID 07961 | System hardening through configuration management | Configuration | |
| Configure the "Do not show AutoRepublish warning alert" to organizational standards. CC ID 07970 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Protected View for attachments opened from Outlook" to organizational standards. CC ID 07973 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Trusted Documents on the network" to organizational standards. CC ID 07980 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #11" to organizational standards. CC ID 08006 | System hardening through configuration management | Configuration | |
| Configure the "Perform file validation on pivot caches" to organizational standards. CC ID 08022 | System hardening through configuration management | Configuration | |
| Configure the "Scan encrypted macros in Excel Open XML workbooks" to organizational standards. CC ID 08102 | System hardening through configuration management | Configuration | |
| Configure the "Open files on local Intranet UNC in Protected View" to organizational standards. CC ID 08110 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Office query files" to organizational standards. CC ID 08205 | System hardening through configuration management | Configuration | |
| Configure the "Excel 97-2003 workbooks and templates" to organizational standards. CC ID 08236 | System hardening through configuration management | Configuration | |
| Configure the "Excel 95-97 workbooks and templates" to organizational standards. CC ID 08255 | System hardening through configuration management | Configuration | |
| Configure the "XML files" to organizational standards. CC ID 08262 | System hardening through configuration management | Configuration | |
| Configure the "Excel 3 worksheets" to organizational standards. CC ID 08270 | System hardening through configuration management | Configuration | |
| Configure the "Dif and Sylk files" to organizational standards. CC ID 08284 | System hardening through configuration management | Configuration | |
| Configure the "dBase III / IV files" to organizational standards. CC ID 08300 | System hardening through configuration management | Configuration | |
| Configure the "Excel 2 macrosheets and add-in files" to organizational standards. CC ID 08303 | System hardening through configuration management | Configuration | |
| Configure the "Excel 2007 and later binary workbooks" to organizational standards. CC ID 08305 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Office Open XML converters for Excel" to organizational standards. CC ID 08308 | System hardening through configuration management | Configuration | |
| Configure the "Web pages and Excel 2003 XML spreadsheets" to organizational standards. CC ID 08314 | System hardening through configuration management | Configuration | |
| Configure the "Excel 4 workbooks" to organizational standards. CC ID 08315 | System hardening through configuration management | Configuration | |
| Configure the "Excel 2007 and later workbooks and templates" to organizational standards. CC ID 08317 | System hardening through configuration management | Configuration | |
| Configure the "Excel 95 workbooks" to organizational standards. CC ID 08319 | System hardening through configuration management | Configuration | |
| Configure the "Other data source files" to organizational standards. CC ID 08321 | System hardening through configuration management | Configuration | |
| Configure the "Excel 2007 and later macro-enabled workbooks and templates" to organizational standards. CC ID 08323 | System hardening through configuration management | Configuration | |
| Configure the "Legacy converters for Excel" to organizational standards. CC ID 08325 | System hardening through configuration management | Configuration | |
| Configure the "Excel 2 worksheets" to organizational standards. CC ID 08326 | System hardening through configuration management | Configuration | |
| Configure the "Offline cube files" to organizational standards. CC ID 08327 | System hardening through configuration management | Configuration | |
| Configure the "Excel 4 macrosheets and add-in files" to organizational standards. CC ID 08329 | System hardening through configuration management | Configuration | |
| Configure the "Excel 2007 and later add-in files" to organizational standards. CC ID 08330 | System hardening through configuration management | Configuration | |
| Configure the "Excel 3 macrosheets and add-in files" to organizational standards. CC ID 08332 | System hardening through configuration management | Configuration | |
| Configure the "OpenDocument Spreadsheet files" to organizational standards. CC ID 08335 | System hardening through configuration management | Configuration | |
| Configure the "Excel add-in files" to organizational standards. CC ID 08337 | System hardening through configuration management | Configuration | |
| Configure the "Text files" to organizational standards. CC ID 08339 | System hardening through configuration management | Configuration | |
| Configure the "Excel 97-2003 add-in files" to organizational standards. CC ID 08344 | System hardening through configuration management | Configuration | |
| Configure the "Excel 4 worksheets" to organizational standards. CC ID 08345 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Office data connection files" to organizational standards. CC ID 08346 | System hardening through configuration management | Configuration | |
| Configure Microsoft Outlook settings for Microsoft Office in accordance with organizational standards. CC ID 07341 | System hardening through configuration management | Configuration | |
| Configure the "Add file extensions to block as Level 1" to organizational standards. CC ID 07342 | System hardening through configuration management | Configuration | |
| Configure the "Access to published calendars" to organizational standards. CC ID 07343 | System hardening through configuration management | Configuration | |
| Configure the "Add e-mail recipients to users' Safe Senders Lists" to organizational standards. CC ID 07344 | System hardening through configuration management | Configuration | |
| Configure the "Allow access to e-mail attachments" to organizational standards. CC ID 07345 | System hardening through configuration management | Configuration | |
| Configure the "Allow Active X One Off Forms" to organizational standards. CC ID 07346 | System hardening through configuration management | Configuration | |
| Configure the "Add file extensions to block as Level 2" to organizational standards. CC ID 07347 | System hardening through configuration management | Configuration | |
| Configure the "Allow users to demote attachments to Level 2" to organizational standards. CC ID 07348 | System hardening through configuration management | Configuration | |
| Configure the "Apply macro security settings to macros, add-ins, and SmartTags" to organizational standards. CC ID 07349 | System hardening through configuration management | Configuration | |
| Configure the "Allow scripts in one-off Outlook forms" to organizational standards. CC ID 07350 | System hardening through configuration management | Configuration | |
| Configure the "Authentication with Exchange Server" to organizational standards. CC ID 07351 | System hardening through configuration management | Configuration | |
| Configure the "Attachment Secure Temporary Folder" to organizational standards. CC ID 07352 | System hardening through configuration management | Configuration | |
| Configure the "Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists" to organizational standards. CC ID 07353 | System hardening through configuration management | Configuration | |
| Configure the "Automatically configure profile based on Active Directory Primary SMTP address" to organizational standards. CC ID 07354 | System hardening through configuration management | Configuration | |
| Configure the "Block Trusted Zones" to organizational standards. CC ID 07355 | System hardening through configuration management | Configuration | |
| Configure the "Configure Add-In Trust Level" to organizational standards. CC ID 07356 | System hardening through configuration management | Configuration | |
| Configure the "Automatically download attachments" to organizational standards. CC ID 07357 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook object model prompt When accessing the Formula property of a UserProperty object" to organizational standards. CC ID 07358 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook object model prompt when accessing address information via UserProperties.Find" to organizational standards. CC ID 07359 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook object model prompt when executing Save As" to organizational standards. CC ID 07360 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook object model prompt when responding to meeting and task requests" to organizational standards. CC ID 07362 | System hardening through configuration management | Configuration | |
| Configure the "Dial-up options" to organizational standards. CC ID 07363 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook object model prompt when sending mail" to organizational standards. CC ID 07364 | System hardening through configuration management | Configuration | |
| Configure the "Configure trusted add-ins" to organizational standards. CC ID 07365 | System hardening through configuration management | Configuration | |
| Configure the "Disable user entries to server list" to organizational standards. CC ID 07366 | System hardening through configuration management | Configuration | |
| Configure the "Disable Remember Password" to organizational standards. CC ID 07367 | System hardening through configuration management | Configuration | |
| Configure the "Display Level 1 attachments" to organizational standards. CC ID 07368 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook object model prompt when reading address information" to organizational standards. CC ID 07369 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow attachment previewing in Outlook" to organizational standards. CC ID 07370 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow creating, replying, or forwarding signatures for e-mail messages" to organizational standards. CC ID 07371 | System hardening through configuration management | Configuration | |
| Configure the "Configure Outlook object model prompt when accessing an address book" to organizational standards. CC ID 07372 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow folders in non-default stores to be set as folder home pages" to organizational standards. CC ID 07373 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Outlook object model scripts to run for public folders" to organizational standards. CC ID 07374 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Outlook object model scripts to run for shared folders" to organizational standards. CC ID 07375 | System hardening through configuration management | Configuration | |
| Configure the "Do not automatically sign replies" to organizational standards. CC ID 07376 | System hardening through configuration management | Configuration | |
| Configure the "Do not check e-mail address against address of certificates being used" to organizational standards. CC ID 07377 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow users to change permissions on folders" to organizational standards. CC ID 07378 | System hardening through configuration management | Configuration | |
| Configure the "Do not expand distribution lists" to organizational standards. CC ID 07379 | System hardening through configuration management | Configuration | |
| Configure the "Do not display 'Publish to GAL' button" to organizational standards. CC ID 07381 | System hardening through configuration management | Configuration | |
| Configure the "Do not prompt about Level 1 attachments when closing an item" to organizational standards. CC ID 07382 | System hardening through configuration management | Configuration | |
| Configure the "Do not permit download of content from safe zones" to organizational standards. CC ID 07383 | System hardening through configuration management | Configuration | |
| Configure the "Download full text of articles as HTML attachments" to organizational standards. CC ID 07384 | System hardening through configuration management | Configuration | |
| Configure the "Do not prompt about Level 1 attachments when sending an item" to organizational standards. CC ID 07385 | System hardening through configuration management | Configuration | |
| Configure the "Do not provide Continue option on Encryption warning dialog boxes" to organizational standards. CC ID 07386 | System hardening through configuration management | Configuration | |
| Configure the "Enable RPC encryption" to organizational standards. CC ID 07387 | System hardening through configuration management | Configuration | |
| Configure the "Encrypt all e-mail messages" to organizational standards. CC ID 07388 | System hardening through configuration management | Configuration | |
| Configure the "Enable links in e-mail messages" to organizational standards. CC ID 07389 | System hardening through configuration management | Configuration | |
| Configure the "Display pictures and external content in HTML e-mail" to organizational standards. CC ID 07390 | System hardening through configuration management | Configuration | |
| Configure the "Hide Junk Mail UI" to organizational standards. CC ID 07391 | System hardening through configuration management | Configuration | |
| Configure the "Ensure all S/MIME signed messages have a label" to organizational standards. CC ID 07392 | System hardening through configuration management | Configuration | |
| Configure the "Include Intranet in Safe Zones for Automatic Picture Download" to organizational standards. CC ID 07393 | System hardening through configuration management | Configuration | |
| Configure the "Include Internet in Safe Zones for Automatic Picture Download" to organizational standards. CC ID 07394 | System hardening through configuration management | Configuration | |
| Configure the "Message Formats" to organizational standards. CC ID 07395 | System hardening through configuration management | Configuration | |
| Configure the "Junk E-mail protection level" to organizational standards. CC ID 07396 | System hardening through configuration management | Configuration | |
| Configure the "Make Outlook the default program for E-mail, Contacts, and Calendar" to organizational standards. CC ID 07397 | System hardening through configuration management | Configuration | |
| Configure the "Do not include Internet Calendar integration in Outlook" to organizational standards. CC ID 07398 | System hardening through configuration management | Configuration | |
| Configure the "Missing CRLs" to organizational standards. CC ID 07399 | System hardening through configuration management | Configuration | |
| Configure the "Display online status on a person name" to organizational standards. CC ID 07400 | System hardening through configuration management | Configuration | |
| Configure the "Outlook Rich Text options" to organizational standards. CC ID 07401 | System hardening through configuration management | Configuration | |
| Configure the "Outlook Security Mode" to organizational standards. CC ID 07402 | System hardening through configuration management | Configuration | |
| Configure the "Plain text options" to organizational standards. CC ID 07403 | System hardening through configuration management | Configuration | |
| Configure the "Prevent publishing to a DAV server" to organizational standards. CC ID 07404 | System hardening through configuration management | Configuration | |
| Configure the "Prevent publishing to Office Online" to organizational standards. CC ID 07405 | System hardening through configuration management | Configuration | |
| Configure the "Promote Level 2 errors as errors, not warnings" to organizational standards. CC ID 07406 | System hardening through configuration management | Configuration | |
| Configure the "Prevent users from customizing attachment security settings" to organizational standards. CC ID 07407 | System hardening through configuration management | Configuration | |
| Configure the "Prompt user to choose security settings if default settings fail" to organizational standards. CC ID 07408 | System hardening through configuration management | Configuration | |
| Configure the "Remove file extensions blocked as Level 1" to organizational standards. CC ID 07409 | System hardening through configuration management | Configuration | |
| Configure the "Remove file extensions blocked as Level 2" to organizational standards. CC ID 07410 | System hardening through configuration management | Configuration | |
| Configure the "Read e-mail as plain text" to organizational standards. CC ID 07411 | System hardening through configuration management | Configuration | |
| Configure the "Read signed e-mail as plain text" to organizational standards. CC ID 07412 | System hardening through configuration management | Configuration | |
| Configure the "Request an S/MIME receipt for all S/MIME signed messages" to organizational standards. CC ID 07413 | System hardening through configuration management | Configuration | |
| Configure the "Restrict level of calendar details users can publish" to organizational standards. CC ID 07414 | System hardening through configuration management | Configuration | |
| Configure the "Require SuiteB algorithms for S/MIME operations" to organizational standards. CC ID 07415 | System hardening through configuration management | Configuration | |
| Configure the "Minimum encryption settings" to organizational standards. CC ID 07416 | System hardening through configuration management | Configuration | |
| Configure the "Retrieving CRLs (Certificate Revocation Lists)" to organizational standards. CC ID 07417 | System hardening through configuration management | Configuration | |
| Configure the "Run in FIPS compliant mode" to organizational standards. CC ID 07418 | System hardening through configuration management | Configuration | |
| Configure the "Missing root certificates" to organizational standards. CC ID 07419 | System hardening through configuration management | Configuration | |
| Configure the "S/MIME password settings" to organizational standards. CC ID 07420 | System hardening through configuration management | Configuration | |
| Configure the "S/MIME receipt requests" to organizational standards. CC ID 07421 | System hardening through configuration management | Configuration | |
| Configure the "S/MIME interoperability with external clients:" to organizational standards. CC ID 07422 | System hardening through configuration management | Configuration | |
| Configure the "Send all signed messages as clear signed messages" to organizational standards. CC ID 07423 | System hardening through configuration management | Configuration | |
| Configure the "Security setting for macros" to organizational standards. CC ID 07424 | System hardening through configuration management | Configuration | |
| Configure the "Set control ItemProperty prompt" to organizational standards. CC ID 07425 | System hardening through configuration management | Configuration | |
| Configure the "Set maximum level of online status on a person name" to organizational standards. CC ID 07426 | System hardening through configuration management | Configuration | |
| Configure the "Set message format" to organizational standards. CC ID 07427 | System hardening through configuration management | Configuration | |
| Configure the "Sign all e-mail messages" to organizational standards. CC ID 07428 | System hardening through configuration management | Configuration | |
| Configure the "Fortezza certificate policies" to organizational standards. CC ID 07429 | System hardening through configuration management | Configuration | |
| Configure the "Synchronize Outlook RSS Feeds with Common Feed List" to organizational standards. CC ID 07430 | System hardening through configuration management | Configuration | |
| Configure the "Trust E-mail from Contacts" to organizational standards. CC ID 07431 | System hardening through configuration management | Configuration | |
| Configure the "Signature Warning" to organizational standards. CC ID 07432 | System hardening through configuration management | Configuration | |
| Configure the "Turn off RSS feature" to organizational standards. CC ID 07466 | System hardening through configuration management | Configuration | |
| Configure the "Restrict upload method" to organizational standards. CC ID 07473 | System hardening through configuration management | Configuration | |
| Configure the "Required Certificate Authority" to organizational standards. CC ID 07493 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Enable the Person Names Smart Tag option" to organizational standards. CC ID 07499 | System hardening through configuration management | Configuration | |
| Configure the "Use Unicode format when dragging e-mail message to file system" to organizational standards. CC ID 07506 | System hardening through configuration management | Configuration | |
| Configure the "URL for S/MIME certificates" to organizational standards. CC ID 07520 | System hardening through configuration management | Configuration | |
| Configure the "Set Outlook object model Custom Actions execution prompt" to organizational standards. CC ID 07539 | System hardening through configuration management | Configuration | |
| Configure the "Prevent publishing to Office.com" to organizational standards. CC ID 08243 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow signatures for e-mail messages" to organizational standards. CC ID 08318 | System hardening through configuration management | Configuration | |
| Configure Microsoft PowerPoint settings for Microsoft Office in accordance with organizational standards. CC ID 07433 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of GraphicFilters" to organizational standards. CC ID 07456 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Converters" to organizational standards. CC ID 07458 | System hardening through configuration management | Configuration | |
| Configure the "Save files in this format" to organizational standards. CC ID 07461 | System hardening through configuration management | Configuration | |
| Configure the "Disable Slide Update" to organizational standards. CC ID 07464 | System hardening through configuration management | Configuration | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft PowerPoint Open XML presentations" to organizational standards. CC ID 07467 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Html file types" to organizational standards. CC ID 07474 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Outlines" to organizational standards. CC ID 07485 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Outlines" to organizational standards. CC ID 07490 | System hardening through configuration management | Configuration | |
| Configure the "Make hidden markup visible" to organizational standards. CC ID 07511 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2007" to organizational standards. CC ID 07516 | System hardening through configuration management | Configuration | |
| Configure the "Run Programs" to organizational standards. CC ID 07518 | System hardening through configuration management | Configuration | |
| Configure the "Unblock automatic download of linked images" to organizational standards. CC ID 07519 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Open Xml files types" to organizational standards. CC ID 07531 | System hardening through configuration management | Configuration | |
| Configure the "Web Pages" to organizational standards. CC ID 07914 | System hardening through configuration management | Configuration | |
| Configure the "Turn off trusted documents" to organizational standards. CC ID 07925 | System hardening through configuration management | Configuration | |
| Configure the "Set CNG password spin count" to organizational standards. CC ID 07946 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #16" to organizational standards. CC ID 07956 | System hardening through configuration management | Configuration | |
| Configure the "Outline files" to organizational standards. CC ID 07958 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #3" to organizational standards. CC ID 07966 | System hardening through configuration management | Configuration | |
| Configure the "Scan encrypted macros in PowerPoint Open XML presentations" to organizational standards. CC ID 07967 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #4" to organizational standards. CC ID 07978 | System hardening through configuration management | Configuration | |
| Configure the "Set maximum number of trusted documents" to organizational standards. CC ID 08005 | System hardening through configuration management | Configuration | |
| Configure the "Legacy converters for PowerPoint" to organizational standards. CC ID 08009 | System hardening through configuration management | Configuration | |
| Configure the "Set document behavior if file validation fails" to organizational standards. CC ID 08025 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Office Open XML converters for PowerPoint" to organizational standards. CC ID 08030 | System hardening through configuration management | Configuration | |
| Configure the "PowerPoint beta converters" to organizational standards. CC ID 08047 | System hardening through configuration management | Configuration | |
| Configure the "OpenDocument Presentation files" to organizational standards. CC ID 08051 | System hardening through configuration management | Configuration | |
| Configure the "Use new key on password change" to organizational standards. CC ID 08052 | System hardening through configuration management | Configuration | |
| Configure the "Graphic Filters" to organizational standards. CC ID 08060 | System hardening through configuration management | Configuration | |
| Configure the "PowerPoint 2007 and later presentations, shows, templates, themes and add-in files" to organizational standards. CC ID 08099 | System hardening through configuration management | Configuration | |
| Configure the "PowerPoint 97-2003 presentations, shows, templates and add-in files" to organizational standards. CC ID 08106 | System hardening through configuration management | Configuration | |
| Configure the "PowerPoint beta files" to organizational standards. CC ID 08121 | System hardening through configuration management | Configuration | |
| Configure the "Set default file block behavior" to organizational standards. CC ID 08142 | System hardening through configuration management | Configuration | |
| Configure Microsoft Word settings for Microsoft Office in accordance with organizational standards. CC ID 07438 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of files before version" to organizational standards. CC ID 07462 | System hardening through configuration management | Configuration | |
| Configure the "Block open Converters" to organizational standards. CC ID 07468 | System hardening through configuration management | Configuration | |
| Configure the "Update automatic links at Open" to organizational standards. CC ID 07483 | System hardening through configuration management | Configuration | |
| Configure the "Warn before printing, saving or sending a file that contains tracked changes or comments" to organizational standards. CC ID 07494 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of RTF file types" to organizational standards. CC ID 07501 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Converters" to organizational standards. CC ID 07504 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Word 2003 XML file types" to organizational standards. CC ID 07507 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of RTF file types" to organizational standards. CC ID 07510 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of HTML file types" to organizational standards. CC ID 07512 | System hardening through configuration management | Configuration | |
| Configure the "Hidden text" to organizational standards. CC ID 07513 | System hardening through configuration management | Configuration | |
| Configure the "Determine whether to force encrypted macros to be scanned in Microsoft Word Open XML documents" to organizational standards. CC ID 07533 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2007" to organizational standards. CC ID 07541 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of Internal file types" to organizational standards. CC ID 07552 | System hardening through configuration management | Configuration | |
| Configure the "Block saving of Word 2003 XML file types" to organizational standards. CC ID 07567 | System hardening through configuration management | Configuration | |
| Configure the "RTF files" to organizational standards. CC ID 07911 | System hardening through configuration management | Configuration | |
| Configure the "Set maximum number of trust records to preserve" to organizational standards. CC ID 07912 | System hardening through configuration management | Configuration | |
| Configure the "Specify CNG hash algorithm" to organizational standards. CC ID 07913 | System hardening through configuration management | Configuration | |
| Configure the "VBA Macro Notification Settings" to organizational standards. CC ID 07926 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #2" to organizational standards. CC ID 07933 | System hardening through configuration management | Configuration | |
| Configure the "Do not open files in unsafe locations in Protected View" to organizational standards. CC ID 07939 | System hardening through configuration management | Configuration | |
| Configure the "Set parameters for CNG context" to organizational standards. CC ID 07948 | System hardening through configuration management | Configuration | |
| Configure the "Store random number to improve merge accuracy" to organizational standards. CC ID 07972 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #19" to organizational standards. CC ID 07975 | System hardening through configuration management | Configuration | |
| Configure the "Legacy converters for Word" to organizational standards. CC ID 07985 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #5" to organizational standards. CC ID 07987 | System hardening through configuration management | Configuration | |
| Configure the "Word 6.0 binary documents and templates" to organizational standards. CC ID 07995 | System hardening through configuration management | Configuration | |
| Configure the "Word 2000 binary documents and templates" to organizational standards. CC ID 08012 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #13" to organizational standards. CC ID 08013 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #17" to organizational standards. CC ID 08015 | System hardening through configuration management | Configuration | |
| Configure the "Word 97 binary documents and templates" to organizational standards. CC ID 08024 | System hardening through configuration management | Configuration | |
| Configure the "Do not open files from the Internet zone in Protected View" to organizational standards. CC ID 08029 | System hardening through configuration management | Configuration | |
| Configure the "Turn off file validation" to organizational standards. CC ID 08048 | System hardening through configuration management | Configuration | |
| Configure the "Office Open XML converters for Word" to organizational standards. CC ID 08055 | System hardening through configuration management | Configuration | |
| Configure the "Word 95 binary documents and templates" to organizational standards. CC ID 08065 | System hardening through configuration management | Configuration | |
| Configure the "Word beta converters" to organizational standards. CC ID 08080 | System hardening through configuration management | Configuration | |
| Configure the "Word 2007 and later binary documents and templates" to organizational standards. CC ID 08082 | System hardening through configuration management | Configuration | |
| Configure the "Word beta files" to organizational standards. CC ID 08092 | System hardening through configuration management | Configuration | |
| Configure the "Word 2003 binary documents and templates" to organizational standards. CC ID 08093 | System hardening through configuration management | Configuration | |
| Configure the "Word XP binary documents and templates" to organizational standards. CC ID 08095 | System hardening through configuration management | Configuration | |
| Configure the "Word 2007 and later documents and templates" to organizational standards. CC ID 08097 | System hardening through configuration management | Configuration | |
| Configure the "Word 2 and earlier binary documents and templates" to organizational standards. CC ID 08112 | System hardening through configuration management | Configuration | |
| Configure the "Plain text files" to organizational standards. CC ID 08125 | System hardening through configuration management | Configuration | |
| Configure the "Word 2003 and plain XML documents" to organizational standards. CC ID 08134 | System hardening through configuration management | Configuration | |
| Configure the "OpenDocument Text files" to organizational standards. CC ID 08141 | System hardening through configuration management | Configuration | |
| Configure the "Scan encrypted macros in Word Open XML documents" to organizational standards. CC ID 08147 | System hardening through configuration management | Configuration | |
| Configure Microsoft OneNote settings for Microsoft Office in accordance with organizational standards. CC ID 07908 | System hardening through configuration management | Configuration | |
| Configure the "Specify encryption compatibility" to organizational standards. CC ID 07909 | System hardening through configuration management | Configuration | |
| Configure the "Specify CNG random number generator algorithm" to organizational standards. CC ID 07916 | System hardening through configuration management | Configuration | |
| Configure the "Set CNG cipher algorithm" to organizational standards. CC ID 07944 | System hardening through configuration management | Configuration | |
| Configure the "Set CNG cipher key length" to organizational standards. CC ID 07974 | System hardening through configuration management | Configuration | |
| Configure User Interface settings for Microsoft Office in accordance with organizational standards. CC ID 07923 | System hardening through configuration management | Configuration | |
| Configure Signing settings for Microsoft Office in accordance with organizational standards. CC ID 07929 | System hardening through configuration management | Configuration | |
| Configure Email Form settings for Microsoft Office in accordance with organizational standards. CC ID 07930 | System hardening through configuration management | Configuration | |
| Configure Security settings for Microsoft Office in accordance with organizational standards. CC ID 07932 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #8" to organizational standards. CC ID 07935 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #12" to organizational standards. CC ID 07940 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #20" to organizational standards. CC ID 07943 | System hardening through configuration management | Configuration | |
| Configure the "Check the XAdES portions of a digital signature" to organizational standards. CC ID 07955 | System hardening through configuration management | Configuration | |
| Configure the "Check OLE objects" to organizational standards. CC ID 07957 | System hardening through configuration management | Configuration | |
| Configure the "Consistent Mime Handling" to organizational standards. CC ID 07959 | System hardening through configuration management | Configuration | |
| Configure the "Protection From Zone Elevation" to organizational standards. CC ID 07964 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #14" to organizational standards. CC ID 07965 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Data Execution Prevention" to organizational standards. CC ID 07968 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #12" to organizational standards. CC ID 07976 | System hardening through configuration management | Configuration | |
| Configure the "Set password hash format as ISO-compliant" to organizational standards. CC ID 07977 | System hardening through configuration management | Configuration | |
| Configure the "Prompt to allow fatally corrupt files to open instead of blocking them" to organizational standards. CC ID 07982 | System hardening through configuration management | Configuration | |
| Configure the "Encrypt document properties" to organizational standards. CC ID 07991 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Word and Excel from loading managed code extensions" to organizational standards. CC ID 07999 | System hardening through configuration management | Configuration | |
| Configure the "Apply macro security settings to macros, add-ins and additional actions" to organizational standards. CC ID 08002 | System hardening through configuration management | Configuration | |
| Configure the "Add-on Management" to organizational standards. CC ID 08007 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #7" to organizational standards. CC ID 08008 | System hardening through configuration management | Configuration | |
| Configure the "Trusted Location #1" to organizational standards. CC ID 08016 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #13" to organizational standards. CC ID 08023 | System hardening through configuration management | Configuration | |
| Configure the "S/MIME receipt requests behavior" to organizational standards. CC ID 08026 | System hardening through configuration management | Configuration | |
| Configure the "Do not include XAdES reference object in the manifest" to organizational standards. CC ID 08031 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #11" to organizational standards. CC ID 08032 | System hardening through configuration management | Configuration | |
| Configure the "Windows Internet Explorer Feature Control Opt-In" to organizational standards. CC ID 08033 | System hardening through configuration management | Configuration | |
| Configure the "Allow hyperlinks in suspected phishing e-mail messages" to organizational standards. CC ID 08034 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #5" to organizational standards. CC ID 08038 | System hardening through configuration management | Configuration | |
| Configure the "Specify minimum XAdES level for digital signature generation" to organizational standards. CC ID 08040 | System hardening through configuration management | Configuration | |
| Configure the "Check OWC data source providers" to organizational standards. CC ID 08041 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #10" to organizational standards. CC ID 08044 | System hardening through configuration management | Configuration | |
| Configure the "Set password rules domain timeout" to organizational standards. CC ID 08045 | System hardening through configuration management | Configuration | |
| Configure the "Object Caching Protection" to organizational standards. CC ID 08046 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #18" to organizational standards. CC ID 08056 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #8" to organizational standards. CC ID 08057 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #3" to organizational standards. CC ID 08059 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #6" to organizational standards. CC ID 08063 | System hardening through configuration management | Configuration | |
| Configure the "Replies or forwards to signed/encrypted messages are signed/encrypted" to organizational standards. CC ID 08064 | System hardening through configuration management | Configuration | |
| Configure the "Set timestamp server timeout" to organizational standards. CC ID 08068 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #16" to organizational standards. CC ID 08071 | System hardening through configuration management | Configuration | |
| Configure the "Previous-version file formats" to organizational standards. CC ID 08072 | System hardening through configuration management | Configuration | |
| Configure the "Turn off PDF encryption setting UI" to organizational standards. CC ID 08074 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #2" to organizational standards. CC ID 08075 | System hardening through configuration management | Configuration | |
| Configure the "Restrict File Download" to organizational standards. CC ID 08076 | System hardening through configuration management | Configuration | |
| Configure the "Require OCSP at signature generation time" to organizational standards. CC ID 08077 | System hardening through configuration management | Configuration | |
| Configure the "Disable Password Caching" to organizational standards. CC ID 08079 | System hardening through configuration management | Configuration | |
| Configure the "Message when Outlook cannot find the digital ID to decode a message" to organizational standards. CC ID 08083 | System hardening through configuration management | Configuration | |
| Configure the "Enable Cryptography Icons" to organizational standards. CC ID 08086 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #14" to organizational standards. CC ID 08091 | System hardening through configuration management | Configuration | |
| Configure the "Disable 'Remember password' for Internet e-mail accounts" to organizational standards. CC ID 08096 | System hardening through configuration management | Configuration | |
| Configure the "Suppress hyperlink warnings" to organizational standards. CC ID 08100 | System hardening through configuration management | Configuration | |
| Configure the "Use Protected View for attachments received from internal senders" to organizational standards. CC ID 08104 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #9" to organizational standards. CC ID 08108 | System hardening through configuration management | Configuration | |
| Configure the "Display OLE package objects" to organizational standards. CC ID 08109 | System hardening through configuration management | Configuration | |
| Configure the "Configure time stamping hashing algorithm" to organizational standards. CC ID 08111 | System hardening through configuration management | Configuration | |
| Configure the "Scripted Window Security Restrictions" to organizational standards. CC ID 08113 | System hardening through configuration management | Configuration | |
| Configure the "Set password rules level" to organizational standards. CC ID 08117 | System hardening through configuration management | Configuration | |
| Configure the "Information Bar" to organizational standards. CC ID 08118 | System hardening through configuration management | Configuration | |
| Configure the "Mime Sniffing Safety Feature" to organizational standards. CC ID 08119 | System hardening through configuration management | Configuration | |
| Configure the "Publisher Automation Security Level" to organizational standards. CC ID 08123 | System hardening through configuration management | Configuration | |
| Configure the "Check Excel RTD servers" to organizational standards. CC ID 08127 | System hardening through configuration management | Configuration | |
| Configure the "Path to shared Workgroup information file for secured MDB files" to organizational standards. CC ID 08128 | System hardening through configuration management | Configuration | |
| Configure the "Check ActiveX objects" to organizational standards. CC ID 08131 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #15" to organizational standards. CC ID 08132 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #19" to organizational standards. CC ID 08135 | System hardening through configuration management | Configuration | |
| Configure the "Always use TNEF formatting in S/MIME messages" to organizational standards. CC ID 08136 | System hardening through configuration management | Configuration | |
| Configure the "Restrict ActiveX Install" to organizational standards. CC ID 08138 | System hardening through configuration management | Configuration | |
| Configure the "Set signature verification level" to organizational standards. CC ID 08140 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #17" to organizational standards. CC ID 08143 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow expired certificates when validating signatures" to organizational standards. CC ID 08144 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #4" to organizational standards. CC ID 08145 | System hardening through configuration management | Configuration | |
| Configure the "Requested XAdES level for signature generation" to organizational standards. CC ID 08146 | System hardening through configuration management | Configuration | |
| Configure the "Specify timestamp server name" to organizational standards. CC ID 08148 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #7" to organizational standards. CC ID 08149 | System hardening through configuration management | Configuration | |
| Configure the "Select digital signature hashing algorithm" to organizational standards. CC ID 08150 | System hardening through configuration management | Configuration | |
| Configure the "Local Machine Zone Lockdown Security" to organizational standards. CC ID 08151 | System hardening through configuration management | Configuration | |
| Configure the "Graphics filter import" to organizational standards. CC ID 08152 | System hardening through configuration management | Configuration | |
| Configure the "Unsafe Location #1" to organizational standards. CC ID 08153 | System hardening through configuration management | Configuration | |
| Configure the "Security Level" to organizational standards. CC ID 08157 | System hardening through configuration management | Configuration | |
| Configure the "Turn off error reporting for files that fail file validation" to organizational standards. CC ID 08159 | System hardening through configuration management | Configuration | |
| Configure the "Block application add-ins loading" to organizational standards. CC ID 08160 | System hardening through configuration management | Configuration | |
| Configure the "Allow the use of ActiveX Custom Controls in InfoPath forms" to organizational standards. CC ID 08171 | System hardening through configuration management | Configuration | |
| Configure the "Control behavior for Microsoft SharePoint Foundation gradual upgrade" to organizational standards. CC ID 08181 | System hardening through configuration management | Configuration | |
| Configure the "Block cross-domain data form retrieval" to organizational standards. CC ID 08238 | System hardening through configuration management | Configuration | |
| Configure the "Display a warning that a form is digitally signed" to organizational standards. CC ID 08307 | System hardening through configuration management | Configuration | |
| Configure the "Beaconing UI for forms opened in InfoPath Filler ActiveX" to organizational standards. CC ID 08333 | System hardening through configuration management | Configuration | |
| Configure the "Disable opening forms with managed code from the Internet security zone" to organizational standards. CC ID 08340 | System hardening through configuration management | Configuration | |
| Configure Restricted Permissions settings for Microsoft Office in accordance with organizational standards. CC ID 07937 | System hardening through configuration management | Configuration | |
| Configure Account settings for Microsoft Office in accordance with organizational standards. CC ID 07951 | System hardening through configuration management | Configuration | |
| Configure Add-In settings for Microsoft Office in accordance with organizational standards. CC ID 07962 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow on-demand activity synchronization" to organizational standards. CC ID 07963 | System hardening through configuration management | Configuration | |
| Configure the "Do not show social network info-bars" to organizational standards. CC ID 07988 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Outlook Social Connector" to organizational standards. CC ID 07989 | System hardening through configuration management | Configuration | |
| Configure the "Set GAL contact synchronization interval" to organizational standards. CC ID 08039 | System hardening through configuration management | Configuration | |
| Configure the "Do not download photos from Active Directory" to organizational standards. CC ID 08043 | System hardening through configuration management | Configuration | |
| Configure the "Specify activity feed synchronization interval" to organizational standards. CC ID 08058 | System hardening through configuration management | Configuration | |
| Configure the "Block social network contact synchronization" to organizational standards. CC ID 08062 | System hardening through configuration management | Configuration | |
| Configure the "Block network activity synchronization" to organizational standards. CC ID 08103 | System hardening through configuration management | Configuration | |
| Configure the "Block specific social network providers" to organizational standards. CC ID 08114 | System hardening through configuration management | Configuration | |
| Configure the "Specify list of social network providers to load" to organizational standards. CC ID 08122 | System hardening through configuration management | Configuration | |
| Configure the "Block Global Address List synchronization" to organizational standards. CC ID 08139 | System hardening through configuration management | Configuration | |
| Configure the "Prevent social network connectivity" to organizational standards. CC ID 08156 | System hardening through configuration management | Configuration | |
| Configure File Format Converter settings for Microsoft Office in accordance with organizational standards. CC ID 07983 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats new to Excel 2010 through the Compatibility Pack for Office 2010 and Excel 2010 Converter" to organizational standards. CC ID 07984 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats new to Word 2010 through the Compatibility Pack for Office 2010 and Word 2010 Open XML/Word 97-2003 Format Converter" to organizational standards. CC ID 08004 | System hardening through configuration management | Configuration | |
| Configure the "Block opening of pre-release versions of file formats new to PowerPoint 2010 through the Compatibility Pack for Office 2010 and PowerPoint 2010 Converter" to organizational standards. CC ID 08124 | System hardening through configuration management | Configuration | |
| Configure Microsoft Project settings for Microsoft Office in accordance with organizational standards. CC ID 08036 | System hardening through configuration management | Configuration | |
| Configure the "Enable untrusted intranet zone access to Project server" to organizational standards. CC ID 08037 | System hardening through configuration management | Configuration | |
| Configure Meeting Workspace settings for Microsoft Office in accordance with organizational standards. CC ID 08050 | System hardening through configuration management | Configuration | |
| Configure Miscellaneous settings for Microsoft Office in accordance with organizational standards. CC ID 08054 | System hardening through configuration management | Configuration | |
| Configure the "OLAP PivotTable User Defined Function (UDF) security setting" to organizational standards. CC ID 08133 | System hardening through configuration management | Configuration | |
| Configure the "Do not expand Contact Groups" to organizational standards. CC ID 08343 | System hardening through configuration management | Configuration | |
| Configure Data Backup and Recovery settings for Microsoft Office in accordance with organizational standards. CC ID 08098 | System hardening through configuration management | Configuration | |
| Configure Privacy settings for Microsoft Office in accordance with organizational standards. CC ID 08101 | System hardening through configuration management | Configuration | |
| Configure Server Settings settings for Microsoft Office in accordance with organizational standards. CC ID 08154 | System hardening through configuration management | Configuration | |
| Configure the "Disable the Office client from polling the SharePoint Server for published links" to organizational standards. CC ID 08155 | System hardening through configuration management | Configuration | |
| Configure Smart Documents settings for Microsoft Office in accordance with organizational standards. CC ID 08158 | System hardening through configuration management | Configuration | |
| Configure Fax settings for Microsoft Office in accordance with organizational standards. CC ID 08310 | System hardening through configuration management | Configuration | |
| Configure the "Date Format" setting to organizational standards. CC ID 09400 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow printing to Journal Note Writer" setting to organizational standards. CC ID 10911 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow Windows Journal to be run" setting to organizational standards. CC ID 10922 | System hardening through configuration management | Configuration | |
| Configure Services settings to organizational standards. CC ID 07434 | System hardening through configuration management | Configuration | |
| Configure Active Directory in accordance with organizational standards. CC ID 16434 | System hardening through configuration management | Configuration | |
| Configure SID filtering in accordance with organizational standards. CC ID 16435 | System hardening through configuration management | Configuration | |
| Configure AWS Config to organizational standards. CC ID 15440 | System hardening through configuration management | Configuration | |
| Configure "Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service" to organizational standards. CC ID 15343 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_X64" to organizational standards CC ID 07435 | System hardening through configuration management | Configuration | |
| Configure the "namespace" to organizational standards. CC ID 14654 | System hardening through configuration management | Configuration | |
| Configure the "Smart Card" to organizational standards. CC ID 07436 | System hardening through configuration management | Configuration | |
| Configure the "File Server Storage Reports Manager" to organizational standards. CC ID 07437 | System hardening through configuration management | Configuration | |
| Configure the "IP Helper" to organizational standards. CC ID 07439 | System hardening through configuration management | Configuration | |
| Configure the "ipc" argument to organizational standards. CC ID 14524 | System hardening through configuration management | Configuration | |
| Configure the "AD RMS Logging Service" to organizational standards. CC ID 07440 | System hardening through configuration management | Configuration | |
| Configure the "Windows Time" to organizational standards. CC ID 07441 | System hardening through configuration management | Configuration | |
| Configure the "Protected Storage" to organizational standards. CC ID 07442 | System hardening through configuration management | Configuration | |
| Configure the "Windows License Monitoring Service" to organizational standards. CC ID 07443 | System hardening through configuration management | Configuration | |
| Configure the "Portable Device Enumerator Service" to organizational standards. CC ID 07444 | System hardening through configuration management | Configuration | |
| Configure the "Software Licensing" to organizational standards. CC ID 07445 | System hardening through configuration management | Configuration | |
| Configure the "Offline Files" to organizational standards. CC ID 07446 | System hardening through configuration management | Configuration | |
| Configure the "Peer Networking Identity Manager" to organizational standards. CC ID 07447 | System hardening through configuration management | Configuration | |
| Configure the "Human Interface Device Access" to organizational standards. CC ID 07448 | System hardening through configuration management | Configuration | |
| Configure the "Link-Layer Topology Discovery Mapper" to organizational standards. CC ID 07449 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_I64" to organizational standards CC ID 07450 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall" to organizational standards. CC ID 07451 | System hardening through configuration management | Configuration | |
| Configure the "networkpolicy" to organizational standards. CC ID 14655 | System hardening through configuration management | Configuration | |
| Configure the "Net.Tcp Port Sharing Service" to organizational standards. CC ID 07452 | System hardening through configuration management | Configuration | |
| Configure the "pid" argument to organizational standards. CC ID 14532 | System hardening through configuration management | Configuration | |
| Configure the "Secondary Logon" to organizational standards. CC ID 07453 | System hardening through configuration management | Configuration | |
| Configure the "Remote Access Connection Manager" to organizational standards. CC ID 07454 | System hardening through configuration management | Configuration | |
| Configure the "Function Discovery Provider Host" to organizational standards. CC ID 07455 | System hardening through configuration management | Configuration | |
| Configure the "Windows Process Activation Service" to organizational standards. CC ID 07457 | System hardening through configuration management | Configuration | |
| Configure the "Task Scheduler" to organizational standards. CC ID 07459 | System hardening through configuration management | Configuration | |
| Configure the "Intersite Messaging" to organizational standards. CC ID 07460 | System hardening through configuration management | Configuration | |
| Configure the "Special Administration Console Helper" to organizational standards. CC ID 07463 | System hardening through configuration management | Configuration | |
| Configure the "Security Accounts Manager" to organizational standards. CC ID 07465 | System hardening through configuration management | Configuration | |
| Configure the "Kerberos Key Distribution Center" to organizational standards. CC ID 07469 | System hardening through configuration management | Configuration | |
| Configure the "COM+ System Application" to organizational standards. CC ID 07470 | System hardening through configuration management | Configuration | |
| Configure the "RPC Endpoint Mapper" to organizational standards. CC ID 07471 | System hardening through configuration management | Configuration | |
| Configure the "UPnP Device Host" to organizational standards. CC ID 07472 | System hardening through configuration management | Configuration | |
| Configure the "DHCP Client" to organizational standards. CC ID 07475 | System hardening through configuration management | Configuration | |
| Configure the "Extensible Authentication Protocol" to organizational standards. CC ID 07476 | System hardening through configuration management | Configuration | |
| Configure the "SNMP Service" to organizational standards. CC ID 07477 | System hardening through configuration management | Configuration | |
| Configure the "Message Queuing Down Level Clients" to organizational standards. CC ID 07478 | System hardening through configuration management | Configuration | |
| Configure the "TPM Base Services" to organizational standards. CC ID 07479 | System hardening through configuration management | Configuration | |
| Configure the "Windows Deployment Services server" to organizational standards. CC ID 07480 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft iSNS Server" to organizational standards. CC ID 07481 | System hardening through configuration management | Configuration | |
| Configure the "Multimedia Class Scheduler" to organizational standards. CC ID 07482 | System hardening through configuration management | Configuration | |
| Configure the "uts" argument to organizational standards. CC ID 14526 | System hardening through configuration management | Configuration | |
| Configure the "Performance Counter DLL Host" to organizational standards. CC ID 07484 | System hardening through configuration management | Configuration | |
| Configure the "pids-limit" argument to organizational standards. CC ID 14537 | System hardening through configuration management | Configuration | |
| Configure the "Windows Search" to organizational standards. CC ID 07486 | System hardening through configuration management | Configuration | |
| Configure the "DFS Replication" to organizational standards. CC ID 07487 | System hardening through configuration management | Configuration | |
| Configure the "Superfetch" to organizational standards. CC ID 07488 | System hardening through configuration management | Configuration | |
| Configure the "Power" to organizational standards. CC ID 07489 | System hardening through configuration management | Configuration | |
| Configure the "Remote Access Quarantine Agent" to organizational standards. CC ID 07491 | System hardening through configuration management | Configuration | |
| Configure the "Windows Audio" to organizational standards. CC ID 07492 | System hardening through configuration management | Configuration | |
| Configure the "Windows Event Log" to organizational standards. CC ID 07495 | System hardening through configuration management | Configuration | |
| Configure the "Performance Logs & Alerts" to organizational standards. CC ID 07496 | System hardening through configuration management | Configuration | |
| Configure the "File Replication" to organizational standards. CC ID 07497 | System hardening through configuration management | Configuration | |
| Configure the "Encrypting File System (EFS)" to organizational standards. CC ID 07498 | System hardening through configuration management | Configuration | |
| Configure the "userns" argument to organizational standards. CC ID 14530 | System hardening through configuration management | Configuration | |
| Configure the "Quality Windows Audio Video Experience" to organizational standards. CC ID 07500 | System hardening through configuration management | Configuration | |
| Configure the "TCP/IP NetBIOS Helper" to organizational standards. CC ID 07502 | System hardening through configuration management | Configuration | |
| Configure the "Windows System Resource Manager" to organizational standards. CC ID 07503 | System hardening through configuration management | Configuration | |
| Configure the "Interactive Services Detection" to organizational standards. CC ID 07505 | System hardening through configuration management | Configuration | |
| Configure the "Software Protection" to organizational standards. CC ID 07508 | System hardening through configuration management | Configuration | |
| Configure the "ASP .NET State Service" to organizational standards CC ID 07509 | System hardening through configuration management | Configuration | |
| Configure the "Distributed Transaction Coordinator" to organizational standards. CC ID 07514 | System hardening through configuration management | Configuration | |
| Configure the "Telnet" to organizational standards. CC ID 07515 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Image Management Service" to organizational standards. CC ID 07517 | System hardening through configuration management | Configuration | |
| Configure the "Server" to organizational standards. CC ID 07521 | System hardening through configuration management | Configuration | |
| Configure the "Group Policy Client" to organizational standards. CC ID 07522 | System hardening through configuration management | Configuration | |
| Configure the "Desktop Window Manager Session Manager" to organizational standards. CC ID 07523 | System hardening through configuration management | Configuration | |
| Configure the "Windows Management Instrumentation" to organizational standards. CC ID 07524 | System hardening through configuration management | Configuration | |
| Configure the "World Wide Web Publishing Service" to organizational standards. CC ID 07525 | System hardening through configuration management | Configuration | |
| Configure the "Function Discovery Resource Publication" to organizational standards. CC ID 07526 | System hardening through configuration management | Configuration | |
| Configure the "Simple Mail Transport Protocol (SMTP)" to organizational standards. CC ID 07527 | System hardening through configuration management | Configuration | |
| Configure the "Resultant Set of Policy Provider" to organizational standards. CC ID 07528 | System hardening through configuration management | Configuration | |
| Configure the "WMI Performance Adapter" to organizational standards. CC ID 07529 | System hardening through configuration management | Configuration | |
| Configure the "Disk Defragmenter" to organizational standards. CC ID 07530 | System hardening through configuration management | Configuration | |
| Configure the "IIS Admin Service" to organizational standards. CC ID 07532 | System hardening through configuration management | Configuration | |
| Configure the "Volume Shadow Copy" to organizational standards. CC ID 07534 | System hardening through configuration management | Configuration | |
| Configure the "Network Location Awareness" to organizational standards. CC ID 07535 | System hardening through configuration management | Configuration | |
| Configure the "Windows Presentation Foundation Font Cache 3.0.0.0" to organizational standards. CC ID 07536 | System hardening through configuration management | Configuration | |
| Configure the "WinHTTP Web Proxy Auto-Discovery Service" to organizational standards. CC ID 07537 | System hardening through configuration management | Configuration | |
| Configure the "Network List Service" to organizational standards. CC ID 07538 | System hardening through configuration management | Configuration | |
| Configure the "Application Experience" to organizational standards. CC ID 07540 | System hardening through configuration management | Configuration | |
| Configure the "Active Directory Web Services" to organizational standards. CC ID 07542 | System hardening through configuration management | Configuration | |
| Configure the "SSDP Discovery" to organizational standards. CC ID 07543 | System hardening through configuration management | Configuration | |
| Configure the "TCP/IP Print Server" to organizational standards. CC ID 07544 | System hardening through configuration management | Configuration | |
| Configure "Netlogon" to organizational standards. CC ID 07545 | System hardening through configuration management | Configuration | |
| Configure the "Windows Error Reporting Service" to organizational standards. CC ID 07546 | System hardening through configuration management | Configuration | |
| Configure the "IKE and AuthIP IPsec Keying Modules" to organizational standards. CC ID 07547 | System hardening through configuration management | Configuration | |
| Configure the "DFS Namespace" to organizational standards. CC ID 07548 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server VSS Writer" to organizational standards. CC ID 07549 | System hardening through configuration management | Configuration | |
| Configure the "Network Policy Server" to organizational standards. CC ID 07550 | System hardening through configuration management | Configuration | |
| Configure the "Windows Driver Foundation - User-mode Driver Framework" to organizational standards. CC ID 07551 | System hardening through configuration management | Configuration | |
| Configure the "Server For NIS" to organizational standards. CC ID 07553 | System hardening through configuration management | Configuration | |
| Configure the "User Profile Service" to organizational standards. CC ID 07554 | System hardening through configuration management | Configuration | |
| Configure the "SNMP Trap" to organizational standards. CC ID 07555 | System hardening through configuration management | Configuration | |
| Configure the "Net.Tcp Listener Adapter" to organizational standards. CC ID 07556 | System hardening through configuration management | Configuration | |
| Configure the "Network Access Protection Agent" to organizational standards. CC ID 07557 | System hardening through configuration management | Configuration | |
| Configure the "Remote Access Auto Connection Manager" to organizational standards. CC ID 07558 | System hardening through configuration management | Configuration | |
| Configure the "Server for NFS" to organizational standards. CC ID 07559 | System hardening through configuration management | Configuration | |
| Configure the "Credential Manager" to organizational standards. CC ID 07560 | System hardening through configuration management | Configuration | |
| Configure the "Workstation" to organizational standards. CC ID 07561 | System hardening through configuration management | Configuration | |
| Configure the "PNRP Machine Name Publication Service" to organizational standards. CC ID 07562 | System hardening through configuration management | Configuration | |
| Configure the "Print Spooler" to organizational standards. CC ID 07563 | System hardening through configuration management | Configuration | |
| Configure the "Windows Internet Name Service (WINS)" to organizational standards. CC ID 07564 | System hardening through configuration management | Configuration | |
| Configure the "Net.Msmq Listener Adapter" to organizational standards. CC ID 07565 | System hardening through configuration management | Configuration | |
| Configure the "COM+ Event System" to organizational standards. CC ID 07566 | System hardening through configuration management | Configuration | |
| Configure the "Windows Update" to organizational standards. CC ID 07568 | System hardening through configuration management | Configuration | |
| Configure the "Windows Installer" to organizational standards. CC ID 07569 | System hardening through configuration management | Configuration | |
| Configure the "Windows Color System" to organizational standards. CC ID 07570 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft .NET Framework NGEN v2.0.50727_X86" to organizational standards CC ID 07571 | System hardening through configuration management | Configuration | |
| Configure the "Block Level Backup Engine Service" to organizational standards. CC ID 07572 | System hardening through configuration management | Configuration | |
| Configure the "Windows CardSpace" to organizational standards. CC ID 07573 | System hardening through configuration management | Configuration | |
| Configure the "webclient" to organizational standards. CC ID 07574 | System hardening through configuration management | Configuration | |
| Configure the "Diagnostic Service Host" to organizational standards. CC ID 07575 | System hardening through configuration management | Configuration | |
| Configure the "Active Directory Certificate Services" to organizational standards. CC ID 07576 | System hardening through configuration management | Configuration | |
| Configure the "File Server Resource Manager" to organizational standards. CC ID 07577 | System hardening through configuration management | Configuration | |
| Configure the "Secure Socket Tunneling Protocol Service" to organizational standards. CC ID 07578 | System hardening through configuration management | Configuration | |
| Configure the "Cluster Service" to organizational standards. CC ID 07579 | System hardening through configuration management | Configuration | |
| Configure the "Application Management" to organizational standards. CC ID 07580 | System hardening through configuration management | Configuration | |
| Configure the "Remote Procedure Call (RPC) Locator" to organizational standards. CC ID 07581 | System hardening through configuration management | Configuration | |
| Configure the "Thread Ordering Server" to organizational standards. CC ID 07582 | System hardening through configuration management | Configuration | |
| Configure the "FTP Publishing Service" to organizational standards. CC ID 07583 | System hardening through configuration management | Configuration | |
| Configure the "System Event Notification Service" to organizational standards. CC ID 07584 | System hardening through configuration management | Configuration | |
| Configure the "Remote Procedure Call (RPC)" to organizational standards. CC ID 07585 | System hardening through configuration management | Configuration | |
| Configure the "Net.Pipe Listener Adapter" to organizational standards. CC ID 07586 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Licensing" to organizational standards. CC ID 07587 | System hardening through configuration management | Configuration | |
| Configure the "Message Queuing Triggers" to organizational standards. CC ID 07588 | System hardening through configuration management | Configuration | |
| Configure the "Windows Modules Installer" to organizational standards. CC ID 07589 | System hardening through configuration management | Configuration | |
| Configure the "Application Layer Gateway Service" to organizational standards. CC ID 07590 | System hardening through configuration management | Configuration | |
| Configure the "DNS Server" to organizational standards. CC ID 07591 | System hardening through configuration management | Configuration | |
| Configure the "Web Management Service" to organizational standards. CC ID 07592 | System hardening through configuration management | Configuration | |
| Configure the "Windows Remote Management (WS-Management)" to organizational standards. CC ID 07593 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Gateway" to organizational standards. CC ID 07594 | System hardening through configuration management | Configuration | |
| Configure the "Network Connections" to organizational standards. CC ID 07595 | System hardening through configuration management | Configuration | |
| Configure the "Background Intelligent Transfer Service" to organizational standards. CC ID 07596 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Session Broker" to organizational standards. CC ID 07597 | System hardening through configuration management | Configuration | |
| Configure the "Removable Storage" to organizational standards. CC ID 07598 | System hardening through configuration management | Configuration | |
| Configure the "KtmRm for Distributed Transaction Coordinator" to organizational standards. CC ID 07614 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Software Shadow Copy Provider" to organizational standards. CC ID 07615 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Services" to organizational standards. CC ID 07616 | System hardening through configuration management | Configuration | |
| Configure the "Peer Name Resolution Protocol" to organizational standards. CC ID 07617 | System hardening through configuration management | Configuration | |
| Configure the "Online Responder Service" to organizational standards. CC ID 07618 | System hardening through configuration management | Configuration | |
| Configure the "Message Queuing" to organizational standards. CC ID 07619 | System hardening through configuration management | Configuration | |
| Configure the "Telephony" to organizational standards. CC ID 07620 | System hardening through configuration management | Configuration | |
| Configure the "Plug and Play" to organizational standards. CC ID 07624 | System hardening through configuration management | Configuration | |
| Configure the "DHCP Server" to organizational standards. CC ID 07627 | System hardening through configuration management | Configuration | |
| Configure the "Remote Registry" to organizational standards. CC ID 07628 | System hardening through configuration management | Configuration | |
| Configure the "Cryptographic Services" to organizational standards. CC ID 07630 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Configuration" to organizational standards. CC ID 07631 | System hardening through configuration management | Configuration | |
| Configure the "CNG Key Isolation" to organizational standards. CC ID 07634 | System hardening through configuration management | Configuration | |
| Configure the "Active Directory Domain Services" to organizational standards. CC ID 07636 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Networking Management Service" to organizational standards. CC ID 07637 | System hardening through configuration management | Configuration | |
| Configure the "Problem Reports and Solutions Control Panel Support" to organizational standards. CC ID 07640 | System hardening through configuration management | Configuration | |
| Configure the "Certificate Propagation" to organizational standards. CC ID 07641 | System hardening through configuration management | Configuration | |
| Configure the "Health Key and Certificate Management" to organizational standards. CC ID 07644 | System hardening through configuration management | Configuration | |
| Configure the "DNS Client" to organizational standards. CC ID 07645 | System hardening through configuration management | Configuration | |
| Configure the "Shell Hardware Detection" to organizational standards. CC ID 07647 | System hardening through configuration management | Configuration | |
| Configure the "DCOM Server Process Launcher" to organizational standards. CC ID 07649 | System hardening through configuration management | Configuration | |
| Configure the "Distributed Link Tracking Client" to organizational standards. CC ID 07651 | System hardening through configuration management | Configuration | |
| Configure the "IPsec Policy Agent" to organizational standards. CC ID 07654 | System hardening through configuration management | Configuration | |
| Configure the "Application Information" to organizational standards. CC ID 07656 | System hardening through configuration management | Configuration | |
| Configure the "Windows Audio Endpoint Builder" to organizational standards. CC ID 07661 | System hardening through configuration management | Configuration | |
| Configure the "SL UI Notification Service" to organizational standards. CC ID 07665 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Virtual Machine Management Service" to organizational standards. CC ID 07668 | System hardening through configuration management | Configuration | |
| Configure the "Windows Internal Database (MICROSOFT**SSEE)" to organizational standards. CC ID 07670 | System hardening through configuration management | Configuration | |
| Configure the "Themes" to organizational standards. CC ID 07672 | System hardening through configuration management | Configuration | |
| Configure the "Base Filtering Engine" to organizational standards. CC ID 07673 | System hardening through configuration management | Configuration | |
| Configure the "Simple TCP/IP Services" to organizational standards. CC ID 07674 | System hardening through configuration management | Configuration | |
| Configure Transmission Control Protocol/Internet Protocol (TCP/IP) to organizational standards. CC ID 16358 | System hardening through configuration management | Configuration | |
| Configure the "Fax" to organizational standards. CC ID 07675 | System hardening through configuration management | Configuration | |
| Configure the "Diagnostic System Host" to organizational standards. CC ID 07686 | System hardening through configuration management | Configuration | |
| Configure the "Routing and Remote Access" to organizational standards. CC ID 07692 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Fibre Channel Platform Registration Service" to organizational standards. CC ID 07696 | System hardening through configuration management | Configuration | |
| Configure the "Windows Event Collector" to organizational standards. CC ID 07700 | System hardening through configuration management | Configuration | |
| Configure the "Internet Connection Sharing (ICS)" to organizational standards. CC ID 07702 | System hardening through configuration management | Configuration | |
| Configure the "IAS Jet Database Access" to organizational standards. CC ID 07709 | System hardening through configuration management | Configuration | |
| Configure the "Wired AutoConfig" to organizational standards. CC ID 07725 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop UserMode Port Redirector" to organizational standards. CC ID 07727 | System hardening through configuration management | Configuration | |
| Configure the "Application Identity" to organizational standards. CC ID 07731 | System hardening through configuration management | Configuration | |
| Configure the "Network Store Interface Service" to organizational standards. CC ID 07740 | System hardening through configuration management | Configuration | |
| Configure the "PnP-X IP Bus Enumerator" to organizational standards. CC ID 07761 | System hardening through configuration management | Configuration | |
| Configure the "Diagnostic Policy Service" to organizational standards. CC ID 07766 | System hardening through configuration management | Configuration | |
| Configure the "Virtual Disk" to organizational standards. CC ID 07767 | System hardening through configuration management | Configuration | |
| Configure the "AD FS Web Agent Authentication Service" to organizational standards. CC ID 07768 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft iSCSI Initiator Service" to organizational standards. CC ID 07780 | System hardening through configuration management | Configuration | |
| Configure the "Computer Browser" to organizational standards. CC ID 07794 | System hardening through configuration management | Configuration | |
| Configure the "Smart Card Removal Policy" to organizational standards. CC ID 07795 | System hardening through configuration management | Configuration | |
| Configure the "Windows Font Cache Service" to organizational standards. CC ID 07797 | System hardening through configuration management | Configuration | |
| Configure the "Application Host Helper Service" to organizational standards. CC ID 07855 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Help Session Manager" to organizational standards. CC ID 08163 | System hardening through configuration management | Configuration | |
| Configure the "Network DDE" to organizational standards. CC ID 08164 | System hardening through configuration management | Configuration | |
| Configure the "Upload Manager" to organizational standards. CC ID 08165 | System hardening through configuration management | Configuration | |
| Configure the "Event Log" to organizational standards. CC ID 08166 | System hardening through configuration management | Configuration | |
| Configure the "Client for NFS" to organizational standards. CC ID 08168 | System hardening through configuration management | Configuration | |
| Configure the "Fax Service" to organizational standards. CC ID 08172 | System hardening through configuration management | Configuration | |
| Configure the "Virtual Disk Service" to organizational standards. CC ID 08174 | System hardening through configuration management | Configuration | |
| Configure the "Uninterruptable Power Supply" to organizational standards. CC ID 08175 | System hardening through configuration management | Configuration | |
| Configure the "Network DDE DSDM" to organizational standards. CC ID 08176 | System hardening through configuration management | Configuration | |
| Configure the "Portable Media Serial Number Service" to organizational standards. CC ID 08177 | System hardening through configuration management | Configuration | |
| Configure the "Windows Management Instrumentation Driver Extensions" to organizational standards. CC ID 08179 | System hardening through configuration management | Configuration | |
| Configure the "License Logging" to organizational standards. CC ID 08180 | System hardening through configuration management | Configuration | |
| Configure the "Windows Image Acquisition (WIA)" to organizational standards. CC ID 08183 | System hardening through configuration management | Configuration | |
| Configure the "Terminal Server Licensing" to organizational standards. CC ID 08185 | System hardening through configuration management | Configuration | |
| Configure the "Virtual Machine Additions Shared Folder Service" to organizational standards. CC ID 08189 | System hardening through configuration management | Configuration | |
| Configure the "Net Logon" to organizational standards. CC ID 08191 | System hardening through configuration management | Configuration | |
| Configure the "HTTP SSL" to organizational standards. CC ID 08194 | System hardening through configuration management | Configuration | |
| Configure the "Alerter" to organizational standards. CC ID 08196 | System hardening through configuration management | Configuration | |
| Configure the "User Name Mapping" to organizational standards. CC ID 08203 | System hardening through configuration management | Configuration | |
| Configure the "Error Reporting Service" to organizational standards. CC ID 08206 | System hardening through configuration management | Configuration | |
| Configure the "Windows User Mode Driver Framework" to organizational standards. CC ID 08207 | System hardening through configuration management | Configuration | |
| Configure the "NetMeeting Remote Desktop Sharing" to organizational standards. CC ID 08209 | System hardening through configuration management | Configuration | |
| Configure the "Terminal Services UserMode Port Redirector" to organizational standards. CC ID 08212 | System hardening through configuration management | Configuration | |
| Configure the "File Replication Service" to organizational standards. CC ID 08213 | System hardening through configuration management | Configuration | |
| Configure the "NT LM Security Support Provider" to organizational standards. CC ID 08223 | System hardening through configuration management | Configuration | |
| Configure the "Messenger" to organizational standards. CC ID 08227 | System hardening through configuration management | Configuration | |
| Configure the "Logical Disk Manager" to organizational standards. CC ID 08230 | System hardening through configuration management | Configuration | |
| Configure the "Network Location Awareness (NLA)" to organizational standards. CC ID 08231 | System hardening through configuration management | Configuration | |
| Configure the "Certificate Services" to organizational standards. CC ID 08232 | System hardening through configuration management | Configuration | |
| Configure the "IPSEC Services" to organizational standards. CC ID 08233 | System hardening through configuration management | Configuration | |
| Configure the "Terminal Services Gateway" to organizational standards. CC ID 08235 | System hardening through configuration management | Configuration | |
| Configure the "Clipbook" to organizational standards. CC ID 08237 | System hardening through configuration management | Configuration | |
| Configure the "Indexing Service" to organizational standards. CC ID 08239 | System hardening through configuration management | Configuration | |
| Configure the "File Server for Macintosh" to organizational standards. CC ID 08242 | System hardening through configuration management | Configuration | |
| Configure the "Virtual Machine Additions Service Application" to organizational standards. CC ID 08245 | System hardening through configuration management | Configuration | |
| Configure the "Network Provisioning Service" to organizational standards. CC ID 08250 | System hardening through configuration management | Configuration | |
| Configure the "Terminal Services" to organizational standards. CC ID 08252 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall/Internet Connection Sharing (ICS)" to organizational standards. CC ID 08254 | System hardening through configuration management | Configuration | |
| Configure the ".NET Runtime Optimization Service v2.0.50727_x86" to organizational standards CC ID 08256 | System hardening through configuration management | Configuration | |
| Configure the "Terminal Services Session Directory" to organizational standards. CC ID 08261 | System hardening through configuration management | Configuration | |
| Configure the "Application Experience Lookup Service" to organizational standards. CC ID 08267 | System hardening through configuration management | Configuration | |
| Configure the "Distributed File System" to organizational standards. CC ID 08268 | System hardening through configuration management | Configuration | |
| Configure the "Help and Support" to organizational standards. CC ID 08271 | System hardening through configuration management | Configuration | |
| Configure the "Automatic Updates" to organizational standards. CC ID 08273 | System hardening through configuration management | Configuration | |
| Configure the "Distributed Link Tracking Server" to organizational standards. CC ID 08276 | System hardening through configuration management | Configuration | |
| Configure the "IMAPI CD-Burning Service" to organizational standards. CC ID 08277 | System hardening through configuration management | Configuration | |
| Configure the "Terminal Services Configuration" to organizational standards. CC ID 08287 | System hardening through configuration management | Configuration | |
| Configure the "Logical Disk Manager Administrative Service" to organizational standards. CC ID 08290 | System hardening through configuration management | Configuration | |
| Configure the "Wireless Configuration" to organizational standards. CC ID 08292 | System hardening through configuration management | Configuration | |
| Configure the "System Event Notification" to organizational standards. CC ID 08306 | System hardening through configuration management | Configuration | |
| Configure the "Internet Authentication Service" to organizational standards. CC ID 08313 | System hardening through configuration management | Configuration | |
| Configure the "Terminal Services Licensing" to organizational standards. CC ID 08320 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange ADAM" to organizational standards. CC ID 08349 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Server Extension for Windows Server Backup" to organizational standards. CC ID 08351 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Search Indexer" to organizational standards. CC ID 08355 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Connection Broker" to organizational standards. CC ID 08356 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Service Host" to organizational standards. CC ID 08358 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Transport" to organizational standards. CC ID 08359 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Transport Log Search" to organizational standards. CC ID 08364 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Time Synchronization Service" to organizational standards. CC ID 08365 | System hardening through configuration management | Configuration | |
| Configure the "DS Role Server" to organizational standards. CC ID 08366 | System hardening through configuration management | Configuration | |
| Configure the "RemoteApp and Desktop Connection Management" to organizational standards. CC ID 08367 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Guest Shutdown Service" to organizational standards. CC ID 08368 | System hardening through configuration management | Configuration | |
| Configure the "Optimize drives" to organizational standards. CC ID 08369 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Management" to organizational standards. CC ID 08371 | System hardening through configuration management | Configuration | |
| Configure the "Background Tasks Infrastructure Service" to organizational standards. CC ID 08373 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Forms-Based Authentication service" to organizational standards. CC ID 08375 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange POP3" to organizational standards. CC ID 08376 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Information Store" to organizational standards. CC ID 08377 | System hardening through configuration management | Configuration | |
| Configure the "LPD Service" to organizational standards. CC ID 08378 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Mailbox Assistants" to organizational standards. CC ID 08379 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Monitoring" to organizational standards. CC ID 08380 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Unified Messaging" to organizational standards. CC ID 08381 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Search (Exchange)" to organizational standards. CC ID 08384 | System hardening through configuration management | Configuration | |
| Configure the "Windows All-User Install Agent" to organizational standards. CC ID 08386 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange EdgeSync Service" to organizational standards. CC ID 08388 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft FTP Service" to organizational standards. CC ID 08389 | System hardening through configuration management | Configuration | |
| Configure the "Device Install Service" to organizational standards. CC ID 08390 | System hardening through configuration management | Configuration | |
| Configure the "Device Association Service" to organizational standards. CC ID 08393 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Heartbeat Service" to organizational standards. CC ID 08400 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Speech Engine Service" to organizational standards. CC ID 08402 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Data Exchange Service" to organizational standards. CC ID 08403 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Mail Submission Service" to organizational standards. CC ID 08408 | System hardening through configuration management | Configuration | |
| Configure the "Windows Presentation Foundation Font Cache 4.0.0.0" to organizational standards. CC ID 08409 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Replication Service" to organizational standards. CC ID 08414 | System hardening through configuration management | Configuration | |
| Configure the "Windows Internal Database" to organizational standards. CC ID 08416 | System hardening through configuration management | Configuration | |
| Configure the "Device Setup Manager" to organizational standards. CC ID 08417 | System hardening through configuration management | Configuration | |
| Configure the "User Access Logging Service" to organizational standards. CC ID 08418 | System hardening through configuration management | Configuration | |
| Configure the "Windows Internal Database VSS Writer" to organizational standards. CC ID 08423 | System hardening through configuration management | Configuration | |
| Configure the "Remote Desktop Services UserMode Port Redirector" to organizational standards. CC ID 08424 | System hardening through configuration management | Configuration | |
| Configure the "Remote Access Management service" to organizational standards. CC ID 08425 | System hardening through configuration management | Configuration | |
| Configure the "Data Deduplication Volume Shadow Copy Service" to organizational standards. CC ID 08428 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Remote Desktop Virtualization Service" to organizational standards. CC ID 08440 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Anti-spam Update" to organizational standards. CC ID 08442 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange System Attendant" to organizational standards. CC ID 08448 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange File Distribution" to organizational standards. CC ID 08449 | System hardening through configuration management | Configuration | |
| Configure the "Printer Extensions and Notifications" to organizational standards. CC ID 08451 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Key Distribution Service" to organizational standards. CC ID 08452 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft File Server Shadow Copy Agent Service" to organizational standards. CC ID 08455 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Address Book" to organizational standards. CC ID 08458 | System hardening through configuration management | Configuration | |
| Configure the "Data Deduplication Service" to organizational standards. CC ID 08459 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Active Directory Topology" to organizational standards. CC ID 08465 | System hardening through configuration management | Configuration | |
| Configure the "Windows Store Service (WSService)" to organizational standards. CC ID 08467 | System hardening through configuration management | Configuration | |
| Configure the "Local Session Manager" to organizational standards. CC ID 08468 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft iSCSI Software Target" to organizational standards. CC ID 08470 | System hardening through configuration management | Configuration | |
| Configure the "Network Connectivity Assistant" to organizational standards. CC ID 08474 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange IMAP4" to organizational standards. CC ID 08479 | System hardening through configuration management | Configuration | |
| Configure the "Distributed Scan Server service" to organizational standards. CC ID 08482 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Protected Service Host" to organizational standards. CC ID 08488 | System hardening through configuration management | Configuration | |
| Configure the "KDC Proxy Server service (KPS)" to organizational standards. CC ID 08497 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange RPC Client Access" to organizational standards. CC ID 08500 | System hardening through configuration management | Configuration | |
| Configure the "Hyper-V Volume Shadow Copy Requestor" to organizational standards. CC ID 08512 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Credential Service (Exchange 2010)" to organizational standards. CC ID 08514 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Throttling" to organizational standards. CC ID 08525 | System hardening through configuration management | Configuration | |
| Configure the "Spot Verifier" to organizational standards. CC ID 08538 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Mailbox Replication" to organizational standards. CC ID 08539 | System hardening through configuration management | Configuration | |
| Configure the "Terminal Services Session Broker" to organizational standards. CC ID 08586 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange Credential Service (Exchange 2007)" to organizational standards. CC ID 08590 | System hardening through configuration management | Configuration | |
| Configure the "Network News Transport Protocol (NNTP) service" setting to organizational standards. CC ID 10221 | System hardening through configuration management | Configuration | |
| Configure the "Telephony service" setting to organizational standards. CC ID 10223 | System hardening through configuration management | Configuration | |
| Configure the "ATI hotkey poller service" setting to organizational standards. CC ID 10237 | System hardening through configuration management | Configuration | |
| Configure the "IP Version 6 Helper service" setting to organizational standards. CC ID 10239 | System hardening through configuration management | Configuration | |
| Configure the "Client Service for Netware service" setting to organizational standards. CC ID 10240 | System hardening through configuration management | Configuration | |
| Configure the "Utility Manager service" setting to organizational standards. CC ID 10241 | System hardening through configuration management | Configuration | |
| Configure the "Remote Administration Service service" setting to organizational standards. CC ID 10242 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft POP3 Service service" setting to organizational standards. CC ID 10243 | System hardening through configuration management | Configuration | |
| Configure the "Windows System Resource Manager (WSRM) service" setting to organizational standards. CC ID 10244 | System hardening through configuration management | Configuration | |
| Configure the "Services for Unix Trivial FTP Daemon (TFTP) service" setting to organizational standards. CC ID 10245 | System hardening through configuration management | Configuration | |
| Configure the "Services for Unix Server for PCNFS service" setting to organizational standards. CC ID 10246 | System hardening through configuration management | Configuration | |
| Configure the "Print Server for Macintosh service" setting to organizational standards. CC ID 10249 | System hardening through configuration management | Configuration | |
| Configure the "Remote Installation Services service" setting to organizational standards. CC ID 10250 | System hardening through configuration management | Configuration | |
| Configure the "Remote Server Manager service" setting to organizational standards. CC ID 10251 | System hardening through configuration management | Configuration | |
| Configure the "Remote Server Monitor service" setting to organizational standards. CC ID 10252 | System hardening through configuration management | Configuration | |
| Configure the "Remote Storage Notification service" setting to organizational standards. CC ID 10253 | System hardening through configuration management | Configuration | |
| Configure the "Remote Storage Server service" setting to organizational standards. CC ID 10254 | System hardening through configuration management | Configuration | |
| Configure the "Windows Media Services service" setting to organizational standards. CC ID 10255 | System hardening through configuration management | Configuration | |
| Configure the "Web Element Manager service" setting to organizational standards. CC ID 10256 | System hardening through configuration management | Configuration | |
| Configure the "Infrared Monitor service service" setting to organizational standards. CC ID 10257 | System hardening through configuration management | Configuration | |
| Configure the "QoS Admission Control (RSVP) service" setting to organizational standards. CC ID 10258 | System hardening through configuration management | Configuration | |
| Configure the "Allow CredSSP authentication" setting for the "WinRM service" to organizational standards. CC ID 10715 | System hardening through configuration management | Configuration | |
| Configure the "Disallow Kerberos authentication" setting for the "WinRM service" to organizational standards. CC ID 10873 | System hardening through configuration management | Configuration | |
| Configure the "Disallow Negotiate authentication" setting for the "WinRM service" to organizational standards. CC ID 10876 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Federation Service" setting to organizational standards. CC ID 11278 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Internet File Association service" setting to organizational standards. CC ID 11284 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Smart Card Plug and Play service" setting to organizational standards. CC ID 11351 | System hardening through configuration management | Configuration | |
| Configure the "rsyncd service" setting to organizational standards. CC ID 11382 | System hardening through configuration management | Configuration | |
| Configure network protection settings to organizational standards. CC ID 07601 | System hardening through configuration management | Configuration | |
| Configure the "CNI" plugin to organizational standards. CC ID 14659 | System hardening through configuration management | Configuration | |
| Configure the "data-path-addr" argument to organizational standards. CC ID 14546 | System hardening through configuration management | Configuration | |
| Configure the "advertise-addr" argument to organizational standards. CC ID 14544 | System hardening through configuration management | Configuration | |
| Configure the "nftables" to organizational standards. CC ID 15320 | System hardening through configuration management | Configuration | |
| Configure the "iptables" to organizational standards. CC ID 14463 | System hardening through configuration management | Configuration | |
| Configure the "ip6tables" settings to organizational standards. CC ID 15322 | System hardening through configuration management | Configuration | |
| Configure the "insecure registries" to organizational standards. CC ID 14455 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" to organizational standards. CC ID 07602 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" to organizational standards. CC ID 07648 | System hardening through configuration management | Configuration | |
| Configure the "net-host" argument to organizational standards. CC ID 14529 | System hardening through configuration management | Configuration | |
| Configure the "firewalld" to organizational standards. CC ID 15321 | System hardening through configuration management | Configuration | |
| Configure the "network bridge" to organizational standards. CC ID 14501 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Firewall state" to organizational standards. CC ID 07667 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)" to organizational standards. CC ID 07680 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Outbound connections" to organizational standards. CC ID 07695 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." to organizational standards CC ID 07703 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" to organizational standards. CC ID 07733 | System hardening through configuration management | Configuration | |
| Configure the "publish" argument to organizational standards. CC ID 14500 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Inbound connections" to organizational standards. CC ID 07747 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Apply local firewall rules" to organizational standards. CC ID 07777 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers" to organizational standards. CC ID 07801 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Firewall state" to organizational standards. CC ID 07803 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Apply local connection security rules" to organizational standards. CC ID 07805 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Apply local firewall rules" to organizational standards. CC ID 07833 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Display a notification" to organizational standards. CC ID 07836 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Outbound connections" to organizational standards. CC ID 07839 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Apply local firewall rules" to organizational standards. CC ID 07850 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Inbound connections" to organizational standards. CC ID 07851 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Outbound connections" to organizational standards. CC ID 07858 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Firewall state" to organizational standards. CC ID 07861 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Display a notification" to organizational standards. CC ID 07868 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Inbound connections" to organizational standards. CC ID 07872 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Allow unicast response" to organizational standards. CC ID 07873 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Allow unicast response" to organizational standards. CC ID 07885 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Apply local connection security rules" to organizational standards. CC ID 07890 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Allow unicast response" to organizational standards. CC ID 07893 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Apply local connection security rules" to organizational standards. CC ID 07896 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Display a notification" to organizational standards. CC ID 07902 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Protect all network connections" to organizational standards. CC ID 08161 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Allow inbound UPnP framework exceptions" to organizational standards. CC ID 08170 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Allow local program exceptions" to organizational standards. CC ID 08173 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Do not allow exceptions" to organizational standards. CC ID 08184 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (DisableSavePassword) Prevent the dial-up password from being saved (recommended)" to organizational standards. CC ID 08208 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" to organizational standards. CC ID 08210 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Allow local port exceptions" to organizational standards. CC ID 08214 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Define inbound port exceptions" to organizational standards. CC ID 08215 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Prohibit unicast response to multicast or broadcast requests" to organizational standards. CC ID 08217 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Prohibit notifications" to organizational standards. CC ID 08249 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Allow inbound file and printer sharing exception" to organizational standards. CC ID 08275 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (TcpMaxConnectResponseRetransmissions) SYN-ACK retransmissions when a connection request is not acknowledged" to organizational standards. CC ID 08279 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Define inbound program exceptions" to organizational standards. CC ID 08282 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Allow ICMP exceptions" to organizational standards. CC ID 08289 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Allow inbound Remote Desktop exceptions" to organizational standards. CC ID 08295 | System hardening through configuration management | Configuration | |
| Configure the "Allow unencrypted traffic" to organizational standards. CC ID 08383 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Logging: Log successful connections" to organizational standards. CC ID 08466 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Logging: Size limit (KB)" to organizational standards. CC ID 08494 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Logging: Log successful connections" to organizational standards. CC ID 08544 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Logging: Name" to organizational standards. CC ID 08595 | System hardening through configuration management | Configuration | |
| Configure Account settings in accordance with organizational standards. CC ID 07603 | System hardening through configuration management | Configuration | |
| Configure the "Account lockout threshold" to organizational standards. CC ID 07604 | System hardening through configuration management | Configuration | |
| Configure the "Account lockout duration" to organizational standards. CC ID 07771 | System hardening through configuration management | Configuration | |
| Configure the "Reset account lockout counter after" to organizational standards. CC ID 07853 | System hardening through configuration management | Configuration | |
| Configure system integrity settings to organizational standards. CC ID 07605 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" to organizational standards. CC ID 07606 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" to organizational standards. CC ID 07642 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" to organizational standards. CC ID 07681 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" to organizational standards. CC ID 07690 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Only elevate executables that are signed and validated" to organizational standards. CC ID 07723 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Run all administrators in Admin Approval Mode" to organizational standards. CC ID 07726 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Do not require CTRL+ALT+DEL" to organizational standards. CC ID 07775 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" to organizational standards. CC ID 07800 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Detect application installations and prompt for elevation" to organizational standards. CC ID 07815 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" to organizational standards. CC ID 07834 | System hardening through configuration management | Configuration | |
| Configure the "User Account Control: Behavior of the elevation prompt for standard users" to organizational standards. CC ID 07874 | System hardening through configuration management | Configuration | |
| Configure the "Do not process the legacy run list" to organizational standards. CC ID 08167 | System hardening through configuration management | Configuration | |
| Configure the "Configure Automatic Updates" to organizational standards. CC ID 08192 | System hardening through configuration management | Configuration | |
| Configure the "Reschedule Automatic Updates scheduled installations" to organizational standards. CC ID 08195 | System hardening through configuration management | Configuration | |
| Configure the "No auto-restart with logged on users for scheduled automatic updates installations" to organizational standards. CC ID 08216 | System hardening through configuration management | Configuration | |
| Configure the "Specify intranet Microsoft update service location" to organizational standards. CC ID 08224 | System hardening through configuration management | Configuration | |
| Configure the "Devices: Unsigned driver installation behavior" to organizational standards. CC ID 08225 | System hardening through configuration management | Configuration | |
| Configure the "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" to organizational standards. CC ID 08281 | System hardening through configuration management | Configuration | |
| Configure the "Allow unmanaged devices" to organizational standards. CC ID 08391 | System hardening through configuration management | Configuration | |
| Configure the "Allow all trusted apps to install" to organizational standards. CC ID 08392 | System hardening through configuration management | Configuration | |
| Configure the "Turn on script execution" to organizational standards. CC ID 08411 | System hardening through configuration management | Configuration | |
| Configure the "Configure registry policy processing" to organizational standards. CC ID 08426 | System hardening through configuration management | Configuration | |
| Configure the "Specify the search server for device driver updates" to organizational standards. CC ID 08481 | System hardening through configuration management | Configuration | |
| Configure the "Configure Windows SmartScreen" to organizational standards. CC ID 08485 | System hardening through configuration management | Configuration | |
| Configure the "Detect compatibility issues for applications and drivers" to organizational standards. CC ID 08489 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Automatic Download of updates" to organizational standards. CC ID 08498 | System hardening through configuration management | Configuration | |
| Configure the "Allow deployment operations in special profiles" to organizational standards. CC ID 08529 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Data Execution Prevention for Explorer" to organizational standards. CC ID 08531 | System hardening through configuration management | Configuration | |
| Configure the "Specify settings for optional component installation and component repair" to organizational standards. CC ID 08550 | System hardening through configuration management | Configuration | |
| Configure the "Refresh interval" to organizational standards. CC ID 08559 | System hardening through configuration management | Configuration | |
| Configure the "Boot-Start Driver Initialization Policy" to organizational standards. CC ID 08571 | System hardening through configuration management | Configuration | |
| Configure the "Turn off the Store application" to organizational standards. CC ID 08596 | System hardening through configuration management | Configuration | |
| Configure the "Periodic Execution of File Integrity" setting to organizational standards. CC ID 09935 | System hardening through configuration management | Configuration | |
| Prohibit the use of binary code or machine code from sources with limited or no warranty absent the source code. CC ID 10681 | System hardening through configuration management | Configuration | |
| Do not allow processes to execute absent supervision. CC ID 10683 | System hardening through configuration management | Configuration | |
| Configure the "Disk Quota policy processing" setting to organizational standards. CC ID 10884 | System hardening through configuration management | Configuration | |
| Configure the "EFS recovery policy processing" setting to organizational standards. CC ID 10945 | System hardening through configuration management | Configuration | |
| Configure the "Enable disk quotas" setting to organizational standards. CC ID 10947 | System hardening through configuration management | Configuration | |
| Configure the "Folder Redirection policy processing" setting to organizational standards. CC ID 10972 | System hardening through configuration management | Configuration | |
| Configure the "Group Policy refresh interval for computers" setting to organizational standards. CC ID 10980 | System hardening through configuration management | Configuration | |
| Configure the "Group Policy refresh interval for domain controllers" setting to organizational standards. CC ID 10981 | System hardening through configuration management | Configuration | |
| Configure the "Internet Explorer Maintenance policy processing" setting to organizational standards. CC ID 10998 | System hardening through configuration management | Configuration | |
| Configure the "IP Security policy processing" setting to organizational standards. CC ID 10999 | System hardening through configuration management | Configuration | |
| Configure the "Leave Windows Installer and Group Policy Software Installation Data" setting to organizational standards. CC ID 11004 | System hardening through configuration management | Configuration | |
| Configure the "Maximum wait time for Group Policy scripts" setting to organizational standards. CC ID 11042 | System hardening through configuration management | Configuration | |
| Configure the "Scripts policy processing" setting to organizational standards. CC ID 11159 | System hardening through configuration management | Configuration | |
| Configure the "Security policy processing" setting to organizational standards. CC ID 11160 | System hardening through configuration management | Configuration | |
| Configure the "Software Installation policy processing" setting to organizational standards. CC ID 11206 | System hardening through configuration management | Configuration | |
| Configure the "Startup policy processing wait time" setting to organizational standards. CC ID 11229 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Local Group Policy objects processing" setting to organizational standards. CC ID 11286 | System hardening through configuration management | Configuration | |
| Configure the "User Group Policy loopback processing mode" setting to organizational standards. CC ID 11367 | System hardening through configuration management | Configuration | |
| Configure the "Wired policy processing" setting to organizational standards. CC ID 11373 | System hardening through configuration management | Configuration | |
| Configure the "Wireless policy processing" setting to organizational standards. CC ID 11374 | System hardening through configuration management | Configuration | |
| Configure Protocol Configuration settings to organizational standards. CC ID 07607 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds" to organizational standards. CC ID 07608 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network client: Send unencrypted password to third-party SMB servers" to organizational standards. CC ID 07623 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Remotely accessible registry paths and sub-paths" to organizational standards. CC ID 07632 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network server: Digitally sign communications (if client agrees)" to organizational standards. CC ID 07643 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Let Everyone permissions apply to anonymous users" to organizational standards. CC ID 07646 | System hardening through configuration management | Configuration | |
| Configure the "Network security: Allow LocalSystem NULL session fallback" to organizational standards. CC ID 07650 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" to organizational standards. CC ID 07682 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Do not allow storage of passwords and credentials for network authentication" to organizational standards. CC ID 07694 | System hardening through configuration management | Configuration | |
| Configure the "Network security: LAN Manager authentication level" to organizational standards. CC ID 07704 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" to organizational standards. CC ID 07705 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Sharing and security model for local accounts" to organizational standards. CC ID 07712 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to organizational standards. CC ID 07719 | System hardening through configuration management | Configuration | |
| Configure the "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" to organizational standards. CC ID 07721 | System hardening through configuration management | Configuration | |
| Configure the "Domain member: Digitally encrypt secure channel data (when possible)" to organizational standards. CC ID 07728 | System hardening through configuration management | Configuration | |
| Configure the "Network security: Do not store LAN Manager hash value on next password change" to organizational standards. CC ID 07732 | System hardening through configuration management | Configuration | |
| Configure the "Domain member: Require strong (Windows 2000 or later) session key" to organizational standards. CC ID 07741 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Shares that can be accessed anonymously" to organizational standards. CC ID 07748 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Allow anonymous SID/Name translation" to organizational standards. CC ID 07749 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network client: Digitally sign communications (if server agrees)" to organizational standards. CC ID 07750 | System hardening through configuration management | Configuration | |
| Configure the "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" to organizational standards. CC ID 07754 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network client: Digitally sign communications (always)" to organizational standards. CC ID 07759 | System hardening through configuration management | Configuration | |
| Configure the "Network security: LDAP client signing requirements" to organizational standards. CC ID 07760 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" to organizational standards. CC ID 07772 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" to organizational standards. CC ID 07773 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Restrict anonymous access to Named Pipes and Shares" to organizational standards. CC ID 07798 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication" to organizational standards. CC ID 07837 | System hardening through configuration management | Configuration | |
| Configure the "Domain controller: LDAP server signing requirements" to organizational standards. CC ID 07857 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Remotely accessible registry paths" to organizational standards. CC ID 07863 | System hardening through configuration management | Configuration | |
| Configure the "Set client connection encryption level" to organizational standards. CC ID 07881 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Allow inbound remote administration exception" to organizational standards. CC ID 08182 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" to organizational standards. CC ID 08198 | System hardening through configuration management | Configuration | |
| Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" to organizational standards CC ID 08200 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Internet download for Web publishing and online ordering wizards" to organizational standards. CC ID 08259 | System hardening through configuration management | Configuration | |
| Configure the "Maximum tolerance for computer clock synchronization" to organizational standards. CC ID 08260 | System hardening through configuration management | Configuration | |
| Configure the "Maximum lifetime for user ticket" to organizational standards. CC ID 08299 | System hardening through configuration management | Configuration | |
| Configure the "Maximum lifetime for service ticket" to organizational standards. CC ID 08301 | System hardening through configuration management | Configuration | |
| Configure the "Set IP Stateless Autoconfiguration Limits State" to organizational standards. CC ID 08348 | System hardening through configuration management | Configuration | |
| Configure the "Prohibit connection to non-domain networks when connected to domain authenticated network" to organizational standards. CC ID 08420 | System hardening through configuration management | Configuration | |
| Configure the "Restrict Unauthenticated RPC clients" to organizational standards. CC ID 08437 | System hardening through configuration management | Configuration | |
| Configure the "Enable RPC Endpoint Mapper Client Authentication" to organizational standards. CC ID 08526 | System hardening through configuration management | Configuration | |
| Configure the "Minimize the number of simultaneous connections to the Internet or a Windows Domain" to organizational standards. CC ID 08603 | System hardening through configuration management | Configuration | |
| Configure Logging settings in accordance with organizational standards. CC ID 07611 | System hardening through configuration management | Configuration | |
| Configure "CloudTrail" to organizational standards. CC ID 15443 | System hardening through configuration management | Configuration | |
| Configure "CloudTrail log file validation" to organizational standards. CC ID 15437 | System hardening through configuration management | Configuration | |
| Configure "VPC flow logging" to organizational standards. CC ID 15436 | System hardening through configuration management | Configuration | |
| Configure "object-level logging" to organizational standards. CC ID 15433 | System hardening through configuration management | Configuration | |
| Configure "Turn on PowerShell Transcription" to organizational standards. CC ID 15415 | System hardening through configuration management | Configuration | |
| Configure "Turn on PowerShell Script Block Logging" to organizational standards. CC ID 15413 | System hardening through configuration management | Configuration | |
| Configure "Audit PNP Activity" to organizational standards. CC ID 15393 | System hardening through configuration management | Configuration | |
| Configure "Include command line in process creation events" to organizational standards. CC ID 15358 | System hardening through configuration management | Configuration | |
| Configure "Audit Group Membership" to organizational standards. CC ID 15341 | System hardening through configuration management | Configuration | |
| Configure the "audit_backlog_limit" setting to organizational standards. CC ID 15324 | System hardening through configuration management | Configuration | |
| Configure the "systemd-journald" to organizational standards. CC ID 15326 | System hardening through configuration management | Configuration | |
| Provide the reference database used to verify input data in the logging capability. CC ID 15018 | System hardening through configuration management | Log Management | |
| Configure the storage parameters for all logs. CC ID 06330 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: SAM" to organizational standards. CC ID 07612 | System hardening through configuration management | Configuration | |
| Configure sufficient log storage capacity and prevent the capacity from being exceeded. CC ID 01425 | System hardening through configuration management | Configuration | |
| Configure the log retention method. CC ID 01715 | System hardening through configuration management | Configuration | |
| Configure the log retention size. CC ID 01716 | System hardening through configuration management | Configuration | |
| Configure syslogd to send logs to a Remote LogHost. CC ID 01526 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Management: User Account Management" to organizational standards. CC ID 07613 | System hardening through configuration management | Configuration | |
| Configure the security parameters for all logs. CC ID 01712 | System hardening through configuration management | Configuration | |
| Configure the log so that it cannot be disabled. CC ID 00595 | System hardening through configuration management | Configuration | |
| Configure the event log size capacity limits for the application log, the security log, and the system log. CC ID 01713 | System hardening through configuration management | Configuration | |
| Configure the application log, the security log, and the system log to restrict guest access. CC ID 01714 | System hardening through configuration management | Configuration | |
| Configure the "mss: (warninglevel) percentage threshold for the security event log at which the system will generate a warning" setting. CC ID 04275 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: System: System Integrity" to organizational standards. CC ID 07652 | System hardening through configuration management | Configuration | |
| Configure the detailed data elements to be captured for all logs so that events are identified by type, location, subject, user, what data was accessed, etc. CC ID 06331 | System hardening through configuration management | Configuration | |
| Configure the log to capture the user's identification. CC ID 01334 | System hardening through configuration management | Configuration | |
| Configure the log to capture a date and time stamp. CC ID 01336 | System hardening through configuration management | Configuration | |
| Configure the log to uniquely identify each asset. CC ID 01339 | System hardening through configuration management | Configuration | |
| Configure the log to capture the type of each event. CC ID 06423 | System hardening through configuration management | Configuration | |
| Configure the log to capture each event's success or failure indication. CC ID 06424 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: File Share" to organizational standards. CC ID 07655 | System hardening through configuration management | Configuration | |
| Configure all logs to capture auditable events or actionable events. CC ID 06332 | System hardening through configuration management | Configuration | |
| Configure the log to capture the amount of data uploaded and downloaded. CC ID 16494 | System hardening through configuration management | Log Management | |
| Configure the log to capture startups and shutdowns. CC ID 16491 | System hardening through configuration management | Log Management | |
| Configure the log to capture user queries and searches. CC ID 16479 | System hardening through configuration management | Log Management | |
| Configure the log to capture Internet Protocol addresses. CC ID 16495 | System hardening through configuration management | Log Management | |
| Configure the log to capture error messages. CC ID 16477 | System hardening through configuration management | Log Management | |
| Configure the log to capture system failures. CC ID 16475 | System hardening through configuration management | Log Management | |
| Configure the log to capture account lockouts. CC ID 16470 | System hardening through configuration management | Configuration | |
| Configure the log to capture execution events. CC ID 16469 | System hardening through configuration management | Configuration | |
| Configure the log to capture AWS Organizations changes. CC ID 15445 | System hardening through configuration management | Configuration | |
| Configure the log to capture Identity and Access Management policy changes. CC ID 15442 | System hardening through configuration management | Configuration | |
| Configure the log to capture management console sign-in without multi-factor authentication. CC ID 15441 | System hardening through configuration management | Configuration | |
| Configure the log to capture route table changes. CC ID 15439 | System hardening through configuration management | Configuration | |
| Configure the log to capture virtual private cloud changes. CC ID 15435 | System hardening through configuration management | Configuration | |
| Configure the log to capture changes to encryption keys. CC ID 15432 | System hardening through configuration management | Configuration | |
| Configure the log to capture unauthorized API calls. CC ID 15429 | System hardening through configuration management | Configuration | |
| Configure the log to capture changes to network gateways. CC ID 15421 | System hardening through configuration management | Configuration | |
| Configure the log to capture all spoofed addresses. CC ID 01313 | System hardening through configuration management | Configuration | |
| Configure inetd tracing. CC ID 01523 | System hardening through configuration management | Configuration | |
| Configure the system to capture messages sent to the syslog AUTH facility. CC ID 01525 | System hardening through configuration management | Configuration | |
| Configure Cron logging. CC ID 01528 | System hardening through configuration management | Configuration | |
| Configure the kernel level auditing setting. CC ID 01530 | System hardening through configuration management | Configuration | |
| Configure the "audit successful file system mounts" setting to organizational standards. CC ID 09923 | System hardening through configuration management | Configuration | |
| Configure system accounting/system events. CC ID 01529 | System hardening through configuration management | Configuration | |
| Configure the privilege use auditing setting. CC ID 01699 | System hardening through configuration management | Configuration | |
| Configure the log to record the Denial of Access that results from an excessive number of unsuccessful logon attempts. CC ID 01919 | System hardening through configuration management | Configuration | |
| Configure the Audit Process Tracking setting. CC ID 01700 | System hardening through configuration management | Configuration | |
| Configure the EEPROM security-mode accesses and EEPROM log-failed accesses. CC ID 01575 | System hardening through configuration management | Configuration | |
| Configure the log to capture user identifier, address, port blocking or blacklisting. CC ID 01918 | System hardening through configuration management | Configuration | |
| Enable directory service access events, as appropriate. CC ID 05616 | System hardening through configuration management | Configuration | |
| Configure the log to capture failed transactions. CC ID 06334 | System hardening through configuration management | Configuration | |
| Configure the log to capture successful transactions. CC ID 06335 | System hardening through configuration management | Configuration | |
| Audit non attributable events (na class). CC ID 05604 | System hardening through configuration management | Configuration | |
| Configure the log to capture configuration changes. CC ID 06881 | System hardening through configuration management | Configuration | |
| Log, monitor, and review all changes to time settings on critical systems. CC ID 11608 | System hardening through configuration management | Configuration | |
| Configure the log to capture user account additions, modifications, and deletions. CC ID 16482 | System hardening through configuration management | Log Management | |
| Configure the log to capture all changes to certificates. CC ID 05595 | System hardening through configuration management | Configuration | |
| Configure the "inetd logging" setting to organizational standards. CC ID 08970 | System hardening through configuration management | Configuration | |
| Configure the "audit sudoers" setting to organizational standards. CC ID 09950 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Registry" to organizational standards. CC ID 07658 | System hardening through configuration management | Configuration | |
| Configure the event log settings for specific Operating System functions. CC ID 06337 | System hardening through configuration management | Configuration | |
| Configure the "Audit: Audit the use of Backup and Restore privilege" setting. CC ID 01724 | System hardening through configuration management | Configuration | |
| Configure the "Audit: Shut down the system immediately if unable to log security audits" setting. CC ID 01725 | System hardening through configuration management | Configuration | |
| Configure "Audit account management" to organizational standards. CC ID 02039 | System hardening through configuration management | Configuration | |
| Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later)" setting. CC ID 04387 | System hardening through configuration management | Configuration | |
| Configure console logging. CC ID 04454 | System hardening through configuration management | Configuration | |
| Configure boot error logging. CC ID 04455 | System hardening through configuration management | Configuration | |
| Disable the "Audit password" setting in NetWare. CC ID 04456 | System hardening through configuration management | Configuration | |
| Configure the "Disable Logging" setting. CC ID 05590 | System hardening through configuration management | Configuration | |
| Enable BIN mode auditing. CC ID 05591 | System hardening through configuration management | Configuration | |
| Enable or disable the BSM auditing setting, as appropriate. CC ID 05592 | System hardening through configuration management | Configuration | |
| Set the X server audit level appropriately. CC ID 05600 | System hardening through configuration management | Configuration | |
| Configure the "Turn on session logging" properly. CC ID 05618 | System hardening through configuration management | Configuration | |
| Configure Sendmail with the appropriate logging levels. CC ID 06028 | System hardening through configuration management | Configuration | |
| Enable or disable auditing in the runcontrol scripts, as appropriate. CC ID 06029 | System hardening through configuration management | Configuration | |
| Enable or disable auditing for user accounts, as appropriate. CC ID 06030 | System hardening through configuration management | Configuration | |
| Enable or disable auditing at boot time, as appropriate. CC ID 06031 | System hardening through configuration management | Configuration | |
| Enable or disable the auditing of chgrp usage, as appropriate. CC ID 06033 | System hardening through configuration management | Configuration | |
| Enable or disable the auditing of mkgroup usage, as appropriate. CC ID 06034 | System hardening through configuration management | Configuration | |
| Enable or disable the auditing of rmgroup usage, as appropriate. CC ID 06035 | System hardening through configuration management | Configuration | |
| Enable or disable the auditing of the exit function, as appropriate. CC ID 06036 | System hardening through configuration management | Configuration | |
| Generate an alert when an audit log failure occurs. CC ID 06737 | System hardening through configuration management | Configuration | |
| Configure additional log settings. CC ID 06333 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: Logoff" to organizational standards. CC ID 07662 | System hardening through configuration management | Configuration | |
| Configure additional logging for the FTP daemon. CC ID 01524 | System hardening through configuration management | Configuration | |
| Configure the log to send alerts for each auditable events success or failure. CC ID 01337 | System hardening through configuration management | Log Management | |
| Configure the "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" to organizational standards. CC ID 07664 | System hardening through configuration management | Configuration | |
| Configure additional log file parameters appropriately. CC ID 06338 | System hardening through configuration management | Configuration | |
| Create the /var/adm/loginlog file. CC ID 01527 | System hardening through configuration management | Configuration | |
| Verify the audit config file contains only accounts that should be present. CC ID 05594 | System hardening through configuration management | Configuration | |
| Specify the PRI audit file properly. CC ID 05597 | System hardening through configuration management | Configuration | |
| Specify the SEC audit file properly. CC ID 05598 | System hardening through configuration management | Configuration | |
| Verify the user audit file contains the appropriate never-audit flags. CC ID 05605 | System hardening through configuration management | Configuration | |
| Configure the "Background upload of a roaming user profile's registry file while user is logged on" setting to organizational standards. CC ID 10761 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: File System" to organizational standards. CC ID 07666 | System hardening through configuration management | Configuration | |
| Configure the "Backup log automatically when full" setting for the "setup log" to organizational standards. CC ID 10762 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: Logon" to organizational standards. CC ID 07669 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Logon: Kerberos Authentication Service" to organizational standards. CC ID 07679 | System hardening through configuration management | Configuration | |
| Configure the "Applications preference logging and tracing" setting to organizational standards. CC ID 10774 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Extended Mode" to organizational standards. CC ID 07683 | System hardening through configuration management | Configuration | |
| Configure the "Data Sources preference logging and tracing" setting to organizational standards. CC ID 10779 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Handle Manipulation" to organizational standards. CC ID 07684 | System hardening through configuration management | Configuration | |
| Configure the "Devices preference logging and tracing" setting to organizational standards. CC ID 10782 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Detailed File Share" to organizational standards. CC ID 07687 | System hardening through configuration management | Configuration | |
| Configure the "Drive Maps preference logging and tracing" setting to organizational standards. CC ID 10783 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: Network Policy Server" to organizational standards. CC ID 07701 | System hardening through configuration management | Configuration | |
| Configure the "Environment preference logging and tracing" setting to organizational standards. CC ID 10784 | System hardening through configuration management | Configuration | |
| Configure the "Files preference logging and tracing" setting to organizational standards. CC ID 10785 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Detailed Tracking: Process Creation" to organizational standards. CC ID 07707 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: System: IPsec Driver" to organizational standards. CC ID 07708 | System hardening through configuration management | Configuration | |
| Configure the "Folder Options preference logging and tracing" setting to organizational standards. CC ID 10786 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: Account Lockout" to organizational standards. CC ID 07713 | System hardening through configuration management | Configuration | |
| Configure the "Folders preference logging and tracing" setting to organizational standards. CC ID 10787 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Kernel Object" to organizational standards. CC ID 07720 | System hardening through configuration management | Configuration | |
| Configure the "Ini Files preference logging and tracing" setting to organizational standards. CC ID 10788 | System hardening through configuration management | Configuration | |
| Configure the "Internet Settings preference logging and tracing" setting to organizational standards. CC ID 10789 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Other Object Access Events" to organizational standards. CC ID 07724 | System hardening through configuration management | Configuration | |
| Configure the "Local Users and Groups preference logging and tracing" setting to organizational standards. CC ID 10793 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: DS Access: Directory Service Replication" to organizational standards. CC ID 07734 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Policy Change: Audit Policy Change" to organizational standards. CC ID 07735 | System hardening through configuration management | Configuration | |
| Configure the "Regional Options preference logging and tracing" setting to organizational standards. CC ID 10802 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: DS Access: Directory Service Changes" to organizational standards. CC ID 07736 | System hardening through configuration management | Configuration | |
| Configure the "Registry preference logging and tracing" setting to organizational standards. CC ID 10803 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Certification Services" to organizational standards. CC ID 07742 | System hardening through configuration management | Configuration | |
| Configure the "Scheduled Tasks preference logging and tracing" setting to organizational standards. CC ID 10815 | System hardening through configuration management | Configuration | |
| Configure the "Maximum Log Size (KB)" to organizational standards. CC ID 07744 | System hardening through configuration management | Configuration | |
| Configure the "Services preference logging and tracing" setting to organizational standards. CC ID 10818 | System hardening through configuration management | Configuration | |
| Configure the "Shortcuts preference logging and tracing" setting to organizational standards. CC ID 10819 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Detailed Tracking: DPAPI Activity" to organizational standards. CC ID 07746 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Management: Other Account Management Events" to organizational standards. CC ID 07751 | System hardening through configuration management | Configuration | |
| Configure the "Start Menu preference logging and tracing" setting to organizational standards. CC ID 10821 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Management: Computer Account Management" to organizational standards. CC ID 07752 | System hardening through configuration management | Configuration | |
| Configure the "Delete data from devices running Microsoft firmware when a user logs off from the computer." setting to organizational standards. CC ID 10846 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Privilege Use: Non Sensitive Privilege Use" to organizational standards. CC ID 07756 | System hardening through configuration management | Configuration | |
| Configure the "Disable logging via package settings" setting to organizational standards. CC ID 10864 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Application Generated" to organizational standards. CC ID 07757 | System hardening through configuration management | Configuration | |
| Configure the "Do not forcefully unload the users registry at user logoff" setting to organizational standards. CC ID 10930 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: DS Access: Detailed Directory Service Replication" to organizational standards. CC ID 07764 | System hardening through configuration management | Configuration | |
| Configure the "Do not log users on with temporary profiles" setting to organizational standards. CC ID 10931 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Privilege Use: Other Privilege Use Events" to organizational standards. CC ID 07776 | System hardening through configuration management | Configuration | |
| Configure the "Log Access" setting for the "application log" to organizational standards. CC ID 11026 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Logon: Kerberos Service Ticket Operations" to organizational standards. CC ID 07786 | System hardening through configuration management | Configuration | |
| Configure the "Log Access" setting for the "setup log" to organizational standards. CC ID 11027 | System hardening through configuration management | Configuration | |
| Configure the "Log Access" setting for the "system log" to organizational standards. CC ID 11028 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: DS Access: Directory Service Access" to organizational standards. CC ID 07790 | System hardening through configuration management | Configuration | |
| Configure the "Retain old events" to organizational standards. CC ID 07791 | System hardening through configuration management | Configuration | |
| Configure the "Log directory pruning retry events" setting to organizational standards. CC ID 11029 | System hardening through configuration management | Configuration | |
| Configure the "Audit: Audit the use of Backup and Restore privilege" to organizational standards. CC ID 07792 | System hardening through configuration management | Configuration | |
| Configure the "Log event when quota limit exceeded" setting to organizational standards. CC ID 11030 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change" to organizational standards. CC ID 07793 | System hardening through configuration management | Configuration | |
| Configure the "Log File Path" setting for the "application log" to organizational standards. CC ID 11033 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Policy Change: Other Policy Change Events" to organizational standards. CC ID 07810 | System hardening through configuration management | Configuration | |
| Configure the "Log File Path" setting for the "setup log" to organizational standards. CC ID 11034 | System hardening through configuration management | Configuration | |
| Configure the "Audit: Shut down system immediately if unable to log security audits" to organizational standards. CC ID 07812 | System hardening through configuration management | Configuration | |
| Configure the "Log File Path" setting for the "system log" to organizational standards. CC ID 11035 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: System: Other System Events" to organizational standards. CC ID 07817 | System hardening through configuration management | Configuration | |
| Configure the "Logging" setting to organizational standards. CC ID 11036 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Management: Application Group Management" to organizational standards. CC ID 07819 | System hardening through configuration management | Configuration | |
| Configure the "Remove "Disconnect" option from Shut Down dialog" setting to organizational standards. CC ID 11126 | System hardening through configuration management | Configuration | |
| Configure the "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning" to organizational standards. CC ID 07820 | System hardening through configuration management | Configuration | |
| Configure the "Remove browse dialog box for new source" setting to organizational standards. CC ID 11127 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Logon: Other Account Logon Events" to organizational standards. CC ID 07825 | System hardening through configuration management | Configuration | |
| Configure the "Restricts the UI language Windows uses for all logged users" setting to organizational standards. CC ID 11147 | System hardening through configuration management | Configuration | |
| Configure the "Set roaming profile path for all users logging onto this computer" setting to organizational standards. CC ID 11182 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Management: Distribution Group Management" to organizational standards. CC ID 07828 | System hardening through configuration management | Configuration | |
| Configure the "Audit: Audit the access of global system objects" to organizational standards. CC ID 07831 | System hardening through configuration management | Configuration | |
| Configure the "Set the Time interval in minutes for logging accounting data" setting to organizational standards. CC ID 11193 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Resultant Set of Policy logging" setting to organizational standards. CC ID 11307 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: Special Logon" to organizational standards. CC ID 07835 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Detailed Tracking: RPC Events" to organizational standards. CC ID 07840 | System hardening through configuration management | Configuration | |
| Configure the "Turn on extensive logging for Active Directory Domain Services domain controllers that are running Server for NIS" setting to organizational standards. CC ID 11343 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Policy Change: Authentication Policy Change" to organizational standards. CC ID 07846 | System hardening through configuration management | Configuration | |
| Configure the "Turn on extensive logging for Password Synchronization" setting to organizational standards. CC ID 11344 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Detailed Tracking: Process Termination" to organizational standards. CC ID 07849 | System hardening through configuration management | Configuration | |
| Configure the "Turn on logging" setting to organizational standards. CC ID 11345 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Quick Mode" to organizational standards. CC ID 07852 | System hardening through configuration management | Configuration | |
| Configure the "Turn on session logging" setting to organizational standards. CC ID 11350 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Filtering Platform Packet Drop" to organizational standards. CC ID 07856 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Filtering Platform Connection" to organizational standards. CC ID 07864 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Policy Change: Authorization Policy Change" to organizational standards. CC ID 07875 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Management: Security Group Management" to organizational standards. CC ID 07880 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Privilege Use: Sensitive Privilege Use" to organizational standards. CC ID 07887 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: IPsec Main Mode" to organizational standards. CC ID 07888 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Account Logon: Credential Validation" to organizational standards. CC ID 07892 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Policy Change: Filtering Platform Policy Change" to organizational standards. CC ID 07895 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Logon-Logoff: Other Logon/Logoff Events" to organizational standards. CC ID 07899 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: System: Security State Change" to organizational standards. CC ID 07903 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: System: Security System Extension" to organizational standards. CC ID 07904 | System hardening through configuration management | Configuration | |
| Configure the "Audit account logon events" to organizational standards. CC ID 08188 | System hardening through configuration management | Configuration | |
| Configure the "Retention method for security log" to organizational standards. CC ID 08197 | System hardening through configuration management | Configuration | |
| Configure the "Retention method for system log" to organizational standards. CC ID 08211 | System hardening through configuration management | Configuration | |
| Configure the "Audit logon events" to organizational standards. CC ID 08221 | System hardening through configuration management | Configuration | |
| Configure the "Retention method for application log" to organizational standards. CC ID 08226 | System hardening through configuration management | Configuration | |
| Configure the "Retain security log" to organizational standards. CC ID 08241 | System hardening through configuration management | Configuration | |
| Configure the "Audit system events" to organizational standards. CC ID 08244 | System hardening through configuration management | Configuration | |
| Configure the "Retain application log" to organizational standards. CC ID 08246 | System hardening through configuration management | Configuration | |
| Configure the "Prevent local guests group from accessing application log" to organizational standards. CC ID 08248 | System hardening through configuration management | Configuration | |
| Configure the "Maximum security log size" to organizational standards. CC ID 08251 | System hardening through configuration management | Configuration | |
| Configure the "Retain system log" to organizational standards. CC ID 08258 | System hardening through configuration management | Configuration | |
| Configure the "Audit privilege use" to organizational standards. CC ID 08266 | System hardening through configuration management | Configuration | |
| Configure the "Audit policy change" to organizational standards. CC ID 08272 | System hardening through configuration management | Configuration | |
| Configure the "Audit object access" to organizational standards. CC ID 08278 | System hardening through configuration management | Configuration | |
| Configure the "Audit process tracking" to organizational standards. CC ID 08283 | System hardening through configuration management | Configuration | |
| Configure the "Maximum system log size" to organizational standards. CC ID 08286 | System hardening through configuration management | Configuration | |
| Configure the "Maximum application log size" to organizational standards. CC ID 08296 | System hardening through configuration management | Configuration | |
| Configure the "Prevent local guests group from accessing security log" to organizational standards. CC ID 08297 | System hardening through configuration management | Configuration | |
| Configure the "Audit directory service access" to organizational standards. CC ID 08304 | System hardening through configuration management | Configuration | |
| Configure the "Audit account management" to organizational standards. CC ID 08316 | System hardening through configuration management | Configuration | |
| Configure the "Prevent local guests group from accessing system log" to organizational standards. CC ID 08336 | System hardening through configuration management | Configuration | |
| Configure the "Specify the maximum log file size (KB)" to organizational standards. CC ID 08352 | System hardening through configuration management | Configuration | |
| Configure the "Message tracking logging - Mailbox" to organizational standards. CC ID 08360 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Connectivity logging" to organizational standards. CC ID 08398 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Logging: Size limit (KB)" to organizational standards. CC ID 08405 | System hardening through configuration management | Configuration | |
| Configure the "Control Event Log behavior when the log file reaches its maximum size" to organizational standards. CC ID 08444 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Logging: Log dropped packets" to organizational standards. CC ID 08445 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Logging: Log dropped packets" to organizational standards. CC ID 08454 | System hardening through configuration management | Configuration | |
| Configure the "Configure Protocol logging" to organizational standards. CC ID 08463 | System hardening through configuration management | Configuration | |
| Configure the "Message tracking logging - Transport" to organizational standards. CC ID 08477 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Logging: Log dropped packets" to organizational standards. CC ID 08501 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Removable Storage" to organizational standards. CC ID 08504 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Domain: Logging: Name" to organizational standards. CC ID 08543 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Logging: Log successful connections" to organizational standards. CC ID 08545 | System hardening through configuration management | Configuration | |
| Configure the "Audit Policy: Object Access: Central Access Policy Staging" to organizational standards. CC ID 08558 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Public: Logging: Name" to organizational standards. CC ID 08565 | System hardening through configuration management | Configuration | |
| Configure the "Windows Firewall: Private: Logging: Size limit (KB)" to organizational standards. CC ID 08606 | System hardening through configuration management | Configuration | |
| Configure the "kernel arguments" setting for "auditing early in the boot process" to organizational standards. CC ID 08749 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record date and time modification events" setting for "auditing" to organizational standards. CC ID 08750 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record user/group information modification events" setting for "auditing" to organizational standards. CC ID 08751 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record changes to the system network environment" setting for "auditing" to organizational standards. CC ID 08752 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record changes to the system's mandatory access controls" setting for "auditing" to organizational standards. CC ID 08753 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record logon and logout events" setting for "auditing" to organizational standards. CC ID 08754 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record process and session initiation events" setting for "auditing" to organizational standards. CC ID 08755 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record changes to discretionary access control permissions" setting for "auditing" to organizational standards. CC ID 08756 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record unauthorized attempts to access files" setting for "auditing" to organizational standards. CC ID 08757 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record use of privileged commands" setting for "auditing" to organizational standards. CC ID 08758 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record data export to media events" setting for "auditing" to organizational standards. CC ID 08759 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record file and program deletion events" setting for "auditing" to organizational standards. CC ID 08760 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record administrator and security personnel action events" setting for "auditing" to organizational standards. CC ID 08761 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "record kernel module loading and unloading events" setting for "auditing" to organizational standards. CC ID 08762 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Ensure auditd configuration is immutable" setting for "auditing" to organizational standards. CC ID 08763 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "audit file ownership changes" setting to organizational standards. CC ID 08966 | System hardening through configuration management | Audits and Risk Management | |
| Configure the "audit change user functions" setting to organizational standards. CC ID 08982 | System hardening through configuration management | Configuration | |
| Configure the "audit the use of chmod command" setting to organizational standards. CC ID 08983 | System hardening through configuration management | Configuration | |
| Configure the "audit the chown command" setting to organizational standards. CC ID 08984 | System hardening through configuration management | Configuration | |
| Configure the "Collect Session Initiation Information" setting to organizational standards. CC ID 09948 | System hardening through configuration management | Configuration | |
| Configure the "Collect Discretionary Access Control Permission Modification Events" setting to organizational standards. CC ID 09949 | System hardening through configuration management | Configuration | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Fault Tolerant Heap" to organizational standards. CC ID 10808 | System hardening through configuration management | Configuration | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Boot Performance Diagnostics" to organizational standards. CC ID 10809 | System hardening through configuration management | Configuration | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Memory Leak Diagnosis" to organizational standards. CC ID 10810 | System hardening through configuration management | Configuration | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Resource Exhaustion Detection and Resolution" to organizational standards. CC ID 10811 | System hardening through configuration management | Configuration | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Shutdown Performance Diagnostics" to organizational standards. CC ID 10812 | System hardening through configuration management | Configuration | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows Standby/Resume Performance Diagnostics" to organizational standards. CC ID 10813 | System hardening through configuration management | Configuration | |
| Configure the "Scenario Execution Level" setting for "Diagnostic Policy Service (DPS)" for "Windows System Responsiveness Diagnostics" to organizational standards. CC ID 10814 | System hardening through configuration management | Configuration | |
| Configure the "Default quota limit and warning level" setting to organizational standards. CC ID 10840 | System hardening through configuration management | Configuration | |
| Configure the "Detect application failures caused by deprecated COM objects" setting to organizational standards. CC ID 10851 | System hardening through configuration management | Configuration | |
| Configure the "Detect application failures caused by deprecated Windows DLLs" setting to organizational standards. CC ID 10852 | System hardening through configuration management | Configuration | |
| Configure the "Detect application install failures" setting to organizational standards. CC ID 10853 | System hardening through configuration management | Configuration | |
| Configure the "Detect application installers that need to be run as administrator" setting to organizational standards. CC ID 10854 | System hardening through configuration management | Configuration | |
| Configure the "Detect applications unable to launch installers under UAC" setting to organizational standards. CC ID 10855 | System hardening through configuration management | Configuration | |
| Configure the "Diagnostics: Configure scenario execution level" setting to organizational standards. CC ID 10856 | System hardening through configuration management | Configuration | |
| Configure the "Disk Diagnostic: Configure execution level" setting to organizational standards. CC ID 10883 | System hardening through configuration management | Configuration | |
| Configure the "Log event when quota warning level exceeded" setting to organizational standards. CC ID 11031 | System hardening through configuration management | Configuration | |
| Configure the "Log File Debug Output Level" setting to organizational standards. CC ID 11032 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Support Diagnostic Tool: Configure execution level" setting to organizational standards. CC ID 11043 | System hardening through configuration management | Configuration | |
| Configure the "Primary DNS Suffix Devolution Level" setting to organizational standards. CC ID 11096 | System hardening through configuration management | Configuration | |
| Configure the "Require user authentication for remote connections by using Network Level Authentication" setting to organizational standards. CC ID 11138 | System hardening through configuration management | Configuration | |
| Configure the "Specify channel binding token hardening level" setting to organizational standards. CC ID 11209 | System hardening through configuration management | Configuration | |
| Configure the "Update Security Level" setting to organizational standards. CC ID 11357 | System hardening through configuration management | Configuration | |
| Configure the "Update Top Level Domain Zones" setting to organizational standards. CC ID 11358 | System hardening through configuration management | Configuration | |
| Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards. CC ID 07621 | System hardening through configuration management | Configuration | |
| Configure Kerberos pre-authentication to organizational standards. CC ID 16480 | System hardening through configuration management | Configuration | |
| Configure time-based user access restrictions in accordance with organizational standards. CC ID 16436 | System hardening through configuration management | Configuration | |
| Configure "MFA Delete" to organizational standards. CC ID 15430 | System hardening through configuration management | Configuration | |
| Configure Identity and Access Management policies to organizational standards. CC ID 15422 | System hardening through configuration management | Configuration | |
| Configure the Identity and Access Management Access analyzer to organizational standards. CC ID 15420 | System hardening through configuration management | Configuration | |
| Configure "Support device authentication using certificate" to organizational standards. CC ID 15410 | System hardening through configuration management | Configuration | |
| Install LAPS AdmPwd GPO Extension, as necessary. CC ID 15409 | System hardening through configuration management | Configuration | |
| Configure "Require pin for pairing" to organizational standards. CC ID 15395 | System hardening through configuration management | Configuration | |
| Configure "Do not allow password expiration time longer than required by policy" to organizational standards. CC ID 15390 | System hardening through configuration management | Configuration | |
| Configure "Enable Local Admin Password Management" to organizational standards. CC ID 15387 | System hardening through configuration management | Configuration | |
| Configure "Allow Microsoft accounts to be optional" to organizational standards. CC ID 15368 | System hardening through configuration management | Configuration | |
| Configure "Turn off picture password sign-in" to organizational standards. CC ID 15347 | System hardening through configuration management | Configuration | |
| Configure "Enable insecure guest logons" to organizational standards. CC ID 15344 | System hardening through configuration management | Configuration | |
| Configure the "cert-expiry" argument to organizational standards. CC ID 14541 | System hardening through configuration management | Configuration | |
| Configure "client certificate authentication" to organizational standards. CC ID 14608 | System hardening through configuration management | Configuration | |
| Configure the "client certificate bundles" to organizational standards. CC ID 14518 | System hardening through configuration management | Configuration | |
| Configure the "external-server-cert" argument to organizational standards. CC ID 14522 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Restrict NTLM: Incoming NTLM traffic" to organizational standards. CC ID 07622 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Allow PKU2U authentication requests to this computer to use online identities" to organizational standards. CC ID 07638 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Require Domain Controller authentication to unlock workstation" to organizational standards. CC ID 07639 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers" to organizational standards. CC ID 07663 | System hardening through configuration management | Configuration | |
| Configure the "Maximum password age" to organizational standards. CC ID 07688 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Restrict NTLM: Add server exceptions in this domain" to organizational standards. CC ID 07693 | System hardening through configuration management | Configuration | |
| Configure "Accounts: Limit local account use of blank passwords to console logon only" to organizational standards. CC ID 07697 | System hardening through configuration management | Configuration | |
| Configure the "Minimum password length" to organizational standards. CC ID 07711 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network server: Server SPN target name validation level" to organizational standards. CC ID 07714 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" to organizational standards. CC ID 07730 | System hardening through configuration management | Configuration | |
| Configure the "Domain member: Maximum machine account password age" to organizational standards. CC ID 07737 | System hardening through configuration management | Configuration | |
| Configure the "Password must meet complexity requirements" to organizational standards. CC ID 07743 | System hardening through configuration management | Configuration | |
| Configure the "Service Account Tokens" to organizational standards. CC ID 14646 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Require smart card" to organizational standards. CC ID 07753 | System hardening through configuration management | Configuration | |
| Configure the "System cryptography: Force strong key protection for user keys stored on the computer" to organizational standards. CC ID 07763 | System hardening through configuration management | Configuration | |
| Configure the "rotate" argument to organizational standards. CC ID 14548 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Restrict NTLM: Audit NTLM authentication in this domain" to organizational standards. CC ID 07769 | System hardening through configuration management | Configuration | |
| Configure the "Domain controller: Refuse machine account password changes" to organizational standards. CC ID 07827 | System hardening through configuration management | Configuration | |
| Configure the "Store passwords using reversible encryption" to organizational standards. CC ID 07829 | System hardening through configuration management | Configuration | |
| Configure the "Network security: Allow Local System to use computer identity for NTLM" to organizational standards. CC ID 07830 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Prompt user to change password before expiration" to organizational standards. CC ID 07844 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Restrict NTLM: NTLM authentication in this domain" to organizational standards. CC ID 07859 | System hardening through configuration management | Configuration | |
| Configure the "Enforce password history" to organizational standards. CC ID 07877 | System hardening through configuration management | Configuration | |
| Configure the "Domain member: Disable machine account password changes" to organizational standards. CC ID 07883 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Smart card removal behavior" to organizational standards. CC ID 07884 | System hardening through configuration management | Configuration | |
| Configure the "Logon options" to organizational standards. CC ID 07917 | System hardening through configuration management | Configuration | |
| Configure the "Prevent ignoring certificate errors" to organizational standards. CC ID 07924 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Encryption Support" to organizational standards. CC ID 08028 | System hardening through configuration management | Configuration | |
| Configure the "Disable changing certificate settings" to organizational standards. CC ID 08042 | System hardening through configuration management | Configuration | |
| Configure the "Check for server certificate revocation" to organizational standards. CC ID 08120 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow passwords to be saved" to organizational standards. CC ID 08178 | System hardening through configuration management | Configuration | |
| Configure the "RPC Endpoint Mapper Client Authentication" to organizational standards. CC ID 08202 | System hardening through configuration management | Configuration | |
| Configure the "Restrictions for Unauthenticated RPC clients" to organizational standards. CC ID 08240 | System hardening through configuration management | Configuration | |
| Configure the "Maximum lifetime for user ticket renewal" to organizational standards. CC ID 08257 | System hardening through configuration management | Configuration | |
| Configure the "System objects: Default owner for objects created by members of the Administrators group" to organizational standards. CC ID 08269 | System hardening through configuration management | Configuration | |
| Configure the "Enforce user logon restrictions" to organizational standards. CC ID 08274 | System hardening through configuration management | Configuration | |
| Configure the "Require a Password When a Computer Wakes (Plugged In)" to organizational standards. CC ID 08404 | System hardening through configuration management | Configuration | |
| Configure the "Configure login authentication for POP3" to organizational standards. CC ID 08413 | System hardening through configuration management | Configuration | |
| Configure the "Turn on PIN sign-in" to organizational standards. CC ID 08415 | System hardening through configuration management | Configuration | |
| Configure the "Interactive logon: Machine account lockout threshold" to organizational standards. CC ID 08419 | System hardening through configuration management | Configuration | |
| Configure the "Allow the use of biometrics" to organizational standards. CC ID 08435 | System hardening through configuration management | Configuration | |
| Configure the "Configure login authentication for IMAP4" to organizational standards. CC ID 08443 | System hardening through configuration management | Configuration | |
| Configure the "Allow simple passwords" to organizational standards. CC ID 08476 | System hardening through configuration management | Configuration | |
| Configure the "Require a Password When a Computer Wakes (On Battery)" to organizational standards. CC ID 08487 | System hardening through configuration management | Configuration | |
| Configure the "Require password" to organizational standards. CC ID 08511 | System hardening through configuration management | Configuration | |
| Configure the "Time without user input before password must be re-entered" to organizational standards. CC ID 08518 | System hardening through configuration management | Configuration | |
| Configure the "Allow basic authentication" to organizational standards. CC ID 08522 | System hardening through configuration management | Configuration | |
| Configure the "External send connector authentication: Domain Security" to organizational standards. CC ID 08527 | System hardening through configuration management | Configuration | |
| Configure the "External send connector authentication: Ignore Start TLS" to organizational standards. CC ID 08530 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Basic feed authentication over HTTP" to organizational standards. CC ID 08548 | System hardening through configuration management | Configuration | |
| Configure the "Number of attempts allowed" to organizational standards. CC ID 08569 | System hardening through configuration management | Configuration | |
| Configure the "Password Expiration" to organizational standards. CC ID 08576 | System hardening through configuration management | Configuration | |
| Configure the "External send connector authentication: DNS Routing" to organizational standards. CC ID 08579 | System hardening through configuration management | Configuration | |
| Configure the "Require alphanumeric password" to organizational standards. CC ID 08582 | System hardening through configuration management | Configuration | |
| Configure the "Allow access to voicemail without requiring a PIN" to organizational standards. CC ID 08585 | System hardening through configuration management | Configuration | |
| Configure the "Require Client Certificates" to organizational standards. CC ID 08597 | System hardening through configuration management | Configuration | |
| Configure the "Disallow Digest authentication" to organizational standards. CC ID 08602 | System hardening through configuration management | Configuration | |
| Configure the "Accounts: Block Microsoft accounts" to organizational standards. CC ID 08613 | System hardening through configuration management | Configuration | |
| Configure Encryption settings in accordance with organizational standards. CC ID 07625 | System hardening through configuration management | Configuration | |
| Configure "Elastic Block Store volume encryption" to organizational standards. CC ID 15434 | System hardening through configuration management | Configuration | |
| Configure "Encryption Oracle Remediation" to organizational standards. CC ID 15366 | System hardening through configuration management | Configuration | |
| Configure the "encryption provider" to organizational standards. CC ID 14591 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft network server: Digitally sign communications (always)" to organizational standards. CC ID 07626 | System hardening through configuration management | Configuration | |
| Configure the "Domain member: Digitally encrypt or sign secure channel data (always)" to organizational standards. CC ID 07657 | System hardening through configuration management | Configuration | |
| Configure the "Domain member: Digitally sign secure channel data (when possible)" to organizational standards. CC ID 07678 | System hardening through configuration management | Configuration | |
| Configure the "Network Security: Configure encryption types allowed for Kerberos" to organizational standards. CC ID 07799 | System hardening through configuration management | Configuration | |
| Configure the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" to organizational standards. CC ID 07822 | System hardening through configuration management | Configuration | |
| Configure the "Configure use of smart cards on fixed data drives" to organizational standards. CC ID 08361 | System hardening through configuration management | Configuration | |
| Configure the "Enforce drive encryption type on removable data drives" to organizational standards. CC ID 08363 | System hardening through configuration management | Configuration | |
| Configure the "Configure TPM platform validation profile for BIOS-based firmware configurations" to organizational standards. CC ID 08370 | System hardening through configuration management | Configuration | |
| Configure the "Configure use of passwords for removable data drives" to organizational standards. CC ID 08394 | System hardening through configuration management | Configuration | |
| Configure the "Configure use of hardware-based encryption for removable data drives" to organizational standards. CC ID 08401 | System hardening through configuration management | Configuration | |
| Configure the "Require additional authentication at startup" to organizational standards. CC ID 08422 | System hardening through configuration management | Configuration | |
| Configure the "Deny write access to fixed drives not protected by BitLocker" to organizational standards. CC ID 08429 | System hardening through configuration management | Configuration | |
| Configure the "Configure startup mode" to organizational standards. CC ID 08430 | System hardening through configuration management | Configuration | |
| Configure the "Require client MAPI encryption" to organizational standards. CC ID 08446 | System hardening through configuration management | Configuration | |
| Configure the "Configure dial plan security" to organizational standards. CC ID 08453 | System hardening through configuration management | Configuration | |
| Configure the "Allow access to BitLocker-protected removable data drives from earlier versions of Windows" to organizational standards. CC ID 08457 | System hardening through configuration management | Configuration | |
| Configure the "Enforce drive encryption type on fixed data drives" to organizational standards. CC ID 08460 | System hardening through configuration management | Configuration | |
| Configure the "Allow Secure Boot for integrity validation" to organizational standards. CC ID 08461 | System hardening through configuration management | Configuration | |
| Configure the "Configure use of passwords for operating system drives" to organizational standards. CC ID 08478 | System hardening through configuration management | Configuration | |
| Configure the "Choose how BitLocker-protected removable drives can be recovered" to organizational standards. CC ID 08484 | System hardening through configuration management | Configuration | |
| Configure the "Validate smart card certificate usage rule compliance" to organizational standards. CC ID 08492 | System hardening through configuration management | Configuration | |
| Configure the "Allow enhanced PINs for startup" to organizational standards. CC ID 08495 | System hardening through configuration management | Configuration | |
| Configure the "Choose how BitLocker-protected operating system drives can be recovered" to organizational standards. CC ID 08499 | System hardening through configuration management | Configuration | |
| Configure the "Allow access to BitLocker-protected fixed data drives from earlier versions of Windows" to organizational standards. CC ID 08505 | System hardening through configuration management | Configuration | |
| Configure the "Choose how BitLocker-protected fixed drives can be recovered" to organizational standards. CC ID 08509 | System hardening through configuration management | Configuration | |
| Configure the "Configure use of passwords for fixed data drives" to organizational standards. CC ID 08513 | System hardening through configuration management | Configuration | |
| Configure the "Choose drive encryption method and cipher strength" to organizational standards. CC ID 08537 | System hardening through configuration management | Configuration | |
| Configure the "Choose default folder for recovery password" to organizational standards. CC ID 08541 | System hardening through configuration management | Configuration | |
| Configure the "Prevent memory overwrite on restart" to organizational standards. CC ID 08542 | System hardening through configuration management | Configuration | |
| Configure the "Deny write access to removable drives not protected by BitLocker" to organizational standards. CC ID 08549 | System hardening through configuration management | Configuration | |
| Configure the "opt encrypted" flag to organizational standards. CC ID 14534 | System hardening through configuration management | Configuration | |
| Configure the "Provide the unique identifiers for your organization" to organizational standards. CC ID 08552 | System hardening through configuration management | Configuration | |
| Configure the "Enable use of BitLocker authentication requiring preboot keyboard input on slates" to organizational standards. CC ID 08556 | System hardening through configuration management | Configuration | |
| Configure the "Require encryption on device" to organizational standards. CC ID 08563 | System hardening through configuration management | Configuration | |
| Configure the "Enable S/MIME for OWA 2007" to organizational standards. CC ID 08564 | System hardening through configuration management | Configuration | |
| Configure the "Control use of BitLocker on removable drives" to organizational standards. CC ID 08566 | System hardening through configuration management | Configuration | |
| Configure the "Configure use of hardware-based encryption for fixed data drives" to organizational standards. CC ID 08568 | System hardening through configuration management | Configuration | |
| Configure the "Configure use of smart cards on removable data drives" to organizational standards. CC ID 08570 | System hardening through configuration management | Configuration | |
| Configure the "Enforce drive encryption type on operating system drives" to organizational standards. CC ID 08573 | System hardening through configuration management | Configuration | |
| Configure the "Disallow standard users from changing the PIN or password" to organizational standards. CC ID 08574 | System hardening through configuration management | Configuration | |
| Configure the "Use enhanced Boot Configuration Data validation profile" to organizational standards. CC ID 08578 | System hardening through configuration management | Configuration | |
| Configure the "Allow network unlock at startup" to organizational standards. CC ID 08588 | System hardening through configuration management | Configuration | |
| Configure the "Enable S/MIME for OWA 2010" to organizational standards. CC ID 08592 | System hardening through configuration management | Configuration | |
| Configure the "Configure minimum PIN length for startup" to organizational standards. CC ID 08594 | System hardening through configuration management | Configuration | |
| Configure the "Configure TPM platform validation profile" to organizational standards. CC ID 08598 | System hardening through configuration management | Configuration | |
| Configure the "Configure use of hardware-based encryption for operating system drives" to organizational standards. CC ID 08601 | System hardening through configuration management | Configuration | |
| Configure the "Reset platform validation data after BitLocker recovery" to organizational standards. CC ID 08607 | System hardening through configuration management | Configuration | |
| Configure the "Configure TPM platform validation profile for native UEFI firmware configurations" to organizational standards. CC ID 08614 | System hardening through configuration management | Configuration | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives" setting to organizational standards. CC ID 10039 | System hardening through configuration management | Configuration | |
| Configure the "Save BitLocker recovery information to AD DS for fixed data drives" setting to organizational standards. CC ID 10040 | System hardening through configuration management | Configuration | |
| Configure the "Omit recovery options from the BitLocker setup wizard" setting to organizational standards. CC ID 10041 | System hardening through configuration management | Configuration | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for operating system drives" setting to organizational standards. CC ID 10042 | System hardening through configuration management | Configuration | |
| Configure the "Save BitLocker recovery information to AD DS for operating system drives" setting to organizational standards. CC ID 10043 | System hardening through configuration management | Configuration | |
| Configure the "Allow BitLocker without a compatible TPM" setting to organizational standards. CC ID 10044 | System hardening through configuration management | Configuration | |
| Configure the "Do not enable BitLocker until recovery information is stored to AD DS for removable data drives" setting to organizational standards. CC ID 10045 | System hardening through configuration management | Configuration | |
| Configure the "Save BitLocker recovery information to AD DS for removable data drives" setting to organizational standards. CC ID 10046 | System hardening through configuration management | Configuration | |
| Configure File Retention, Impact Level, and Classification Settings settings in accordance with organizational standards. CC ID 07715 | System hardening through configuration management | Configuration | |
| Configure the "Classification of files based on Discoverability" to organizational standards. CC ID 07716 | System hardening through configuration management | Configuration | |
| Configure the "Classification of files based on Intellectual Property" to organizational standards. CC ID 07765 | System hardening through configuration management | Configuration | |
| Configure the "Classification of files based on Confidentiality" to organizational standards. CC ID 07782 | System hardening through configuration management | Configuration | |
| Configure the "Classification of files based on PHI" to organizational standards. CC ID 07785 | System hardening through configuration management | Configuration | |
| Configure the "Classification of files based on Impact Level" to organizational standards. CC ID 07789 | System hardening through configuration management | Configuration | |
| Configure the "Classification of files based on Retention" to organizational standards. CC ID 07860 | System hardening through configuration management | Configuration | |
| Configure the "Classification of files based on PII" to organizational standards. CC ID 07865 | System hardening through configuration management | Configuration | |
| Configure System settings in accordance with organizational standards. CC ID 07806 | System hardening through configuration management | Configuration | |
| Configure the "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)" to organizational standards CC ID 07807 | System hardening through configuration management | Configuration | |
| Configure the "Accounts: Rename guest account" to organizational standards. CC ID 07816 | System hardening through configuration management | Configuration | |
| Configure the "Accounts: Rename administrator account" to organizational standards. CC ID 07843 | System hardening through configuration management | Configuration | |
| Configure the "Accounts: Guest account status" to organizational standards. CC ID 07971 | System hardening through configuration management | Configuration | |
| Configure the "Accounts: Administrator account status" to organizational standards. CC ID 07996 | System hardening through configuration management | Configuration | |
| Configure the "Prompt for password on resume from hibernate / suspend" to organizational standards. CC ID 08342 | System hardening through configuration management | Configuration | |
| Configure Virus and Malware Protection settings in accordance with organizational standards. CC ID 07906 | System hardening through configuration management | Configuration | |
| Configure "Turn on behavior monitoring" to organizational standards. CC ID 15407 | System hardening through configuration management | Configuration | |
| Configure "Turn off real-time protection" to organizational standards. CC ID 15406 | System hardening through configuration management | Configuration | |
| Configure "Scan all downloaded files and attachments" to organizational standards. CC ID 15404 | System hardening through configuration management | Configuration | |
| Configure "Scan removable drives" to organizational standards. CC ID 15401 | System hardening through configuration management | Configuration | |
| Configure "Configure Attack Surface Reduction rules: Set the state for each ASR rule" to organizational standards. CC ID 15392 | System hardening through configuration management | Configuration | |
| Configure "Join Microsoft MAPS" to organizational standards. CC ID 15384 | System hardening through configuration management | Configuration | |
| Configure "Configure detection for potentially unwanted applications" to organizational standards. CC ID 15375 | System hardening through configuration management | Configuration | |
| Configure "Turn off Microsoft Defender AntiVirus" to organizational standards. CC ID 15371 | System hardening through configuration management | Configuration | |
| Configure "Enable file hash computation feature" to organizational standards. CC ID 15340 | System hardening through configuration management | Configuration | |
| Configure the "Internet Explorer Processes" to organizational standards. CC ID 07907 | System hardening through configuration management | Configuration | |
| Configure the "Turn on the auto-complete feature for user names and passwords on forms" to organizational standards. CC ID 07941 | System hardening through configuration management | Configuration | |
| Configure the "Automatic prompting for file downloads" to organizational standards. CC ID 07950 | System hardening through configuration management | Configuration | |
| Configure the "Use SmartScreen Filter" to organizational standards. CC ID 07952 | System hardening through configuration management | Configuration | |
| Configure the "Run ActiveX controls and plugins" to organizational standards. CC ID 07954 | System hardening through configuration management | Configuration | |
| Configure the "Java permissions" to organizational standards. CC ID 07969 | System hardening through configuration management | Configuration | |
| Configure the "Use Pop-up Blocker" to organizational standards. CC ID 07990 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Bypassing SmartScreen Filter Warnings" to organizational standards. CC ID 07994 | System hardening through configuration management | Configuration | |
| Configure the "Allow cut, copy or paste operations from the clipboard via script" to organizational standards. CC ID 07997 | System hardening through configuration management | Configuration | |
| Configure the "Allow software to run or install even if the signature is invalid" to organizational standards. CC ID 08019 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow users to enable or disable add-ons" to organizational standards. CC ID 08035 | System hardening through configuration management | Configuration | |
| Configure the "Disable AutoComplete for forms" to organizational standards. CC ID 08066 | System hardening through configuration management | Configuration | |
| Configure the "Download unsigned ActiveX controls" to organizational standards. CC ID 08073 | System hardening through configuration management | Configuration | |
| Configure the "Scripting of Java applets" to organizational standards. CC ID 08105 | System hardening through configuration management | Configuration | |
| Configure the "Allow only approved domains to use ActiveX controls without prompt" to organizational standards. CC ID 08374 | System hardening through configuration management | Configuration | |
| Configure the "Prevent per-user installation of ActiveX controls" to organizational standards. CC ID 08382 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Cross-Site Scripting Filter" to organizational standards. CC ID 08395 | System hardening through configuration management | Configuration | |
| Configure the "Turn on certificate address mismatch warning" to organizational standards. CC ID 08410 | System hardening through configuration management | Configuration | |
| Configure the "Show security warning for potentially unsafe files" to organizational standards. CC ID 08412 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Protected Mode" to organizational standards. CC ID 08471 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled" to organizational standards. CC ID 08510 | System hardening through configuration management | Configuration | |
| Configure the "Check for signatures on downloaded programs" to organizational standards. CC ID 08584 | System hardening through configuration management | Configuration | |
| Configure the "Specify use of ActiveX Installer Service for installation of ActiveX controls" to organizational standards. CC ID 08587 | System hardening through configuration management | Configuration | |
| Configure the "Prevent changing the URL for checking updates to Internet Explorer and Internet Tools" to organizational standards. CC ID 08589 | System hardening through configuration management | Configuration | |
| Configure the "Enable MIME Sniffing" to organizational standards. CC ID 08591 | System hardening through configuration management | Configuration | |
| Configure "Prevent downloading of enclosures" to organizational standards. CC ID 08612 | System hardening through configuration management | Configuration | |
| Configure User Notification settings in accordance with organizational standards. CC ID 08201 | System hardening through configuration management | Configuration | |
| Configure the "Display Error Notification" to organizational standards. CC ID 08280 | System hardening through configuration management | Configuration | |
| Configure the "Customize Warning Messages" to organizational standards. CC ID 08599 | System hardening through configuration management | Configuration | |
| Configure Windows Components settings in accordance with organizational standards. CC ID 08263 | System hardening through configuration management | Configuration | |
| Configure the "Notify antivirus programs when opening attachments" to organizational standards. CC ID 08264 | System hardening through configuration management | Configuration | |
| Configure the "Do not preserve zone information in file attachments" to organizational standards. CC ID 08309 | System hardening through configuration management | Configuration | |
| Configure the "Remove CD Burning features" to organizational standards. CC ID 08324 | System hardening through configuration management | Configuration | |
| Configure the "Remove Security tab" to organizational standards. CC ID 08328 | System hardening through configuration management | Configuration | |
| Configure the "Hide mechanisms to remove zone information" to organizational standards. CC ID 08338 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Codec Download" to organizational standards. CC ID 08554 | System hardening through configuration management | Configuration | |
| Configure File System settings in accordance with organizational standards. CC ID 08294 | System hardening through configuration management | Configuration | |
| Configure Control Panel settings in accordance with organizational standards. CC ID 08311 | System hardening through configuration management | Configuration | |
| Configure the "Screen saver timeout" to organizational standards. CC ID 08312 | System hardening through configuration management | Configuration | |
| Configure the "Enable screen saver" to organizational standards. CC ID 08322 | System hardening through configuration management | Configuration | |
| Configure the "Force specific screen saver" to organizational standards. CC ID 08334 | System hardening through configuration management | Configuration | |
| Configure the "Password protect the screen saver" to organizational standards. CC ID 08341 | System hardening through configuration management | Configuration | |
| Configure the "Prevent changing screen saver" to organizational standards. CC ID 08560 | System hardening through configuration management | Configuration | |
| Configure Capacity and Performance Management settings in accordance with organizational standards. CC ID 08353 | System hardening through configuration management | Configuration | |
| Configure the "Maximum receive size - organization level" to organizational standards. CC ID 08354 | System hardening through configuration management | Configuration | |
| Configure the "Maximum send size - connector level" to organizational standards. CC ID 08399 | System hardening through configuration management | Configuration | |
| Configure the "Maximum number of recipients - organization level" to organizational standards. CC ID 08431 | System hardening through configuration management | Configuration | |
| Configure the "Enable Sender ID agent" to organizational standards. CC ID 08450 | System hardening through configuration management | Configuration | |
| Configure the "Maximum receive size - connector level" to organizational standards. CC ID 08480 | System hardening through configuration management | Configuration | |
| Configure the "Maximum send size - organization level" to organizational standards. CC ID 08483 | System hardening through configuration management | Configuration | |
| Configure the "Mount database at startup" to organizational standards. CC ID 08493 | System hardening through configuration management | Configuration | |
| Configure the "Enable Sender reputation" to organizational standards. CC ID 08503 | System hardening through configuration management | Configuration | |
| Configure the "Mailbox quotas: Issue warning at" to organizational standards. CC ID 08508 | System hardening through configuration management | Configuration | |
| Configure the "Mailbox quotas: Prohibit send and receive at" to organizational standards. CC ID 08532 | System hardening through configuration management | Configuration | |
| Configure the "Mailbox quotas: Prohibit send at" to organizational standards. CC ID 08610 | System hardening through configuration management | Configuration | |
| Configure Personal Information Handling settings in accordance with organizational standards. CC ID 08396 | System hardening through configuration management | Configuration | |
| Configure the "Enable OOF messages to remote domains" to organizational standards. CC ID 08397 | System hardening through configuration management | Configuration | |
| Configure the "Enable automatic forwards to remote domains" to organizational standards. CC ID 08462 | System hardening through configuration management | Configuration | |
| Configure the "Enable non-delivery reports to remote domains" to organizational standards. CC ID 08506 | System hardening through configuration management | Configuration | |
| Configure Data Backup and Recovery settings in accordance with organizational standards. CC ID 08406 | System hardening through configuration management | Configuration | |
| Configure the "Retain deleted items for the specified number of days" to organizational standards. CC ID 08407 | System hardening through configuration management | Configuration | |
| Configure the "Do not permanently delete items until the database has been backed up" to organizational standards. CC ID 08490 | System hardening through configuration management | Configuration | |
| Configure the "Keep deleted mailboxes for the specified number of days" to organizational standards. CC ID 08600 | System hardening through configuration management | Configuration | |
| Configure Nonrepudiation Configuration settings in accordance with organizational standards. CC ID 08432 | System hardening through configuration management | Configuration | |
| Configure the "Configure Sender Filtering" to organizational standards. CC ID 08433 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Administrator Audit Logging" to organizational standards. CC ID 08528 | System hardening through configuration management | Configuration | |
| Configure Device Installation settings in accordance with organizational standards. CC ID 08438 | System hardening through configuration management | Configuration | |
| Configure the "Prevent installation of devices using drivers that match these device setup classes" to organizational standards. CC ID 08439 | System hardening through configuration management | Configuration | |
| Configure the "device installation time-out" setting to organizational standards. CC ID 10781 | System hardening through configuration management | Configuration | |
| Configure the "list of Enhanced Storage devices usable on your computer" setting to organizational standards. CC ID 10791 | System hardening through configuration management | Configuration | |
| Configure the "Display a custom message title when device installation is prevented by a policy setting" setting to organizational standards. CC ID 10885 | System hardening through configuration management | Configuration | |
| Configure the "Do not send a Windows error report when a generic driver is installed on a device" setting to organizational standards. CC ID 10933 | System hardening through configuration management | Configuration | |
| Configure the "Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point" setting to organizational standards. CC ID 11072 | System hardening through configuration management | Configuration | |
| Configure the "Prevent device metadata retrieval from the Internet" setting to organizational standards. CC ID 11073 | System hardening through configuration management | Configuration | |
| Configure the "Prevent installation of devices not described by other policy settings" setting to organizational standards. CC ID 11078 | System hardening through configuration management | Configuration | |
| Configure the "Prevent installation of devices that match any of these device IDs" setting to organizational standards. CC ID 11079 | System hardening through configuration management | Configuration | |
| Configure the "Prevent installation of removable devices" setting to organizational standards. CC ID 11080 | System hardening through configuration management | Configuration | |
| Configure the "Prevent Windows from sending an error report when a device driver requests additional software during installation" setting to organizational standards. CC ID 11093 | System hardening through configuration management | Configuration | |
| Configure the "Require a PIN to access data on devices running Microsoft firmware" setting to organizational standards. CC ID 11132 | System hardening through configuration management | Configuration | |
| Configure the "Specify search order for device driver source locations" setting to organizational standards. CC ID 11214 | System hardening through configuration management | Configuration | |
| Configure the "Turn off "Found New Hardware" balloons during device installation" setting to organizational standards. CC ID 11253 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Autoplay for non-volume devices" setting to organizational standards. CC ID 11268 | System hardening through configuration management | Configuration | |
| Configure the "Turn off Windows Update device driver search prompt" setting to organizational standards. CC ID 11332 | System hardening through configuration management | Configuration | |
| Configure Security settings in accordance with organizational standards. CC ID 08469 | System hardening through configuration management | Configuration | |
| Configure the "Enable automatic replies to remote domains" to organizational standards. CC ID 08534 | System hardening through configuration management | Configuration | |
| Configure Power Management settings in accordance with organizational standards. CC ID 08515 | System hardening through configuration management | Configuration | |
| Configure the "Allow Standby States (S1-S3) When Sleeping (Plugged In)" to organizational standards. CC ID 08516 | System hardening through configuration management | Configuration | |
| Configure the "Allow Standby States (S1-S3) When Sleeping (On Battery)" to organizational standards. CC ID 08581 | System hardening through configuration management | Configuration | |
| Configure the "Allow Applications to Prevent Automatic Sleep (Plugged In)" setting to organizational standards. CC ID 10703 | System hardening through configuration management | Configuration | |
| Configure the "Allow Automatic Sleep with Open Network Files (Plugged In)" setting to organizational standards. CC ID 10709 | System hardening through configuration management | Configuration | |
| Configure the "Allow remote access to the Plug and Play interface" setting to organizational standards. CC ID 10742 | System hardening through configuration management | Configuration | |
| Configure the "Power Options preference logging and tracing" setting to organizational standards. CC ID 10798 | System hardening through configuration management | Configuration | |
| Configure the "Critical Battery Notification Action" setting to organizational standards. CC ID 10833 | System hardening through configuration management | Configuration | |
| Configure the "Critical Battery Notification Level" setting to organizational standards. CC ID 10834 | System hardening through configuration management | Configuration | |
| Configure the "Do not allow supported Plug and Play device redirection" setting to organizational standards. CC ID 10917 | System hardening through configuration management | Configuration | |
| Configure the "Do not turn off system power after a Windows system shutdown has occurred." setting to organizational standards. CC ID 10937 | System hardening through configuration management | Configuration | |
| Configure the "Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates" setting to organizational standards. CC ID 10954 | System hardening through configuration management | Configuration | |
| Configure the "Low Battery Notification Action" setting to organizational standards. CC ID 11037 | System hardening through configuration management | Configuration | |
| Configure the "Low Battery Notification Level" setting to organizational standards. CC ID 11038 | System hardening through configuration management | Configuration | |
| Configure the "Reduce Display Brightness (On Battery)" setting to organizational standards. CC ID 11117 | System hardening through configuration management | Configuration | |
| Configure the "Reduce Display Brightness (Plugged In)" setting to organizational standards. CC ID 11118 | System hardening through configuration management | Configuration | |
| Configure the "Reserve Battery Notification Level" setting to organizational standards. CC ID 11139 | System hardening through configuration management | Configuration | |
| Configure Powershell to organizational standards. CC ID 15233 | System hardening through configuration management | Configuration | |
| Configure the "Run Windows PowerShell scripts first at computer startup, shutdown" setting to organizational standards. CC ID 11156 | System hardening through configuration management | Configuration | |
| Configure the "Run Windows PowerShell scripts first at user logon, logoff" setting to organizational standards. CC ID 11157 | System hardening through configuration management | Configuration | |
| Configure the "Select an Active Power Plan" setting to organizational standards. CC ID 11161 | System hardening through configuration management | Configuration | |
| Configure the "Select the Lid Switch Action (On Battery)" setting to organizational standards. CC ID 11162 | System hardening through configuration management | Configuration | |
| Configure the "Select the Lid Switch Action (Plugged In)" setting to organizational standards. CC ID 11163 | System hardening through configuration management | Configuration | |
| Configure the "Select the Power Button Action (On Battery)" setting to organizational standards. CC ID 11165 | System hardening through configuration management | Configuration | |
| Configure the "Select the Power Button Action (Plugged In)" setting to organizational standards. CC ID 11166 | System hardening through configuration management | Configuration | |
| Configure the "Select the Sleep Button Action (On Battery)" setting to organizational standards. CC ID 11167 | System hardening through configuration management | Configuration | |
| Configure the "Select the Sleep Button Action (Plugged In)" setting to organizational standards. CC ID 11168 | System hardening through configuration management | Configuration | |
| Configure the "Specify a Custom Active Power Plan" setting to organizational standards. CC ID 11207 | System hardening through configuration management | Configuration | |
| Configure the "Specify the Display Dim Brightness (On Battery)" setting to organizational standards. CC ID 11217 | System hardening through configuration management | Configuration | |
| Configure the "Specify the Display Dim Brightness (Plugged In)" setting to organizational standards. CC ID 11218 | System hardening through configuration management | Configuration | |
| Configure the "Specify the System Hibernate Timeout (On Battery)" setting to organizational standards. CC ID 11219 | System hardening through configuration management | Configuration | |
| Configure the "Specify the System Hibernate Timeout (Plugged In)" setting to organizational standards. CC ID 11220 | System hardening through configuration management | Configuration | |
| Configure the "Specify the System Sleep Timeout (On Battery)" setting to organizational standards. CC ID 11221 | System hardening through configuration management | Configuration | |
| Configure the "Specify the System Sleep Timeout (Plugged In)" setting to organizational standards. CC ID 11222 | System hardening through configuration management | Configuration | |
| Configure the "Specify the Unattended Sleep Timeout (On Battery)" setting to organizational standards. CC ID 11223 | System hardening through configuration management | Configuration | |
| Configure the "Specify the Unattended Sleep Timeout (Plugged In)" setting to organizational standards. CC ID 11224 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Adaptive Display Timeout (On Battery)" setting to organizational standards. CC ID 11259 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Adaptive Display Timeout (Plugged In)" setting to organizational standards. CC ID 11260 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Cache Power Mode" setting to organizational standards. CC ID 11270 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Hybrid Sleep (On Battery)" setting to organizational standards. CC ID 11281 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Hybrid Sleep (Plugged In)" setting to organizational standards. CC ID 11282 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off Low Battery User Notification" setting to organizational standards. CC ID 11288 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off the Hard Disk (On Battery)" setting to organizational standards. CC ID 11318 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off the Hard Disk (Plugged In)" setting to organizational standards. CC ID 11319 | System hardening through configuration management | Configuration | |
| Configure the "Turn On Desktop Background Slideshow (On Battery)" setting to organizational standards. CC ID 11340 | System hardening through configuration management | Configuration | |
| Configure the "Turn On Desktop Background Slideshow (Plugged In)" setting to organizational standards. CC ID 11341 | System hardening through configuration management | Configuration | |
| Configure the "Turn on the Ability for Applications to Prevent Sleep Transitions (On Battery)" setting to organizational standards. CC ID 11353 | System hardening through configuration management | Configuration | |
| Configure the "Turn on the Ability for Applications to Prevent Sleep Transitions (Plugged In)" setting to organizational standards. CC ID 11354 | System hardening through configuration management | Configuration | |
| Configure Patch Management settings in accordance with organizational standards. CC ID 08519 | System hardening through configuration management | Configuration | |
| Configure "Select when Preview Builds and Feature Updates are received" to organizational standards. CC ID 15399 | System hardening through configuration management | Configuration | |
| Configure "Select when Quality Updates are received" to organizational standards. CC ID 15355 | System hardening through configuration management | Configuration | |
| Configure the "Check for missing Windows Updates" to organizational standards. CC ID 08520 | System hardening through configuration management | Configuration | |
| Configure Start Menu and Task Bar settings in accordance with organizational standards. CC ID 08615 | System hardening through configuration management | Configuration | |
| Configure the "Turn off toast notifications on the lock screen" to organizational standards. CC ID 08616 | System hardening through configuration management | Configuration | |
| Configure "Turn off notifications network usage" to organizational standards. CC ID 15337 | System hardening through configuration management | Configuration | |
| Configure the proxy server to organizational standards. CC ID 12115 | System hardening through configuration management | Configuration | |
| Configure the proxy server to log Transmission Control Protocol sessions. CC ID 12123 | System hardening through configuration management | Configuration | |
| Configure Red Hat Enterprise Linux to Organizational Standards. CC ID 08713 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "GPG Key for package manager" setting to organizational standards. CC ID 08764 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Support for cramfs filesystems" setting to organizational standards. CC ID 08765 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Support for freevxfs filesystems" setting to organizational standards. CC ID 08766 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Support for hfs filesystems" setting to organizational standards. CC ID 08767 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Support for hfsplus filesystems" setting to organizational standards. CC ID 08768 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Support for jffs2 filesystems" setting to organizational standards. CC ID 08769 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Support for squashfs filesystems" setting to organizational standards. CC ID 08770 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Support for udf filesystems" setting to organizational standards. CC ID 08771 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "NIS file inclusions" setting for the"/etc/group" file to organizational standards. CC ID 08772 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "NIS file inclusions" setting for the"/etc/shadow" file to organizational standards. CC ID 08773 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "setuid" attribute for "all files" to organizational standards. CC ID 08774 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "setgid" attribute for "all files" to organizational standards. CC ID 08775 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "gnome desktop screensaver" setting for "all users" to organizational standards. CC ID 08776 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "screen blanking function of the gnome desktop screensaver" as a "mandatory setting" for "all users" to organizational standards. CC ID 08777 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "device files with the unlabeled SELinux type" setting for "system includes" to organizational standards. CC ID 08778 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "system should act as a network sniffer" setting to organizational standards. CC ID 08779 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "default policy" setting for "iptables INPUT table" to organizational standards. CC ID 08780 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "DCCP" setting to organizational standards. CC ID 08781 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the Stream Control Transmission Protocol setting to organizational standards. CC ID 08782 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "RDS" setting to organizational standards. CC ID 08783 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "TIPC" setting to organizational standards. CC ID 08784 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Bluetooth kernel modules" setting to organizational standards. CC ID 08785 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Zeroconf networking" setting to organizational standards. CC ID 08786 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "at daemon" setting to organizational standards. CC ID 08787 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "SSH 'keep alive' message count" setting to organizational standards. CC ID 08788 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "set environment options for SSH" setting to organizational standards. CC ID 08789 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the Secure Shell setting to organizational standards. CC ID 08790 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "sendmail" setting to organizational standards. CC ID 08791 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Postfix network listening" setting to organizational standards. CC ID 08792 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "require LDAP servers to use TLS for SSL communications" setting for "LDAP client" to organizational standards. CC ID 08793 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Client SMB packet signing" setting for "smbclient" to organizational standards. CC ID 08794 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Client SMB packet signing" setting for "mount.cifs" to organizational standards. CC ID 08795 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "'wheel' group" setting to organizational standards. CC ID 08796 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "Access to the root account via su should be restricted to the wheel group" setting to organizational standards. CC ID 08797 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "retry value" setting to organizational standards. CC ID 08798 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "rsyslog service" setting to organizational standards. CC ID 08799 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "send to a remote log host" setting for "Rsyslog logs" to organizational standards. CC ID 08800 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "accept remote messages" setting for "Rsyslog" to organizational standards. CC ID 08801 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "irda service" setting to organizational standards. CC ID 08802 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "avahi service" firewall setting to organizational standards. CC ID 08803 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "rawdevices service" setting to organizational standards. CC ID 08804 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "login_defs" variable in "libuser.conf" for "libuser library" to organizational standards. CC ID 08805 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "User accounts may or may not be inactivated a specified number of days after account expiration" setting to organizational standards. CC ID 08806 | System hardening through configuration management | Establish/Maintain Documentation | |
| Configure the "duplicate UIDs" setting to organizational standards. CC ID 09930 | System hardening through configuration management | Configuration | |
| Configure the "duplicate GIDs" setting to organizational standards. CC ID 09931 | System hardening through configuration management | Configuration | |
| Configure the "duplicate group names" setting to organizational standards. CC ID 09932 | System hardening through configuration management | Configuration | |
| Configure the "Connection to the Red Hat Network RPM Repositories" setting to organizational standards. CC ID 09933 | System hardening through configuration management | Configuration | |
| Configure the "Obtain Software Package Updates with yum" setting to organizational standards. CC ID 09934 | System hardening through configuration management | Configuration | |
| Configure the "Check for Unconfined Daemons" setting to organizational standards. CC ID 09936 | System hardening through configuration management | Configuration | |
| Configure the "/etc/hosts.allow" file to organizational standards. CC ID 09944 | System hardening through configuration management | Configuration | |
| Configure the "disable system when on audit log is full" setting to organizational standards. CC ID 09945 | System hardening through configuration management | Configuration | |
| Configure the "max_log_file" setting to organizational standards. CC ID 15323 | System hardening through configuration management | Configuration | |
| Configure the "max_log_file_action" setting to organizational standards. CC ID 09946 | System hardening through configuration management | Configuration | |
| Configure the "audit processes that start prior to auditd" setting to organizational standards. CC ID 09947 | System hardening through configuration management | Configuration | |
| Configure the "Password Creation Requirement" settings for "pam_cracklib" to organizational standards. CC ID 09953 | System hardening through configuration management | Configuration | |
| Configure the "System Accounts" setting to organizational standards. CC ID 09954 | System hardening through configuration management | Configuration | |
| Configure the "Verify That Reserved UIDs Are Assigned to System Accounts" setting to organizational standards. CC ID 09955 | System hardening through configuration management | Configuration | |
| Configure the "Check for Duplicate User Names" setting to organizational standards. CC ID 09956 | System hardening through configuration management | Configuration | |
| Configure the "User .forward" files to organizational standards. CC ID 09957 | System hardening through configuration management | Configuration | |
| Configure Polycom HDX to Organizational Standards. CC ID 08986 | System hardening through configuration management | Configuration | |
| Configure the "echo cancellation" setting to organizational standards. CC ID 09359 | System hardening through configuration management | Configuration | |
| Configure the "keyboard noise reduction" setting to organizational standards. CC ID 09360 | System hardening through configuration management | Configuration | |
| Configure the "live music mode" setting to organizational standards. CC ID 09361 | System hardening through configuration management | Configuration | |
| Configure the "VCR audio out always on" setting to organizational standards. CC ID 09362 | System hardening through configuration management | Configuration | |
| Configure the "user alert tone" setting to organizational standards. CC ID 09363 | System hardening through configuration management | Configuration | |
| Configure the "incoming call ring tone" setting to organizational standards. CC ID 09364 | System hardening through configuration management | Configuration | |
| Configure the "keypad audio confirmation" setting to organizational standards. CC ID 09365 | System hardening through configuration management | Configuration | |
| Configure the "allow Microsoft Exchange calendar integration" setting to organizational standards. CC ID 09366 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange calendar domain" setting to organizational standards. CC ID 09367 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange calendar password" setting to organizational standards. CC ID 09368 | System hardening through configuration management | Configuration | |
| Configure the "mailbox to be monitored by Microsoft Exchange calendar service" setting to organizational standards. CC ID 09369 | System hardening through configuration management | Configuration | |
| Configure the "Microsoft Exchange calendar server address" setting to organizational standards. CC ID 09370 | System hardening through configuration management | Configuration | |
| Configure the "allow Microsoft Exchange calendar service to display private meetings" setting to organizational standards. CC ID 09371 | System hardening through configuration management | Configuration | |
| Configure the "number of minutes before the meeting to display a reminder" setting to organizational standards. CC ID 09372 | System hardening through configuration management | Configuration | |
| Configure the "play a sound along with the text reminder when the system is not in a call" setting to organizational standards. CC ID 09373 | System hardening through configuration management | Configuration | |
| Configure the "backlight compensation" setting to organizational standards. CC ID 09374 | System hardening through configuration management | Configuration | |
| Configure the "camera pan direction" setting to organizational standards. CC ID 09375 | System hardening through configuration management | Configuration | |
| Configure the "camera presets" setting to organizational standards. CC ID 09376 | System hardening through configuration management | Configuration | |
| Configure the "camera video input type" setting to organizational standards. CC ID 09377 | System hardening through configuration management | Configuration | |
| Configure the "camera input aspect ratio" setting to organizational standards. CC ID 09378 | System hardening through configuration management | Configuration | |
| Configure the "camera input name" setting to organizational standards. CC ID 09379 | System hardening through configuration management | Configuration | |
| Configure the "camera input video quality type" setting to organizational standards. CC ID 09380 | System hardening through configuration management | Configuration | |
| Configure the "primary camera" setting to organizational standards. CC ID 09381 | System hardening through configuration management | Configuration | |
| Configure the "camera quality preference" setting to organizational standards. CC ID 09382 | System hardening through configuration management | Configuration | |
| Configure the "camera power frequency" setting to organizational standards. CC ID 09383 | System hardening through configuration management | Configuration | |
| Configure the "allow camera tracking" setting to organizational standards. CC ID 09384 | System hardening through configuration management | Configuration | |
| Configure the "foreground source for Polycom people on content" setting to organizational standards. CC ID 09385 | System hardening through configuration management | Configuration | |
| Configure the "background source for Polycom people on content" setting to organizational standards. CC ID 09386 | System hardening through configuration management | Configuration | |
| Configure the "country name for the system" setting to organizational standards. CC ID 09387 | System hardening through configuration management | Configuration | |
| Configure the "language for the system local GUI" setting to organizational standards. CC ID 09388 | System hardening through configuration management | Configuration | |
| Configure the "NTP" setting to organizational standards. CC ID 09389 | System hardening through configuration management | Configuration | |
| Configure the "primary NTP server" setting to organizational standards. CC ID 09390 | System hardening through configuration management | Configuration | |
| Configure the "secondary NTP server" setting to organizational standards. CC ID 09391 | System hardening through configuration management | Configuration | |
| Configure the "system day" setting to organizational standards. CC ID 09392 | System hardening through configuration management | Configuration | |
| Configure the "system month" setting to organizational standards. CC ID 09393 | System hardening through configuration management | Configuration | |
| Configure the "system year" setting to organizational standards. CC ID 09394 | System hardening through configuration management | Configuration | |
| Configure the "system hour" setting to organizational standards. CC ID 09395 | System hardening through configuration management | Configuration | |
| Configure the "system minutes" setting to organizational standards. CC ID 09396 | System hardening through configuration management | Configuration | |
| Configure the "system AM or PM" setting to organizational standards. CC ID 09397 | System hardening through configuration management | Configuration | |
| Configure the "system time zone" setting to organizational standards. CC ID 09398 | System hardening through configuration management | Configuration | |
| Configure the "automatically adjust for daylight savings time" setting to organizational standards. CC ID 09399 | System hardening through configuration management | Configuration | |
| Configure the "time format" setting to organizational standards. CC ID 09401 | System hardening through configuration management | Configuration | |
| Configure the "LDAP authentication type" setting to organizational standards. CC ID 09402 | System hardening through configuration management | Configuration | |
| Configure the "LDAP SSL encryption state" setting to organizational standards. CC ID 09403 | System hardening through configuration management | Configuration | |
| Configure the "LDAP base DN" setting to organizational standards. CC ID 09404 | System hardening through configuration management | Configuration | |
| Configure the "LDAP NTLM domain" setting to organizational standards. CC ID 09405 | System hardening through configuration management | Configuration | |
| Configure the "LDAP bind DN" setting to organizational standards. CC ID 09406 | System hardening through configuration management | Configuration | |
| Configure the "LDAP password" setting to organizational standards. CC ID 09407 | System hardening through configuration management | Configuration | |
| Configure the "LDAP server address" setting to organizational standards. CC ID 09408 | System hardening through configuration management | Configuration | |
| Configure the "LDAP server port" setting to organizational standards. CC ID 09409 | System hardening through configuration management | Configuration | |
| Configure the "LDAP user name" setting to organizational standards. CC ID 09410 | System hardening through configuration management | Configuration | |
| Configure the "allow access to a Polycom Global Directory Server" setting to organizational standards. CC ID 09411 | System hardening through configuration management | Configuration | |
| Configure the "server address of a Polycom Global Directory Server" setting to organizational standards. CC ID 09412 | System hardening through configuration management | Configuration | |
| Configure the "maximum international call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09413 | System hardening through configuration management | Configuration | |
| Configure the "maximum internet call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09414 | System hardening through configuration management | Configuration | |
| Configure the "maximum ISDN transmit call speed for a Polycom Global Directory Server" setting to organizational standards. CC ID 09415 | System hardening through configuration management | Configuration | |
| Configure the "display the system address in a Polycom Global Directory Server" setting to organizational standards. CC ID 09416 | System hardening through configuration management | Configuration | |
| Configure the "retrieval and display of contacts from a Microsoft Lync (Office Communications/OCS) Server" setting to organizational standards. CC ID 09417 | System hardening through configuration management | Configuration | |
| Configure the "prompt the user to add a local address book entry for a far site upon call disconnection" setting to organizational standards. CC ID 09418 | System hardening through configuration management | Configuration | |
| Configure the "prompt the user before allowing a local address book entry to be deleted" setting to organizational standards. CC ID 09419 | System hardening through configuration management | Configuration | |
| Configure the "preview of local address book entries" setting to organizational standards. CC ID 09420 | System hardening through configuration management | Configuration | |
| Configure the "content video adjustment" setting to organizational standards. CC ID 09421 | System hardening through configuration management | Configuration | |
| Configure the "people video adjustment" setting to organizational standards. CC ID 09422 | System hardening through configuration management | Configuration | |
| Configure the "display type" setting to organizational standards. CC ID 09423 | System hardening through configuration management | Configuration | |
| Configure the "display aspect ratio" setting to organizational standards. CC ID 09424 | System hardening through configuration management | Configuration | |
| Configure the "display resolution" setting to organizational standards. CC ID 09425 | System hardening through configuration management | Configuration | |
| Configure the "splash screen on the content monitor" setting to organizational standards. CC ID 09426 | System hardening through configuration management | Configuration | |
| Configure the "VCR/DVD record source" setting to organizational standards. CC ID 09427 | System hardening through configuration management | Configuration | |
| Configure the "screen saver text" setting to organizational standards. CC ID 09428 | System hardening through configuration management | Configuration | |
| Configure the "picture in picture (PIP) placement" setting to organizational standards. CC ID 09429 | System hardening through configuration management | Configuration | |
| Configure the "how to display the time in a call" setting to organizational standards. CC ID 09430 | System hardening through configuration management | Configuration | |
| Configure the "far site name display time in a call" setting to organizational standards. CC ID 09431 | System hardening through configuration management | Configuration | |
| Configure the "allow display of the system name on the home screen" setting to organizational standards. CC ID 09432 | System hardening through configuration management | Configuration | |
| Configure the "allow display of the system date time on the home screen" setting to organizational standards. CC ID 09433 | System hardening through configuration management | Configuration | |
| Configure the "allow display of the system IPv4 address on the home screen" setting to organizational standards. CC ID 09434 | System hardening through configuration management | Configuration | |
| Configure the "allow display of the system H.323 extension (E.164) on the home screen" setting to organizational standards CC ID 09435 | System hardening through configuration management | Configuration | |
| Configure the "allow display of the system do not disturb control on the home screen" setting to organizational standards. CC ID 09436 | System hardening through configuration management | Configuration | |
| Configure the "allow display of the system SIP address on the home screen" setting to organizational standards. CC ID 09437 | System hardening through configuration management | Configuration | |
| Configure the "allow display of the system call quality menu on the home screen" setting to organizational standards. CC ID 09438 | System hardening through configuration management | Configuration | |
| Configure the "output upon screen saver activation for monitor 1" setting to organizational standards. CC ID 09439 | System hardening through configuration management | Configuration | |
| Configure the "output upon screen saver activation for monitor 2" setting to organizational standards. CC ID 09440 | System hardening through configuration management | Configuration | |
| Configure the "QoS type" setting to organizational standards. CC ID 09441 | System hardening through configuration management | Configuration | |
| Configure the "value for DiffServ for video" setting to organizational standards. CC ID 09442 | System hardening through configuration management | Configuration | |
| Configure the "value for DiffServ for audio" setting to organizational standards. CC ID 09443 | System hardening through configuration management | Configuration | |
| Configure the "value for DiffServ for fecc" setting to organizational standards. CC ID 09444 | System hardening through configuration management | Configuration | |
| Configure the "value for IP Precedence for video" setting to organizational standards. CC ID 09445 | System hardening through configuration management | Configuration | |
| Configure the "value for IP Precedence for audio" setting to organizational standards. CC ID 09446 | System hardening through configuration management | Configuration | |
| Configure the "value for IP Precedence for fecc" setting to organizational standards. CC ID 09447 | System hardening through configuration management | Configuration | |
| Configure the "SIP transport protocol" setting to organizational standards. CC ID 09448 | System hardening through configuration management | Configuration | |
| Configure the "SIP registrar server" setting to organizational standards. CC ID 09449 | System hardening through configuration management | Configuration | |
| Configure the "SIP proxy server" setting to organizational standards. CC ID 09450 | System hardening through configuration management | Configuration | |
| Configure the "SIP password" setting to organizational standards. CC ID 09451 | System hardening through configuration management | Configuration | |
| Configure the "allow EAP/802.1X" setting to organizational standards. CC ID 09452 | System hardening through configuration management | Configuration | |
| Configure the "allow 802.1p/Q" setting to organizational standards. CC ID 09453 | System hardening through configuration management | Configuration | |
| Configure the "fixed ports" setting to organizational standards. CC ID 09454 | System hardening through configuration management | Configuration | |
| Configure the "Transmission Control Protocol ports" setting to organizational standards. CC ID 09455 | System hardening through configuration management | Configuration | |
| Configure the "UDP ports" setting to organizational standards. CC ID 09456 | System hardening through configuration management | Configuration | |
| Configure the "system hostname" setting to organizational standards. CC ID 09457 | System hardening through configuration management | Configuration | |
| Configure the "H.323" setting to organizational standards CC ID 09458 | System hardening through configuration management | Configuration | |
| Configure the "allow display of the H.323 extension (E.164) on the local GUI" setting to organizational standards CC ID 09459 | System hardening through configuration management | Configuration | |
| Configure the "H.323 extension (E.164)" setting to organizational standards CC ID 09460 | System hardening through configuration management | Configuration | |
| Configure the "maximum IP call speed to place calls" setting to organizational standards. CC ID 09461 | System hardening through configuration management | Configuration | |
| Configure the "maximum IP call speed to receive calls" setting to organizational standards. CC ID 09462 | System hardening through configuration management | Configuration | |
| Configure the "use Polycom PathNavigator" setting to organizational standards. CC ID 09463 | System hardening through configuration management | Configuration | |
| Configure the "gatekeeper" setting to organizational standards. CC ID 09464 | System hardening through configuration management | Configuration | |
| Configure the "gatekeeper authentication" setting to organizational standards. CC ID 09465 | System hardening through configuration management | Configuration | |
| Configure the "gatekeeper authentication user name" setting to organizational standards. CC ID 09466 | System hardening through configuration management | Configuration | |
| Configure the "gatekeeper authentication password" setting to organizational standards. CC ID 09467 | System hardening through configuration management | Configuration | |
| Configure the "primary gatekeeper address" setting to organizational standards. CC ID 09468 | System hardening through configuration management | Configuration | |
| Configure the "IP gateway" setting to organizational standards. CC ID 09469 | System hardening through configuration management | Configuration | |
| Configure the "ISDN gateway" setting to organizational standards. CC ID 09470 | System hardening through configuration management | Configuration | |
| Configure the "gateway country code" setting to organizational standards. CC ID 09471 | System hardening through configuration management | Configuration | |
| Configure the "gateway area code" setting to organizational standards. CC ID 09472 | System hardening through configuration management | Configuration | |
| Configure the "gateway number" setting to organizational standards. CC ID 09473 | System hardening through configuration management | Configuration | |
| Configure the "gateway extension number" setting to organizational standards. CC ID 09474 | System hardening through configuration management | Configuration | |
| Configure the "gateway dial prefix" setting to organizational standards. CC ID 09475 | System hardening through configuration management | Configuration | |
| Configure the "gateway dial suffix" setting to organizational standards. CC ID 09476 | System hardening through configuration management | Configuration | |
| Configure the "gateway number type" setting to organizational standards. CC ID 09477 | System hardening through configuration management | Configuration | |
| Configure the "number of digits in the DID gateway number (if set to number+extension)" setting to organizational standards. CC ID 09478 | System hardening through configuration management | Configuration | |
| Configure the "gateway dial speed" setting to organizational standards. CC ID 09479 | System hardening through configuration management | Configuration | |
| Configure the "MTU mode assignment type" setting to organizational standards. CC ID 09480 | System hardening through configuration management | Configuration | |
| Configure the "MTU size manually" setting to organizational standards. CC ID 09481 | System hardening through configuration management | Configuration | |
| Configure the "Polycom Video Error Concealment (PVEC)" setting to organizational standards. CC ID 09482 | System hardening through configuration management | Configuration | |
| Configure the "RSVP" setting to organizational standards. CC ID 09483 | System hardening through configuration management | Configuration | |
| Configure the "dynamic bandwidth" setting to organizational standards. CC ID 09484 | System hardening through configuration management | Configuration | |
| Configure the "maximum transmit bandwidth" setting to organizational standards. CC ID 09485 | System hardening through configuration management | Configuration | |
| Configure the "maximum receive bandwidth" setting to organizational standards. CC ID 09486 | System hardening through configuration management | Configuration | |
| Configure the "NAT configuration type" setting to organizational standards. CC ID 09487 | System hardening through configuration management | Configuration | |
| Configure the "NAT public WAN address" setting to organizational standards. CC ID 09488 | System hardening through configuration management | Configuration | |
| Configure the "NAT to be H.323 compatible" setting to organizational standards CC ID 09489 | System hardening through configuration management | Configuration | |
| Configure the "which NAT address to be displayed in the Polycom Global Directory Server" setting to organizational standards. CC ID 09490 | System hardening through configuration management | Configuration | |
| Configure the "ISDN interface" setting to organizational standards. CC ID 09491 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI switch type" setting to organizational standards. CC ID 09492 | System hardening through configuration management | Configuration | |
| Configure the "all ISDN BRI lines" setting to organizational standards. CC ID 09493 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI line 1" setting to organizational standards. CC ID 09494 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI line 2" setting to organizational standards. CC ID 09495 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI line 3" setting to organizational standards. CC ID 09496 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI line 4" setting to organizational standards. CC ID 09497 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI country code" setting to organizational standards. CC ID 09498 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI area code" setting to organizational standards. CC ID 09499 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI number 1a" setting to organizational standards. CC ID 09500 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI number 1b" setting to organizational standards. CC ID 09501 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI number 2a" setting to organizational standards. CC ID 09502 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI number 2b" setting to organizational standards. CC ID 09503 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI number 3a" setting to organizational standards. CC ID 09504 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI number 3b" setting to organizational standards. CC ID 09505 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI number 4a" setting to organizational standards. CC ID 09506 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI number 4b" setting to organizational standards. CC ID 09507 | System hardening through configuration management | Configuration | |
| Configure the "auto BRI setting that allows SPID numbers to be assigned in NI1 or NI2" setting to organizational standards. CC ID 09508 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI SPID number 1a" setting to organizational standards. CC ID 09509 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI SPID number 1b" setting to organizational standards. CC ID 09510 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI SPID number 2a" setting to organizational standards. CC ID 09511 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI SPID number 2b" setting to organizational standards. CC ID 09512 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI SPID number 3a" setting to organizational standards. CC ID 09513 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI SPID number 3b" setting to organizational standards. CC ID 09514 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI SPID number 4a" setting to organizational standards. CC ID 09515 | System hardening through configuration management | Configuration | |
| Configure the "ISDN BRI SPID number 4b" setting to organizational standards. CC ID 09516 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI switch type" setting to organizational standards. CC ID 09517 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI call by call value" setting to organizational standards. CC ID 09518 | System hardening through configuration management | Configuration | |
| Configure the "each ISDN PRI channels" setting to organizational standards. CC ID 09519 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI T1 CSU mode type" setting to organizational standards. CC ID 09520 | System hardening through configuration management | Configuration | |
| Configure the "number of ISDN PRI channels allowed to be dialed in parallel" setting to organizational standards. CC ID 09521 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI international prefix" setting to organizational standards. CC ID 09522 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI T1 line buildout for internal CSUs" setting to organizational standards. CC ID 09523 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI T1 line buildout for external CSUs" setting to organizational standards. CC ID 09524 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI line signal" setting to organizational standards. CC ID 09525 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI numbering plan" setting to organizational standards. CC ID 09526 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI outside line number" setting to organizational standards. CC ID 09527 | System hardening through configuration management | Configuration | |
| Configure the "ISDN PRI number" setting to organizational standards. CC ID 09528 | System hardening through configuration management | Configuration | |
| Configure the "V.35" setting to organizational standards CC ID 09529 | System hardening through configuration management | Configuration | |
| Configure the "V.35 number for port 1" setting to organizational standards CC ID 09530 | System hardening through configuration management | Configuration | |
| Configure the "V.35 number for port 2" setting to organizational standards CC ID 09531 | System hardening through configuration management | Configuration | |
| Configure the "V.35 prefix" setting to organizational standards CC ID 09532 | System hardening through configuration management | Configuration | |
| Configure the "V.35 suffix" setting to organizational standards CC ID 09533 | System hardening through configuration management | Configuration | |
| Configure the "V.35 CTS" setting to organizational standards CC ID 09534 | System hardening through configuration management | Configuration | |
| Configure the "V.35 DCD filter" setting to organizational standards CC ID 09535 | System hardening through configuration management | Configuration | |
| Configure the "V.35 DCD" setting to organizational standards CC ID 09536 | System hardening through configuration management | Configuration | |
| Configure the "V.35 DSR answer" setting to organizational standards CC ID 09537 | System hardening through configuration management | Configuration | |
| Configure the "V.35 DSR" setting to organizational standards CC ID 09538 | System hardening through configuration management | Configuration | |
| Configure the "V.35 DTR" setting to organizational standards CC ID 09539 | System hardening through configuration management | Configuration | |
| Configure the "V.35 RT" setting to organizational standards CC ID 09540 | System hardening through configuration management | Configuration | |
| Configure the "V.35 RTS" setting to organizational standards CC ID 09541 | System hardening through configuration management | Configuration | |
| Configure the "V.35 ST" setting to organizational standards CC ID 09542 | System hardening through configuration management | Configuration | |
| Configure the "V.35 broadcast mode" setting to organizational standards CC ID 09543 | System hardening through configuration management | Configuration | |
| Configure the "RS-366 dialing" setting to organizational standards. CC ID 09544 | System hardening through configuration management | Configuration | |
| Configure the "V.35 protocol used " setting to organizational standards CC ID 09545 | System hardening through configuration management | Configuration | |
| Configure the "V.35 profile used " setting to organizational standards CC ID 09546 | System hardening through configuration management | Configuration | |
| Configure the "V.35 H.331 audio mode" setting to organizational standards CC ID 09547 | System hardening through configuration management | Configuration | |
| Configure the "V.35 H.331 dual stream" setting to organizational standards CC ID 09548 | System hardening through configuration management | Configuration | |
| Configure the "V.35 H.331 frame rate" setting to organizational standards CC ID 09549 | System hardening through configuration management | Configuration | |
| Configure the "V.35 H.331 video format" setting to organizational standards CC ID 09550 | System hardening through configuration management | Configuration | |
| Configure the "V.35 H.331 video protocol" setting to organizational standards CC ID 09551 | System hardening through configuration management | Configuration | |
| Configure the "IPv4 address assignment method" setting to organizational standards. CC ID 09552 | System hardening through configuration management | Configuration | |
| Configure the "IPv4 address" setting to organizational standards. CC ID 09553 | System hardening through configuration management | Configuration | |
| Configure the "default gateway" setting to organizational standards. CC ID 09554 | System hardening through configuration management | Configuration | |
| Configure the "IPv4 subnet mask" setting to organizational standards. CC ID 09555 | System hardening through configuration management | Configuration | |
| Configure IPv6 extension headers to organizational standards. CC ID 16398 | System hardening through configuration management | Configuration | |
| Configure the "IPv6 address assignment method" setting to organizational standards. CC ID 09556 | System hardening through configuration management | Configuration | |
| Configure the "IPv6 link-local address" setting to organizational standards. CC ID 09557 | System hardening through configuration management | Configuration | |
| Configure the "IPv6 site-local address" setting to organizational standards. CC ID 09558 | System hardening through configuration management | Configuration | |
| Configure the "IPv6 global address" setting to organizational standards. CC ID 09559 | System hardening through configuration management | Configuration | |
| Configure the "default gateway" setting for "IPv6" to organizational standards. CC ID 09560 | System hardening through configuration management | Configuration | |
| Configure the "system domain name" setting to organizational standards. CC ID 09561 | System hardening through configuration management | Configuration | |
| Configure the "primary DNS server address" setting to organizational standards. CC ID 09562 | System hardening through configuration management | Configuration | |
| Configure the "secondary DNS server address" setting to organizational standards. CC ID 09563 | System hardening through configuration management | Configuration | |
| Configure the "third DNS server address" setting to organizational standards. CC ID 09564 | System hardening through configuration management | Configuration | |
| Configure the "fourth DNS server address" setting to organizational standards. CC ID 09565 | System hardening through configuration management | Configuration | |
| Configure the "system LAN speed" setting to organizational standards. CC ID 09566 | System hardening through configuration management | Configuration | |
| Configure the "system duplex mode" setting to organizational standards. CC ID 09567 | System hardening through configuration management | Configuration | |
| Configure the "system to ignore redirect messages" setting to organizational standards. CC ID 09568 | System hardening through configuration management | Configuration | |
| Configure the "system ICMP transmission rate limit (in milliseconds)" setting to organizational standards. CC ID 09569 | System hardening through configuration management | Configuration | |
| Configure the "generate destination unreachable messages" setting to organizational standards. CC ID 09570 | System hardening through configuration management | Configuration | |
| Configure the "respond to broadcast and multicast echo requests" setting to organizational standards. CC ID 09571 | System hardening through configuration management | Configuration | |
| Configure the "IPv6 DAD transmit count" setting to organizational standards. CC ID 09572 | System hardening through configuration management | Configuration | |
| Configure the "phone number of the room where the system is located" setting to organizational standards. CC ID 09573 | System hardening through configuration management | Configuration | |
| Configure the "GMS tech support contact name" setting to organizational standards. CC ID 09574 | System hardening through configuration management | Configuration | |
| Configure the "GMS tech support contact email" setting to organizational standards. CC ID 09575 | System hardening through configuration management | Configuration | |
| Configure the "GMS tech support contact phone number" setting to organizational standards. CC ID 09576 | System hardening through configuration management | Configuration | |
| Configure the "GMS tech support contact fax number" setting to organizational standards. CC ID 09577 | System hardening through configuration management | Configuration | |
| Configure the "GMS tech support contact city" setting to organizational standards. CC ID 09578 | System hardening through configuration management | Configuration | |
| Configure the "GMS tech support contact state" setting to organizational standards. CC ID 09579 | System hardening through configuration management | Configuration | |
| Configure the "GMS tech support contact country" setting to organizational standards. CC ID 09580 | System hardening through configuration management | Configuration | |
| Configure the "security profile" setting to organizational standards. CC ID 09581 | System hardening through configuration management | Configuration | |
| Configure the "allow PC LAN port access" setting to organizational standards. CC ID 09582 | System hardening through configuration management | Configuration | |
| Configure the "require certificate validation for web server" setting to organizational standards. CC ID 09583 | System hardening through configuration management | Configuration | |
| Configure the "require certificate validation for peer client applications" setting to organizational standards. CC ID 09584 | System hardening through configuration management | Configuration | |
| Configure the "maximum peer certificate chain depth" setting to organizational standards. CC ID 09585 | System hardening through configuration management | Configuration | |
| Configure the "certificate revocation method" setting to organizational standards. CC ID 09586 | System hardening through configuration management | Configuration | |
| Configure the "allow incomplete revocation checks" setting to organizational standards. CC ID 09587 | System hardening through configuration management | Configuration | |
| Configure the "the global responder specified in the certificate" setting to organizational standards. CC ID 09588 | System hardening through configuration management | Configuration | |
| Configure the "require login for system access" setting to organizational standards. CC ID 09589 | System hardening through configuration management | Configuration | |
| Configure the "allow the local password to be used for remote access" setting to organizational standards. CC ID 09590 | System hardening through configuration management | Configuration | |
| Configure the "allow remote access via web" setting to organizational standards. CC ID 09591 | System hardening through configuration management | Configuration | |
| Configure the "web access port number" setting to organizational standards. CC ID 09592 | System hardening through configuration management | Configuration | |
| Configure the "require whitelist" setting to organizational standards. CC ID 09593 | System hardening through configuration management | Configuration | |
| Configure the "allow remote access via telnet" setting to organizational standards. CC ID 09594 | System hardening through configuration management | Configuration | |
| Configure the "allow remote access via SNMP" setting to organizational standards. CC ID 09595 | System hardening through configuration management | Configuration | |
| Configure the "allow video display on the web" setting to organizational standards. CC ID 09596 | System hardening through configuration management | Configuration | |
| Configure the "require display of a security banner upon login" setting to organizational standards. CC ID 09597 | System hardening through configuration management | Configuration | |
| Configure the "custom text for the local security banner" setting to organizational standards. CC ID 09598 | System hardening through configuration management | Configuration | |
| Configure the "custom text for the web security banner" setting to organizational standards. CC ID 09599 | System hardening through configuration management | Configuration | |
| Configure the "allow a non-admin user to make changes to the local system address book" setting to organizational standards. CC ID 09600 | System hardening through configuration management | Configuration | |
| Configure the "allow a non-admin user to make changes to the camera presets" setting to organizational standards. CC ID 09601 | System hardening through configuration management | Configuration | |
| Configure the "allow mixed protocol (IP and ISDN) multipoint calls" setting to organizational standards. CC ID 09602 | System hardening through configuration management | Configuration | |
| Configure the "require Active Directory authentication" setting to organizational standards. CC ID 09603 | System hardening through configuration management | Configuration | |
| Configure the "Active Directory server address" setting to organizational standards. CC ID 09604 | System hardening through configuration management | Configuration | |
| Configure the "Active Directory admin group" setting to organizational standards. CC ID 09605 | System hardening through configuration management | Configuration | |
| Configure the "Active Directory user group" setting to organizational standards. CC ID 09606 | System hardening through configuration management | Configuration | |
| Configure the "require admin password for remote login" setting to organizational standards. CC ID 09607 | System hardening through configuration management | Configuration | |
| Configure the "RS-232 serial port access mode" setting to organizational standards. CC ID 09608 | System hardening through configuration management | Configuration | |
| Configure the "RS-232 serial port baud rate" setting to organizational standards. CC ID 09609 | System hardening through configuration management | Configuration | |
| Configure the "require AES encryption" setting to organizational standards. CC ID 09610 | System hardening through configuration management | Configuration | |
| Configure the "SIP" setting to organizational standards. CC ID 09611 | System hardening through configuration management | Configuration | |
| Configure the "allow recent call list to be accessible" setting to organizational standards. CC ID 09612 | System hardening through configuration management | Configuration | |
| Configure the "allow the last number dialed to be accessible" setting to organizational standards. CC ID 09613 | System hardening through configuration management | Configuration | |
| Configure the "allow far end control of the near camera" setting to organizational standards. CC ID 09614 | System hardening through configuration management | Configuration | |
| Configure the "allow a call detail report to be created and maintained" setting to organizational standards. CC ID 09615 | System hardening through configuration management | Configuration | |
| Configure the "Availability Control (Do Not Disturb) for all calls" setting to organizational standards. CC ID 09616 | System hardening through configuration management | Configuration | |
| Configure the "Do Not Disturb only for point to point calls" setting to organizational standards. CC ID 09617 | System hardening through configuration management | Configuration | |
| Configure the "Do Not Disturb only for multipoint calls" setting to organizational standards. CC ID 09618 | System hardening through configuration management | Configuration | |
| Configure the "require the admin account to be locked after a certain number of failed login attempts" setting to organizational standards. CC ID 09619 | System hardening through configuration management | Configuration | |
| Configure the "admin account lock duration (in minutes)" setting to organizational standards. CC ID 09620 | System hardening through configuration management | Configuration | |
| Configure the "require the user account to be locked after a certain number of unsuccessful logon attempts" setting to organizational standards. CC ID 09621 | System hardening through configuration management | Configuration | |
| Configure the "user account lock duration (in minutes)" setting to organizational standards. CC ID 09622 | System hardening through configuration management | Configuration | |
| Configure the "idle session timeout (in minutes)" setting to organizational standards. CC ID 09623 | System hardening through configuration management | Configuration | |
| Configure the "monitoring of inactive web sessions " setting to organizational standards. CC ID 09624 | System hardening through configuration management | Configuration | |
| Configure the "list of all sessions (local, web and serial) visible on the local or web GUI" setting to organizational standards. CC ID 09625 | System hardening through configuration management | Configuration | |
| Configure the "maximum number of concurrent active web sessions" setting to organizational standards. CC ID 09626 | System hardening through configuration management | Configuration | |
| Configure the "number of failed login attempts on the web interface and serial port (port lockout) after which the interface will be locked" setting to organizational standards. CC ID 09627 | System hardening through configuration management | Configuration | |
| Configure the "web interface and serial port (port lockout) lock duration should (in minutes) be configured" setting to organizational standards. CC ID 09628 | System hardening through configuration management | Configuration | |
| Configure the "local (room) admin password" setting to organizational standards. CC ID 09629 | System hardening through configuration management | Configuration | |
| Configure the "remote access admin password" setting to organizational standards. CC ID 09630 | System hardening through configuration management | Configuration | |
| Configure the "local (room) user password" setting to organizational standards. CC ID 09631 | System hardening through configuration management | Configuration | |
| Configure the "meeting password" setting to organizational standards. CC ID 09632 | System hardening through configuration management | Configuration | |
| Configure the "MCU password" setting to organizational standards. CC ID 09633 | System hardening through configuration management | Configuration | |
| Configure the "minimum length required for a local (room) admin password" setting to organizational standards. CC ID 09634 | System hardening through configuration management | Configuration | |
| Configure the "require that the local (room) admin password contain lower case characters" setting to organizational standards. CC ID 09635 | System hardening through configuration management | Configuration | |
| Configure the "require that the local (room) admin password contain upper case characters" setting to organizational standards. CC ID 09636 | System hardening through configuration management | Configuration | |
| Configure the "require that the local (room) admin password contain numbers" setting to organizational standards. CC ID 09637 | System hardening through configuration management | Configuration | |
| Configure the "require that the local (room) admin password contain special characters" setting to organizational standards. CC ID 09638 | System hardening through configuration management | Configuration | |
| Configure the "reject a certain number of previous local (room) admin passwords when creating a new password" setting to organizational standards. CC ID 09639 | System hardening through configuration management | Configuration | |
| Configure the "minimum age for the local (room) admin password before it can be changed" setting to organizational standards. CC ID 09640 | System hardening through configuration management | Configuration | |
| Configure the "maximum age for the local (room) admin password after which it must be changed" setting to organizational standards. CC ID 09641 | System hardening through configuration management | Configuration | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the local (room) admin password is about to expire" setting to organizational standards. CC ID 09642 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of characters that must be changed when creating a new local (room) admin password" setting to organizational standards. CC ID 09643 | System hardening through configuration management | Configuration | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new local (room) admin password" setting to organizational standards. CC ID 09644 | System hardening through configuration management | Configuration | |
| Configure the "the local (room) admin password can contain the admin account name or the reverse of the account name" setting to organizational standards. CC ID 09645 | System hardening through configuration management | Configuration | |
| Configure the "minimum length required for a remote admin password" setting to organizational standards. CC ID 09646 | System hardening through configuration management | Configuration | |
| Configure the "require that the remote admin password contain lower case characters" setting to organizational standards. CC ID 09647 | System hardening through configuration management | Configuration | |
| Configure the "require that the remote admin password contain upper case characters" setting to organizational standards. CC ID 09648 | System hardening through configuration management | Configuration | |
| Configure the "require that the remote admin password contain numbers" setting to organizational standards. CC ID 09649 | System hardening through configuration management | Configuration | |
| Configure the "require that the remote admin password contain special characters" setting to organizational standards. CC ID 09650 | System hardening through configuration management | Configuration | |
| Configure the "reject a certain number of previous remote admin passwords when creating a new password" setting to organizational standards. CC ID 09651 | System hardening through configuration management | Configuration | |
| Configure the "minimum age for the remote admin password before it can be changed" setting to organizational standards. CC ID 09652 | System hardening through configuration management | Configuration | |
| Configure the "maximum age for the remote admin password after which it must be changed" setting to organizational standards. CC ID 09653 | System hardening through configuration management | Configuration | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the remote admin password is about to expire" setting to organizational standards. CC ID 09654 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of characters that must be changed when creating a new remote admin password" setting to organizational standards. CC ID 09655 | System hardening through configuration management | Configuration | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new remote admin password" setting to organizational standards. CC ID 09656 | System hardening through configuration management | Configuration | |
| Configure the "remote admin password can contain the admin account name or the reverse of the account name" setting to organizational standards. CC ID 09657 | System hardening through configuration management | Configuration | |
| Configure the "minimum length required for a local (room) user password" setting to organizational standards. CC ID 09658 | System hardening through configuration management | Configuration | |
| Configure the "require that the local (room) user password contain lower case characters" setting to organizational standards. CC ID 09659 | System hardening through configuration management | Configuration | |
| Configure the "require that the local (room) user password contain upper case characters" setting to organizational standards. CC ID 09660 | System hardening through configuration management | Configuration | |
| Configure the "require that the local (room) user password contain numbers" setting to organizational standards. CC ID 09661 | System hardening through configuration management | Configuration | |
| Configure the "require that the local (room) user password contain special characters" setting to organizational standards. CC ID 09662 | System hardening through configuration management | Configuration | |
| Configure the "reject a certain number of previous local (room) user passwords when creating a new password" setting to organizational standards. CC ID 09663 | System hardening through configuration management | Configuration | |
| Configure the "minimum age for the local (room) user password before it can be changed" setting to organizational standards. CC ID 09664 | System hardening through configuration management | Configuration | |
| Configure the "maximum age for the local (room) user password after which it must be changed" setting to organizational standards. CC ID 09665 | System hardening through configuration management | Configuration | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the local (room) user password is about to expire" setting to organizational standards. CC ID 09666 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of characters that must be changed when creating a new local (room) user password" setting to organizational standards. CC ID 09667 | System hardening through configuration management | Configuration | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new local (room) user password" setting to organizational standards. CC ID 09668 | System hardening through configuration management | Configuration | |
| Configure the "the local (room) user password can contain the user account name or the reverse of the account name" setting to organizational standards. CC ID 09669 | System hardening through configuration management | Configuration | |
| Configure the "minimum length required for a meeting password" setting to organizational standards. CC ID 09670 | System hardening through configuration management | Configuration | |
| Configure the "require that the meeting password contain lower case characters" setting to organizational standards. CC ID 09671 | System hardening through configuration management | Configuration | |
| Configure the "require that the meeting password contain upper case characters" setting to organizational standards. CC ID 09672 | System hardening through configuration management | Configuration | |
| Configure the "require that the meeting password contain numbers" setting to organizational standards. CC ID 09673 | System hardening through configuration management | Configuration | |
| Configure the "require that the meeting password contain special characters" setting to organizational standards. CC ID 09674 | System hardening through configuration management | Configuration | |
| Configure the "reject a certain number of previous meeting passwords when creating a new meeting password" setting to organizational standards. CC ID 09675 | System hardening through configuration management | Configuration | |
| Configure the "minimum age for the meeting password before it can be changed" setting to organizational standards. CC ID 09676 | System hardening through configuration management | Configuration | |
| Configure the "maximum age for the meeting password after which it must be changed" setting to organizational standards. CC ID 09677 | System hardening through configuration management | Configuration | |
| Configure the "how many days ahead of time a password expiration warning should be provided when the meeting password is about to expire" setting to organizational standards. CC ID 09678 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of characters that must be changed when creating a new meeting password" setting to organizational standards. CC ID 09679 | System hardening through configuration management | Configuration | |
| Configure the "maximum number of consecutive repeating characters that are allowed when creating a new meeting password" setting to organizational standards. CC ID 09680 | System hardening through configuration management | Configuration | |
| Configure the "allow access to security related settings by non-admin users" setting to organizational standards. CC ID 09681 | System hardening through configuration management | Configuration | |
| Configure the "NTLM version" setting to organizational standards. CC ID 09682 | System hardening through configuration management | Configuration | |
| Configure the "folder name to be used when downloading log files" setting to organizational standards. CC ID 09683 | System hardening through configuration management | Configuration | |
| Configure the "percent filled threshold above which a warning will be provided if log files exceed it" setting to organizational standards. CC ID 09684 | System hardening through configuration management | Configuration | |
| Configure the "frequency of transferring logs to a storage device then deleting the logs from the system" setting to organizational standards. CC ID 09685 | System hardening through configuration management | Configuration | |
| Configure the "show content immediately upon connecting a computer to the system" setting to organizational standards. CC ID 09686 | System hardening through configuration management | Configuration | |
| Configure the "require an account number to dial a call" setting to organizational standards. CC ID 09687 | System hardening through configuration management | Configuration | |
| Configure the "require validation of an account number before allowing a call to be dialed" setting to organizational standards. CC ID 09688 | System hardening through configuration management | Configuration | |
| Configure the "maximum time that a call can be connected" setting to organizational standards. CC ID 09689 | System hardening through configuration management | Configuration | |
| Configure the "mute a call that is auto answered" setting to organizational standards. CC ID 09690 | System hardening through configuration management | Configuration | |
| Configure the "H.460 firewall traversal" setting to organizational standards CC ID 09691 | System hardening through configuration management | Configuration | |
| Configure the "POTS" setting to organizational standards. CC ID 09692 | System hardening through configuration management | Configuration | |
| Configure the "POTS area code manually" setting to organizational standards. CC ID 09693 | System hardening through configuration management | Configuration | |
| Configure the "POTS number manually" setting to organizational standards. CC ID 09694 | System hardening through configuration management | Configuration | |
| Configure the "allow a Polycom Touch Control panel to pair with the system" setting to organizational standards. CC ID 09695 | System hardening through configuration management | Configuration | |
| Configure the "screen saver wait time" setting to organizational standards. CC ID 09696 | System hardening through configuration management | Configuration | |
| Configure the "video call dial order" setting to organizational standards. CC ID 09697 | System hardening through configuration management | Configuration | |
| Configure the "voice call dial order" setting to organizational standards. CC ID 09698 | System hardening through configuration management | Configuration | |
| Configure the "diagnostic (basic) mode" setting to organizational standards. CC ID 09699 | System hardening through configuration management | Configuration | |
| Configure the "dual monitor emulation" setting to organizational standards. CC ID 09700 | System hardening through configuration management | Configuration | |
| Configure the "H.239" setting to organizational standards CC ID 09701 | System hardening through configuration management | Configuration | |
| Configure the "VGA quality preference" setting to organizational standards. CC ID 09702 | System hardening through configuration management | Configuration | |
| Configure the "power button on the IR remote control" setting to organizational standards. CC ID 09703 | System hardening through configuration management | Configuration | |
| Configure the "numeric keypad function on the IR remote control" setting to organizational standards. CC ID 09704 | System hardening through configuration management | Configuration | |
| Configure the "allow use of a non-Polycom IR remote control" setting to organizational standards. CC ID 09705 | System hardening through configuration management | Configuration | |
| Configure the "channel ID for the IR remote control" setting to organizational standards. CC ID 09706 | System hardening through configuration management | Configuration | |
| Configure the "transcoding" setting to organizational standards. CC ID 09707 | System hardening through configuration management | Configuration | |
| Configure the "allow the system to dial any calls" setting to organizational standards. CC ID 09708 | System hardening through configuration management | Configuration | |
| Configure the "preferred dialing method" setting to organizational standards. CC ID 09709 | System hardening through configuration management | Configuration | |
| Configure the "domain of the provisioning server" setting to organizational standards. CC ID 09710 | System hardening through configuration management | Configuration | |
| Configure the "user name to connect to the provisioning server" setting to organizational standards. CC ID 09711 | System hardening through configuration management | Configuration | |
| Configure the "password to connect to the provisioning server" setting to organizational standards. CC ID 09712 | System hardening through configuration management | Configuration | |
| Configure the "server address of the provisioning server" setting to organizational standards. CC ID 09713 | System hardening through configuration management | Configuration | |
| Configure the "SNMP admin name" setting to organizational standards. CC ID 09714 | System hardening through configuration management | Configuration | |
| Configure the "SNMP community name" setting to organizational standards. CC ID 09715 | System hardening through configuration management | Configuration | |
| Configure the "SNMP console address" setting to organizational standards. CC ID 09716 | System hardening through configuration management | Configuration | |
| Configure the "SNMP location" setting to organizational standards. CC ID 09717 | System hardening through configuration management | Configuration | |
| Configure the "SNMP system description" setting to organizational standards. CC ID 09718 | System hardening through configuration management | Configuration | |
| Configure the "SNMP trap version" setting to organizational standards. CC ID 09719 | System hardening through configuration management | Configuration | |
| Configure Apache and Tomcat to Organizational Standards. CC ID 08987 | System hardening through configuration management | Configuration | |
| Configure the "demo CGI printenv.pl" setting to organizational standards. CC ID 08993 | System hardening through configuration management | Configuration | |
| Configure the "testcgi" setting to organizational standards. CC ID 08994 | System hardening through configuration management | Configuration | |
| Configure the "FollowSymLinks" setting for the "DocumentRoot" to organizational standards. CC ID 08995 | System hardening through configuration management | Configuration | |
| Configure the "IncludesNOEXEC" setting for the "DocumentRoot" to organizational standards. CC ID 08996 | System hardening through configuration management | Configuration | |
| Configure the "Indexes" setting for the "DocumentRoot" to organizational standards. CC ID 08997 | System hardening through configuration management | Configuration | |
| Configure the "Allow" setting for the "OS root" to organizational standards. CC ID 08998 | System hardening through configuration management | Configuration | |
| Configure the "Allow" setting to organizational standards. CC ID 08999 | System hardening through configuration management | Configuration | |
| Configure the "KeepAlive" setting to organizational standards. CC ID 09000 | System hardening through configuration management | Configuration | |
| Configure the "KeepAliveTimeout" setting to organizational standards. CC ID 09001 | System hardening through configuration management | Configuration | |
| Configure the "LimitRequestBody" setting to organizational standards. CC ID 09002 | System hardening through configuration management | Configuration | |
| Configure the "LimitRequestFields" setting to organizational standards. CC ID 09003 | System hardening through configuration management | Configuration | |
| Configure the "LimitRequestFieldSizeBody" setting to organizational standards. CC ID 09004 | System hardening through configuration management | Configuration | |
| Configure the "LimitRequestline" setting to organizational standards. CC ID 09005 | System hardening through configuration management | Configuration | |
| Configure the "loglevel" setting to organizational standards. CC ID 09006 | System hardening through configuration management | Configuration | |
| Configure the "MaxClients" setting to organizational standards. CC ID 09007 | System hardening through configuration management | Configuration | |
| Configure the "ServerTokens" setting to organizational standards. CC ID 09008 | System hardening through configuration management | Configuration | |
| Configure the "Timeout" setting to organizational standards. CC ID 09009 | System hardening through configuration management | Configuration | |
| Configure the "apache access log file" setting to organizational standards. CC ID 09010 | System hardening through configuration management | Configuration | |
| Configure the "AllowOverride" for "OS root" to organizational standards. CC ID 09011 | System hardening through configuration management | Configuration | |
| Configure the "AllowOverride" setting for "web site root directories" to organizational standards. CC ID 09012 | System hardening through configuration management | Configuration | |
| Configure the "ErrorDocument" setting for "HTTP 400 errors" to organizational standards. CC ID 09013 | System hardening through configuration management | Configuration | |
| Configure the "Group" setting to organizational standards. CC ID 09014 | System hardening through configuration management | Configuration | |
| Configure the "runtime rewriting engine" setting to organizational standards. CC ID 09015 | System hardening through configuration management | Configuration | |
| Configure the "ServerSignature" setting to organizational standards. CC ID 09016 | System hardening through configuration management | Configuration | |
| Configure the "apache system logging" setting to organizational standards. CC ID 09017 | System hardening through configuration management | Configuration | |
| Configure the "User" setting to organizational standards. CC ID 09019 | System hardening through configuration management | Configuration | |
| Configure the "ErrorDocument" setting for "HTTP 401 errors" to organizational standards. CC ID 09020 | System hardening through configuration management | Configuration | |
| Configure the "ErrorDocument" setting for "HTTP 403 errors" to organizational standards. CC ID 09021 | System hardening through configuration management | Configuration | |
| Configure the "ErrorDocument" setting for "HTTP 404 errors" to organizational standards. CC ID 09022 | System hardening through configuration management | Configuration | |
| Configure the "ErrorDocument" setting for "HTTP 405 errors" to organizational standards. CC ID 09023 | System hardening through configuration management | Configuration | |
| Configure the "ErrorDocument" setting for "HTTP 500 errors" to organizational standards. CC ID 09024 | System hardening through configuration management | Configuration | |
| Configure the "Deny" setting for the "OS root" to organizational standards. CC ID 09025 | System hardening through configuration management | Configuration | |
| Configure the "Deny" setting to organizational standards. CC ID 09026 | System hardening through configuration management | Configuration | |
| Configure the "error log file" setting to organizational standards. CC ID 09040 | System hardening through configuration management | Configuration | |
| Configure the "Includes" setting for the "DocumentRoot" to organizational standards. CC ID 09046 | System hardening through configuration management | Configuration | |
| Configure the "MultiViews" setting for the "DocumentRoot" to organizational standards. CC ID 09047 | System hardening through configuration management | Configuration | |
| Configure the "Order" setting for the "OS root" to organizational standards. CC ID 09048 | System hardening through configuration management | Configuration | |
| Configure the "permitted HTTP request methods" setting to organizational standards. CC ID 09049 | System hardening through configuration management | Configuration | |
| Configure the "httpd.conf" file to organizational standards. CC ID 09050 | System hardening through configuration management | Configuration | |
| Configure the "htpasswd" file to organizational standards. CC ID 09053 | System hardening through configuration management | Configuration | |
| Configure the "Server Administrator email address" setting to organizational standards. CC ID 09054 | System hardening through configuration management | Configuration | |
| Configure the "StartServers" setting to organizational standards. CC ID 09060 | System hardening through configuration management | Configuration | |
| Configure the "MinSpareServers" setting to organizational standards. CC ID 09061 | System hardening through configuration management | Configuration | |
| Configure the "MaxSpareServers" setting to organizational standards. CC ID 09062 | System hardening through configuration management | Configuration | |
| Configure the "ExecCGI" setting for the "DocumentRoot" to organizational standards. CC ID 09063 | System hardening through configuration management | Configuration | |
| Configure the "Order" setting for "all DocumentRoots" to organizational standards. CC ID 09064 | System hardening through configuration management | Configuration | |
| Configure the "Order" setting to organizational standards. CC ID 09065 | System hardening through configuration management | Configuration | |
| Configure the "action directive" setting to organizational standards. CC ID 09066 | System hardening through configuration management | Configuration | |
| Configure the "AddHandler directive" setting to organizational standards. CC ID 09067 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous sharing of Apache's web content directories with nfs" setting to organizational standards. CC ID 09068 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous sharing of Apache's web content directories with smb" setting to organizational standards. CC ID 09069 | System hardening through configuration management | Configuration | |
| Configure the "MaxKeepAliveRequests" setting to organizational standards. CC ID 09070 | System hardening through configuration management | Configuration | |
| Configure the "log_config_module" setting to organizational standards. CC ID 09072 | System hardening through configuration management | Configuration | |
| Configure the "disallow paths and files" setting for "robots.txt" to organizational standards. CC ID 09105 | System hardening through configuration management | Configuration | |
| Configure the "ssl_module" setting to organizational standards. CC ID 09106 | System hardening through configuration management | Configuration | |
| Configure the "SSLProtocol" setting to organizational standards. CC ID 09107 | System hardening through configuration management | Configuration | |
| Configure the "SSLEngine" setting to organizational standards. CC ID 09108 | System hardening through configuration management | Configuration | |
| Configure the "apache online manual" setting to organizational standards. CC ID 09109 | System hardening through configuration management | Configuration | |
| Configure the "FollowSymLinks" setting for "all options directives" to organizational standards. CC ID 09110 | System hardening through configuration management | Configuration | |
| Configure the "Includes" setting for "all options directives" to organizational standards. CC ID 09111 | System hardening through configuration management | Configuration | |
| Configure the "IncludesNoExec" setting for "all options directives" to organizational standards. CC ID 09112 | System hardening through configuration management | Configuration | |
| Configure the "MultiViews" setting for "all options directives" to organizational standards. CC ID 09113 | System hardening through configuration management | Configuration | |
| Configure the "Indexes" setting for "all options directives" to organizational standards. CC ID 09114 | System hardening through configuration management | Configuration | |
| Configure the "dav_module" setting to organizational standards. CC ID 09115 | System hardening through configuration management | Configuration | |
| Configure the "dav_fs_module" setting to organizational standards. CC ID 09116 | System hardening through configuration management | Configuration | |
| Configure the "info_module" setting to organizational standards. CC ID 09117 | System hardening through configuration management | Configuration | |
| Configure the "status_module" setting to organizational standards. CC ID 09118 | System hardening through configuration management | Configuration | |
| Configure the "proxy_module" setting to organizational standards. CC ID 09119 | System hardening through configuration management | Configuration | |
| Configure the "proxy_ftp_module" setting to organizational standards. CC ID 09120 | System hardening through configuration management | Configuration | |
| Configure the "proxy_http_module" setting to organizational standards. CC ID 09121 | System hardening through configuration management | Configuration | |
| Configure the "proxy_connect_module" setting to organizational standards. CC ID 09122 | System hardening through configuration management | Configuration | |
| Configure the "ExecCGI" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09130 | System hardening through configuration management | Configuration | |
| Configure the "FollowSymLinks" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09131 | System hardening through configuration management | Configuration | |
| Configure the "Includes" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09132 | System hardening through configuration management | Configuration | |
| Configure the "IncludesNoExec" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09133 | System hardening through configuration management | Configuration | |
| Configure the "Indexes" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09134 | System hardening through configuration management | Configuration | |
| Configure the "MultiViews" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09135 | System hardening through configuration management | Configuration | |
| Configure the "SymLinksIfOwnerMatch" setting for "all options directives" for the "OS root" to organizational standards. CC ID 09136 | System hardening through configuration management | Configuration | |
| Configure the "TraceEnable" setting to organizational standards. CC ID 09137 | System hardening through configuration management | Configuration | |
| Configure the "listening IP address" setting to organizational standards. CC ID 09138 | System hardening through configuration management | Configuration | |
| Configure the "listening port" setting to organizational standards. CC ID 09139 | System hardening through configuration management | Configuration | |
| Configure the "ScriptAlias" setting to organizational standards. CC ID 09140 | System hardening through configuration management | Configuration | |
| Configure the "automatic directory indexing" setting to organizational standards. CC ID 09141 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous sharing of Apache's web content directories" setting to organizational standards. CC ID 09142 | System hardening through configuration management | Configuration | |
| Configure the "apache web server" setting to organizational standards. CC ID 09147 | System hardening through configuration management | Configuration | |
| Configure the "dav_lock_module" setting to organizational standards. CC ID 09150 | System hardening through configuration management | Configuration | |
| Configure the "proxy_ajp_module" setting to organizational standards. CC ID 09151 | System hardening through configuration management | Configuration | |
| Configure the "proxy_balancer_module" setting to organizational standards. CC ID 09152 | System hardening through configuration management | Configuration | |
| Configure the "CGI scripts for Apache Tomcat" setting to organizational standards. CC ID 09720 | System hardening through configuration management | Configuration | |
| Configure the "Access to Apache Tomcat's interactive scripts" setting to organizational standards. CC ID 09721 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Apache's backup CGI *.bak" files to organizational standards CC ID 09722 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Apache's backup CGI *.old" files to organizational standards CC ID 09723 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Apache's backup CGI *.temp" files to organizational standards CC ID 09724 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Apache's backup CGI *.tmp" files to organizational standards CC ID 09725 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Apache's backup CGI *.backup" files to organizational standards CC ID 09726 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Apache's backup CGI copy of*.*" files to organizational standards CC ID 09727 | System hardening through configuration management | Configuration | |
| Configure the "maxProcessors attribute" setting to organizational standards. CC ID 09728 | System hardening through configuration management | Configuration | |
| Configure the "access log valve" setting for the "tomcat Engine container" to organizational standards. CC ID 09730 | System hardening through configuration management | Configuration | |
| Configure the "access log valve" setting for the "tomcat Host container" to organizational standards. CC ID 09731 | System hardening through configuration management | Configuration | |
| Configure the "access log valve" setting for the "tomcat Context container" to organizational standards. CC ID 09732 | System hardening through configuration management | Configuration | |
| Configure the "disallow paths and files" setting for the "tomcat site robots.txt" file to organizational standards. CC ID 09745 | System hardening through configuration management | Configuration | |
| Configure the "tomcat SSLProtocol atribute" setting to organizational standards. CC ID 09746 | System hardening through configuration management | Configuration | |
| Configure the "tomcat Connector SSLEngine attribute" setting to organizational standards. CC ID 09747 | System hardening through configuration management | Configuration | |
| Configure the "tomcat Listener SSLEngine attribute" setting to organizational standards. CC ID 09748 | System hardening through configuration management | Configuration | |
| Configure the "tomcat server attribute" setting to organizational standards. CC ID 09749 | System hardening through configuration management | Configuration | |
| Configure the "account running the tomcat service" setting to organizational standards. CC ID 09750 | System hardening through configuration management | Configuration | |
| Configure the "tomcat server documentation" setting to organizational standards. CC ID 09751 | System hardening through configuration management | Configuration | |
| Configure the "tomcat js examples" setting to organizational standards. CC ID 09752 | System hardening through configuration management | Configuration | |
| Configure the "tomcat servlet examples" setting to organizational standards. CC ID 09753 | System hardening through configuration management | Configuration | |
| Configure the "tomcat webdav" folder to organizational standards. CC ID 09754 | System hardening through configuration management | Configuration | |
| Configure the "tomcat examples" folder to organizational standards. CC ID 09755 | System hardening through configuration management | Configuration | |
| Configure the "tomcat balancer" folder to organizational standards. CC ID 09756 | System hardening through configuration management | Configuration | |
| Configure the "tomcat pattern attribute" setting to organizational standards. CC ID 09757 | System hardening through configuration management | Configuration | |
| Configure the "Java Security Manager (JSM)" setting to organizational standards. CC ID 09758 | System hardening through configuration management | Configuration | |
| Configure the "run with the Java Security Manager upon startup" setting to organizational standards. CC ID 09759 | System hardening through configuration management | Configuration | |
| Configure the "shutdown port number" for the "tomcat server" to organizational standards. CC ID 09760 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Legacy JK AJP 1.3 connector" setting to organizational standards. CC ID 09761 | System hardening through configuration management | Configuration | |
| Configure the "port number" setting for the "Tomcat Legacy JK AJP 1.3 connector" to organizational standards. CC ID 09762 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Legacy HTTP/1.1 connector" setting to organizational standards. CC ID 09763 | System hardening through configuration management | Configuration | |
| Configure the "port number" for the "Tomcat Legacy HTTP/1.1 connector" to organizational standards. CC ID 09764 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat login authentication method" setting to organizational standards. CC ID 09765 | System hardening through configuration management | Configuration | |
| Configure the "security roles" for the "Tomcat manager app" to organizational standards. CC ID 09766 | System hardening through configuration management | Configuration | |
| Configure the "security roles" setting for the "tomcat admin app" to organizational standards. CC ID 09767 | System hardening through configuration management | Configuration | |
| Configure the "deny access to the Tomcat Admin app" setting to organizational standards. CC ID 09768 | System hardening through configuration management | Configuration | |
| Configure the "allow access to the Tomcat Admin app" setting to organizational standards. CC ID 09769 | System hardening through configuration management | Configuration | |
| Configure the "deny access to the Tomcat manager app" setting to organizational standards. CC ID 09770 | System hardening through configuration management | Configuration | |
| Configure the "allow access to the Tomcat manager app" setting to organizational standards. CC ID 09771 | System hardening through configuration management | Configuration | |
| Configure the "password digest algorithm" setting for "JDBCRealm (database) connections" to organizational standards. CC ID 09779 | System hardening through configuration management | Configuration | |
| Configure the "JDBCRealm (database) password digest algorithm" setting to organizational standards. CC ID 09780 | System hardening through configuration management | Configuration | |
| Configure the "password digest algorithm" setting for "JNDIRealm (LDAP) connections" to organizational standards. CC ID 09781 | System hardening through configuration management | Configuration | |
| Configure the "JNDIRealm (LDAP) password digest" setting to organizational standards. CC ID 09782 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat HTTP/1.1 connector" setting to organizational standards. CC ID 09783 | System hardening through configuration management | Configuration | |
| Configure the "port number" setting for the "Tomcat HTTP/1.1 connector" to organizational standards. CC ID 09784 | System hardening through configuration management | Configuration | |
| Configure the "secure attribute" for the "Tomcat HTTP/1.1 connectors" to organizational standards. CC ID 09785 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat Legacy JK/JK2 AJP 1.3 connector" setting to organizational standards. CC ID 09786 | System hardening through configuration management | Configuration | |
| Configure the "port number" setting for the "JK/JK2 AJP 1.3 connector" to organizational standards. CC ID 09787 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat WARP connector" setting to organizational standards. CC ID 09788 | System hardening through configuration management | Configuration | |
| Configure the "port number" setting for the "WARP connector" to organizational standards. CC ID 09789 | System hardening through configuration management | Configuration | |
| Configure the "location of the log files directory" setting for the "Logger element" to organizational standards. CC ID 09790 | System hardening through configuration management | Configuration | |
| Configure the "example server.xml" file to organizational standards. CC ID 09791 | System hardening through configuration management | Configuration | |
| Configure the "file prefix" setting for the "Logger element" to organizational standards. CC ID 09794 | System hardening through configuration management | Configuration | |
| Configure the "verbosity" setting for the "Logger element" to organizational standards. CC ID 09795 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat server port number" setting to organizational standards. CC ID 09797 | System hardening through configuration management | Configuration | |
| Configure the "secure attribute" for the "Tomcat JK/JK2 AJP 1.3 connectors" to organizational standards. CC ID 09803 | System hardening through configuration management | Configuration | |
| Configure the "JULI container level logging" setting to organizational standards. CC ID 09804 | System hardening through configuration management | Configuration | |
| Configure the "JULI FileHandler threshold level " setting to organizational standards. CC ID 09805 | System hardening through configuration management | Configuration | |
| Configure the "JULI FileHandler save directory " setting to organizational standards. CC ID 09806 | System hardening through configuration management | Configuration | |
| Configure the "JULI FileHandlerlog file name prefix " setting to organizational standards. CC ID 09807 | System hardening through configuration management | Configuration | |
| Configure the "grant of all permissions to Tomcat web applications" setting to organizational standards. CC ID 09808 | System hardening through configuration management | Configuration | |
| Configure the "example" files to organizational standards. CC ID 09809 | System hardening through configuration management | Configuration | |
| Configure the "WebDAV app" setting to organizational standards. CC ID 09810 | System hardening through configuration management | Configuration | |
| Configure the "Tomcat-docs" setting to organizational standards. CC ID 09811 | System hardening through configuration management | Configuration | |
| Configure the "Balancer app" setting to organizational standards. CC ID 09812 | System hardening through configuration management | Configuration | |
| Configure the "save directory for log files" setting to organizational standards. CC ID 09816 | System hardening through configuration management | Configuration | |
| Configure the "verify passwords in tomcat-users.xml are stored using an authorized digest" setting to organizational standards. CC ID 09817 | System hardening through configuration management | Configuration | |
| Configure IIS to Organizational Standards. CC ID 08988 | System hardening through configuration management | Configuration | |
| Configure the "IIS Web Root folder path" setting to organizational standards. CC ID 09153 | System hardening through configuration management | Configuration | |
| Configure the "IIS Web Root" directory to organizational standards. CC ID 09154 | System hardening through configuration management | Configuration | |
| Configure the "use the appropriate network interface" setting to organizational standards. CC ID 09155 | System hardening through configuration management | Configuration | |
| Configure the "Enable Logging" setting to organizational standards. CC ID 09167 | System hardening through configuration management | Configuration | |
| Configure the "Integrated Windows Authentication" setting to organizational standards. CC ID 09176 | System hardening through configuration management | Configuration | |
| Configure the "Special Characters In Shells" setting for the "WWW service" to organizational standards. CC ID 09177 | System hardening through configuration management | Configuration | |
| Configure the "IIS WWW service SSL error logging" setting to organizational standards. CC ID 09178 | System hardening through configuration management | Configuration | |
| Configure the "RDSServer.DataFactory object" setting to organizational standards. CC ID 09179 | System hardening through configuration management | Configuration | |
| Configure the "AdvancedDataFactory object" setting to organizational standards. CC ID 09180 | System hardening through configuration management | Configuration | |
| Configure the "VbBusObj.VbBusObjCls object" setting to organizational standards. CC ID 09181 | System hardening through configuration management | Configuration | |
| Configure the ".printer extension mapping" setting to organizational standards CC ID 09182 | System hardening through configuration management | Configuration | |
| Configure the ".htw extension mapping" setting to organizational standards CC ID 09183 | System hardening through configuration management | Configuration | |
| Configure the ".ida extension mapping" setting to organizational standards CC ID 09184 | System hardening through configuration management | Configuration | |
| Configure the ".idq extension mapping" setting to organizational standards CC ID 09185 | System hardening through configuration management | Configuration | |
| Configure the ".idc extension mapping" setting to organizational standards CC ID 09186 | System hardening through configuration management | Configuration | |
| Configure the ".shtm extension mapping" setting to organizational standards CC ID 09187 | System hardening through configuration management | Configuration | |
| Configure the ".stm extension mapping" setting to organizational standards CC ID 09188 | System hardening through configuration management | Configuration | |
| Configure the ".shtml extension mapping" setting to organizational standards CC ID 09189 | System hardening through configuration management | Configuration | |
| Configure the "Relative path traversal" setting to organizational standards. CC ID 09190 | System hardening through configuration management | Configuration | |
| Configure the "HTTP protocol logging" setting to organizational standards. CC ID 09199 | System hardening through configuration management | Configuration | |
| Configure the "Date logging" setting to organizational standards. CC ID 09200 | System hardening through configuration management | Configuration | |
| Configure the "Time logging" setting to organizational standards. CC ID 09201 | System hardening through configuration management | Configuration | |
| Configure the "Client IP Address logging" setting to organizational standards. CC ID 09202 | System hardening through configuration management | Configuration | |
| Configure the "User name logging" setting to organizational standards. CC ID 09203 | System hardening through configuration management | Configuration | |
| Configure the "User agent logging" setting to organizational standards. CC ID 09204 | System hardening through configuration management | Configuration | |
| Configure the "Method logging" setting to organizational standards. CC ID 09205 | System hardening through configuration management | Configuration | |
| Configure the "URI stem logging" setting to organizational standards. CC ID 09206 | System hardening through configuration management | Configuration | |
| Configure the "URL query logging" setting to organizational standards. CC ID 09207 | System hardening through configuration management | Configuration | |
| Configure the "Server IP address logging" setting to organizational standards. CC ID 09208 | System hardening through configuration management | Configuration | |
| Configure the "Server port logging" setting to organizational standards. CC ID 09209 | System hardening through configuration management | Configuration | |
| Configure the "Protocol status logging" setting to organizational standards. CC ID 09210 | System hardening through configuration management | Configuration | |
| Configure the "Win32 status logging" setting to organizational standards. CC ID 09211 | System hardening through configuration management | Configuration | |
| Configure the "HTTP Log folder path" setting to organizational standards. CC ID 09212 | System hardening through configuration management | Configuration | |
| Configure the "Web-based password reset IIS application mappings (.htr)" setting to organizational standards CC ID 09215 | System hardening through configuration management | Configuration | |
| Configure the "IIS Sample files" setting to organizational standards. CC ID 09216 | System hardening through configuration management | Configuration | |
| Configure the "sample Data Access files" setting to organizational standards. CC ID 09217 | System hardening through configuration management | Configuration | |
| Configure the "IIS Help files" setting to organizational standards. CC ID 09218 | System hardening through configuration management | Configuration | |
| Configure the "Remote Account password changes" setting to organizational standards. CC ID 09219 | System hardening through configuration management | Configuration | |
| Configure the "execution context of the IIS CGI processes" setting to organizational standards. CC ID 09220 | System hardening through configuration management | Configuration | |
| Configure the "Server Side Includes command shell" setting to organizational standards. CC ID 09229 | System hardening through configuration management | Configuration | |
| Configure the "IIS sample Web Printing files" setting to organizational standards. CC ID 09230 | System hardening through configuration management | Configuration | |
| Configure the "AllowRestrictedChars" setting to organizational standards. CC ID 09231 | System hardening through configuration management | Configuration | |
| Configure the "EnableNonUTF8" setting to organizational standards. CC ID 09232 | System hardening through configuration management | Configuration | |
| Configure the "FavorUTF8" setting to organizational standards. CC ID 09233 | System hardening through configuration management | Configuration | |
| Configure the "maximum possible size of request headers" setting to organizational standards. CC ID 09234 | System hardening through configuration management | Configuration | |
| Configure the "maximum possible combined size of request line and headers" setting to organizational standards. CC ID 09235 | System hardening through configuration management | Configuration | |
| Configure the "maximum number of characters in a URL path setting" setting to organizational standards. CC ID 09236 | System hardening through configuration management | Configuration | |
| Configure the "maximum number of URL path segments" setting to organizational standards. CC ID 09237 | System hardening through configuration management | Configuration | |
| Configure the "allowance of %U notation in request URLs" setting to organizational standards. CC ID 09238 | System hardening through configuration management | Configuration | |
| Configure the "maximum response size that can be cached in the kernel" setting to organizational standards. CC ID 09239 | System hardening through configuration management | Configuration | |
| Configure the "maximum size of the entire request body" setting to organizational standards. CC ID 09240 | System hardening through configuration management | Configuration | |
| Configure the "URLScan ISAPI filters" setting to organizational standards. CC ID 09241 | System hardening through configuration management | Configuration | |
| Configure the "HTTP SSL (HTTPFilter) service" setting to organizational standards. CC ID 09242 | System hardening through configuration management | Configuration | |
| Configure the "identity" setting for the "IIS Application Pools service" to organizational standards. CC ID 09243 | System hardening through configuration management | Configuration | |
| Configure the "worker process isolation" setting to organizational standards. CC ID 09244 | System hardening through configuration management | Configuration | |
| Configure the "Recycle worker process (in minutes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09245 | System hardening through configuration management | Configuration | |
| Configure the "Recycle worker process (number of requests)" setting for the "IIS Application Pool" to organizational standards. CC ID 09246 | System hardening through configuration management | Configuration | |
| Configure the "Maximum virtual memory (in megabytes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09247 | System hardening through configuration management | Configuration | |
| Configure the "Maximum used memory (in megabytes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09248 | System hardening through configuration management | Configuration | |
| Configure the "Shutdown worker processes after being idle (time in minutes)" setting for the "IIS Application Pool" to organizational standards. CC ID 09249 | System hardening through configuration management | Configuration | |
| Configure the "Limit the kernel request queue (number of requests)" setting for the "IIS Application Pool" to organizational standards. CC ID 09250 | System hardening through configuration management | Configuration | |
| Configure the "Enable pinging" setting for the "IIS Application Pool" to organizational standards. CC ID 09251 | System hardening through configuration management | Configuration | |
| Configure the "Ping worker process every (frequency in seconds)" setting for the "IIS Application Pool" to organizational standards. CC ID 09252 | System hardening through configuration management | Configuration | |
| Configure the "Enable rapid-fail protection" setting for the "IIS Application Pool" to organizational standards. CC ID 09253 | System hardening through configuration management | Configuration | |
| Configure the "Enable rapid-fail protection - Failures" setting for the "IIS Application Pool" to organizational standards. CC ID 09254 | System hardening through configuration management | Configuration | |
| Configure the "Enable rapid-fail protection - Time Period" setting for the "IIS Application Pool" to organizational standards. CC ID 09255 | System hardening through configuration management | Configuration | |
| Configure the "auditing" setting for the "MetaBase.xml" file to organizational standards. CC ID 09256 | System hardening through configuration management | Configuration | |
| Configure Microsoft SQL Server to Organizational Standards. CC ID 08989 | System hardening through configuration management | Configuration | |
| Configure the "allowing DDL statements to modify the application schema" permissions for the "Database application" to organizational standards. CC ID 09258 | System hardening through configuration management | Configuration | |
| Configure the "encrypt custom and GOTS application source code" setting to organizational standards. CC ID 09259 | System hardening through configuration management | Configuration | |
| Configure the "Access to DBMS software files and directories" setting to organizational standards. CC ID 09264 | System hardening through configuration management | Configuration | |
| Configure the "Default demonstration and sample database objects and applications" setting to organizational standards. CC ID 09265 | System hardening through configuration management | Configuration | |
| Configure the "auditing parameters" for "database auditing" to organizational standards. CC ID 09266 | System hardening through configuration management | Configuration | |
| Configure the "DBMS login account password complexity requirements" setting to organizational standards. CC ID 09268 | System hardening through configuration management | Configuration | |
| Configure the "Passwords for DBMS default accounts" setting to organizational standards. CC ID 09269 | System hardening through configuration management | Configuration | |
| Configure the "Remote DBMS administration" setting to organizational standards. CC ID 09270 | System hardening through configuration management | Configuration | |
| Configure the "C2 Audit records" setting to organizational standards. CC ID 09271 | System hardening through configuration management | Configuration | |
| Configure the "SQL Mail XPs" setting to organizational standards. CC ID 09272 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server Service" setting to organizational standards. CC ID 09275 | System hardening through configuration management | Configuration | |
| Configure the "Access extended stored procedure xp_cmdshell" setting to organizational standards. CC ID 09277 | System hardening through configuration management | Configuration | |
| Configure the "xp_cmdshell" setting to organizational standards. CC ID 09278 | System hardening through configuration management | Configuration | |
| Configure the "OLE Automation extended stored procedures" setting to organizational standards. CC ID 09279 | System hardening through configuration management | Configuration | |
| Configure the "Access to registry extended stored procedures" setting to organizational standards. CC ID 09280 | System hardening through configuration management | Configuration | |
| Configure the "Remote access" setting to organizational standards. CC ID 09281 | System hardening through configuration management | Configuration | |
| Configure "Set time limit for active but idle Remote Desktop Services sessions" to organizational standards. CC ID 15382 | System hardening through configuration management | Configuration | |
| Configure the "Always show desktop on connection" setting to organizational standards. CC ID 10753 | System hardening through configuration management | Configuration | |
| Configure the "Automatic reconnection" setting to organizational standards. CC ID 10760 | System hardening through configuration management | Configuration | |
| Configure the "keep-alive connection interval" setting to organizational standards. CC ID 10790 | System hardening through configuration management | Configuration | |
| Configure the "RD Connection Broker farm name" setting to organizational standards. CC ID 10800 | System hardening through configuration management | Configuration | |
| Configure the "RD Connection Broker server name" setting to organizational standards. CC ID 10801 | System hardening through configuration management | Configuration | |
| Configure the "server authentication for client" setting for "Remote Desktop Connection Client" to organizational standards. CC ID 10817 | System hardening through configuration management | Configuration | |
| Configure the "Do not use Remote Desktop Session Host server IP address when virtual IP address is not available" setting to organizational standards. CC ID 10938 | System hardening through configuration management | Configuration | |
| Configure the "Enforce Removal of Remote Desktop Wallpaper" setting to organizational standards. CC ID 10957 | System hardening through configuration management | Configuration | |
| Configure the "Hide previous versions list for remote files" setting to organizational standards. CC ID 10990 | System hardening through configuration management | Configuration | |
| Configure the "Join RD Connection Broker" setting to organizational standards. CC ID 11003 | System hardening through configuration management | Configuration | |
| Configure the "Limit number of connections" setting to organizational standards. CC ID 11011 | System hardening through configuration management | Configuration | |
| Configure the "Optimize visual experience for Remote Desktop Services sessions" setting to organizational standards. CC ID 11058 | System hardening through configuration management | Configuration | |
| Configure the "Prevent restoring remote previous versions" setting to organizational standards. CC ID 11089 | System hardening through configuration management | Configuration | |
| Configure the "Require strict target SPN match on remote procedure calls" setting to organizational standards. CC ID 11136 | System hardening through configuration management | Configuration | |
| Configure the "Require use of specific security layer for remote (RDP) connections" setting to organizational standards. CC ID 11137 | System hardening through configuration management | Configuration | |
| Configure the "Restrict Remote Desktop Services users to a single Remote Desktop Services session" setting to organizational standards. CC ID 11142 | System hardening through configuration management | Configuration | |
| Configure the "Select the network adapter to be used for Remote Desktop IP Virtualization" setting to organizational standards. CC ID 11164 | System hardening through configuration management | Configuration | |
| Configure the "Set maximum wait time for the network if a user has a roaming user profile or remote home directory" setting to organizational standards. CC ID 11175 | System hardening through configuration management | Configuration | |
| Configure the "Set path for Remote Desktop Services Roaming User Profile" setting to organizational standards. CC ID 11176 | System hardening through configuration management | Configuration | |
| Configure the "Set Remote Desktop Services User Home Directory" setting to organizational standards. CC ID 11181 | System hardening through configuration management | Configuration | |
| Configure the "Set rules for remote control of Remote Desktop Services user sessions" setting to organizational standards. CC ID 11183 | System hardening through configuration management | Configuration | |
| Configure the "Set the Remote Desktop licensing mode" setting to organizational standards. CC ID 11188 | System hardening through configuration management | Configuration | |
| Configure the "Set time limit for active Remote Desktop Services sessions" setting to organizational standards. CC ID 11194 | System hardening through configuration management | Configuration | |
| Configure the "Set time limit for logoff of RemoteApp sessions" setting to organizational standards. CC ID 11195 | System hardening through configuration management | Configuration | |
| Configure the "Specify maximum number of remote shells per user" setting to organizational standards. CC ID 11213 | System hardening through configuration management | Configuration | |
| Configure the "Start a program on connection" setting to organizational standards. CC ID 11228 | System hardening through configuration management | Configuration | |
| Configure the "Turn off desktop gadgets" setting to organizational standards. CC ID 11275 | System hardening through configuration management | Configuration | |
| Configure the "Turn off legacy remote shutdown interface" setting to organizational standards. CC ID 11285 | System hardening through configuration management | Configuration | |
| Configure the "Turn Off user-installed desktop gadgets" setting to organizational standards. CC ID 11322 | System hardening through configuration management | Configuration | |
| Configure the "Turn on Remote Desktop IP Virtualization" setting to organizational standards. CC ID 11348 | System hardening through configuration management | Configuration | |
| Configure the "Use RD Connection Broker load balancing" setting to organizational standards. CC ID 11364 | System hardening through configuration management | Configuration | |
| Configure the "Use the specified Remote Desktop license servers" setting to organizational standards. CC ID 11366 | System hardening through configuration management | Configuration | |
| Configure the "Wait for remote user profile" setting to organizational standards. CC ID 11370 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server authentication" setting to organizational standards. CC ID 09282 | System hardening through configuration management | Configuration | |
| Configure the "Access to CmdExec and ActiveScripting jobs" setting to organizational standards. CC ID 09283 | System hardening through configuration management | Configuration | |
| Configure the "Error log retention" setting to organizational standards. CC ID 09284 | System hardening through configuration management | Configuration | |
| Configure the "Trace rollover" setting to organizational standards. CC ID 09285 | System hardening through configuration management | Configuration | |
| Configure the "Named Pipes network protocol" setting to organizational standards. CC ID 09286 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server event forwarding" setting to organizational standards. CC ID 09287 | System hardening through configuration management | Configuration | |
| Configure the "Access to manage the database master key" setting to organizational standards. CC ID 09288 | System hardening through configuration management | Configuration | |
| Configure the "Encryption of the asymmetric keys" setting to organizational standards. CC ID 09290 | System hardening through configuration management | Configuration | |
| Configure the "audit unauthorized access to the asymmetric keys" setting to organizational standards. CC ID 09291 | System hardening through configuration management | Configuration | |
| Configure the "Database Master key encryption password" setting to organizational standards. CC ID 09292 | System hardening through configuration management | Configuration | |
| Configure the "encrypt Database Master Key" setting to organizational standards. CC ID 09293 | System hardening through configuration management | Configuration | |
| Configure the "store the database master key password" setting to organizational standards. CC ID 09294 | System hardening through configuration management | Configuration | |
| Configure the "protect symmetric keys" setting to organizational standards. CC ID 09295 | System hardening through configuration management | Configuration | |
| Configure the "clear residual data from memory, data objects or files, or other storage locations" setting to organizational standards. CC ID 09296 | System hardening through configuration management | Configuration | |
| Configure the "DBMS account passwords expiration" setting to organizational standards. CC ID 09297 | System hardening through configuration management | Configuration | |
| Configure the "audit attempts to bypass access controls" setting to organizational standards. CC ID 09310 | System hardening through configuration management | Configuration | |
| Configure the "default audit trace" setting to organizational standards. CC ID 09311 | System hardening through configuration management | Configuration | |
| Configure the "Audit records contents" setting to organizational standards. CC ID 09312 | System hardening through configuration management | Configuration | |
| Configure the "port" setting for "Sql Server Analysis Services" to organizational standards. CC ID 09313 | System hardening through configuration management | Configuration | |
| Configure the "port" setting for the "DBMS" to organizational standards. CC ID 09314 | System hardening through configuration management | Configuration | |
| Configure the "Fixed server roll membership" setting to organizational standards. CC ID 09315 | System hardening through configuration management | Configuration | |
| Configure the "Database Mail XPs" setting to organizational standards. CC ID 09316 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server Agent Email" setting to organizational standards. CC ID 09317 | System hardening through configuration management | Configuration | |
| Configure the "scan for startup procs" setting to organizational standards. CC ID 09331 | System hardening through configuration management | Configuration | |
| Configure the "Access to SQL Server Agent CmdExec" setting to organizational standards. CC ID 09332 | System hardening through configuration management | Configuration | |
| Configure the "Access to ActiveScripting jobs" setting to organizational standards. CC ID 09333 | System hardening through configuration management | Configuration | |
| Configure the "SQL Server Agent proxies" setting to organizational standards. CC ID 09334 | System hardening through configuration management | Configuration | |
| Configure the "Replication snapshot folders" setting to organizational standards. CC ID 09335 | System hardening through configuration management | Configuration | |
| Configure the "Ad hoc data mining queries configuration" setting to organizational standards. CC ID 09336 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services Anonymous Connections" setting to organizational standards. CC ID 09337 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services Links to Objects" setting to organizational standards. CC ID 09338 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services Links From Objects" setting to organizational standards. CC ID 09339 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services user-defined COM functions" setting to organizational standards. CC ID 09340 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services Required Protection Levels" setting to organizational standards. CC ID 09341 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services Security Package List" setting to organizational standards. CC ID 09342 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services server role" setting to organizational standards. CC ID 09343 | System hardening through configuration management | Configuration | |
| Configure the "Analysis Services database roles" setting to organizational standards. CC ID 09344 | System hardening through configuration management | Configuration | |
| Configure the "Reporting Services Web service requests and HTTP" setting to organizational standards. CC ID 09345 | System hardening through configuration management | Configuration | |
| Configure the "Reporting Services scheduled events and report delivery" setting to organizational standards. CC ID 09346 | System hardening through configuration management | Configuration | |
| Configure the "Command Language Runtime objects" setting to organizational standards. CC ID 09348 | System hardening through configuration management | Configuration | |
| Configure the "XML Web Services endpoints" setting to organizational standards. CC ID 09349 | System hardening through configuration management | Configuration | |
| Configure the "db_owner role members" setting to organizational standards. CC ID 09350 | System hardening through configuration management | Configuration | |
| Configure the "Web Assistant procedures configuration" setting to organizational standards. CC ID 09351 | System hardening through configuration management | Configuration | |
| Configure the "Disallow adhoc access" setting for "linked servers" to organizational standards. CC ID 09353 | System hardening through configuration management | Configuration | |
| Configure the "Ad Hoc distributed queries" setting to organizational standards. CC ID 09354 | System hardening through configuration management | Configuration | |
| Configure the "Access to Analysis Services data sources" setting to organizational standards. CC ID 09355 | System hardening through configuration management | Configuration | |
| Configure the "Database TRUSTWORTHY status" setting to organizational standards. CC ID 09356 | System hardening through configuration management | Configuration | |
| Configure the "Agent XPs" setting to organizational standards. CC ID 09357 | System hardening through configuration management | Configuration | |
| Configure the "SMO and DMO XPs" setting to organizational standards. CC ID 09358 | System hardening through configuration management | Configuration | |
| Configure Oracle WebLogic Server to Organizational Standards. CC ID 08990 | System hardening through configuration management | Configuration | |
| Configure the "Complete Message Timeout" setting to organizational standards. CC ID 09818 | System hardening through configuration management | Configuration | |
| Configure the "FIPS- compliant cryptographic module" setting to organizational standards. CC ID 09819 | System hardening through configuration management | Configuration | |
| Configure the "Allow Unencrypted Null Cipher" setting to organizational standards. CC ID 09820 | System hardening through configuration management | Configuration | |
| Configure the "Maximum Message Size" setting to organizational standards. CC ID 09821 | System hardening through configuration management | Configuration | |
| Configure the "Security Interoperability Mode" setting to organizational standards. CC ID 09822 | System hardening through configuration management | Configuration | |
| Configure the "Severity field" setting to organizational standards. CC ID 09824 | System hardening through configuration management | Configuration | |
| Configure the "servlet.HttpServletResponse" setting for "Active Context Handler" to organizational standards. CC ID 09825 | System hardening through configuration management | Configuration | |
| Configure the "wli.Message" setting for "Active Context Handler" to organizational standards. CC ID 09826 | System hardening through configuration management | Configuration | |
| Configure the "channel.Port" setting for "Active Context Handler" to organizational standards. CC ID 09827 | System hardening through configuration management | Configuration | |
| Configure the "channel.PublicPort" setting for "Active Context Handler" to organizational standards. CC ID 09828 | System hardening through configuration management | Configuration | |
| Configure the "channel.RemotePort" setting for "Active Context Handler" to organizational standards. CC ID 09829 | System hardening through configuration management | Configuration | |
| Configure the "channel.Protocol" setting for "Active Context Handler" to organizational standards. CC ID 09830 | System hardening through configuration management | Configuration | |
| Configure the "channel.Address" setting for "Active Context Handler" to organizational standards. CC ID 09831 | System hardening through configuration management | Configuration | |
| Configure the "channel.PublicAddress" setting for "Active Context Handler" to organizational standards. CC ID 09832 | System hardening through configuration management | Configuration | |
| Configure the "channel.RemoteAddress" setting for "Active Context Handler" to organizational standards. CC ID 09833 | System hardening through configuration management | Configuration | |
| Configure the "channel.ChannelName" setting for "Active Context Handler" to organizational standards. CC ID 09834 | System hardening through configuration management | Configuration | |
| Configure the "channel.Secure" setting for "Active Context Handler" to organizational standards. CC ID 09835 | System hardening through configuration management | Configuration | |
| Configure the "ejb20.Parameter" setting for "Active Context Handler" to organizational standards CC ID 09836 | System hardening through configuration management | Configuration | |
| Configure the "wsee.SOAPmessage" setting for "Active Context Handler" to organizational standards. CC ID 09837 | System hardening through configuration management | Configuration | |
| Configure the "entitlement.EAuxilaryID" setting for "Active Context Handler" to organizational standards. CC ID 09838 | System hardening through configuration management | Configuration | |
| Configure the "security.ChainPrevalidatedBySSL" setting for "Active Context Handler" to organizational standards. CC ID 09839 | System hardening through configuration management | Configuration | |
| Configure the "xml.SecurityToken" setting for "Active Context Handler" to organizational standards. CC ID 09840 | System hardening through configuration management | Configuration | |
| Configure the "webservice.Integrity" setting for "Active Context Handler" to organizational standards. CC ID 09841 | System hardening through configuration management | Configuration | |
| Configure the "saml.SSLClientCertificateChain" setting for "Active Context Handler" to organizational standards. CC ID 09842 | System hardening through configuration management | Configuration | |
| Configure the "saml.MessageSignerCerficate" setting for "Active Context Handler" to organizational standards. CC ID 09843 | System hardening through configuration management | Configuration | |
| Configure the "saml.subject.ConfirmationMethod" setting for "Active Context Handler" to organizational standards. CC ID 09844 | System hardening through configuration management | Configuration | |
| Configure the "saml.subject.dom.KeyInfo" setting for "Active Context Handler" to organizational standards. CC ID 09845 | System hardening through configuration management | Configuration | |
| Configure the "jmx.ObjectName" setting for "Active Context Handler" to organizational standards. CC ID 09846 | System hardening through configuration management | Configuration | |
| Configure the "jmx.ShortName" setting for "Active Context Handler" to organizational standards. CC ID 09847 | System hardening through configuration management | Configuration | |
| Configure the "jmx.Parameters" setting for "Active Context Handler" to organizational standards. CC ID 09848 | System hardening through configuration management | Configuration | |
| Configure the "jmx.Signature" setting for "Active Context Handler" to organizational standards. CC ID 09849 | System hardening through configuration management | Configuration | |
| Configure the "jmx.AuditProtectedArgInfo" setting for "Active Context Handler" to organizational standards. CC ID 09850 | System hardening through configuration management | Configuration | |
| Configure the "jmx.OldAttributeValue" setting for "Active Context Handler" to organizational standards. CC ID 09851 | System hardening through configuration management | Configuration | |
| Configure the "Reject if Password Contains the User Name" setting to organizational standards. CC ID 09852 | System hardening through configuration management | Configuration | |
| Configure the "Reject if Password Contains the User Name Reversed" setting to organizational standards. CC ID 09853 | System hardening through configuration management | Configuration | |
| Configure the "maximum instances of any character field" setting to organizational standards. CC ID 09854 | System hardening through configuration management | Configuration | |
| Configure the "maximum consecutive characters field" setting to organizational standards. CC ID 09855 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of alphabetic characters field" setting to organizational standards. CC ID 09856 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of numeric characters field" setting to organizational standards. CC ID 09857 | System hardening through configuration management | Configuration | |
| Configure the "minimum number of non-alphanumeric characters field" setting to organizational standards. CC ID 09858 | System hardening through configuration management | Configuration | |
| Configure the "Lockout Threshold" setting in the "Security Realm" to organizational standards. CC ID 09861 | System hardening through configuration management | Configuration | |
| Configure the "Lockout Duration" setting in the "Security Realm" to organizational standards. CC ID 09862 | System hardening through configuration management | Configuration | |
| Configure the "Lockout Reset Duration" setting in the "Security Realm" to organizational standards. CC ID 09863 | System hardening through configuration management | Configuration | |
| Configure the "Require Unanimous Permit" setting to organizational standards. CC ID 09864 | System hardening through configuration management | Configuration | |
| Configure the "Host Name Verification" setting on the "Administration Server" to organizational standards. CC ID 09865 | System hardening through configuration management | Configuration | |
| Configure the "Minimum Number of Non-Alphabetic Characters" setting to organizational standards. CC ID 09866 | System hardening through configuration management | Configuration | |
| Configure the "SSL Enabled" setting for "LDAP Server connections" to organizational standards. CC ID 09867 | System hardening through configuration management | Configuration | |
| Configure the "Host Name Verification" setting to organizational standards. CC ID 09868 | System hardening through configuration management | Configuration | |
| Configure the "Domain Credentials" setting to organizational standards. CC ID 09869 | System hardening through configuration management | Configuration | |
| Configure the "Configuration Archive Enabled" setting to organizational standards. CC ID 09870 | System hardening through configuration management | Configuration | |
| Configure the "Archive Configuration Count" setting to organizational standards. CC ID 09871 | System hardening through configuration management | Configuration | |
| Configure the "Default Administrator field" setting to organizational standards. CC ID 09872 | System hardening through configuration management | Configuration | |
| Configure the "SSL Listen Port" setting to organizational standards. CC ID 09873 | System hardening through configuration management | Configuration | |
| Configure the "Administration Console Session Timeout field" setting to organizational standards. CC ID 09874 | System hardening through configuration management | Configuration | |
| Configure the "Production Mode" setting to organizational standards. CC ID 09875 | System hardening through configuration management | Configuration | |
| Configure the "WebLogic Auditing provider" setting to organizational standards. CC ID 09876 | System hardening through configuration management | Configuration | |
| Configure the "Invocation Timeout Seconds" setting to organizational standards. CC ID 09877 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous Admin Lookup Enabled" setting to organizational standards. CC ID 09878 | System hardening through configuration management | Configuration | |
| Configure the "Web App Files Case Insensitive" setting to organizational standards. CC ID 09879 | System hardening through configuration management | Configuration | |
| Configure the "Enable Administration Port" setting to organizational standards. CC ID 09880 | System hardening through configuration management | Configuration | |
| Configure the "SSL Rejection Logging Enabled" setting to organizational standards. CC ID 09881 | System hardening through configuration management | Configuration | |
| Configure the "Export Key Lifespan" setting to organizational standards. CC ID 09882 | System hardening through configuration management | Configuration | |
| Configure the "Client Cert Proxy Enabled" setting for the "Administration Server" to organizational standards. CC ID 09883 | System hardening through configuration management | Configuration | |
| Configure the "Client Cert Proxy Enabled" setting for the "managed server" to organizational standards. CC ID 09884 | System hardening through configuration management | Configuration | |
| Configure the "Frontend Host" setting to organizational standards. CC ID 09885 | System hardening through configuration management | Configuration | |
| Configure the "Check Roles and Policies" setting to organizational standards. CC ID 09886 | System hardening through configuration management | Configuration | |
| Configure the "Security Model Default" setting to organizational standards. CC ID 09887 | System hardening through configuration management | Configuration | |
| Configure the "When Deploying Web Applications or EJBS" setting to organizational standards. CC ID 09888 | System hardening through configuration management | Configuration | |
| Configure the "Configuration Audit Type field" setting to organizational standards. CC ID 09889 | System hardening through configuration management | Configuration | |
| Configure the "EditMBeanServerEnabled" setting for the "Administration Server" to organizational standards. CC ID 09890 | System hardening through configuration management | Configuration | |
| Configure the "two-way SSL" setting to organizational standards. CC ID 09891 | System hardening through configuration management | Configuration | |
| Configure the "Embedded LDAP Timeout" setting to organizational standards. CC ID 09892 | System hardening through configuration management | Configuration | |
| Configure the "Anonymous Bind Allowed" setting to organizational standards. CC ID 09893 | System hardening through configuration management | Configuration | |
| Configure the "Post Timeout field" setting to organizational standards. CC ID 09894 | System hardening through configuration management | Configuration | |
| Configure the "HTTP Duration" setting to organizational standards. CC ID 09895 | System hardening through configuration management | Configuration | |
| Configure the "HTTPS Duration" setting to organizational standards. CC ID 09896 | System hardening through configuration management | Configuration | |
| Configure the "HTTP Maximum Message Size" setting to organizational standards. CC ID 09897 | System hardening through configuration management | Configuration | |
| Configure the "Connection Filter" setting for the "managed server" to organizational standards. CC ID 09898 | System hardening through configuration management | Configuration | |
| Configure the "connection filter" setting to organizational standards. CC ID 09899 | System hardening through configuration management | Configuration | |
| Configure the "Client Cert Proxy Enabled" setting to organizational standards. CC ID 09904 | System hardening through configuration management | Configuration | |
| Configure the "Auth Cookie Enabled" setting to organizational standards. CC ID 09905 | System hardening through configuration management | Configuration | |
| Configure the "Maximum Open Sockets" setting on the "Administration server" to organizational standards. CC ID 09906 | System hardening through configuration management | Configuration | |
| Configure the "Complete Message Timeout" setting for "each custom channel" to organizational standards. CC ID 09908 | System hardening through configuration management | Configuration | |
| Configure the "Idle Connection Timeout" setting for "each custom channel" to organizational standards. CC ID 09909 | System hardening through configuration management | Configuration | |
| Configure the "Maximum Message Size" setting for "each custom channel" to organizational standards. CC ID 09910 | System hardening through configuration management | Configuration | |
| Configure the "Node Manager Listen Address" setting to organizational standards. CC ID 09911 | System hardening through configuration management | Configuration | |
| Configure the "Node Manager Type" setting to organizational standards. CC ID 09912 | System hardening through configuration management | Configuration | |
| Configure the "Policy Selection Preference" setting to organizational standards. CC ID 09913 | System hardening through configuration management | Configuration | |
| Configure the "Maximum Open Sockets" setting for "all Managed Servers" to organizational standards. CC ID 09914 | System hardening through configuration management | Configuration | |
| Configure the "Enforce Constraints" setting for "digital certificates" to organizational standards. CC ID 09915 | System hardening through configuration management | Configuration | |
| Configure the "Keystores field" setting to organizational standards. CC ID 09916 | System hardening through configuration management | Configuration | |
| Configure the "HTTP Access Log File" setting to organizational standards. CC ID 09917 | System hardening through configuration management | Configuration | |
| Configure the "Custom Hostname Verifier field" setting to organizational standards. CC ID 09918 | System hardening through configuration management | Configuration | |
| Configure the "SSL port enabled" setting to organizational standards. CC ID 09919 | System hardening through configuration management | Configuration | |
| Configure the "Listen Port Enabled" setting to organizational standards. CC ID 09920 | System hardening through configuration management | Configuration | |
| Configure security and protection software according to Organizational Standards. CC ID 11917 | System hardening through configuration management | Configuration | |
| Configure security and protection software to automatically run at startup. CC ID 12443 | System hardening through configuration management | Configuration | |
| Configure security and protection software to enable automatic updates. CC ID 11945 | System hardening through configuration management | Configuration | |
| Configure security and protection software to check e-mail messages. CC ID 00578 | System hardening through configuration management | Testing | |
| Configure security and protection software to check e-mail attachments. CC ID 11860 | System hardening through configuration management | Configuration | |
| Configure Windows Defender Remote Credential Guard to organizational standards. CC ID 16515 | System hardening through configuration management | Configuration | |
| Configure Windows Defender Credential Guard to organizational standards. CC ID 16514 | System hardening through configuration management | Configuration | |
| Configure dedicated systems used for system management according to organizational standards. CC ID 12132 | System hardening through configuration management | Configuration | |
| Configure dedicated systems used for system management to prohibit them from composing documents. CC ID 12161 | System hardening through configuration management | Configuration | |
| Configure dedicated systems used for system management so they are prohibited from accessing e-mail. CC ID 12160 | System hardening through configuration management | Configuration | |
| Configure Application Programming Interfaces in accordance with organizational standards. CC ID 12170 | System hardening through configuration management | Configuration | |
| Configure Application Programming Interfaces to enforce authentication. CC ID 12172 | System hardening through configuration management | Configuration | |
| Configure Application Programming Interfaces to employ strong cryptography. CC ID 12171 | System hardening through configuration management | Configuration | |
| Configure the Domain Name System in accordance with organizational standards. CC ID 12202 | System hardening through configuration management | Configuration | |
| Configure the Domain Name System query logging to organizational standards. CC ID 12210 | System hardening through configuration management | Configuration | |
| Configure the secure name/address resolution service (recursive or caching resolver). CC ID 01625 | System hardening through configuration management | Configuration | |
| Configure the secure name/address resolution service (authoritative source). CC ID 01624 | System hardening through configuration management | Configuration | |
| Configure payment systems in accordance with organizational standards. CC ID 12217 | System hardening through configuration management | Configuration | |
| Configure payment systems to disable storing transactions when offline. CC ID 12220 | System hardening through configuration management | Configuration | |
| Configure payment systems to disable authorizing transactions when offline. CC ID 12219 | System hardening through configuration management | Configuration | |
| Configure File Integrity Monitoring Software to Organizational Standards. CC ID 11923 | System hardening through configuration management | Configuration | |
| Configure the file integrity monitoring software to perform critical file comparisons, as necessary. CC ID 11924 | System hardening through configuration management | Configuration | |
| Configure Bluetooth settings according to organizational standards. CC ID 12422 | System hardening through configuration management | Configuration | |
| Unpair Bluetooth devices when the pairing is no longer required. CC ID 15232 | System hardening through configuration management | Configuration | |
| Use authorized versions of Bluetooth to pair Bluetooth devices. CC ID 15231 | System hardening through configuration management | Configuration | |
| Refrain from using unit keys on Bluetooth devices. CC ID 12541 | System hardening through configuration management | Configuration | |
| Configure link keys to be based on combination keys in Bluetooth devices. CC ID 12539 | System hardening through configuration management | Configuration | |
| Refrain from using the "Just Works" model of Secure Simple Pairing in Bluetooth settings. CC ID 12538 | System hardening through configuration management | Configuration | |
| Disable all Bluetooth profiles other than the Serial Port Profile. CC ID 12536 | System hardening through configuration management | Configuration | |
| Lock Bluetooth profiles to prevent them being altered by end users. CC ID 12535 | System hardening through configuration management | Configuration | |
| Configure Bluetooth to refrain from allowing multiple profiles of Bluetooth stacks. CC ID 12433 | System hardening through configuration management | Configuration | |
| Remove backup files after initializing and hardening is complete. CC ID 01602 | System hardening through configuration management | Configuration | |
| Reboot the system after initial systems hardening is complete and before certification. CC ID 01603 | System hardening through configuration management | Systems Design, Build, and Implementation | |
| Configure systems to protect against unauthorized data mining. CC ID 10095 | System hardening through configuration management | Configuration | |
| Implement safeguards to prevent unauthorized code execution. CC ID 10686 | System hardening through configuration management | Configuration | |
| Configure network switches to organizational standards. CC ID 12120 | System hardening through configuration management | Configuration | |
| Enable Virtual Local Area Networks on network switches, as necessary. CC ID 12129 | System hardening through configuration management | Configuration | |
| Establish, implement, and maintain an information management program. CC ID 14315 [Points of access to the entity's information assets from internal and external users and outside entities and the types of data that flow through the points of access are identified, inventoried and managed. The types of users and the systems authorized to connect to each point of access are identified, authenticated and logged, and their activities within such systems are monitored. S7.1 Manages points of access] | Records management | Establish/Maintain Documentation | |
| Establish, implement, and maintain records management policies. CC ID 00903 | Records management | Establish/Maintain Documentation | |
| Determine how long to keep records and logs before disposing them. CC ID 11661 | Records management | Process or Activity | |
| Retain records in accordance with applicable requirements. CC ID 00968 [The entity retains PI consistent with its objectives related to privacy. U4.2 PI is retained for no longer than necessary to fulfill the stated purposes, unless a law or regulation specifically requires otherwise. U4.2 Retains PI The entity creates and retains a complete, accurate and timely record of authorized disclosures of PI to meet the entity's objectives related to privacy. D6.2 The entity creates and retains a complete, accurate and timely record of detected or reported unauthorized disclosures (including breaches) of PI to meet the entity's objectives related to privacy. D6.3] | Records management | Records Management | |
| Establish, implement, and maintain storage media disposition and destruction procedures. CC ID 11657 | Records management | Establish/Maintain Documentation | |
| Sanitize electronic storage media in accordance with organizational standards. CC ID 16464 | Records management | Data and Information Management | |
| Sanitize all electronic storage media before disposing a system or redeploying a system. CC ID 01643 [The entity has policies and procedures in place that address the physical protection of information and system and data storage devices and removable media. The policies and procedures include the handling and secure operation of such devices, and their removal from service, the removal of information assets residing on such devices and their eventual secured destruction. S7.2 Physical protection of information on storage media] | Records management | Data and Information Management | |
| Manage waste materials in accordance with the storage media disposition and destruction procedures. CC ID 16485 | Records management | Process or Activity | |
| Use approved media sanitization equipment for destruction. CC ID 16459 | Records management | Business Processes | |
| Define each system's disposition requirements for records and logs. CC ID 11651 | Records management | Process or Activity | |
| Establish, implement, and maintain records disposition procedures. CC ID 00971 | Records management | Establish/Maintain Documentation | |
| Remove and/or destroy records according to the records' retention event and retention period schedule. CC ID 06621 [PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI] | Records management | Records Management | |
| Place printed records awaiting destruction into secure containers. CC ID 12464 | Records management | Physical and Environmental Protection | |
| Destroy printed records so they cannot be reconstructed. CC ID 11779 | Records management | Physical and Environmental Protection | |
| Automate a programmatic process to remove stored data and records that exceed retention requirements. CC ID 06082 | Records management | Data and Information Management | |
| Establish, implement, and maintain records management procedures. CC ID 11619 | Records management | Establish/Maintain Documentation | |
| Protect records from loss in accordance with applicable requirements. CC ID 12007 [Policies and procedures have been implemented to protect PI from erasure or destruction during the specified retention period of the information. U4.2 Protects PI] | Records management | Records Management | |
| Establish, implement, and maintain electronic storage media management procedures. CC ID 00931 | Records management | Establish/Maintain Documentation | |
| Establish, implement, and maintain online storage controls. CC ID 00942 | Records management | Technical Security | |
| Establish, implement, and maintain security controls appropriate to the record types and electronic storage media. CC ID 00943 | Records management | Records Management | |
| Provide encryption for different types of electronic storage media. CC ID 00945 [{data at rest} The entity uses data encryption to supplement other measures to protect data in transit and at rest when such protections are deemed appropriate based on the assessed level of risk. The entity administrates, maintains and manages its encryption key management systems and regularly backs up its key stores to help these remain available in the event of a key management system outage or failure. S7.1 Uses encryption to protect data {data at rest}{external communication} Encryption technologies or secure communication channels are used to protect data in transit and at rest, and communications of such data beyond the entity's established connectivity mechanisms are logical with physical access points. S7.3 Uses encryption technologies or secure communication channels to protect data {physical protection} Encryption technologies and physical (hardware) device protections are used for peripherals and removable data storage media (such as remote printers that store system-generated data, USB ports, drives, remote USB storage devices and data back-up media), as appropriate. S7.3 Protects removable media] | Records management | Technical Security | |
| Physically secure printed records. CC ID 11778 [The entity has implemented policies and procedures that restrict physical access to the entity's data centers, office spaces, documents, work areas and facilities based on an individual's needs for access, prior authorizations from a facility or system owner, and after the identity of each individual has been established prior to allowing access. S7.2 Managing physical access] | Records management | Physical and Environmental Protection | |
| Initiate the System Development Life Cycle development phase or System Development Life Cycle build phase. CC ID 06267 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Establish, implement, and maintain system testing procedures. CC ID 11744 [The continued confidentiality, completeness, integrity and availability of the entity's systems and back-up information is evaluated and confirmed on a periodic basis. S7.5 Testing confidentiality, completeness, integrity and availability of systems and back-up data] | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Protect test data in the development environment. CC ID 12014 | Systems design, build, and implementation | Technical Security | |
| Control the test data used in the development environment. CC ID 12013 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Select the test data carefully. CC ID 12011 | Systems design, build, and implementation | Systems Design, Build, and Implementation | |
| Test security functionality during the development process. CC ID 12015 | Systems design, build, and implementation | Testing | |
| Include system performance in the scope of system testing. CC ID 12624 | Systems design, build, and implementation | Process or Activity | |
| Include security controls in the scope of system testing. CC ID 12623 | Systems design, build, and implementation | Process or Activity | |
| Include business logic in the scope of system testing. CC ID 12622 | Systems design, build, and implementation | Process or Activity | |
| Assign the review of custom code changes to individuals other than the code author. CC ID 06291 | Systems design, build, and implementation | Establish Roles | |
| Evaluate and document all known code anomalies and code deficiencies. CC ID 06611 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Disseminate and communicate the system testing procedures to interested personnel and affected parties. CC ID 15471 | Systems design, build, and implementation | Communicate | |
| Establish, implement, and maintain poor quality material removal procedures. CC ID 06214 | Systems design, build, and implementation | Establish/Maintain Documentation | |
| Establish, implement, and maintain a privacy framework that protects restricted data. CC ID 11850 [The entity has defined and formally documented data and information privacy policies and procedures for PI collection, usage and processing that are consistent with the entity's objectives related to privacy. M1.0 The entity has implemented a policy governance and accountability process that defines and formally documents policies and procedures for information privacy that are consistent with the entity's objectives related to privacy. M1.2 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the roles and responsibilities of the organization's legal counsel in the privacy framework. CC ID 14862 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain a personal data transparency program. CC ID 00375 | Privacy protection for information and data | Data and Information Management | |
| Establish and maintain privacy notices, as necessary. CC ID 13443 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the purpose of the privacy notice in the privacy notice. CC ID 13526 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the ary-noun">new purposespan> is | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the processing purpose in the privacy notice. CC ID 16543 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include contact information in the privacy notice. CC ID 14432 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the data subject's choices for data collection, data processing, data disclosure, and data retention in the privacy notice. CC ID 13503 [{implicit consent} Data subjects are informed about the choices available to them with respect to the collection, use and disclosure of PI. Data subjects are informed that implicit or explicit consent is required to collect, use and disclose PI, unless a law or regulation specifically requires or allows otherwise. C3.1 Communicates to data subjects The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the right to opt out of personal data disclosure in the privacy notice. CC ID 13460 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include instructions on how to opt out of personal data disclosure in the privacy notice. CC ID 13461 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the types of third parties to which personal data is disclosed in the privacy notice. CC ID 13459 [The entity has an objective description of the entities and activities covered by the privacy policies and procedures that is included in the entity's privacy notice. N2.1 Entities and activities covered] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the organization's policies, standards, and procedures in the privacy notice. CC ID 13455 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the organization's privacy framework in the privacy notice, as necessary. CC ID 13456 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the personal data collection categories in the privacy notice. CC ID 13457 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include disclosure exceptions in the privacy notice. CC ID 13447 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the types of personal data disclosed in the privacy notice. CC ID 13446 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include descriptions of each type of personal data disclosed in the privacy notice. CC ID 13458 [The entity has an objective description of the entities and activities covered by the privacy policies and procedures that is included in the entity's privacy notice. N2.1 Entities and activities covered] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Specify the time frame that notice will be given. CC ID 00385 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the information about the appeal process in the privacy notice. CC ID 15312 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Combine privacy notices into a joint notification with suppliers, as necessary. CC ID 13468 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from delivering privacy notices to data subjects, as necessary. CC ID 13445 | Privacy protection for information and data | Communicate | |
| Deliver privacy notices to data subjects, as necessary. CC ID 13444 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1] | Privacy protection for information and data | Communicate | |
| Deliver a short-form initial notification along with an opt-out notice as an alternate to delivering a privacy notice, as necessary. CC ID 13464 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Update privacy notices, as necessary. CC ID 13474 [{privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Privacy protection for information and data | Communicate | |
| Redeliver privacy notices, as necessary. CC ID 14850 [Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2 Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Privacy protection for information and data | Communicate | |
| Deliver privacy notices to third parties, as necessary. CC ID 13473 | Privacy protection for information and data | Communicate | |
| Obtain acknowledgment of receipt of the privacy notice. CC ID 14435 | Privacy protection for information and data | Communicate | |
| Establish and maintain short-form initial notifications of privacy notices that are clear and conspicuous. CC ID 13466 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the organization's privacy framework in the short-form initial notification, as necessary. CC ID 13472 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the methodology for accessing the privacy notice in the short-form initial notification. CC ID 13471 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include that the privacy notice is available upon request in the short-form initial notification. CC ID 13470 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain opt-out notices. CC ID 13448 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include how opt out directions for joint consumers are treated in the opt-out notice. CC ID 13465 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the opt out method for data subjects in the opt-out notice. CC ID 13467 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the data subject's right to opt out of personal data disclosure in the opt-out notice. CC ID 13463 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Explain the right to opt out in the opt-out notice. CC ID 13462 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the organization's right to share personal data in the opt-out notice. CC ID 13450 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Deliver opt-out notices, as necessary. CC ID 13449 | Privacy protection for information and data | Communicate | |
| Include an initial privacy notification when delivering the opt-out notice. CC ID 13453 | Privacy protection for information and data | Communicate | |
| Provide a copy of the organization's privacy program to statutory authorities, as necessary. CC ID 12376 | Privacy protection for information and data | Communicate | |
| Affirm adequate protection of personal data to applicable statutory authorities if the organization is not a member of a privacy program. CC ID 12372 | Privacy protection for information and data | Communicate | |
| Notify statutory authorities of the organization's withdrawal from the privacy program. CC ID 12391 | Privacy protection for information and data | Communicate | |
| Notify statutory authorities about how restricted data will be handled following withdrawal from the privacy program. CC ID 16819 | Privacy protection for information and data | Data and Information Management | |
| Notify statutory authorities concerned with the privacy program if the surviving organization will continue in the privacy program. CC ID 12393 | Privacy protection for information and data | Communicate | |
| Notify data subjects about the organization's external requirements relevant to the privacy program. CC ID 12354 [{implicit consent} Data subjects are informed about the choices available to them with respect to the collection, use and disclosure of PI. Data subjects are informed that implicit or explicit consent is required to collect, use and disclose PI, unless a law or regulation specifically requires or allows otherwise. C3.1 Communicates to data subjects] | Privacy protection for information and data | Communicate | |
| Provide the data subject with a notice of participation procedures. CC ID 06241 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Deliver notices to the intended parties. CC ID 06240 | Privacy protection for information and data | Data and Information Management | |
| Notify data subjects about their privacy rights. CC ID 12989 | Privacy protection for information and data | Communicate | |
| Disseminate and communicate the critical third party list with relevance to the privacy program to all interested personnel and affected parties. CC ID 12352 | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain adequate openness procedures. CC ID 00377 | Privacy protection for information and data | Data and Information Management | |
| Provide public proof the organization participates in a privacy program. CC ID 12349 | Privacy protection for information and data | Communicate | |
| Publish a description of processing activities in an official register. CC ID 00379 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish and maintain a records request manual. CC ID 00381 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish and maintain a description of voluntary disclosure and automatic availability of certain records. CC ID 00382 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Register with public bodies and notify the Data Commissioner before processing personal data. CC ID 00383 | Privacy protection for information and data | Behavior | |
| Define what is included in registration notices. CC ID 00386 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include roles and responsibilities in the registration notice. CC ID 16803 | Privacy protection for information and data | Establish Roles | |
| Include the verification method in the registration notice. CC ID 16798 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the statutory authority in the registration notice. CC ID 16799 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the address where the file or hardware supporting the data processing is located in the registration notice. CC ID 00387 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include a purpose specification description in the registration notice. CC ID 00388 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include information about the dispute resolution body in the registration notice. CC ID 16800 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the data subject category being processed in the registration notice. CC ID 00389 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the time period for data processing in the registration notice. CC ID 00390 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include procedures for when the registration notice for processing personal data is insufficient in the registration notice. CC ID 00392 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide legal authorities access to personal data, upon request. CC ID 06818 | Privacy protection for information and data | Data and Information Management | |
| Provide the data subject with information about automated decision-making during personal data processing. CC ID 12609 | Privacy protection for information and data | Process or Activity | |
| Provide the data subject with information about obtaining automated decision-making used during personal data processing. CC ID 12618 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with the name, title, and address of the individual accountable for the organizational policies. CC ID 00394 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with a copy of any brochures or other information that explain policies, standards, or codes. CC ID 00398 [{be accurate}{be complete} Individuals are informed that they are responsible for providing the entity with accurate and complete PI and for contacting the entity if correction of such information is required. Q8.1 Communicates to data subjects] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with contractual requirements requiring the provision of personal data. CC ID 12588 | Privacy protection for information and data | Process or Activity | |
| Document the countries where restricted data may be stored. CC ID 12750 | Privacy protection for information and data | Data and Information Management | |
| Protect the rights of students and their parents or legal representatives. CC ID 00222 | Privacy protection for information and data | Data and Information Management | |
| Refrain from allowing access rights to education records maintained by another educational institution. CC ID 13014 | Privacy protection for information and data | Technical Security | |
| Refrain from allowing students the right to inspect the financial records of their parent or legal representative. CC ID 13025 | Privacy protection for information and data | Records Management | |
| Refrain from allowing students the right to inspect confidential letters and confidential letters of recommendation. CC ID 13019 | Privacy protection for information and data | Records Management | |
| Define the criteria for waivers of data subjects' rights. CC ID 16858 | Privacy protection for information and data | Behavior | |
| Revoke waivers of data subject's rights, as necessary. CC ID 16859 | Privacy protection for information and data | Behavior | |
| Disseminate and communicate the notification of rights to students and their parent or legal representative. CC ID 12996 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the criteria for determining what constitutes a legitimate educational interest in the notification of rights. CC ID 13004 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the criteria for determining what constitutes a school official in the notification of rights. CC ID 13003 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disclose educational data, as necessary. CC ID 00223 | Privacy protection for information and data | Data and Information Management | |
| Grant access to education records in support of educational program audits. CC ID 13032 | Privacy protection for information and data | Records Management | |
| Grant access to education records in support of external requirements. CC ID 13033 | Privacy protection for information and data | Records Management | |
| Disclose statements added to education records, as necessary. CC ID 12990 | Privacy protection for information and data | Communicate | |
| Obtain explicit consent from students or their parent or legal representative prior to using or disclosing educational data. CC ID 00220 | Privacy protection for information and data | Data and Information Management | |
| Disclose education records when written consent is received. CC ID 00224 | Privacy protection for information and data | Data and Information Management | |
| Specify the parties to whom education records may be disclosed in the written consent. CC ID 13002 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Specify the purpose of the disclosure in the written consent. CC ID 13001 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Specify which education records may be disclosed in the written consent. CC ID 13000 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the conditions when consent is not required to disclose educational data. CC ID 00225 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disclose educational data absent consent when disclosure is in connection with a disciplinary proceeding. CC ID 13005 | Privacy protection for information and data | Communicate | |
| Refrain from disclosing disciplinary proceeding results unless the student has violated the institution's rules or policies. CC ID 13023 | Privacy protection for information and data | Communicate | |
| Disclose educational data absent consent when it concerns sex offenders. CC ID 13013 | Privacy protection for information and data | Communicate | |
| Disclose educational data absent consent to other school officials. CC ID 00226 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent to another institution's school officials. CC ID 00227 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent in connection with financial aid. CC ID 00229 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent to organizations conducting studies on tests. CC ID 00230 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent to organizations conducting studies if educational data is destroyed when no longer required. CC ID 12995 | Privacy protection for information and data | Communicate | |
| Disclose educational data absent consent to accrediting organizations. CC ID 00231 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent to a dependent student's parent or legal representative. CC ID 00232 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent in order to comply with a judicial order. CC ID 00233 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent for a health and safety emergency. CC ID 00234 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent when it is merely directory information. CC ID 00235 | Privacy protection for information and data | Data and Information Management | |
| Disclose educational data absent consent to a crime victim. CC ID 00236 | Privacy protection for information and data | Data and Information Management | |
| Record the health and safety threats of students when disclosing personal data. CC ID 12997 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from providing information to the data subject, as necessary. CC ID 12625 | Privacy protection for information and data | Communicate | |
| Refrain from providing information to the data subject when it is forbidden by law. CC ID 12651 | Privacy protection for information and data | Communicate | |
| Refrain from providing information to the data subject when it proves impossible due to statistical purposes. CC ID 12645 | Privacy protection for information and data | Communicate | |
| Provide the data subject with information about lifting any restriction of processing, as necessary. CC ID 12634 | Privacy protection for information and data | Communicate | |
| Refrain from providing information to the data subject when it proves impossible due to historical research purposes. CC ID 12633 | Privacy protection for information and data | Communicate | |
| Refrain from providing information to the data subject when it proves impossible due to scientific research purposes. CC ID 12632 | Privacy protection for information and data | Communicate | |
| Refrain from providing information to the data subject when it proves impossible due to archival purposes. CC ID 12631 | Privacy protection for information and data | Communicate | |
| Refrain from providing information to the data subject when providing information involves disproportionate effort. CC ID 12629 | Privacy protection for information and data | Communicate | |
| Refrain from providing information to the data subject when the data subject has the information. CC ID 12628 | Privacy protection for information and data | Communicate | |
| Provide adequate structures, policies, procedures, and mechanisms to support direct access by the data subject to personal data that is provided upon request. CC ID 00393 [The entity has policies and procedures for viewing, inspecting, accessing and modifying PI. Refer to Component A5.0. M1.0 Access {dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with the data retention period for personal data. CC ID 12587 | Privacy protection for information and data | Process or Activity | |
| Provide the data subject with the criteria used to determine the data retention period for personal data. CC ID 12589 | Privacy protection for information and data | Process or Activity | |
| Provide the data subject with the adequacy decision. CC ID 12586 | Privacy protection for information and data | Process or Activity | |
| Provide the data subject with references to the appropriate safeguards used to protect the privacy of personal data. CC ID 12585 | Privacy protection for information and data | Process or Activity | |
| Provide the data subject with copies of the appropriate safeguards used to protect the privacy of personal data. CC ID 12608 | Privacy protection for information and data | Process or Activity | |
| Provide the data subject with the means of gaining access to personal data held by the organization. CC ID 00396 [Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Privacy protection for information and data | Data and Information Management | |
| Refrain from requiring the data subject to create an account in order to submit a consumer request. CC ID 13780 | Privacy protection for information and data | Business Processes | |
| Provide the data subject with the data protection officer's contact information. CC ID 12573 | Privacy protection for information and data | Business Processes | |
| Notify the data subject of the right to data portability. CC ID 12603 | Privacy protection for information and data | Process or Activity | |
| Provide the data subject with information about the right to erasure. CC ID 12602 | Privacy protection for information and data | Process or Activity | |
| Provide the data subject with a description of the type of information held by the organization and a general account of its use. CC ID 00397 [Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with what personal data is made available to related organizations or subsidiaries. CC ID 00399 [{disclosure accounting record} Requests for an accounting of PI held and disclosures of the data subjects' PI are captured, and information related to the requests is identified and communicated to data subjects to meet the entity's objectives related to privacy. D6.7 Captures, Identifies and Communicates Requests for Information] | Privacy protection for information and data | Data and Information Management | |
| Include individual's names to whom restricted data may be disclosed in the disclosure accounting record. CC ID 13027 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish and maintain a disclosure accounting record. CC ID 13022 [The entity creates and retains a complete, accurate and timely record of authorized disclosures of PI to meet the entity's objectives related to privacy. D6.2 The entity creates and maintains a record of authorized disclosures of PI that is complete, accurate and timely. D6.2 Creates and retains record of authorized disclosures {disclosure accounting record} The entity provides data subjects with an accounting of the PI held and disclosure of the data subjects' PI, upon the data subjects' request, to meet the entity's objectives related to privacy. D6.7] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the official authorities that are allowed to disclose restricted data absent consent in the disclosure accounting record. CC ID 13029 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the legitimate interests for accessing restricted data in the disclosure accounting record. CC ID 13028 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include what information was disclosed and to whom in the disclosure accounting record. CC ID 04680 [{disclosure accounting record} Requests for an accounting of PI held and disclosures of the data subjects' PI are captured, and information related to the requests is identified and communicated to data subjects to meet the entity's objectives related to privacy. D6.7 Captures, Identifies and Communicates Requests for Information] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the personal data the organization refrained from disclosing in the disclosure accounting record. CC ID 13769 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the sale of personal data in the disclosure accounting record, as necessary. CC ID 13768 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the disclosure date in the disclosure accounting record. CC ID 07133 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the disclosure recipient in the disclosure accounting record. CC ID 07134 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the disclosure purpose in the disclosure accounting record. CC ID 07135 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the frequency, periodicity, or number of disclosures made during the accounting period in the disclosure accounting record. CC ID 07136 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the final date of multiple disclosures in the disclosure accounting record. CC ID 07137 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include how personal data was used for research purposes in the disclosure accounting record. CC ID 07138 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the research activity or research protocol in the disclosure accounting record. CC ID 07139 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the record selection criteria for research activities in the disclosure accounting record. CC ID 07140 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the contact information of the organization that sponsored the research activity in the disclosure accounting record. CC ID 07141 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the types of third parties to whom restricted data may be disclosed in the disclosure accounting record. CC ID 16860 | Privacy protection for information and data | Data and Information Management | |
| Disseminate and communicate the disclosure accounting record to interested personnel and affected parties. CC ID 14433 | Privacy protection for information and data | Communicate | |
| Provide shareholders with electronic messages regarding the shareholder meetings. CC ID 04586 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide shareholders access to electronic messages via electronic means. CC ID 11855 | Privacy protection for information and data | Process or Activity | |
| Make telephone directory information available to the public. CC ID 08698 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Display warning screens and confirmation screens for all payment transactions. CC ID 06409 | Privacy protection for information and data | Technical Security | |
| Define the acceptable data modifications before presenting the data to a data subject. CC ID 00400 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with information about the legitimate interests associated with personal data processing. CC ID 12614 [The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Privacy protection for information and data | Process or Activity | |
| Establish, implement, and maintain a privacy policy. CC ID 06281 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the data subject's rights in the privacy policy. CC ID 16355 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain a privacy policy model document. CC ID 14720 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Notify interested personnel and affected parties when changes are made to the privacy policy. CC ID 06943 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the new purpose is documented, the olor:#F0BBBC;" class="term_primary-nostyle="background-color:#CBD0E5;" class="term_secondary-verb">un">data subject is style="background-color:#B7D8ED;" class="term_primary-verb">notified, and implicit or explicit consent is obtained prior to such new use or purpose. C3.2 Documents and obtained consent for new purposes and uses {privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices] | Privacy protection for information and data | Behavior | |
| Write privacy notices in the official languages required by law. CC ID 16529 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the notification of interested personnel and affected parties regarding privacy policy changes. CC ID 06944 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define what is included in the privacy policy. CC ID 00404 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define the information being collected in the privacy policy. CC ID 13115 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define which collection of information is voluntary and which is required in the privacy policy. CC ID 13110 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the means by which information is collected in the privacy policy. CC ID 13114 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include roles and responsibilities in the privacy policy. CC ID 14669 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include management commitment in the privacy policy. CC ID 14668 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include coordination amongst entities in the privacy policy. CC ID 14667 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the policy for disclosing personal data of persons who have ceased to be customers in the privacy policy. CC ID 14854 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include compliance requirements in the privacy policy. CC ID 14666 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the consequences of refusing to provide required information in the privacy policy. CC ID 13111 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include independent recourse mechanisms in the privacy policy, as necessary. CC ID 12366 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the privacy programs the organization is a member of in the privacy policy. CC ID 12365 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include a complaint form in the privacy policy. CC ID 12364 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the address where the files and hardware that support the data processing is located in the privacy policy. CC ID 00405 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the processing purpose in the privacy policy. CC ID 00406 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include an overview of applicable information security controls in the privacy policy, as necessary. CC ID 13117 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the data subject categories being processed in the privacy policy. CC ID 00407 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define the retention period for collected information in the privacy policy. CC ID 13116 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the time period for when the data processing will be carried out in the privacy policy. CC ID 00408 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include other organizations that personal data is being disclosed to in the privacy policy. CC ID 00409 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include how to gain access to personal data held by the organization in the privacy policy. CC ID 00410 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include instructions on how to opt-out in the privacy policy. CC ID 00411 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the privacy policy's Uniform Resource Locator in the privacy policy. CC ID 12363 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include instructions on how to disable devices that collect restricted data in the privacy policy. CC ID 15454 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include a description of devices that collect restricted data in the privacy policy. CC ID 15452 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define the audit method used to assess the privacy program in the privacy policy. CC ID 12390 [The entity has procedures for identifying and addressing instances when non-compliance with information privacy policies and procedures are identified. M1.2 Policy compliance] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Post the privacy policy in an easily seen location. CC ID 00401 [The entity's privacy notice is conspicuous and uses clear language. N2.1 Clear and conspicuous] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define who will receive the privacy policy. CC ID 00402 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disseminate and communicate the privacy policy to interested personnel and affected parties. CC ID 13346 [{privacy notice} The entity has formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet the entity's objectives related to privacy. Refer to Component N2.0. M1.0 Agreement, notice and communication The entity executes formal agreements, provides notices and formally communicates with data subjects about its privacy practices to meet its objectives related to privacy. N2.1 The entity communicates its information privacy policies to internal personnel and other external third parties engaged in providing business process, IT services and information privacy support. M1.2 Policy communications Privacy policies and specific instructions or requirements for handling PI are communicated to third parties to whom PI is disclosed. D6.1 Communicates privacy policies to third parties] | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain privacy procedures. CC ID 14665 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disseminate and communicate the privacy procedures to all interested personnel and affected parties. CC ID 14664 [Privacy policies and specific instructions or requirements for handling PI are communicated to third parties to whom PI is disclosed. D6.1 Communicates privacy policies to third parties] | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain a privacy plan. CC ID 14672 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Align the enterprise architecture with the privacy plan. CC ID 14705 | Privacy protection for information and data | Process or Activity | |
| Approve the privacy plan. CC ID 14700 | Privacy protection for information and data | Business Processes | |
| Include privacy requirements in the privacy plan. CC ID 14699 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the information types in the privacy plan. CC ID 14695 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include threats in the privacy plan. CC ID 14694 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include roles and responsibilities in the privacy plan. CC ID 14702 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include a description of the operational context in the privacy plan. CC ID 14692 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include risk assessment results in the privacy plan. CC ID 14701 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the security categorizations and rationale in the privacy plan. CC ID 14690 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include security controls in the privacy plan. CC ID 14681 [The entity has a process to identify the specific or key data privacy security controls that it has designed and placed into operation that help reduce the risks of a data breach or a theft, erasure or alteration of PI. M1.4 Data privacy security controls] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disseminate and communicate the privacy plan to interested personnel and affected parties. CC ID 14680 | Privacy protection for information and data | Communicate | |
| Include a description of the operational environment in the privacy plan. CC ID 14679 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include network diagrams in the privacy plan. CC ID 14678 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the results of the privacy risk assessment in the privacy plan. CC ID 14677 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain a privacy report. CC ID 14754 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disseminate and communicate the privacy report to interested personnel and affected parties. CC ID 14761 | Privacy protection for information and data | Communicate | |
| Protect private communications in keeping with compliance requirements. CC ID 14334 | Privacy protection for information and data | Business Processes | |
| Establish, implement, and maintain personal data choice and consent program. CC ID 12569 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain data request procedures. CC ID 16546 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from discriminating against data subjects who have exercised privacy rights. CC ID 13435 | Privacy protection for information and data | Human Resources Management | |
| Refrain from charging a fee to implement an opt-out request. CC ID 13877 | Privacy protection for information and data | Business Processes | |
| Establish and maintain disclosure authorization forms for authorization of consent to use personal data. CC ID 13433 [The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include procedures for revoking authorization of consent to use personal data in the disclosure authorization form. CC ID 13438 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the identity of the person seeking consent in the disclosure authorization. CC ID 13999 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the recipients of the disclosed personal data in the disclosure authorization form. CC ID 13440 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the signature of the data subject and the signing date in the disclosure authorization form. CC ID 13439 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the identity of the data subject in the disclosure authorization form. CC ID 13436 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the types of personal data to be disclosed in the disclosure authorization form. CC ID 13442 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include how personal data will be used in the disclosure authorization form. CC ID 13441 [The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include agreement termination information in the disclosure authorization form. CC ID 13437 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Offer incentives for consumers to opt-in to provide their personal data to the organization. CC ID 13781 | Privacy protection for information and data | Business Processes | |
| Refrain from using coercive financial incentive programs to entice opt-in consent. CC ID 13795 | Privacy protection for information and data | Business Processes | |
| Allow data subjects to opt out and refrain from granting an authorization of consent to use personal data. CC ID 00391 [The entity has a process to allow data subjects with the option of not providing their PI, according to the data privacy agreement, including notifying the data subjects of the consequences of not agreeing to its provision and use by the entity. C3.1 Ability to opt-out The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Privacy protection for information and data | Data and Information Management | |
| Treat an opt-out direction by an individual joint consumer as applying to all associated joint consumers. CC ID 13452 | Privacy protection for information and data | Business Processes | |
| Treat opt-out directions separately for each customer relationship the data subject establishes with the organization. CC ID 13454 | Privacy protection for information and data | Business Processes | |
| Establish, implement, and maintain an opt-out method in accordance with organizational standards. CC ID 16526 | Privacy protection for information and data | Data and Information Management | |
| Comply with opt-out directions by the data subject, unless otherwise directed by compliance requirements. CC ID 13451 | Privacy protection for information and data | Business Processes | |
| Confirm the individual's identity before granting an opt-out request. CC ID 16813 | Privacy protection for information and data | Process or Activity | |
| Highlight the section regarding data subject's consent from other sections in contracts and agreements. CC ID 13988 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Allow consent requests to be provided in any official languages. CC ID 16530 | Privacy protection for information and data | Business Processes | |
| Notify interested personnel and affected parties of the reasons the opt-out request was refused. CC ID 16537 | Privacy protection for information and data | Communicate | |
| Collect and retain disclosure authorizations for each data subject. CC ID 13434 [Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information] | Privacy protection for information and data | Records Management | |
| Refrain from requiring consent to collect, use, or disclose personal data beyond specified, legitimate reasons in order to receive products and services. CC ID 13605 | Privacy protection for information and data | Data and Information Management | |
| Refrain from obtaining consent through deception. CC ID 13556 | Privacy protection for information and data | Data and Information Management | |
| Give individuals the ability to change the uses of their personal data. CC ID 00469 | Privacy protection for information and data | Data and Information Management | |
| Notify data subjects of the implications of withdrawing consent. CC ID 13551 [The entity communicates available options regarding the collection and creation of PI and the consequences of each choice, including the data subject's option to reject their agreed consent for the entity to initially or subsequently collect and create PI. C3.1] | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain a personal data accountability program. CC ID 13432 [The entity provides a privacy awareness program about its privacy policies and related matters, and provides specific training for selected personnel depending on their roles and responsibilities. M1.2 Privacy awareness and training] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Assign ownership of the privacy program to the appropriate organizational role. CC ID 11848 | Privacy protection for information and data | Human Resources Management | |
| Require data controllers to be accountable for their actions. CC ID 00470 | Privacy protection for information and data | Establish Roles | |
| Bind data controllers to secrecy concerning the performance of their duties. CC ID 12610 | Privacy protection for information and data | Human Resources Management | |
| Notify the supervisory authority. CC ID 00472 | Privacy protection for information and data | Behavior | |
| Establish, implement, and maintain approval applications. CC ID 16778 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define the requirements for approving or denying approval applications. CC ID 16780 | Privacy protection for information and data | Business Processes | |
| Submit approval applications to the supervisory authority. CC ID 16627 | Privacy protection for information and data | Communicate | |
| Include required information in the approval application. CC ID 16628 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Extend the time limit for approving or denying approval applications. CC ID 16779 | Privacy protection for information and data | Business Processes | |
| Approve the approval application unless applicant has been convicted. CC ID 16603 | Privacy protection for information and data | Process or Activity | |
| Provide the supervisory authority with any information requested by the supervisory authority. CC ID 12606 | Privacy protection for information and data | Process or Activity | |
| Notify the supervisory authority of the safeguards employed to protect the data subject's rights. CC ID 12605 | Privacy protection for information and data | Communicate | |
| Cooperate with Data Protection Authorities. CC ID 06870 | Privacy protection for information and data | Data and Information Management | |
| Submit a safe harbor self-certification letter. CC ID 06871 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from engaging other data processors absent written authorization from the data controller. CC ID 12647 | Privacy protection for information and data | Human Resources Management | |
| Establish, implement, and maintain Binding Corporate Rules for the international transfers of restricted data. CC ID 12584 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include cooperation mechanisms with the supervisory authority in the Binding Corporate Rules. CC ID 12682 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the tasks assigned to the role of data controller in the Binding Corporate Rules. CC ID 12612 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include data subject's rights in the Binding Corporate Rules. CC ID 12596 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the means to exercise the data subject's rights in the Binding Corporate Rules. CC ID 12597 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the organizational structure and contact information in the Binding Corporate Rules. CC ID 12595 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the acceptance of liability for breaches of the binding corporate rules in the Binding Corporate Rules. CC ID 12594 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the mechanisms for reporting legal requirements causing adverse effects on protecting restricted data in the Binding Corporate Rules. CC ID 12620 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include provisions for providing information on the binding corporate rules to the data subject in the Binding Corporate Rules. CC ID 12593 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include reporting changes to the binding corporate rules in the Binding Corporate Rules. CC ID 12591 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include reporting changes of the binding corporate rules to the supervisory authority in the Binding Corporate Rules. CC ID 12592 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include complaint procedures in the Binding Corporate Rules. CC ID 12613 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the data transfers in the Binding Corporate Rules. CC ID 12590 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include specifying the mechanisms for verifying compliance of the binding corporate rules in the Binding Corporate Rules. CC ID 12662 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the identification of the countries in question for the data transfers in the Binding Corporate Rules. CC ID 12601 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the type of data subjects affected by the data transfers in the Binding Corporate Rules. CC ID 12600 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include all pertinent data processing information for data transfers in the Binding Corporate Rules. CC ID 12599 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the categories of personal data for data transfers in the Binding Corporate Rules. CC ID 12598 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include specifying the legally binding nature of the binding corporate rules in the Binding Corporate Rules. CC ID 12627 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include privacy awareness and training in the Binding Corporate Rules. CC ID 12626 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Notify the data controller of any changes in data processors. CC ID 12648 | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain Data Processing Contracts. CC ID 12650 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the corrective actions to be taken when conditions cannot be met in the Data Processing Contract. CC ID 16812 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include data processor confidentiality requirements in the Data Processing Contract. CC ID 12685 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the stipulation of notifying the data controller of legal requirements prior to processing restricted data unless the law prohibits such information on important grounds of public interest in the Data Processing Contract. CC ID 12687 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include instructions for processing restricted data in the Data Processing Contract. CC ID 14938 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the purpose for processing restricted data in the Data Processing Contract. CC ID 14937 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the types of restricted data subject to processing in the Data Processing Contract. CC ID 14936 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the duration of processing in the Data Processing Contract. CC ID 14935 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include personal data transfer procedures in the Data Processing Contract. CC ID 12683 [PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.4 Discloses PI only to appropriate third parties PI is disclosed only to third parties who have agreements with the entity to protect PI in a manner consistent with the relevant aspects of the entity's privacy notice or other specific instructions or requirements. The entity has procedures in place to evaluate that the third parties have effective controls to meet the terms of the agreement, instructions or requirements. D6.1 Discloses PI only to appropriate third parties] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the stipulation of allowing auditing for compliance in the Data Processing Contract. CC ID 12679 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the stipulation that the Statement of Compliance will be made available in the Data Processing Contract. CC ID 12678 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the stipulation of complying with external requirements in the Data Processing Contract. CC ID 12676 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the stipulation that the data processor will respect the conditions for engaging another data processor in the Data Processing Contract. CC ID 12686 | Privacy protection for information and data | Human Resources Management | |
| Include the stipulation that copies of restricted data will be disposed, unless retention is required by law, in the Data Processing Contract. CC ID 12670 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the stipulation that personal data will be disposed or returned to the data subject in the Data Processing Contract. CC ID 12669 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain a personal data use limitation program. CC ID 13428 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain a personal data use purpose specification. CC ID 00093 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Display or print the least amount of personal data necessary. CC ID 04643 | Privacy protection for information and data | Data and Information Management | |
| Redact confidential information from public information, as necessary. CC ID 06872 | Privacy protection for information and data | Data and Information Management | |
| Notify the data subject of the collection purpose. CC ID 00095 | Privacy protection for information and data | Behavior | |
| Refrain from using restricted data collected for research and statistics for other purposes. CC ID 00096 | Privacy protection for information and data | Data and Information Management | |
| Document the law that requires restricted data to be collected. CC ID 00103 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Notify the data subject of the consequences for not providing personal data. CC ID 00104 [When PI is collected, data subjects are informed of the consequences of refusing to provide PI for purposes identified in the notice. C3.1 Communicates consequences of denying or withdrawing consent The entity has a process to allow data subjects with the option of not providing their PI, according to the data privacy agreement, including notifying the data subjects of the consequences of not agreeing to its provision and use by the entity. C3.1 Ability to opt-out] | Privacy protection for information and data | Behavior | |
| Notify the data subject of changes to personal data use. CC ID 00105 [Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Privacy protection for information and data | Behavior | |
| Establish, implement, and maintain data use change of purpose procedures. CC ID 00106 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of publicly accessible personal data as an acceptable secondary purpose. CC ID 00108 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of privacy-related data as acceptable if the information being used is publicly available information, the secondary use is marketing, and it is not practical to seek consent from the individual before use. CC ID 00110 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the data subject is not charged to request to opt out of direct marketing communications. CC ID 00111 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the data subject has not requested to opt out of direct marketing communications. CC ID 00112 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the organization highlights the opt out option during each direct marketing communication. CC ID 00113 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the organization displays contact information in each written direct marketing communication. CC ID 00114 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the data subject gives consent. CC ID 00115 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is Individually Identifiable Health Information used for research. CC ID 00116 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is used for statistical research, scholarly research, or scientific research and the data subject is anonymous. CC ID 00117 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the data controller believes the use is necessary to prevent a life-threatening emergency. CC ID 00118 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when required by law. CC ID 00119 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the personal data is necessary for public emergencies, public health and safety, or individual emergencies. CC ID 00121 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when the primary purpose is directly related to the secondary purpose. CC ID 00123 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary for the enforcement of care and custody. CC ID 15453 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of data as an acceptable secondary purpose when it is necessary for use in a legal proceeding. CC ID 15451 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary for a law enforcement investigation. CC ID 15449 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the use of personal data as an acceptable secondary purpose when it is necessary to perform a treaty with a foreign government. CC ID 15447 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Obtain the data subject's consent when the personal data use changes. CC ID 11832 [{implicit consent} If information that was previously collected is to be used for purposes not previously identified in the privacy notice, the new purpose is documented, the data subject is notified, and implicit or {privacy notice} The entity has policies and procedures it follows when it is determined that changes are needed to its privacy agreements/ notices. The entity documents the reasons for such changes and these changes are formally approved by an authorized member of management prior to being implemented. When required, the entity also notifies affected data subjects and obtains their formal approval (consent) prior to continuing to use or process a data subject's PI. N2.2 Changes to privacy agreements/notices The entity's agreements with data subjects formally capture data subject consents for sharing their PI with the entity and third parties affiliated with the entity, and for situations where the entity assembles, creates or purchases a data subject's PI, and when the entity needs to change the original purposes for obtaining a data subject's PI to meet the entity's changing business, operational or legal requirements. N2.1 Agreements, notices and communications Changes to privacy agreements are communicated in formal notices to affected data subjects. The updated agreements are re-executed by data subjects to reflect the changes made to the entity's privacy practices. Data subjects are also notified, and the agreements are updated in situations where the originally intended purposes for collecting a data subject's PI need to be updated or changed. Such notifications and communications are consistent with the entity's objectives related to privacy. N2.2] | Privacy protection for information and data | Behavior | |
| Document restricted data that is disclosed for an acceptable secondary purpose. CC ID 00124 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Dispose of media and restricted data in a timely manner. CC ID 00125 [{be secure} The entity securely disposes of PI consistent with its objectives related to privacy. U4.3 PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI Policies and procedures are implemented to erase or otherwise destroy PI that has been identified for destruction. U4.3 Destroys PI] | Privacy protection for information and data | Data and Information Management | |
| Refrain from destroying records being inspected or reviewed. CC ID 13015 | Privacy protection for information and data | Records Management | |
| Notify the data subject after their personal data is disposed, as necessary. CC ID 13502 [When required, the entity has a process that provides data subjects a mechanism with which to request the entity to remove, dispose and erase a data subject's PI. Once a data subject's PI is no longer being stored in the entity's systems (this includes other affiliates and third parties that may also hold or store privacy information on behalf of the entity), the entity notifies the affected data subjects that such information has been removed. N2.1 Data subject revocations] | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain data access procedures. CC ID 00414 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Allow data subjects to submit data requests. CC ID 16545 | Privacy protection for information and data | Process or Activity | |
| Provide individuals with information about where their personal data was processed. CC ID 00415 | Privacy protection for information and data | Data and Information Management | |
| Provide individuals with information about the processing purpose of their personal data. CC ID 00416 | Privacy protection for information and data | Data and Information Management | |
| Provide individuals with information about disclosure of their personal data. CC ID 00417 | Privacy protection for information and data | Data and Information Management | |
| Allow guardians and legal representatives access to personal data about the individual for whom they are guardians or legal representatives. CC ID 00418 | Privacy protection for information and data | Data and Information Management | |
| Provide assistance to requesters in preparing data access requests. CC ID 13588 | Privacy protection for information and data | Data and Information Management | |
| Require data access requests to be in writing, unless the requester is unable. CC ID 00420 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define what is to be included in a data access request. CC ID 08699 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from requiring data subjects having to justify personal data access requests. CC ID 12394 | Privacy protection for information and data | Business Processes | |
| Respond to data access requests in a timely manner. CC ID 00421 | Privacy protection for information and data | Behavior | |
| Delay responding to data access requests, as necessary. CC ID 15504 | Privacy protection for information and data | Data and Information Management | |
| Expedite the processing of data access requests, as necessary. CC ID 15496 | Privacy protection for information and data | Data and Information Management | |
| Grant a waiver or reduction of fees for data access under defined conditions. CC ID 15502 | Privacy protection for information and data | Business Processes | |
| Define what is included in a request for a waiver or reduction of fees. CC ID 15522 | Privacy protection for information and data | Process or Activity | |
| Deliver the records described in the personal data access request, as necessary. CC ID 08701 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide individuals with an estimate of how much data was withheld from the data access request. CC ID 15503 | Privacy protection for information and data | Data and Information Management | |
| Document the outcome of the personal data access request review procedure. CC ID 00455 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain procedures for individuals to be able to modify their personal data, as necessary. CC ID 11811 [The entity has policies and procedures for viewing, inspecting, accessing and modifying PI. Refer to Component A5.0. M1.0 Access Data subjects are able to update or correct PI held by the entity. The entity provides such updated or corrected information to third parties that were previously provided with the data subject's PI consistent with the entity's objective related to privacy. A5.2 Permits data subjects to update or correct PI When required, the entity has a process that provides data subjects a mechanism with which to request the entity to remove, dispose and erase a data subject's PI. Once a data subject's PI is no longer being stored in the entity's systems (this includes other affiliates and third parties that may also hold or store privacy information on behalf of the entity), the entity notifies the affected data subjects that such information has been removed. N2.1 Data subject revocations] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Submit personal data removal requests in writing. CC ID 11973 | Privacy protection for information and data | Records Management | |
| Include a liability waiver for any harm caused by the exclusion of personal data in the personal data removal request. CC ID 11975 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Notify third parties of data access requests that relates to the third party. CC ID 08703 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Allow affected third parties to consent or object to a data access request. CC ID 08704 | Privacy protection for information and data | Process or Activity | |
| Establish, implement, and maintain restricted data use limitation procedures. CC ID 00128 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Identify any adverse effects the processing of personal data will have on the data subject. CC ID 15299 | Privacy protection for information and data | Data and Information Management | |
| Disclose de-identified data, as necessary. CC ID 13034 | Privacy protection for information and data | Communicate | |
| Notify the data subject after personal data is used or disclosed. CC ID 06247 | Privacy protection for information and data | Behavior | |
| Refrain from processing restricted data, as necessary. CC ID 12551 | Privacy protection for information and data | Records Management | |
| Refrain from processing restricted data if the restricted data is involved in a legal claim. CC ID 12668 | Privacy protection for information and data | Process or Activity | |
| Refrain from providing information to the data subject when the organization cannot identify the data subject. CC ID 12667 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data when the data subject consents to retention. CC ID 14326 | Privacy protection for information and data | Business Processes | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for statistical purposes. CC ID 12656 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for historical research purposes. CC ID 12655 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for scientific research purposes. CC ID 12654 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for exercising freedom of expression. CC ID 12684 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon data subject request when it is used to provide a service. CC ID 13779 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for archival purposes. CC ID 12653 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon data subject request when personal data processing is for compliance with a legal obligation. CC ID 12652 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon data subject request when personal data processing is necessary for the public interest. CC ID 12649 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon data subject request when personal data processing concerns legal claims. CC ID 12644 | Privacy protection for information and data | Process or Activity | |
| Refrain from processing personal data when it is likely to cause unlawful discrimination or arbitrary discrimination. CC ID 00197 | Privacy protection for information and data | Data and Information Management | |
| Refrain from processing personal data when it is used for behavioral monitoring. CC ID 16528 | Privacy protection for information and data | Data and Information Management | |
| Refrain from processing personal data when it reveals trade union membership. CC ID 12583 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data when it concerns an individual's sexual orientation. CC ID 12582 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data when it concerns an individual's sex life. CC ID 12581 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data when it contains Individually Identifiable Health Information. CC ID 12580 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data when biometric data is used for the purpose of identifying an individual. CC ID 12579 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data when the genetic data is used for the purpose of identifying individuals. CC ID 12578 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data when it reveals philosophical beliefs. CC ID 12577 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data when it reveals religious beliefs. CC ID 12576 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data when it reveals political opinions. CC ID 12575 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data if it reveals ethnic origin. CC ID 12574 | Privacy protection for information and data | Business Processes | |
| Refrain from processing personal data if the data subject opposes the data erasure of personal data. CC ID 12619 | Privacy protection for information and data | Process or Activity | |
| Establish and maintain a record of processing activities when processing restricted data. CC ID 12636 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from maintaining a record of processing activities if the data processor employs a limited number of persons. CC ID 13378 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from maintaining a record of processing activities if the personal data relates to criminal records. CC ID 13377 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from maintaining a record of processing activities if the data being processed is restricted data. CC ID 13376 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from maintaining a record of processing activities if it could result in a risk to the data subject's rights or data subject's freedom. CC ID 13375 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the data protection officer's contact information in the record of processing activities. CC ID 12640 | Privacy protection for information and data | Records Management | |
| Include the data processor's contact information in the record of processing activities. CC ID 12657 | Privacy protection for information and data | Records Management | |
| Include the data processor's representative's contact information in the record of processing activities. CC ID 12658 | Privacy protection for information and data | Records Management | |
| Include a general description of the implemented security measures in the record of processing activities. CC ID 12641 | Privacy protection for information and data | Records Management | |
| Include a description of the data subject categories in the record of processing activities. CC ID 12659 | Privacy protection for information and data | Records Management | |
| Include the purpose of processing restricted data in the record of processing activities. CC ID 12663 | Privacy protection for information and data | Records Management | |
| Include the personal data processing categories in the record of processing activities. CC ID 12661 | Privacy protection for information and data | Records Management | |
| Include the time limits for erasing each data category in the record of processing activities. CC ID 12690 | Privacy protection for information and data | Records Management | |
| Include the data recipient categories to whom restricted data has been or will be disclosed in the record of processing activities. CC ID 12664 | Privacy protection for information and data | Records Management | |
| Include a description of the personal data categories in the record of processing activities. CC ID 12660 | Privacy protection for information and data | Records Management | |
| Include the joint data controller's contact information in the record of processing activities. CC ID 12639 | Privacy protection for information and data | Records Management | |
| Include the data controller's representative's contact information in the record of processing activities. CC ID 12638 | Privacy protection for information and data | Records Management | |
| Include documentation of the transferee's safeguards for transferring restricted data in the record of processing activities. CC ID 12643 | Privacy protection for information and data | Records Management | |
| Include the identification of transferees for transferring restricted data in the record of processing activities. CC ID 12642 | Privacy protection for information and data | Records Management | |
| Include the data controller's contact information in the record of processing activities. CC ID 12637 | Privacy protection for information and data | Records Management | |
| Process restricted data lawfully and carefully. CC ID 00086 | Privacy protection for information and data | Establish Roles | |
| Implement technical controls that limit processing restricted data for specific purposes. CC ID 12646 | Privacy protection for information and data | Technical Security | |
| Process personal data pertaining to a patient's health in order to treat those patients. CC ID 00200 | Privacy protection for information and data | Data and Information Management | |
| Refrain from disclosing Individually Identifiable Health Information when in violation of territorial or federal law. CC ID 11966 | Privacy protection for information and data | Records Management | |
| Document the conditions for the use or disclosure of Individually Identifiable Health Information by a covered entity to another covered entity. CC ID 00210 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disclose Individually Identifiable Health Information for a covered entity's own use. CC ID 00211 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information for a healthcare provider's treatment activities by a covered entity. CC ID 00212 | Privacy protection for information and data | Data and Information Management | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is permitted with the consent of the data subject. CC ID 11970 | Privacy protection for information and data | Records Management | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is to support the treatment of the individual. CC ID 11969 | Privacy protection for information and data | Process or Activity | |
| Rely upon the warranty of the covered entity that the record disclosure request for Individually Identifiable Health Information is permitted by law. CC ID 11976 | Privacy protection for information and data | Records Management | |
| Disclose Individually Identifiable Health Information for payment activities between covered entities or healthcare providers. CC ID 00213 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information for Treatment, Payment, and Health Care Operations activities when both covered entities have a relationship with the data subject. CC ID 00214 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information for Treatment, Payment, and Health Care Operations activities between a covered entity and a participating healthcare provider when the information is collected from the data subject and a third party. CC ID 00215 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information in accordance with agreed upon restrictions. CC ID 06249 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information in accordance with the privacy notice. CC ID 06250 | Privacy protection for information and data | Data and Information Management | |
| Disclose permitted Individually Identifiable Health Information for facility directories. CC ID 06251 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information for cadaveric organ donation purposes, eye donation purposes, or tissue donation purposes. CC ID 06252 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information for medical suitability determinations. CC ID 06253 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information for armed forces personnel appropriately. CC ID 06254 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information in order to provide public benefits by government agencies. CC ID 06255 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information for fundraising. CC ID 06256 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information for research use when the appropriate requirements are included in the approval documentation or waiver documentation. CC ID 06257 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document the conditions for the disclosure of Individually Identifiable Health Information by an organization providing healthcare services to organizations other than business associates or other covered entities. CC ID 00201 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disclose Individually Identifiable Health Information when the data subject cannot physically or legally provide consent and the disclosing organization is a healthcare provider. CC ID 00202 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information to provide appropriate treatment to the data subject when the disclosing organization is a healthcare provider. CC ID 00203 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information when it is not contrary to the data subject's wish prior to becoming unable to provide consent and the disclosing organization is a healthcare provider. CC ID 00204 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information that is reasonable or necessary for the disclosure purpose when the disclosing organization is a healthcare provider. CC ID 00205 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information consistent with the law when the disclosing organization is a healthcare provider. CC ID 00206 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the disclosing organization is a healthcare provider. CC ID 00207 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the data subject has provided consent and the disclosing organization is a healthcare provider. CC ID 00208 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information in order to carry out treatment when the data subject's guardian or representative has provided consent and the disclosing organization is a healthcare provider. CC ID 00209 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information when the disclosing organization is a healthcare provider that supports public health and safety activities. CC ID 06248 | Privacy protection for information and data | Data and Information Management | |
| Disclose Individually Identifiable Health Information in order to report abuse or neglect when the disclosing organization is a healthcare provider. CC ID 06819 | Privacy protection for information and data | Data and Information Management | |
| Document how Individually Identifiable Health Information is used and disclosed when authorization has been granted. CC ID 00216 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define and implement valid authorization control requirements. CC ID 06258 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Obtain explicit consent for authorization to release Individually Identifiable Health Information. CC ID 00217 | Privacy protection for information and data | Data and Information Management | |
| Obtain explicit consent for authorization to release psychotherapy notes. CC ID 00218 | Privacy protection for information and data | Data and Information Management | |
| Refrain from using Individually Identifiable Health Information to determine eligibility or continued eligibility for credit. CC ID 00219 | Privacy protection for information and data | Data and Information Management | |
| Process personal data after the data subject has granted explicit consent. CC ID 00180 [{implicit consent} PI is used only for the intended purposes for which it was collected and only when implicit or explicit consent has been obtained unless a law or regulation specifically requires otherwise. U4.1 Only uses PI for intended purposes] | Privacy protection for information and data | Data and Information Management | |
| Process personal data in order to perform a legal obligation or exercise a legal right. CC ID 00182 | Privacy protection for information and data | Data and Information Management | |
| Process personal data relating to criminal offenses when required by law. CC ID 00237 | Privacy protection for information and data | Data and Information Management | |
| Process personal data in order to prevent personal injury or damage to the data subject's health. CC ID 00183 | Privacy protection for information and data | Data and Information Management | |
| Process personal data in order to prevent personal injury or damage to a third party's health. CC ID 00184 | Privacy protection for information and data | Data and Information Management | |
| Process personal data for statistical purposes or scientific purposes. CC ID 00256 | Privacy protection for information and data | Data and Information Management | |
| Process personal data during legitimate activities with safeguards for the data subject's legal rights. CC ID 00185 | Privacy protection for information and data | Data and Information Management | |
| Process traffic data in a controlled manner. CC ID 00130 | Privacy protection for information and data | Data and Information Management | |
| Process personal data for health insurance, social insurance, state social benefits, social welfare, or child protection. CC ID 00186 | Privacy protection for information and data | Data and Information Management | |
| Process personal data when it is publicly accessible. CC ID 00187 | Privacy protection for information and data | Data and Information Management | |
| Process personal data for direct marketing and other personalized mail programs. CC ID 00188 | Privacy protection for information and data | Data and Information Management | |
| Refrain from processing personal data for marketing or advertising to children. CC ID 14010 | Privacy protection for information and data | Business Processes | |
| Process personal data for the purposes of employment. CC ID 16527 | Privacy protection for information and data | Data and Information Management | |
| Process personal data for justice administration, lawsuits, judicial decisions, and investigations. CC ID 00189 | Privacy protection for information and data | Data and Information Management | |
| Process personal data for debt collection or benefit payments. CC ID 00190 | Privacy protection for information and data | Data and Information Management | |
| Process personal data in order to advance the public interest. CC ID 00191 | Privacy protection for information and data | Data and Information Management | |
| Process personal data for surveys, archives, or scientific research. CC ID 00192 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00193 | Privacy protection for information and data | Data and Information Management | |
| Process personal data for academic purposes or religious purposes. CC ID 00194 | Privacy protection for information and data | Data and Information Management | |
| Process personal data when it is used by a public authority for National Security policy or criminal policy. CC ID 00195 | Privacy protection for information and data | Data and Information Management | |
| Refrain from storing data in newly created files or registers which directly or indirectly reveals the restricted data. CC ID 00196 | Privacy protection for information and data | Data and Information Management | |
| Follow legal obligations while processing personal data. CC ID 04794 | Privacy protection for information and data | Data and Information Management | |
| Start personal data processing only after the needed notifications are submitted. CC ID 04791 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent for specific and well-documented circumstances. CC ID 13537 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent in order to protect the vital interests of the data subject. CC ID 14012 | Privacy protection for information and data | Process or Activity | |
| Process personal data absent consent when the data subject has been notified the personal data may be collected, used, or disclosed. CC ID 13617 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13615 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when the data subject is notified that the business transaction is completed and their information was disclosed. CC ID 13612 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when the disclosure concerns the data subject's products and services obtained from the organization. CC ID 13611 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when it is impracticable to obtain consent. CC ID 13580 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when it is in the data subject's interest and consent cannot be obtained in a timely manner. CC ID 15282 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent to determine whether to proceed with business transactions. CC ID 13587 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent in order to perform a contract. CC ID 13586 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when the privacy commissioner is notified before the information is used. CC ID 13581 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent to perform obligations in the field of employment law. CC ID 16814 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 15294 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when it is used in a manner to ensure confidentiality. CC ID 13579 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when it is used for statistical research, scientific research, or scholarly research. CC ID 13578 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when it is needed by law. CC ID 13577 | Privacy protection for information and data | Data and Information Management | |
| Process personal data for public interests absent consent in order to protect historical records or archival records. CC ID 15296 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when it is from publicly available information. CC ID 13576 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent to create a credit report. CC ID 15288 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent if its use is consistent with the intended purpose. CC ID 13575 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent to administer a trust fund or benefit plan. CC ID 15291 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when produced for business purposes. CC ID 13563 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent for handling insurance claims. CC ID 13561 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent when it is necessary for corporate restructuring. CC ID 16533 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent if the information is contained in a witness statement. CC ID 13560 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent for life-threatening emergencies. CC ID 13558 | Privacy protection for information and data | Data and Information Management | |
| Process personal data absent consent for reasonable investigative purposes. CC ID 13557 | Privacy protection for information and data | Data and Information Management | |
| Notify the individual before restricted data is collected, used, or disclosed. CC ID 00132 | Privacy protection for information and data | Behavior | |
| Define security breach notification requirement exceptions. CC ID 04797 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from disclosing personal data absent consent of the individual or for defined exceptions. CC ID 11967 | Privacy protection for information and data | Records Management | |
| Disclose restricted data when the data subject has given unambiguous and implicit consent. CC ID 00157 [The entity discloses PI to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity's objectives related to privacy. D6.1 PI is disclosed to third parties for new purposes or uses only with the prior implicit or explicit consent of data subjects. D6.1 Discloses information to third parties for new purposes and uses PI is disclosed to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject, unless a law or regulation specifically requires otherwise. D6.1 Discloses PI only when appropriate] | Privacy protection for information and data | Data and Information Management | |
| Define what restricted data is not required to be disclosed absent consent. CC ID 00134 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define the exceptions to disclosure absent consent. CC ID 00135 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define opt-out exceptions for disclosing restricted data. CC ID 00159 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define how a data subject may give consent. CC ID 00160 [{explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2 The entity's policies and procedures require data subjects to explicitly agree and consent to the provision and collection of the data subject's PI. In some circumstances where the entity is unable to confirm explicit consent directly with a data subject, the entity's policies and procedures require the entity to formally document its rationale and basis for determining that it has obtained the data subject's implicit consent. C3.2 Explicit and implicit consent] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disclose Personal Identification Numbers absent consent in order to update address information. CC ID 04793 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent for specific and well-documented circumstances. CC ID 15267 | Privacy protection for information and data | Communicate | |
| Disclose restricted data absent consent when the law does not require consent. CC ID 00136 | Privacy protection for information and data | Data and Information Management | |
| Disclose data absent consent if its disclosure is consistent with the intended purpose. CC ID 15270 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data when a relevant connection exists between the data subject and the data controller's operations. CC ID 00137 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if the disclosure with the consent or knowledge of the data subject would compromise the ability to prevent, detect, or suppress fraud. CC ID 13594 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent when it is in the data subject's interest and consent cannot be obtained in a timely manner. CC ID 15284 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13616 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent when the data subject is notified that the business transaction is completed and their information was disclosed. CC ID 13613 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent when the data subject has been notified the personal data may be collected, used, or disclosed. CC ID 13603 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if disclosure is made a predetermined number of years after the death of the data subject. CC ID 13598 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent when disclosure is made a predetermined number of years after the information was created. CC ID 13597 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if the data subject is notified of the disclosure. CC ID 13596 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent to detect, suppress, or prevent fraud. CC ID 13592 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent to create a credit report. CC ID 15297 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if it is necessary to identify an individual who is injured, ill or deceased. CC ID 13595 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent if the disclosure is to a government institution. CC ID 13583 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent for reasonable investigative purposes. CC ID 13593 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent to determine whether to proceed with business transactions. CC ID 15285 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent for handling insurance claims. CC ID 13585 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if the information is contained in a witness statement. CC ID 13584 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if the data subject is believed to be a victim of financial abuse. CC ID 13555 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent for transactions related to the consumer. CC ID 14853 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent to a government institution that has requested the information. CC ID 13582 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 13554 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent when it is for the data controller's legitimate interest or third party's legitimate interest and it prevails over individual rights. CC ID 00138 [PI is disclosed to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject, unless a law or regulation specifically requires otherwise. D6.1 Discloses PI only when appropriate] | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if the organization notifies the privacy commissioner before disclosing the information. CC ID 13553 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent if it is impracticable to obtain consent. CC ID 13552 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent in order to perform a contract. CC ID 00139 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent in order to assist Telecommunications Ombudsmen in resolving complaints. CC ID 00140 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent to administer a trust fund or benefit plan. CC ID 15290 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent for research purposes and the data subject is not identified. CC ID 15286 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent when the personal data is disclosed by calling an emergency service number. CC ID 00141 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent when the restricted data prevents life-threatening emergencies to third parties. CC ID 00142 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent when the restricted data preserves human life at sea. CC ID 00143 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent in order to process the restricted data for public interests. CC ID 00144 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data for public interests absent consent in order to provide social work assistance services. CC ID 00145 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data for public interests absent consent if confidentiality is assured and the disclosure is for statistical research, scientific research, or scholarly research. CC ID 00146 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data for public interests absent consent in order to protect historical records or archival records. CC ID 00147 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent for public economic interests. CC ID 00148 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data for public interests absent consent for National Security reasons. CC ID 00149 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00150 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent when it is publicly accessible. CC ID 00151 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent when it is related to publicly available information. CC ID 00152 | Privacy protection for information and data | Data and Information Management | |
| Disclose publicly accessible restricted data absent consent when the data subject has already published it. CC ID 00153 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent in order to protect the data subject's vital interests. CC ID 00154 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent in order to protect the data subject's vital interests when there is a life-threatening emergency. CC ID 00155 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent when it is for judicial decisions, lawsuits, and investigations. CC ID 00161 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent when it is needed by law. CC ID 00163 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data required by law absent consent for special cases involving security or law enforcement. CC ID 04796 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent when it is being disclosed to the data subject. CC ID 00164 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent for direct marketing or other personalized mail programs. CC ID 14855 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent in order to collect a debt owed by the data subject. CC ID 00165 | Privacy protection for information and data | Data and Information Management | |
| Disclose personal data absent consent when the data subject or data owner is anonymous. CC ID 00166 | Privacy protection for information and data | Data and Information Management | |
| Disclose restricted data absent consent when the disclosure concerns the individual's products or services obtained from the organization. CC ID 13469 | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain restricted data retention procedures. CC ID 00167 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain personal data disposition procedures. CC ID 13498 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Capture personal data removal requests. CC ID 13507 [Requests for deletion of PI are captured and information related to the requests is identified and flagged for destruction to meet the entity's objectives related to privacy. U4.3 Captures, identifies and flags requests for deletion Data subjects can determine whether the entity maintains PI about them and, upon request, may confirm and obtain access to their PI or request that the PI be returned, removed or erased. A5.1 Permits data subjects access to their PI] | Privacy protection for information and data | Communicate | |
| Remove personal data from records after receiving a personal data removal request. CC ID 11972 [Requests for deletion of PI are captured and information related to the requests is identified and flagged for destruction to meet the entity's objectives related to privacy. U4.3 Captures, identifies and flags requests for deletion] | Privacy protection for information and data | Records Management | |
| Refrain from erasing personal data upon receiving a personal data removal request when it is necessary for maintaining information assets. CC ID 13789 | Privacy protection for information and data | Process or Activity | |
| Refrain from erasing personal data upon receiving a personal data removal request when it is necessary to complete a payment transaction. CC ID 13788 | Privacy protection for information and data | Process or Activity | |
| Dispose of personal data removal requests, as necessary. CC ID 13512 | Privacy protection for information and data | Business Processes | |
| Limit the redisclosure and reuse of restricted data. CC ID 00168 | Privacy protection for information and data | Data and Information Management | |
| Refrain from redisclosing or reusing restricted data. CC ID 00169 | Privacy protection for information and data | Data and Information Management | |
| Document the redisclosing restricted data exceptions. CC ID 00170 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Redisclose restricted data when the data subject consents. CC ID 00171 | Privacy protection for information and data | Data and Information Management | |
| Redisclose restricted data when it is for criminal law enforcement. CC ID 00172 | Privacy protection for information and data | Data and Information Management | |
| Redisclose restricted data in order to protect public revenue. CC ID 00173 | Privacy protection for information and data | Data and Information Management | |
| Redisclose restricted data in order to assist a Telecommunications Ombudsman. CC ID 00174 | Privacy protection for information and data | Data and Information Management | |
| Redisclose restricted data in order to prevent a life-threatening emergency. CC ID 00175 | Privacy protection for information and data | Data and Information Management | |
| Redisclose restricted data when it deals with installing, maintaining, operating, or providing access to a Public Telecommunications Network or a telecommunication facility. CC ID 00176 | Privacy protection for information and data | Data and Information Management | |
| Redisclose restricted data in order to preserve human life at sea. CC ID 00177 | Privacy protection for information and data | Data and Information Management | |
| Obtain explicit consent directly from the data subject prior to the use of that person's sensitive data. CC ID 00178 [The entity discloses PI to third parties with the explicit consent of data subjects, and such consent is obtained prior to disclosure to meet the entity's objectives related to privacy. D6.1 {explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2 The entity's policies and procedures require data subjects to explicitly agree and consent to the provision and collection of the data subject's PI. In some circumstances where the entity is unable to confirm explicit consent directly with a data subject, the entity's policies and procedures require the entity to formally document its rationale and basis for determining that it has obtained the data subject's implicit consent. C3.2 Explicit and implicit consent Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information The entity has a process for periodically informing data subjects of its continued need for PI. The entity also has a process for obtaining the data subject's continued agreement and consent to use the data, and for informing data subjects when the entity suspects or learns, through ongoing monitoring and testing, that its systems (and systems of third parties providing services to the entity) have been breached and PI has been accessed, altered or removed in an unauthorized manner. N2.1 Ongoing notices and communications] | Privacy protection for information and data | Data and Information Management | |
| Obtain consent from a parent or legal representative in order to use or disclose a child's data. CC ID 00198 | Privacy protection for information and data | Data and Information Management | |
| Obtain opt-in consent from teenagers prior to the collection, use, or disclosure of personal data. CC ID 00199 | Privacy protection for information and data | Data and Information Management | |
| Obtain explicit consent prior to using the data subject's Personal Identification Number. CC ID 00238 | Privacy protection for information and data | Data and Information Management | |
| Process Personal Identification Numbers with consent. CC ID 00239 | Privacy protection for information and data | Data and Information Management | |
| Refrain from requiring individuals to use Personal Identification Numbers as an account number or password. CC ID 00253 | Privacy protection for information and data | Behavior | |
| Obtain consent prior to selling a Personal Identification Number. CC ID 00240 | Privacy protection for information and data | Data and Information Management | |
| Obtain consent prior to displaying a Personal Identification Number. CC ID 00241 | Privacy protection for information and data | Data and Information Management | |
| Refrain from displaying Personal Identification Numbers on government-issued checks or other paperwork. CC ID 00254 | Privacy protection for information and data | Data and Information Management | |
| Refrain from displaying Personal Identification Numbers on identification cards or badges. CC ID 00255 | Privacy protection for information and data | Data and Information Management | |
| Document the conditions to use Personal Identification Numbers absent consent. CC ID 00242 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Use Personal Identification Numbers absent consent for granting credit or collecting a debt. CC ID 00252 | Privacy protection for information and data | Data and Information Management | |
| Use Personal Identification Numbers absent consent for research purposes. CC ID 00247 | Privacy protection for information and data | Data and Information Management | |
| Refrain from requiring consent to use a Personal Identification Number when protecting the public health and safety or an individual's safety in an emergency. CC ID 00244 | Privacy protection for information and data | Data and Information Management | |
| Use Personal Identification Numbers absent consent when a federal law mandates its use. CC ID 00243 | Privacy protection for information and data | Data and Information Management | |
| Allow data subjects the ability to restrict the use and disclosure of personal data. CC ID 06821 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain data disclosure procedures. CC ID 00133 [The entity has policies and procedures for disclosing and transmitting PI to external third-party individuals and organizations not under the direct management or control of the entity. Refer to Component D6.0. M1.0 Disclosure to third parties] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Identify any adverse effects the disclosure of personal data will have on the data subject. CC ID 15298 | Privacy protection for information and data | Data and Information Management | |
| Review personal data disclosure requests. CC ID 07129 | Privacy protection for information and data | Data and Information Management | |
| Notify the data subject of the disclosure purpose. CC ID 15268 | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain data request denial procedures. CC ID 00434 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1 When data subjects are denied access to their PI, the entity informs them of the denial and the reasons for the denial in a timely manner, unless prohibited by law or regulation. A5.1 Informs data subjects when access is denied] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include frivolous requests or vexatious requests as a reason for denial in the personal data request denial procedures. CC ID 00435 | Privacy protection for information and data | Data and Information Management | |
| Include when the required information is unavailable as a reason for denial in the personal data request denial procedures. CC ID 00436 | Privacy protection for information and data | Data and Information Management | |
| Include when the disclosure of personal data constitutes contempt of court or contempt of House of Representatives as a reason for denial in the personal data request denial procedures. CC ID 00437 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would identify suppliers or breaches an express promise of privacy or implied promise of privacy as a reason for denial in the personal data request denial procedures. CC ID 00438 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would compromise National Security as a reason for denial in the personal data request denial procedures. CC ID 00439 | Privacy protection for information and data | Data and Information Management | |
| Include information that is protected by attorney-client privilege as a reason for denial in the personal data request denial procedures. CC ID 00440 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would reveal trade secrets, commercial information, or harmful financial information as a reason for denial in the personal data request denial procedures. CC ID 00441 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would threaten an individual's life or an individual's security as a reason for denial in the personal data request denial procedures. CC ID 00442 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would have an unreasonable impact on another individual's privacy as a reason for denial in the personal data request denial procedures. CC ID 00443 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would threaten facilities, property, transport, or communication systems as a reason for denial in the personal data request denial procedures. CC ID 08702 | Privacy protection for information and data | Process or Activity | |
| Include responding to access requests after the time limit as a reason for denial in the personal data request denial procedures. CC ID 13600 | Privacy protection for information and data | Data and Information Management | |
| Include information that was generated from a formal dispute as a reason for denial in the personal data request denial procedures. CC ID 00444 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is used solely for scientific research, scholarly research, statistical research, library purposes, museum purposes, or archival purposes as a reason for denial in the personal data request denial procedures. CC ID 00445 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is for protecting the civil rights or other's freedoms as a reason for denial in the personal data request denial procedures. CC ID 00447 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that constitutes a state secret as a reason for denial in the personal data request denial procedures. CC ID 00448 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would result in interference with the operation of public functions as a reason for denial in the personal data request denial procedures. CC ID 00449 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would interrupt criminal investigation and surveillance or other legal purposes as a reason for denial in the personal data request denial procedures. CC ID 00450 | Privacy protection for information and data | Data and Information Management | |
| Include when a country's laws prevent disclosure as a reason for denial in the personal data request denial procedures. CC ID 00451 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would interfere with grievance proceeding or employee security investigations as a reason for denial in the personal data request denial procedures. CC ID 06873 | Privacy protection for information and data | Data and Information Management | |
| Include disclosing personal data that would interfere with commercial acquisitions or reorganizations as a reason for denial in the personal data request denial procedures. CC ID 06874 | Privacy protection for information and data | Data and Information Management | |
| Include if the cost or burden of disclosing the personal data is disproportionate as a reason for denial in the personal data request denial procedures. CC ID 06875 | Privacy protection for information and data | Data and Information Management | |
| Notify interested personnel and affected parties of the reasons the data access request was refused. CC ID 00453 [The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1 When data subjects are denied access to their PI, the entity informs them of the denial and the reasons for the denial in a timely manner, unless prohibited by law or regulation. A5.1 Informs data subjects when access is denied Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Privacy protection for information and data | Data and Information Management | |
| Notify the individual of the organization's legal rights to refuse the personal data access request, as necessary. CC ID 13509 [Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Privacy protection for information and data | Communicate | |
| Notify individuals of their right to challenge a refusal to a data access request. CC ID 00454 [Data subjects are informed, in writing, of the reason a request for access to their PI was denied, the source of the entity's legal right to deny such access, if applicable, and the individual's right, if any, to challenge such denial, as specifically permitted or required by law or regulation. A5.2 Communicates denial of access requests] | Privacy protection for information and data | Data and Information Management | |
| Include if the record would constitute an action for breach of a duty of confidence as a reason for denial in the personal data request denial procedures. CC ID 08700 | Privacy protection for information and data | Process or Activity | |
| Disseminate and communicate personal data to the individual that it relates to. CC ID 00428 | Privacy protection for information and data | Data and Information Management | |
| Provide personal data to an individual after the individual's identity has been confirmed. CC ID 06876 [The identity of data subjects who request access to their PI is authenticated before they are given access to that information. A5.1 Authenticates data subjects’ identities The entity grants identified and authenticated data subjects the ability to access their stored PI for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity's objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity's objectives related to privacy. A5.1] | Privacy protection for information and data | Data and Information Management | |
| Notify that data subject of any exclusions to requested personal data. CC ID 15271 | Privacy protection for information and data | Communicate | |
| Provide data or records in a reasonable time frame. CC ID 00429 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Privacy protection for information and data | Data and Information Management | |
| Notify individuals of the new time limit for responding to an access request in a notice of extension. CC ID 13599 | Privacy protection for information and data | Communicate | |
| Extend the time limit for providing personal data in order to convert it to an alternative format. CC ID 13591 | Privacy protection for information and data | Data and Information Management | |
| Extend the time limit for providing personal data if the time is impracticable to respond to the access request. CC ID 13590 | Privacy protection for information and data | Data and Information Management | |
| Extend the time limit for providing data if it would unreasonably interfere with the organization's activities. CC ID 13589 | Privacy protection for information and data | Data and Information Management | |
| Provide data at a cost that is not excessive. CC ID 00430 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Privacy protection for information and data | Data and Information Management | |
| Provide records or data in a reasonable manner. CC ID 00431 | Privacy protection for information and data | Data and Information Management | |
| Provide personal data in a form that is intelligible. CC ID 00432 [{be understandable}{be reasonable} PI is provided to data subjects in an understandable form, in a reasonable time frame and at a reasonable cost, if any. A5.1 Provides understandable PI within reasonable time] | Privacy protection for information and data | Data and Information Management | |
| Provide restricted data that would threaten the life or security of another individual after that information has been redacted. CC ID 13604 | Privacy protection for information and data | Data and Information Management | |
| Provide restricted data that would reveal confidential commercial information after that information has been redacted. CC ID 13602 | Privacy protection for information and data | Data and Information Management | |
| Remove data pertaining to third parties before giving the requestor access to the information. CC ID 13601 | Privacy protection for information and data | Data and Information Management | |
| Document that a data search was conducted in case the requested data cannot be found. CC ID 06953 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include cookie management in the privacy framework. CC ID 13809 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain cookie management procedures. CC ID 13810 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain a personal data collection program. CC ID 06487 [The entity has defined policies and procedures for collecting and creating a data subject's PI. Refer to Component C3.0. M1.0 Collection and creation The entity has a process to collect and create (rendering and aggregating from multiple sources or information providers) PI as identified in the entity's privacy agreements. The process is consistent with its objectives related to privacy. C3.1 PI collection and creation] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Identify any adverse effects the collection of personal data will have on the data subject. CC ID 15279 | Privacy protection for information and data | Data and Information Management | |
| Refrain from collecting personal data, as necessary. CC ID 15269 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain personal data collection limitation boundaries. CC ID 00507 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain a personal data use policy. CC ID 00076 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Use personal data for specified purposes. CC ID 11831 [The entity limits the use of PI to the purposes identified in its objectives related to privacy. U4.1 {implicit consent} PI is used only for the intended purposes for which it was collected and only when implicit or explicit consent has been obtained unless a law or regulation specifically requires otherwise. U4.1 Only uses PI for intended purposes {explicit consent} The data subject's agreed consent is explicitly obtained and is only for the intended purpose of the information to meet the entity's objectives related to privacy. The entity's basis for determining implicit consent, when implicit consent is allowed as an available option, is documented. C3.2] | Privacy protection for information and data | Data and Information Management | |
| Post the collection purpose. CC ID 00101 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Obtain the data subject's consent and acknowledgment before collecting data. CC ID 00012 [Explicit consent is obtained directly from the data subject when sensitive PI is collected, used or disclosed, unless a law or regulation specifically requires otherwise. C3.2 Obtains explicit consent for sensitive information] | Privacy protection for information and data | Data and Information Management | |
| Document each individual's personal data collection consent preferences. CC ID 06945 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide explicit consent that is clear and unambiguous. CC ID 00181 | Privacy protection for information and data | Data and Information Management | |
| Allow individuals to change their personal data collection consent preferences. CC ID 06946 | Privacy protection for information and data | Data and Information Management | |
| Adhere to each individual's personal data collection consent preferences. CC ID 06947 | Privacy protection for information and data | Data and Information Management | |
| Notify the data subject of the source of collected personal data. CC ID 00083 | Privacy protection for information and data | Behavior | |
| Furnish disclosure of information and usage of information to data subjects when oral consent is given. CC ID 04717 | Privacy protection for information and data | Data and Information Management | |
| Disclose the direct marketing purpose before obtaining consent for collecting information. CC ID 04718 | Privacy protection for information and data | Data and Information Management | |
| Establish and maintain a personal data definition. CC ID 00028 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3 The entity has a process for identifying, locating and classifying its PI. This process is clearly described as an essential aspect of its data governance program which is aligned with its information security controls. Relevant control activity policies and procedures have been designed and placed into operation to achieve the entity's objectives related to privacy. M1.4] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include an individual's name in the personal data definition. CC ID 04710 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's name combined with other personal data in the personal data definition. CC ID 04709 | Privacy protection for information and data | Data and Information Management | |
| Include the legal surname of the parent or legal representative prior to marriage in the personal data definition. CC ID 04686 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's signature in the personal data definition. CC ID 04711 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's date of birth in the personal data definition. CC ID 04770 | Privacy protection for information and data | Data and Information Management | |
| Include the number of children in the personal data definition. CC ID 13759 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the individual's religion in the personal data definition. CC ID 13765 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include an individual's physical characteristics or description in the personal data definition. CC ID 04712 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's biometric data in the personal data definition. CC ID 04698 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's photographic image in the personal data definition. CC ID 04779 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's fingerprints in the personal data definition. CC ID 04689 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's address in the personal data definition. CC ID 04687 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's telephone number in the personal data definition. CC ID 04688 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's fax number in the personal data definition. CC ID 07120 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's political party affiliation in the personal data definition. CC ID 13764 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include an individual's license plate number in the personal data definition. CC ID 13763 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include an individual's financial account number in the personal data definition. CC ID 04692 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's account balances in the personal data definition. CC ID 13770 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include stock numbers, bond numbers, and other security certificate numbers in the personal data definition. CC ID 04768 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's electronic identification name or number in the personal data definition. CC ID 04694 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's logon credentials in the personal data definition. CC ID 13771 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include an individual's Alien Registration Number in the personal data definition. CC ID 04743 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's passport number in the personal data definition. CC ID 04713 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's driver's license number or an individual's state identification card number in the personal data definition. CC ID 04691 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's Social Security Number or Personal Identification Number in the personal data definition. CC ID 04690 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's military identification number in the personal data definition. CC ID 13083 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include an individual's e-mail address in the personal data definition. CC ID 04696 | Privacy protection for information and data | Data and Information Management | |
| Include electronic signatures in the personal data definition. CC ID 04697 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's payment card information in the personal data definition. CC ID 04751 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's credit card number or an individual's debit card number in the personal data definition. CC ID 04693 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's payment card service code in the personal data definition. CC ID 04753 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's payment card expiration date in the personal data definition. CC ID 04755 | Privacy protection for information and data | Data and Information Management | |
| Include the payment transaction data and transaction authentication data in the personal data definition. CC ID 04825 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's Individually Identifiable Health Information in the personal data definition. CC ID 04700 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's medical history in the personal data definition. CC ID 04701 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's medical treatment in the personal data definition. CC ID 04702 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's medical diagnosis in the personal data definition. CC ID 04703 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's mental condition or an individual's physical condition in the personal data definition. CC ID 04704 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's medical record numbers in the personal data definition. CC ID 07121 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's health insurance information in the personal data definition. CC ID 04705 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's health insurance policy number in the personal data definition. CC ID 04706 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's health insurance application and health insurance claims history (including appeals) in the personal data definition. CC ID 04707 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's education information in the personal data definition. CC ID 04714 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's professional certification numbers or an individual's professional license numbers in the personal data definition. CC ID 07122 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's employment information in the personal data definition. CC ID 04715 | Privacy protection for information and data | Data and Information Management | |
| Include an employer's Taxpayer Identification Number in the personal data definition. CC ID 04767 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's Taxpayer Identification Number in the personal data definition. CC ID 04763 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's employment history in the personal data definition. CC ID 04716 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's place of employment in the personal data definition. CC ID 04765 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's Employee Identification Number in the personal data definition. CC ID 04766 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's property information in the personal data definition. CC ID 04780 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's property title in the personal data definition. CC ID 04781 | Privacy protection for information and data | Data and Information Management | |
| Include an individual's vehicle registration in the personal data definition. CC ID 04782 | Privacy protection for information and data | Data and Information Management | |
| Include hardware asset identification information in the personal data definition. CC ID 07123 | Privacy protection for information and data | Data and Information Management | |
| Include MAC addresses in the personal data definition. CC ID 04778 | Privacy protection for information and data | Data and Information Management | |
| Include Internet Protocol addresses in the personal data definition. CC ID 04777 | Privacy protection for information and data | Data and Information Management | |
| Include asset serial numbers in the personal data definition. CC ID 07124 | Privacy protection for information and data | Data and Information Management | |
| Include Uniform Resource Locators in the personal data definition. CC ID 07125 | Privacy protection for information and data | Data and Information Management | |
| Refrain from including publicly available information in the personal data definition. CC ID 13084 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define specially restricted data. CC ID 00037 | Privacy protection for information and data | Data and Information Management | |
| Protect an individual's civil rights during personal data collection and personal data processing. CC ID 00079 | Privacy protection for information and data | Data and Information Management | |
| Refrain from compiling data that is likely to give rise to unlawful discrimination or arbitrary discrimination. CC ID 00075 | Privacy protection for information and data | Data and Information Management | |
| Refrain from subjecting an individual to a solely automated decision process that produces legal effects based on the evaluation of certain characteristics. CC ID 00080 | Privacy protection for information and data | Data and Information Management | |
| Implement a nondiscrimination principle. CC ID 00081 | Privacy protection for information and data | Data and Information Management | |
| Include the collection and use of personal data in the nondiscrimination principle. CC ID 11799 | Privacy protection for information and data | Data and Information Management | |
| Preserve each individual's right to human dignity. CC ID 00082 | Privacy protection for information and data | Data and Information Management | |
| Manage Personal Identification Numbers and PIN verification code numbers. CC ID 00058 | Privacy protection for information and data | Data and Information Management | |
| Employ a random number generator to create authenticators. CC ID 13782 | Privacy protection for information and data | Technical Security | |
| Collect Personal Identification Numbers with the individual's consent. CC ID 00059 | Privacy protection for information and data | Data and Information Management | |
| Collect Personal Identification Numbers absent consent when the law mandates. CC ID 00061 | Privacy protection for information and data | Data and Information Management | |
| Collect Personal Identification Numbers absent consent for research purposes. CC ID 00065 | Privacy protection for information and data | Data and Information Management | |
| Collect Personal Identification Numbers absent consent to realize the rights or duties of the data subject or data controller. CC ID 04792 | Privacy protection for information and data | Data and Information Management | |
| Refrain from requiring a Personal Identification Number to purchase goods or services. CC ID 00069 | Privacy protection for information and data | Behavior | |
| Manage health data collection. CC ID 00050 | Privacy protection for information and data | Data and Information Management | |
| Collect Individually Identifiable Health Information to provide health care services. CC ID 00052 | Privacy protection for information and data | Data and Information Management | |
| Collect Individually Identifiable Health Information when the law dictates. CC ID 00053 | Privacy protection for information and data | Data and Information Management | |
| Collect Individually Identifiable Health Information for research. CC ID 00054 | Privacy protection for information and data | Data and Information Management | |
| Remove personal data before disclosing health data. CC ID 00055 | Privacy protection for information and data | Data and Information Management | |
| Give special attention to collecting children's data. CC ID 00038 | Privacy protection for information and data | Data and Information Management | |
| Use simple understandable language to collect information from children. CC ID 00039 | Privacy protection for information and data | Behavior | |
| Notify parents or legal representatives of what information is collected from children. CC ID 00040 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Obtain consent from a parent or legal representative before collecting information from children. CC ID 00041 | Privacy protection for information and data | Data and Information Management | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to collect online contact information for a one-time only response to a specific request. CC ID 00043 | Privacy protection for information and data | Data and Information Management | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to request the parent or legal representative's information to obtain consent. CC ID 00044 | Privacy protection for information and data | Data and Information Management | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to additional requests which do not go beyond the scope of the request. CC ID 00045 | Privacy protection for information and data | Data and Information Management | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to protect the child's safety. CC ID 00046 | Privacy protection for information and data | Data and Information Management | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to take liability precautions. CC ID 00047 | Privacy protection for information and data | Data and Information Management | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to a judicial process. CC ID 00048 | Privacy protection for information and data | Data and Information Management | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to respond to a request for law enforcement purposes. CC ID 00049 | Privacy protection for information and data | Data and Information Management | |
| Waive verifiable consent from a parent or legal representative for collecting information from children in order to protect the website's security or integrity or the online service's security or integrity. CC ID 06199 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain a personal data collection policy. CC ID 00029 [The entity has a process to collect and create (rendering and aggregating from multiple sources or information providers) PI as identified in the entity's privacy agreements. The process is consistent with its objectives related to privacy. C3.1 PI collection and creation] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Collect personal data directly from the data subject. CC ID 00011 | Privacy protection for information and data | Data and Information Management | |
| Create and manage user account aliases to maintain pseudonymity. CC ID 04549 | Privacy protection for information and data | Data and Information Management | |
| Provide unlinkability for users and resources. CC ID 04550 | Privacy protection for information and data | Data and Information Management | |
| Provide unobservability of users and resources. CC ID 04551 | Privacy protection for information and data | Technical Security | |
| Collect restricted data in a fair and lawful manner. CC ID 00010 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data absent consent for specific and well-documented circumstances. CC ID 00013 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data absent consent when the data collection is in the individual's interests and consent can not be obtained in a timely manner. CC ID 00014 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data absent consent when consent compromises data accuracy. CC ID 00015 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent in order to make a disclosure. CC ID 13550 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent for reasonable investigative purposes. CC ID 11801 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent if the collection is consistent with the intended purpose. CC ID 13548 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent when the personal data was produced by the data subject in the course of employment, business, or profession. CC ID 13544 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent for handling insurance claims. CC ID 13543 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent when the data subject has authorized the collection through another individual. CC ID 00016 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent if the disclosure is to the next of kin or authorized representative. CC ID 15295 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent in order to establish, manage, or terminate employment contracts. CC ID 13614 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent in order to protect the data subject's vital interests. CC ID 15277 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data for public interests absent consent in order to protect historical records or archival records. CC ID 15289 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent to administer a trust fund or benefit plan. CC ID 15292 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data absent consent for journalistic purposes, artistic purposes, or literary purposes. CC ID 00017 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent in order to collect a debt owed by the data subject. CC ID 15293 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent for statistical purposes or research purposes and the data subject is not identified. CC ID 00018 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data absent consent from publicly available information. CC ID 00019 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data absent consent when needed by law. CC ID 00020 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent to create a credit report. CC ID 15287 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data absent consent when no potential harm can come to the data subject. CC ID 00021 | Privacy protection for information and data | Data and Information Management | |
| Collect personal data absent consent when collecting personal data from the data subject is impossible or the data collection involves a disproportionate effort. CC ID 00022 | Privacy protection for information and data | Data and Information Management | |
| Collect the minimum amount of restricted data necessary. CC ID 00078 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data in a proper information framework. CC ID 00009 | Privacy protection for information and data | Data and Information Management | |
| Collect and record restricted data for specific, explicit, and legitimate purposes. CC ID 00027 [PI is relevant for the purposes for which it is to be used. Q8.1 Ensures relevance of PI] | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data when required by law. CC ID 00031 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data to prevent life-threatening emergencies. CC ID 00032 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data relating solely to nonprofit organization members or individuals who are in regular contact during the nonprofit organization's activities. CC ID 00034 | Privacy protection for information and data | Data and Information Management | |
| Collect restricted data for legal purposes. CC ID 00036 | Privacy protection for information and data | Data and Information Management | |
| Provide the data subject with information about the data controller during the collection process. CC ID 00023 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Disseminate and communicate the data collector's name and contact information to all interested personnel. CC ID 13760 | Privacy protection for information and data | Communicate | |
| Provide the data subject with the data collector's name and contact information. CC ID 00024 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with the name of the data collector who will hold the collected restricted data. CC ID 00025 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with the third party processor's contact information when the data controller is not processing the restricted data. CC ID 00026 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain a data handling program. CC ID 13427 [The entity has defined policies and procedures for collecting and creating a data subject's PI. Refer to Component C3.0. M1.0 Collection and creation The entity has policies and procedures for handling PI to achieve the stated purposes and needs for which the PI was initially collected. Refer to Component U4.0. M1.0 Use, retention and disposal] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain data handling policies. CC ID 00353 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain data and information confidentiality policies. CC ID 00361 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Prohibit personal data from being sent by e-mail or instant messaging. CC ID 00565 | Privacy protection for information and data | Data and Information Management | |
| Protect electronic messaging information. CC ID 12022 | Privacy protection for information and data | Technical Security | |
| Establish, implement, and maintain record structures to support information confidentiality. CC ID 00360 [{logical access control} The entity uses a combination of controls to restrict access to its information assets including data classification. The entity enforces logical separations of data structures and the segregation of incompatible duties applies device security hardening and security configuration policies, including activating system service restrictions, IP address validation and logical and physical access controls to servers and network device communication ports. The entity also uses updated access protocols to enable and enforce user and system access restrictions, user identification, authentication and logging, and user access behavior monitoring controls. The entity administrates digital certificate software tools to protect user communications and to enforce rules and policies for information asset access. S7.1 Restricts access to information assets] | Privacy protection for information and data | Data and Information Management | |
| Include passwords, Personal Identification Numbers, and card security codes in the personal data definition. CC ID 04699 | Privacy protection for information and data | Configuration | |
| Store payment card data in secure chips, if possible. CC ID 13065 | Privacy protection for information and data | Configuration | |
| Refrain from storing data elements containing sensitive authentication data after authorization is approved. CC ID 04758 | Privacy protection for information and data | Configuration | |
| Render unrecoverable sensitive authentication data after authorization is approved. CC ID 11952 | Privacy protection for information and data | Technical Security | |
| Automate the disposition process for records that contain "do not store" data or "delete after transaction process" data. CC ID 06083 | Privacy protection for information and data | Data and Information Management | |
| Log the disclosure of personal data. CC ID 06628 | Privacy protection for information and data | Log Management | |
| Log the modification of personal data. CC ID 11844 | Privacy protection for information and data | Log Management | |
| Encrypt, truncate, or tokenize data fields, as necessary. CC ID 06850 | Privacy protection for information and data | Technical Security | |
| Implement security measures to protect personal data. CC ID 13606 [The entity has policies and procedures for protecting the integrity of PI during initial and subsequent collection, creation, usage, processing, alteration, adaptation, re-organization, storage, destruction and erasure. Refer to Component S7.0. M1.0 Security for privacy] | Privacy protection for information and data | Technical Security | |
| Implement physical controls to protect personal data. CC ID 00355 | Privacy protection for information and data | Testing | |
| Limit data leakage. CC ID 00356 [{unauthorized access}{unauthorized removal}{unauthorized destruction} The entity has established policies and procedures for identifying, classifying and prioritizing the criticality of its collected PI. The entity also has procedures for evaluating potential vulnerabilities and the risk of unauthorized privacy information access, removal and destruction. The entity has designed and implemented control activities to help prevent, detect, address and notify relevant authorities in the event it detects and confirms instances of system and privacy information breaches. These policies and procedures were designed to help the entity meet its objectives related to privacy. M1.3] | Privacy protection for information and data | Data and Information Management | |
| Identify potential red flags to alert the organization before a data leakage has occurred. CC ID 04654 | Privacy protection for information and data | Monitor and Evaluate Occurrences | |
| Establish, implement, and maintain Consumer Reporting Agency notification procedures. CC ID 04851 | Privacy protection for information and data | Business Processes | |
| Acquire enough insurance to cover the liability for damages due to data leakage. CC ID 06408 | Privacy protection for information and data | Acquisition/Sale of Assets or Services | |
| Alert appropriate personnel when data leakage is detected. CC ID 14715 | Privacy protection for information and data | Process or Activity | |
| Include text about data ownership in the data handling policy. CC ID 15720 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain a telephone systems usage policy. CC ID 15170 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain call metadata controls. CC ID 04790 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain de-identifying and re-identifying procedures. CC ID 07126 | Privacy protection for information and data | Data and Information Management | |
| Use de-identifying code and re-identifying code that is not derived from or related to information about the data subject. CC ID 07127 | Privacy protection for information and data | Data and Information Management | |
| Store de-identifying code and re-identifying code separately. CC ID 16535 | Privacy protection for information and data | Data and Information Management | |
| Prevent the disclosure of de-identifying code and re-identifying code. CC ID 07128 | Privacy protection for information and data | Data and Information Management | |
| Disseminate and communicate the data handling policy to all interested personnel and affected parties. CC ID 15465 | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain data handling procedures. CC ID 11756 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define personal data that falls under breach notification rules. CC ID 00800 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include data elements that contain an individual's name combined with account numbers or other identifying information as personal data that falls under the breach notification rules. CC ID 04662 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's legal surname prior to marriage as personal data that falls under the breach notification rules. CC ID 04669 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's date of birth as personal data that falls under the breach notification rules. CC ID 04771 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's address as personal data that falls under the breach notification rules. CC ID 04671 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's telephone number as personal data that falls under the breach notification rules. CC ID 04672 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's fingerprints as personal data that falls under the breach notification rules. CC ID 04670 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's Social Security Number or Personal Identification Number as personal data that falls under the breach notification rules. CC ID 04656 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's driver's license number or an individual's state identification card number as personal data that falls under the breach notification rules. CC ID 04657 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's passport number as personal data that falls under the breach notification rules. CC ID 04774 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's Alien Registration Number as personal data that falls under the breach notification rules. CC ID 04775 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's Taxpayer Identification Number as personal data that falls under the breach notification rules. CC ID 04764 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's financial account number as personal data that falls under the breach notification rules. CC ID 04658 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's financial account number with associated password or password hint as personal data that falls under the breach notification rules. CC ID 04660 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's electronic identification name or number as personal data that falls under the breach notification rules. CC ID 04663 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain electronic signatures as personal data that falls under the breach notification rules. CC ID 04666 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's biometric data as personal data that falls under the breach notification rules. CC ID 04667 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's account number, password, or password hint as personal data that falls under the breach notification rules. CC ID 04668 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's payment card information as personal data that falls under the breach notification rules. CC ID 04752 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's credit card number or an individual's debit card number as personal data that falls under the breach notification rules. CC ID 04659 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's payment card service code as personal data that falls under the breach notification rules. CC ID 04754 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's payment card expiration date as personal data that falls under the breach notification rules. CC ID 04756 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's payment card full magnetic stripe data as personal data that falls under the breach notification rules. CC ID 04759 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's payment card security codes (Card Authentication Value 2/Card Validation Code Value 2/Card Verification Value 2/Card Identification Number) as personal data that falls under the breach notification rules. CC ID 04760 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's payment card associated password or password hint as personal data that falls under the breach notification rules. CC ID 04661 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's Individually Identifiable Health Information as personal data that falls under the breach notification rules. CC ID 04673 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's medical history as personal data that falls under the breach notification rules. CC ID 04674 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's medical treatment as personal data that falls under the breach notification rules. CC ID 04675 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's medical diagnosis as personal data that falls under the breach notification rules. CC ID 04676 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's mental condition or physical condition as personal data that falls under the breach notification rules. CC ID 04682 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's health insurance information as personal data that falls under the breach notification rules. CC ID 04681 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's health insurance policy number as personal data that falls under the breach notification rules. CC ID 04683 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's health insurance application and health insurance claims history (including appeals) as personal data that falls under the breach notification rules. CC ID 04684 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's employment information as personal data that falls under the breach notification rules. CC ID 04772 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's Employee Identification Number as personal data that falls under the breach notification rules. CC ID 04773 | Privacy protection for information and data | Data and Information Management | |
| Include data elements that contain an individual's place of employment as personal data that falls under the breach notification rules. CC ID 04788 | Privacy protection for information and data | Data and Information Management | |
| Define an out of scope privacy breach. CC ID 04677 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include personal data that is publicly available information as an out of scope privacy breach. CC ID 04678 | Privacy protection for information and data | Business Processes | |
| Include personal data that is encrypted or redacted as an out of scope privacy breach. CC ID 04679 | Privacy protection for information and data | Monitor and Evaluate Occurrences | |
| Include cryptographic keys not being accessed during a privacy breach as an out of scope privacy breach. CC ID 04761 | Privacy protection for information and data | Monitor and Evaluate Occurrences | |
| Include any personal data that is on an encrypted mobile device as an out of scope privacy breach, if the encryption keys were not accessed and the mobile device was recovered. CC ID 04762 | Privacy protection for information and data | Monitor and Evaluate Occurrences | |
| Disseminate and communicate the data handling procedures to all interested personnel and affected parties. CC ID 15466 | Privacy protection for information and data | Communicate | |
| Establish, implement, and maintain a personal data transfer program. CC ID 00307 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Obtain consent from an individual prior to transferring personal data. CC ID 06948 [Consent is obtained before PI is transferred to or from an individual's computer or other similar device. C3.2 Obtains consent for data transfers] | Privacy protection for information and data | Data and Information Management | |
| Include procedures for transferring personal data from one data controller to another data controller in the personal data transfer program. CC ID 00351 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from requiring independent recourse mechanisms when transferring personal data from one data controller to another data controller. CC ID 12528 | Privacy protection for information and data | Business Processes | |
| Notify data subjects when their personal data is transferred. CC ID 00352 | Privacy protection for information and data | Behavior | |
| Include procedures for transferring personal data to third parties in the personal data transfer program. CC ID 00333 [The entity has policies and procedures for disclosing and transmitting PI to external third-party individuals and organizations not under the direct management or control of the entity. Refer to Component D6.0. M1.0 Disclosure to third parties] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Notify data subjects of the geographic locations of the third parties when transferring personal data to third parties. CC ID 14414 | Privacy protection for information and data | Communicate | |
| Provide an adequate data protection level by the transferee prior to transferring personal data to another country. CC ID 00314 | Privacy protection for information and data | Data and Information Management | |
| Refrain from restricting personal data transfers to member states of the European Union. CC ID 00312 | Privacy protection for information and data | Data and Information Management | |
| Prohibit the transfer of personal data when security is inadequate. CC ID 00345 | Privacy protection for information and data | Data and Information Management | |
| Meet the use of limitation exceptions in order to transfer personal data. CC ID 00346 | Privacy protection for information and data | Data and Information Management | |
| Refrain from transferring past the first transfer. CC ID 00347 | Privacy protection for information and data | Data and Information Management | |
| Document transfer disagreements by the data subject in writing. CC ID 00348 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Allow the data subject the right to object to the personal data transfer. CC ID 00349 | Privacy protection for information and data | Data and Information Management | |
| Authorize the transfer of restricted data in accordance with organizational standards. CC ID 16428 | Privacy protection for information and data | Records Management | |
| Follow the instructions of the data transferrer. CC ID 00334 | Privacy protection for information and data | Behavior | |
| Define the personal data transfer exceptions for transferring personal data to another country when adequate protection level standards are not met. CC ID 00315 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include publicly available information as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00316 | Privacy protection for information and data | Data and Information Management | |
| Include transfer agreements between data controllers and third parties when it is for the data subject's interest as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00317 | Privacy protection for information and data | Data and Information Management | |
| Include personal data for the health field and for treatment as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00318 | Privacy protection for information and data | Data and Information Management | |
| Include personal data for journalistic purposes or private purposes as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00319 | Privacy protection for information and data | Data and Information Management | |
| Include personal data for important public interest as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00320 | Privacy protection for information and data | Data and Information Management | |
| Include consent by the data subject as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00321 | Privacy protection for information and data | Data and Information Management | |
| Include personal data used for a contract as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00322 | Privacy protection for information and data | Data and Information Management | |
| Include personal data for protecting the data subject or the data subject's interests, such as saving his/her life or providing healthcare as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00323 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is necessary to fulfill international law obligations as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00324 | Privacy protection for information and data | Data and Information Management | |
| Include personal data used for legal investigations as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00325 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is authorized by a legislative act as a personal data transfer exception for transferring personal data to another country outside an adequate data protection level. CC ID 00326 | Privacy protection for information and data | Data and Information Management | |
| Require transferees to implement adequate data protection levels for the personal data. CC ID 00335 | Privacy protection for information and data | Data and Information Management | |
| Refrain from requiring a contract between the data controller and trusted third parties when personal information is transferred. CC ID 12527 | Privacy protection for information and data | Business Processes | |
| Define the personal data transfer exceptions for transferring personal data to another organization when adequate protection level standards are not met. CC ID 00336 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include personal data that is publicly available information as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00337 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is used for journalistic purposes or private purposes as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00338 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is used for important public interest as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00339 | Privacy protection for information and data | Data and Information Management | |
| Include consent by the data subject as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00340 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is used for a contract as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00341 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is used for protecting the data subject or the data subject's interests, such as providing healthcare or saving his/her life as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00342 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is used for a legal investigation as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00343 | Privacy protection for information and data | Data and Information Management | |
| Include personal data that is authorized by a legislative act as a personal data transfer exception for transferring personal data to a third party outside adequate data protection levels. CC ID 00344 | Privacy protection for information and data | Data and Information Management | |
| Notify data subjects about organizational liability when transferring personal data to third parties. CC ID 12353 | Privacy protection for information and data | Communicate | |
| Notify the data subject of any personal data changes during the personal data transfer. CC ID 00350 | Privacy protection for information and data | Behavior | |
| Establish, implement, and maintain Internet interactivity data transfer procedures. CC ID 06949 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Obtain consent prior to storing cookies on an individual's browser. CC ID 06950 | Privacy protection for information and data | Data and Information Management | |
| Obtain consent prior to downloading software to an individual's computer. CC ID 06951 | Privacy protection for information and data | Data and Information Management | |
| Refrain from installing software on an individual's computer unless acting in accordance with a court order. CC ID 14000 | Privacy protection for information and data | Process or Activity | |
| Remove or uninstall software from an individual's computer, as necessary. CC ID 13998 | Privacy protection for information and data | Process or Activity | |
| Remove or uninstall software from an individual's computer when consent is revoked. CC ID 13997 | Privacy protection for information and data | Process or Activity | |
| Obtain consent prior to tracking Internet traffic patterns or browsing history of an individual. CC ID 06961 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain a privacy impact assessment. CC ID 13712 [The entity performs a privacy (risk) impact assessment to identify and evaluate privacy specific risks, vulnerabilities and scenarios that could result in a system or information privacy breach situation. Privacy (risk) impact assessments are also used to identify security control weaknesses that need to be addressed as well as to report upon the entity's ability to comply with applicable system and privacy information breach notification laws and regulations. M1.3 Privacy (risk) impact assessment] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the individuals with whom information is shared in the privacy impact assessment. CC ID 15520 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include how to grant consent in the privacy impact assessment. CC ID 15519 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the opportunities for individuals to consent to using their information in the privacy impact assessment. CC ID 15518 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the opportunities for opting out of information collection in the privacy impact assessment. CC ID 15517 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include data handling procedures in the privacy impact assessment. CC ID 15516 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the intended use of information in the privacy impact assessment. CC ID 15515 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the reason information is being collected in the privacy impact assessment. CC ID 15514 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the type of information to be collected in the privacy impact assessment. CC ID 15513 | Privacy protection for information and data | Business Processes | |
| Disseminate and communicate the results of the Privacy Impact Assessment to interested personnel and affected parties. CC ID 15458 | Privacy protection for information and data | Communicate | |
| Develop remedies and sanctions for privacy policy violations. CC ID 00474 [The entity has procedures for identifying and addressing instances when non-compliance with information privacy policies and procedures are identified. M1.2 Policy compliance Ongoing procedures are performed for monitoring the effectiveness of controls over PI and for taking timely corrective actions when necessary. M9.1 Performs ongoing monitoring] | Privacy protection for information and data | Data and Information Management | |
| Define the behaviors and actions that are included in privacy rights violations. CC ID 14852 | Privacy protection for information and data | Behavior | |
| Include the individual's name who is the subject of the complaint in the privacy rights violation complaint. CC ID 14359 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refrain from charging a fee to file a privacy rights violation complaint. CC ID 16807 | Privacy protection for information and data | Business Processes | |
| Refrain from updating personal data on a regular basis, unless it is necessary for the purposes it was collected. CC ID 13610 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain a privacy dispute resolution program. CC ID 12526 [{dispute resolution process}{complaint resolution process} The entity implements a process for receiving, addressing, resolving and communicating the resolution of inquiries, complaints and disputes from data subjects and others and periodically monitors compliance to meet the entity's objectives related to privacy. Corrections and other necessary actions related to identified deficiencies are made or taken in a timely manner. M9.1] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include potential remedies in the privacy dispute resolution program. CC ID 12531 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Provide the data subject with the name, title, and address to whom complaints are forwarded. CC ID 00395 [Data subjects are informed, in writing, about the reason a request for correction of PI was denied and how they may appeal. A5.2 Communicates denial of correction requests Data subjects are informed about how to contact the entity with inquiries, complaints and disputes. M9.1 Communicates to data subjects] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the time frames in which privacy rights violation complaints are processed in the privacy dispute resolution program. CC ID 12529 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Document unresolved challenges. CC ID 13568 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Establish, implement, and maintain an accuracy resolution policy. CC ID 00460 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Notify individuals of their right to challenge personal data. CC ID 00457 [{be accurate}{be complete} Individuals are informed that they are responsible for providing the entity with accurate and complete PI and for contacting the entity if correction of such information is required. Q8.1 Communicates to data subjects] | Privacy protection for information and data | Data and Information Management | |
| Notify individuals of their right to object to personal data for legitimate reasons. CC ID 00458 | Privacy protection for information and data | Data and Information Management | |
| Terminate an individual's restriction agreement under specific circumstances. CC ID 06260 | Privacy protection for information and data | Configuration | |
| Notify individuals of their ability to challenge personal behavioral assessments on record. CC ID 04798 | Privacy protection for information and data | Human Resources Management | |
| Notify individuals of their ability to object to personal data processing, absent cost. CC ID 00459 | Privacy protection for information and data | Data and Information Management | |
| Notify individuals of the time frame in which they may challenge personal data. CC ID 16861 | Privacy protection for information and data | Communicate | |
| Investigate the disputed accuracy of personal data. CC ID 00461 | Privacy protection for information and data | Data and Information Management | |
| Notify third parties of unresolved challenges. CC ID 13559 | Privacy protection for information and data | Communicate | |
| Document disagreements as to whether personal data is complete and accurate. CC ID 06952 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the change to the personal data that the data subject requested and the reason the organization refused to make the change in the statement of disagreement. CC ID 06954 [Data subjects are informed, in writing, about the reason a request for correction of PI was denied and how they may appeal. A5.2 Communicates denial of correction requests] | Privacy protection for information and data | Establish/Maintain Documentation | |
| Include the allegations against the organization in the notice of investigation. CC ID 13031 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Refer privacy rights violation complaints to the Privacy Commissioner under certain conditions. CC ID 00481 | Privacy protection for information and data | Behavior | |
| Determine not to investigate privacy rights violation complaints under certain conditions. CC ID 00482 | Privacy protection for information and data | Behavior | |
| Refrain from investigating a privacy rights violation complaint when the act or practice does not interfere with an individual's privacy. CC ID 00483 | Privacy protection for information and data | Behavior | |
| Refrain from investigating a privacy rights violation complaint when the complaint is created outside the stipulated time frame after the complainant became aware of it. CC ID 00484 | Privacy protection for information and data | Behavior | |
| Refrain from investigating a privacy rights violation complaint when the complaint is frivolous, vexatious, misconceived, or lacking in substance. CC ID 00485 | Privacy protection for information and data | Behavior | |
| Refrain from investigating a privacy rights violation complaint if the act or practice is subject to an application under another commonwealth law, state law, or territory law, and the complaint was or is being dealt with adequately under the law. CC ID 00486 | Privacy protection for information and data | Behavior | |
| Defer privacy rights violation complaint investigations under certain conditions. CC ID 00487 | Privacy protection for information and data | Behavior | |
| Defer privacy rights violation complaint investigations when the respondent has made an application for a determination. CC ID 00488 | Privacy protection for information and data | Behavior | |
| Defer privacy rights violation complaint investigations when the Privacy Commissioner believes the data subject's interests would not be affected if the investigation or further investigation were deferred until the application was disposed of. CC ID 00489 | Privacy protection for information and data | Behavior | |
| Define the organization's liability based on the applicable law. CC ID 00504 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define the sanctions and fines available for privacy rights violations based on applicable law. CC ID 00505 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define the appeal process based on the applicable law. CC ID 00506 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Define the fee structure for the appeal process. CC ID 16532 | Privacy protection for information and data | Process or Activity | |
| Define the time requirements for the appeal process. CC ID 16531 | Privacy protection for information and data | Process or Activity | |
| Disseminate and communicate instructions for the appeal process to interested personnel and affected parties. CC ID 16544 | Privacy protection for information and data | Communicate | |
| Disseminate and communicate a written explanation of the reasons for appeal decisions to interested personnel and affected parties. CC ID 16542 | Privacy protection for information and data | Communicate | |
| Provide notice of proposed penalties. CC ID 06216 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Notify the public and other agencies after a penalty becomes final. CC ID 06217 | Privacy protection for information and data | Behavior | |
| Establish, implement, and maintain a Customer Information Management program. CC ID 00084 | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain customer data authentication procedures. CC ID 13187 | Privacy protection for information and data | Establish/Maintain Documentation | |
| Check the accuracy of restricted data. CC ID 00088 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1 {be complete} PI is accurate and complete for the purposes for which it is to be used. Q8.1 Ensures accuracy and completeness of PI] | Privacy protection for information and data | Data and Information Management | |
| Check that restricted data is complete. CC ID 00090 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1 {be complete} PI is accurate and complete for the purposes for which it is to be used. Q8.1 Ensures accuracy and completeness of PI] | Privacy protection for information and data | Data and Information Management | |
| Keep restricted data up-to-date and valid. CC ID 00091 [The entity has a process for preserving and periodically re-validating the quality and integrity of PI and verifying (e.g., confirming with data subjects) its continued accuracy, completeness and correctness. Refer to Component Q8.0. M1.0 Data quality and integrity {be accurate}{be up-to-date}{be reliable}{be complete}{be relevant} The entity collects and maintains accurate, reliable, up to date, complete and relevant PI to meet the entity's objectives related to privacy. Q8.1] | Privacy protection for information and data | Data and Information Management | |
| Maintain restricted data in a form that does not permit the identification of data subjects for longer than the processing purpose. CC ID 00092 [PI no longer retained is anonymized, disposed of or destroyed in a manner that prevents loss, theft, misuse or unauthorized access. U4.3 Disposes of, destroys and redacts PI] | Privacy protection for information and data | Data and Information Management | |
| Establish, implement, and maintain a supply chain management program. CC ID 11742 | Third Party and supply chain oversight | Establish/Maintain Documentation | |
| Establish, implement, and maintain procedures for establishing, maintaining, and terminating third party contracts. CC ID 00796 | Third Party and supply chain oversight | Establish/Maintain Documentation | |
| Review and update all contracts, as necessary. CC ID 11612 [The entity's internal personnel or advisers review contracts for consistency with privacy policies and procedures and address any inconsistencies. M1.2 Consistency of commitments with privacy policies and procedures] | Third Party and supply chain oversight | Establish/Maintain Documentation | |
| Include text that organizations must meet organizational compliance requirements in third party contracts. CC ID 06506 | Third Party and supply chain oversight | Establish/Maintain Documentation | |
| Include compliance with the organization's privacy policy in third party contracts. CC ID 06518 [The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Third Party and supply chain oversight | Establish/Maintain Documentation | |
| Include incident management procedures and incident reporting procedures in third party contracts. CC ID 01214 [The entity obtains commitments from vendors and other third parties with access to PI to notify the entity in the event of actual or suspected unauthorized disclosures of PI. Such notifications are reported to appropriate personnel and acted on in accordance with established incident response procedures to meet the entity's objectives related to privacy. D6.5 A process exists for obtaining commitments from vendors and other third parties to report to the entity actual or suspected unauthorized disclosures of PI. D6.5 Reports actual or suspected unauthorized disclosures] | Third Party and supply chain oversight | Establish/Maintain Documentation | |
| Conduct all parts of the supply chain due diligence process. CC ID 08854 | Third Party and supply chain oversight | Business Processes | |
| Validate the third parties' compliance to organizationally mandated compliance requirements. CC ID 08819 [The entity obtains privacy commitments from vendors and other third parties who have access to PI to meet the entity's objectives related to privacy. The entity assesses those parties' compliance on a periodic and as-needed basis and takes corrective action, if necessary. D6.4] | Third Party and supply chain oversight | Business Processes | |