Convert the system to "Trusted Mode", if possible., CC ID: 01550
Configure the sadmind service to a higher Security level., CC ID: 01551
Find files and directories with extended attributes., CC ID: 01552
Configure all.rhosts files to be readable only by their owners., CC ID: 01557
Set the symlink /etc/hosts.equiv file to /dev/null., CC ID: 01558
Configure the default locking Screen saver timeout to a predetermined time period., CC ID: 01570
Configure the Security Center (Domain PCs only)., CC ID: 01967
Configure the system to immediately protect the computer after the Screen saver is activated by setting the time before the Screen saver grace period expires to a predefined amount., CC ID: 04276
Configure the system to require a password before it unlocks the Screen saver software., CC ID: 04443
Disable proxy ARP on all interfaces., CC ID: 06570
Set the FileSpaceSwitch variable to an appropriate value., CC ID: 05445
Set the wakeup switchpoint frequency to an appropriate time interval., CC ID: 05446
Enable or disable the setuid option on removable storage media, as appropriate., CC ID: 05447
Configure TCP/IP PMTU Discovery, as appropriate., CC ID: 05991
Configure Secure Shell to enable or disable empty passwords, as appropriate., CC ID: 06016
Configure each user's Screen Saver Executable Name., CC ID: 06027
Configure the NIS+ server to operate at an appropriate security level., CC ID: 06038
Configure the "restrict guest access to system log" policy, as appropriate., CC ID: 06047
Configure the "Block saving of Open XML file types" setting, as appropriate., CC ID: 06048
Enable or disable user-initiated system crashes via the CTRL+SCROLL LOCK+SCROLL LOCK sequence for keyboards., CC ID: 06051
Configure the "Syskey mode" to organizational standards., CC ID: 06052
Configure the Trusted Platform Module (TPM) platform validation profile, as appropriate., CC ID: 06056
Configure the "Allow Remote Shell Access" setting, as appropriate., CC ID: 06057
Configure the "Prevent the computer from joining a homegroup" setting, as appropriate., CC ID: 06058
Enable or disable the authenticator requirement after waking, as appropriate., CC ID: 06059
Enable or disable the standby states, as appropriate., CC ID: 06060
Configure the Trusted Platform Module startup options properly., CC ID: 06061
Configure the system to purge Policy Caches., CC ID: 06569
Separate authenticator files and application system data on different file systems., CC ID: 06790
Configure Application Programming Interfaces to limit or shut down interactivity based upon a rate limit., CC ID: 06811
Configure the "all world-writable directories" user ownership to organizational standards., CC ID: 08714
Configure the "all rsyslog log" files group ownership to organizational standards., CC ID: 08715
Configure the "all rsyslog log" files user ownership to organizational standards., CC ID: 08716
Configure the "Executable stack" setting to organizational standards., CC ID: 08969
Configure the "smbpasswd executable" user ownership to organizational standards., CC ID: 08975
Configure the "traceroute executable" group ownership to organizational standards., CC ID: 08980
Configure the "traceroute executable" user ownership to organizational standards., CC ID: 08981
Configure the "Apache configuration" directory group ownership to organizational standards., CC ID: 08991
Configure the "Apache configuration" directory user ownership to organizational standards., CC ID: 08992
Configure the "/var/log/httpd/" file group ownership to organizational standards., CC ID: 09027
Configure the "/etc/httpd/conf.d" file group ownership to organizational standards., CC ID: 09028
Configure the "/etc/httpd/conf/passwd" file group ownership to organizational standards., CC ID: 09029
Configure the "/usr/sbin/apachectl" file group ownership to organizational standards., CC ID: 09030
Configure the "/usr/sbin/httpd" file group ownership to organizational standards., CC ID: 09031
Configure the "/var/www/html" file group ownership to organizational standards., CC ID: 09032
Configure the "log files" the "/var/log/httpd/" directory user ownership to organizational standards., CC ID: 09034
Configure the "/etc/httpd/conf.d" file ownership to organizational standards., CC ID: 09035
Configure the "/etc/httpd/conf/passwd" file ownership to organizational standards., CC ID: 09036
Configure the "/usr/sbin/apachectl" file ownership to organizational standards., CC ID: 09037
Configure the "/usr/sbin/httpd" file ownership to organizational standards., CC ID: 09038
Configure the "/var/www/html" file ownership to organizational standards., CC ID: 09039
Configure the "httpd.conf" file user ownership to organizational standards., CC ID: 09055
Configure the "httpd.conf" group ownership to organizational standards., CC ID: 09056
Configure the "htpasswd" file user ownership to organizational standards., CC ID: 09058
Configure the "htpasswd" file group ownership to organizational standards., CC ID: 09059
Configure the "files specified by CustomLog" user ownership to organizational standards., CC ID: 09074
Configure the "files specified by CustomLog" group ownership to organizational standards., CC ID: 09075
Configure the "files specified by ErrorLog" user ownership to organizational standards., CC ID: 09076
Configure the "files specified by ErrorLog" group ownership to organizational standards., CC ID: 09077
Configure the "directories specified by ScriptAlias" user ownership to organizational standards., CC ID: 09079
Configure the "directories specified by ScriptAlias" group ownership to organizational standards., CC ID: 09080
Configure the "directories specified by ScriptAliasMatch" user ownership to organizational standards., CC ID: 09082
Configure the "directories specified by ScriptAliasMatch" group ownership to organizational standards., CC ID: 09083
Configure the "directories specified by DocumentRoot" user ownership to organizational standards., CC ID: 09085
Configure the "directories specified by DocumentRoot" group ownership to organizational standards., CC ID: 09086
Configure the "directories specified by Alias" user ownership to organizational standards., CC ID: 09088
Configure the "directories specified by Alias" group ownership to organizational standards., CC ID: 09089
Configure the "directories specified by ServerRoot" user ownership to organizational standards., CC ID: 09091
Configure the "directories specified by ServerRoot" group ownership to organizational standards., CC ID: 09092
Configure the "apache /bin" directory user ownership to organizational standards., CC ID: 09094
Configure the "apache /bin" directory group ownership to organizational standards., CC ID: 09095
Configure the "apache /logs" directory user ownership to organizational standards., CC ID: 09097
Configure the "apache /logs" directory group ownership to organizational standards., CC ID: 09098
Configure the "apache /htdocs" directory user ownership to organizational standards., CC ID: 09100
Configure the "apache /htdocs" directory group ownership to organizational standards., CC ID: 09101
Configure the "apache /cgi-bin" directory group ownership to organizational standards., CC ID: 09104
Configure the "User-specific directories" setting to organizational standards., CC ID: 09123
Configure the "apache process ID" file user ownership to organizational standards., CC ID: 09125
Configure the "apache process ID" file group ownership to organizational standards., CC ID: 09126
Configure the "apache scoreboard" file user ownership to organizational standards., CC ID: 09128
Configure the "apache scoreboard" file group ownership to organizational standards., CC ID: 09129
Configure the "Ownership of the asymmetric keys" setting to organizational standards., CC ID: 09289
Configure the "SQLServer2005ReportServerUser" registry key permissions to organizational standards., CC ID: 09326
Configure the "SQLServerADHelperUser" registry key permissions to organizational standards., CC ID: 09329
Configure the "Tomcat home" directory user ownership to organizational standards., CC ID: 09772
Configure the "group" setting for the "Tomcat installation" to organizational standards., CC ID: 09773
Configure the "tomcat conf/" directory user ownership to organizational standards., CC ID: 09774
Configure the "tomcat conf/" directory group ownership to organizational standards., CC ID: 09775
Configure the "tomcat-users.xml" file user ownership to organizational standards., CC ID: 09776
Configure the "tomcat-users.xml" file group ownership to organizational standards., CC ID: 09777
Configure the "group membership" setting for "Tomcat" to organizational standards., CC ID: 09793
Configure the "Tomcat home" directory group ownership to organizational standards., CC ID: 09798
Configure the "Tomcat home/conf/" directory user ownership to organizational standards., CC ID: 09800
Configure the "Tomcat home/conf/" directory group ownership to organizational standards., CC ID: 09801
Configure the "system" files permissions to organizational standards., CC ID: 09922
Configure the "size limit" setting for the "application log" to organizational standards., CC ID: 10063
Configure the "restrict guest access to security log" setting to organizational standards., CC ID: 10064
Configure the "size limit" setting for the "system log" to organizational standards., CC ID: 10065
Configure the "Automatic Update service" setting to organizational standards., CC ID: 10066
Configure the "Safe DLL Search Mode" setting to organizational standards., CC ID: 10067
Configure the "screensaver" setting to organizational standards., CC ID: 10068
Configure the "screensaver" setting for the "default" user to organizational standards., CC ID: 10069
Configure the "Enable User Control Over Installs" setting to organizational standards., CC ID: 10070
Configure the "Enable User to Browser for Source While Elevated" setting to organizational standards., CC ID: 10071
Configure the "Enable User to Use Media Source While Elevated" setting to organizational standards., CC ID: 10072
Configure the "Allow Administrator to Install from Terminal Services Session" setting to organizational standards., CC ID: 10073
Configure the "Enable User to Patch Elevated Products" setting to organizational standards., CC ID: 10074
Configure the "Cache Transforms in Secure Location" setting to organizational standards., CC ID: 10075
Configure the "Disable Media Player for automatic updates" setting to organizational standards., CC ID: 10076
Configure the "Internet access for Windows Messenger" setting to organizational standards., CC ID: 10077
Configure the "Do Not Automatically Start Windows Messenger" setting to organizational standards., CC ID: 10078
Configure the "Hide Property Pages" setting for the "task scheduler" to organizational standards., CC ID: 10079
Configure the "Prohibit New Task Creation" setting for the "task scheduler" to organizational standards., CC ID: 10080
Configure "Set time limit for disconnected sessions" to organizational standards., CC ID: 10081
Configure the "Set time limit for idle sessions" setting to organizational standards., CC ID: 10082
Configure the "Enable Keep-Alive Messages" setting to organizational standards., CC ID: 10083
Configure the "Automatic Updates detection frequency" setting to organizational standards., CC ID: 10084
Configure the "TCPMaxPortsExhausted" setting to organizational standards., CC ID: 10085
Configure the "built-in Administrator" account to organizational standards., CC ID: 10086
Configure the "Prevent System Maintenance of Computer Account Password" setting to organizational standards., CC ID: 10087
Configure the "Digitally Sign Client Communication (When Possible)" setting to organizational standards., CC ID: 10088
Configure the "number of SYN-ACK retransmissions sent when attempting to respond to a SYN request" setting to organizational standards., CC ID: 10089
Configure the "warning level" setting for the "audit log" to organizational standards., CC ID: 10090
Configure the "Change Password" setting for the "Ctrl+Alt+Del dialog" to organizational standards., CC ID: 10091
Configure the "account description" setting for the "built-in Administrator" account to organizational standards., CC ID: 10092
Configure the "Decoy Admin Account Not Disabled" setting to organizational standards., CC ID: 10201
Configure the "when maximum log size is reached" setting for the "Application log" to organizational standards., CC ID: 10202
Configure the "password filtering DLL" setting to organizational standards., CC ID: 10203
Configure the "Anonymous access to the registry" setting to organizational standards., CC ID: 10204
Configure the "Automatic Execution" setting for the "System Debugger" to organizational standards., CC ID: 10205
Configure the "CD-ROM Autorun" setting to organizational standards., CC ID: 10206
Configure the "ResetBrowser Frames" setting to organizational standards., CC ID: 10207
Configure the "Dr. Watson Crash Dumps" setting to organizational standards., CC ID: 10208
Configure the "File System Checker and Popups" setting to organizational standards., CC ID: 10209
Configure the "System File Checker" setting to organizational standards., CC ID: 10210
Configure the "System File Checker Progress Meter" setting to organizational standards., CC ID: 10211
Configure the "number of TCP/IP Maximum Half-open Sockets" setting to organizational standards., CC ID: 10212
Configure the "number of TCP/IP Maximum Retried Half-open Sockets" setting to organizational standards., CC ID: 10213
Configure the "Protect Kernel object attributes" setting to organizational standards., CC ID: 10214
Configure the "Unsigned Non-Driver Installation Behavior" setting to organizational standards., CC ID: 10215
Configure the "Automatically Log Off Users When Logon Time Expires (local)" setting to organizational standards., CC ID: 10216
Configure the "Local volumes" setting to organizational standards., CC ID: 10217
Configure the "Unused USB Ports" setting to organizational standards., CC ID: 10218
Configure the "Set Safe for Scripting" setting to organizational standards., CC ID: 10219
Configure the "Use of the Recycle Bin on file deletion" setting to organizational standards., CC ID: 10220
Configure the "Membership in the Power Users group" setting to organizational standards., CC ID: 10224
Configure the "AutoBackupLogFiles" setting for the "security log" to organizational standards., CC ID: 10225
Configure the "AutoBackupLogFiles" setting for the "application log" to organizational standards., CC ID: 10226
Configure the "AutoBackupLogFiles" setting for the "system log" to organizational standards., CC ID: 10227
Configure the "Syskey Encryption Key location and password method" setting to organizational standards., CC ID: 10228
Configure the "Os2LibPath environmental variable" setting to organizational standards., CC ID: 10229
Configure the "path to the Microsoft OS/2 version 1.x library" setting to organizational standards., CC ID: 10230
Configure the "location of the OS/2 subsystem" setting to organizational standards., CC ID: 10231
Configure the "location of the POSIX subsystem" setting to organizational standards., CC ID: 10232
Configure the "path to the debugger used for Just-In-Time debugging" setting to organizational standards., CC ID: 10234
Configure the "Distributed Component Object Model (DCOM)" setting to organizational standards., CC ID: 10235
Configure the "The "encryption algorithm" setting for "EFS"" setting to organizational standards., CC ID: 10236
Configure the "Interix Subsystem Startup service startup type" setting to organizational standards., CC ID: 10238
Configure the "Services for Unix Perl Socket service startup type" setting to organizational standards., CC ID: 10247
Configure the "Services for Unix Windows Cron service startup type" setting to organizational standards., CC ID: 10248
Configure the "fDisableCdm" setting to organizational standards., CC ID: 10259
Configure the "fDisableClip" setting to organizational standards., CC ID: 10260
Configure the "Inheritance of the shadow setting" setting to organizational standards., CC ID: 10261
Configure the "remote control configuration" setting to organizational standards., CC ID: 10262
Configure the "fDisableCam" setting to organizational standards., CC ID: 10263
Configure the "fDisableCcm" setting to organizational standards., CC ID: 10264
Configure the "fDisableLPT" setting to organizational standards., CC ID: 10265
Configure the "ActiveX installation policy for sites in Trusted zones" setting to organizational standards., CC ID: 10691
Configure the "Add the Administrators security group to roaming user profiles" setting to organizational standards., CC ID: 10694
Configure the "Administratively assigned offline files" setting to organizational standards., CC ID: 10695
Configure the "Apply policy to removable media" setting to organizational standards., CC ID: 10756
Configure the "Baseline file cache maximum size" setting to organizational standards., CC ID: 10763
Configure the "Check for New Signatures Before Scheduled Scans" setting to organizational standards., CC ID: 10770
Configure the "Check published state" setting to organizational standards., CC ID: 10771
Configure the "Communities" setting to organizational standards., CC ID: 10772
Configure the "Computer location" setting to organizational standards., CC ID: 10773
Configure the "Background Sync" setting to organizational standards., CC ID: 10775
Configure the "Corporate Windows Error Reporting" setting to organizational standards., CC ID: 10777
Configure the "Corrupted File Recovery Behavior" setting to organizational standards., CC ID: 10778
Configure the "Default consent" setting to organizational standards., CC ID: 10780
Configure the "list of IEEE 1667 silos usable on your computer" setting to organizational standards., CC ID: 10792
Configure the "Microsoft SpyNet Reporting" setting to organizational standards., CC ID: 10794
Configure the "MSI Corrupted File Recovery Behavior" setting to organizational standards., CC ID: 10795
Configure the "Reliability WMI Providers" setting to organizational standards., CC ID: 10804
Configure the "Report Archive" setting to organizational standards., CC ID: 10805
Configure the "Report Queue" setting to organizational standards., CC ID: 10806
Configure the "root certificate clean up" setting to organizational standards., CC ID: 10807
Configure the "Security Policy for Scripted Diagnostics" setting to organizational standards., CC ID: 10816
Configure the "list of blocked TPM commands" setting to organizational standards., CC ID: 10822
Configure the "refresh interval for Server Manager" setting to organizational standards., CC ID: 10823
Configure the "server address, refresh interval, and issuer certificate authority of a target Subscription Manager" setting to organizational standards., CC ID: 10824
Configure the "Customize consent settings" setting to organizational standards., CC ID: 10837
Configure the "Default behavior for AutoRun" setting to organizational standards., CC ID: 10839
Configure the "Define Activation Security Check exemptions" setting to organizational standards., CC ID: 10841
Configure the "Define host name-to-Kerberos realm mappings" setting to organizational standards., CC ID: 10842
Configure the "Define interoperable Kerberos V5 realm settings" setting to organizational standards., CC ID: 10843
Configure the "Delay Restart for scheduled installations" setting to organizational standards., CC ID: 10844
Configure the "Delete cached copies of roaming profiles" setting to organizational standards., CC ID: 10845
Configure the "Delete user profiles older than a specified number of days on system restart" setting to organizational standards., CC ID: 10847
Configure the "Diagnostics: Configure scenario retention" setting to organizational standards., CC ID: 10857
Configure the "Directory pruning interval" setting to organizational standards., CC ID: 10858
Configure the "Directory pruning priority" setting to organizational standards., CC ID: 10859
Configure the "Directory pruning retry" setting to organizational standards., CC ID: 10860
Configure the "Disk Diagnostic: Configure custom alert text" setting to organizational standards., CC ID: 10882
Configure the "Display Shutdown Event Tracker" setting to organizational standards., CC ID: 10888
Configure the "Display string when smart card is blocked" setting to organizational standards., CC ID: 10889
Configure the "Do not automatically encrypt files moved to encrypted folders" setting to organizational standards., CC ID: 10924
Configure the "Do not check for user ownership of Roaming Profile Folders" setting to organizational standards., CC ID: 10925
Configure the "Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names" setting to organizational standards., CC ID: 10932
Configure the "Do not send additional data" machine setting should be configured correctly. to organizational standards., CC ID: 10934
Configure the "Domain Controller Address Type Returned" setting to organizational standards., CC ID: 10939
Configure the "Domain Location Determination URL" setting to organizational standards., CC ID: 10940
Configure the "Don't set the always do this checkbox" setting to organizational standards., CC ID: 10941
Configure the "Download missing COM components" setting to organizational standards., CC ID: 10942
Configure the "Dynamic Update" setting to organizational standards., CC ID: 10944
Configure the "Enable client-side targeting" setting to organizational standards., CC ID: 10946
Configure the "Enable NTFS pagefile encryption" setting to organizational standards., CC ID: 10948
Configure the "Enable Persistent Time Stamp" setting to organizational standards., CC ID: 10949
Configure the "Enable Transparent Caching" setting to organizational standards., CC ID: 10950
Configure the "Enable Windows NTP Client" setting to organizational standards., CC ID: 10951
Configure the "Enable Windows NTP Server" setting to organizational standards., CC ID: 10952
Configure the "Encrypt the Offline Files cache" setting to organizational standards., CC ID: 10955
Configure the "Enforce upgrade component rules" setting to organizational standards., CC ID: 10958
Configure the "Events.asp program" setting to organizational standards., CC ID: 10959
Configure the "Events.asp program command line parameters" setting to organizational standards., CC ID: 10960
Configure the "Events.asp URL" setting to organizational standards., CC ID: 10961
Configure the "Exclude credential providers" setting to organizational standards., CC ID: 10962
Configure the "Exclude files from being cached" setting to organizational standards., CC ID: 10963
Configure the "Final DC Discovery Retry Setting for Background Callers" setting to organizational standards., CC ID: 10968
Configure the "For tablet pen input, don't show the Input Panel icon" setting to organizational standards., CC ID: 10973
Configure the "For touch input, don't show the Input Panel icon" setting to organizational standards., CC ID: 10974
Configure the "Force Rediscovery Interval" setting to organizational standards., CC ID: 10975
Configure the "Force selected system UI language to overwrite the user UI language" setting to organizational standards., CC ID: 10976
Configure the "Force the reading of all certificates from the smart card" setting to organizational standards., CC ID: 10977
Configure the "ForwarderResourceUsage" setting to organizational standards., CC ID: 10978
Configure the "Global Configuration Settings" setting to organizational standards., CC ID: 10979
Configure the "Hash Publication for BranchCache" setting to organizational standards., CC ID: 10986
Configure the "Hide entry points for Fast User Switching" setting to organizational standards., CC ID: 10987
Configure the "Hide notifications about RD Licensing problems that affect the RD Session Host server" setting to organizational standards., CC ID: 10988
Configure the "Hide previous versions list for local files" setting to organizational standards., CC ID: 10989
Configure the "Hide previous versions of files on backup location" setting to organizational standards., CC ID: 10991
Configure the "Ignore custom consent settings" setting to organizational standards., CC ID: 10992
Configure the "Ignore Delegation Failure" setting to organizational standards., CC ID: 10993
Configure the "Ignore the default list of blocked TPM commands" setting to organizational standards., CC ID: 10994
Configure the "Ignore the local list of blocked TPM commands" setting to organizational standards., CC ID: 10995
Configure the "Include rarely used Chinese, Kanji, or Hanja characters" setting to organizational standards., CC ID: 10996
Configure the "Initial DC Discovery Retry Setting for Background Callers" setting to organizational standards., CC ID: 10997
Configure the "IP-HTTPS State" setting to organizational standards., CC ID: 11000
Configure the "ISATAP Router Name" setting to organizational standards., CC ID: 11001
Configure the "ISATAP State" setting to organizational standards., CC ID: 11002
Configure the "License server security group" setting to organizational standards., CC ID: 11005
Configure the "List of applications to be excluded" setting to organizational standards., CC ID: 11023
Configure the "Lock Enhanced Storage when the computer is locked" setting to organizational standards., CC ID: 11025
Configure the "Make Parental Controls control panel visible on a Domain" setting to organizational standards., CC ID: 11039
Configure the "MaxConcurrentUsers" setting to organizational standards., CC ID: 11040
Configure the "Maximum DC Discovery Retry Interval Setting for Background Callers" setting to organizational standards., CC ID: 11041
Configure the "Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with Support Provider" setting to organizational standards., CC ID: 11045
Configure the "Negative DC Discovery Cache Setting" setting to organizational standards., CC ID: 11047
Configure the "Non-conforming packets" setting to organizational standards., CC ID: 11053
Configure the "Notify blocked drivers" setting to organizational standards., CC ID: 11054
Configure the "Notify user of successful smart card driver installation" setting to organizational standards., CC ID: 11055
Configure the "Permitted Managers" setting to organizational standards., CC ID: 11062
Configure the "Positive Periodic DC Cache Refresh for Background Callers" setting to organizational standards., CC ID: 11063
Configure the "Positive Periodic DC Cache Refresh for Non-Background Callers" setting to organizational standards., CC ID: 11064
Configure the "Prioritize all digitally signed drivers equally during the driver ranking and selection process" setting to organizational standards., CC ID: 11098
Configure the "Prompt for credentials on the client computer" setting to organizational standards., CC ID: 11108
Configure the "Propagation of extended error information" setting to organizational standards., CC ID: 11110
Configure the "Register PTR Records" setting to organizational standards., CC ID: 11121
Configure the "Registration Refresh Interval" setting to organizational standards., CC ID: 11122
Configure the "Remove Program Compatibility Property Page" setting to organizational standards., CC ID: 11128
Configure the "Remove users ability to invoke machine policy refresh" setting to organizational standards., CC ID: 11129
Configure the "Remove Windows Security item from Start menu" setting to organizational standards., CC ID: 11130
Configure the "Re-prompt for restart with scheduled installations" setting to organizational standards., CC ID: 11131
Configure the "Require secure RPC communication" setting to organizational standards., CC ID: 11134
Configure the "Require strict KDC validation" setting to organizational standards., CC ID: 11135
Configure the "Reverse the subject name stored in a certificate when displaying" setting to organizational standards., CC ID: 11148
Configure the "RPC Troubleshooting State Information" setting to organizational standards., CC ID: 11150
Configure the "Run shutdown scripts visible" setting to organizational standards., CC ID: 11152
Configure the "Run startup scripts asynchronously" setting to organizational standards., CC ID: 11153
Configure the "Run startup scripts visible" setting to organizational standards., CC ID: 11154
Configure the "Scavenge Interval" setting to organizational standards., CC ID: 11158
Configure the "Server Authentication Certificate Template" setting to organizational standards., CC ID: 11170
Configure the "Set BranchCache Distributed Cache mode" setting to organizational standards., CC ID: 11172
Configure the "Set BranchCache Hosted Cache mode" setting to organizational standards., CC ID: 11173
Configure the "Set compression algorithm for RDP data" setting to organizational standards., CC ID: 11174
Configure the "Set percentage of disk space used for client computer cache" setting to organizational standards., CC ID: 11177
Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Global" to organizational standards., CC ID: 11178
Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Site Local" to organizational standards., CC ID: 11180
Configure the "Set the Email IDs to which notifications are to be sent" setting to organizational standards., CC ID: 11184
Configure the "Set the map update interval for NIS subordinate servers" setting to organizational standards., CC ID: 11186
Configure the "Set the Seed Server" setting for "IPv6 Global" to organizational standards., CC ID: 11189
Configure the "Set the Seed Server" setting for "IPv6 Site Local" to organizational standards., CC ID: 11191
Configure the "Set the SMTP Server used to send notifications" setting to organizational standards., CC ID: 11192
Configure the "Set timer resolution" setting to organizational standards., CC ID: 11196
Configure the "Sets how often a DFS Client discovers DC's" setting to organizational standards., CC ID: 11199
Configure the "Short name creation options" setting to organizational standards., CC ID: 11200
Configure the "Site Name" setting to organizational standards., CC ID: 11201
Configure the "Specify a default color" setting to organizational standards., CC ID: 11208
Configure the "Specify idle Timeout" setting to organizational standards., CC ID: 11210
Configure the "Specify maximum amount of memory in MB per Shell" setting to organizational standards., CC ID: 11211
Configure the "Specify maximum number of processes per Shell" setting to organizational standards., CC ID: 11212
Configure the "Specify Shell Timeout" setting to organizational standards., CC ID: 11216
Configure the "Specify Windows installation file location" setting to organizational standards., CC ID: 11225
Configure the "Specify Windows Service Pack installation file location" setting to organizational standards., CC ID: 11226
Configure the "SSL Cipher Suite Order" setting to organizational standards., CC ID: 11227
Configure the "Switch to the Simplified Chinese (PRC) gestures" setting to organizational standards., CC ID: 11230
Configure the "Sysvol share compatibility" setting to organizational standards., CC ID: 11231
Configure the "Tag Windows Customer Experience Improvement data with Study Identifier" setting to organizational standards., CC ID: 11232
Configure the "Teredo Client Port" setting to organizational standards., CC ID: 11236
Configure the "Teredo Default Qualified" setting to organizational standards., CC ID: 11237
Configure the "Teredo Refresh Rate" setting to organizational standards., CC ID: 11238
Configure the "Teredo Server Name" setting to organizational standards., CC ID: 11239
Configure the "Teredo State" setting to organizational standards., CC ID: 11240
Configure the "Time (in seconds) to force reboot" setting to organizational standards., CC ID: 11242
Configure the "Time (in seconds) to force reboot when required for policy changes to take effect" setting to organizational standards., CC ID: 11243
Configure the "Timeout for fast user switching events" setting to organizational standards., CC ID: 11244
Configure the "Traps for public community" setting to organizational standards., CC ID: 11246
Configure the "Trusted Hosts" setting to organizational standards., CC ID: 11249
Configure the "Try Next Closest Site" setting to organizational standards., CC ID: 11250
Configure the "TTL Set in the A and PTR records" setting to organizational standards., CC ID: 11251
Configure the "Turn on Accounting for WSRM" setting to organizational standards., CC ID: 11333
Configure the "Turn on BranchCache" setting to organizational standards., CC ID: 11334
Configure the "Turn on certificate propagation from smart card" setting to organizational standards., CC ID: 11335
Configure the "Turn On Compatibility HTTP Listener" setting to organizational standards., CC ID: 11336
Configure the "Turn On Compatibility HTTPS Listener" setting to organizational standards., CC ID: 11337
Configure the "Turn on definition updates through both WSUS and the Microsoft Malware Protection Center" setting to organizational standards., CC ID: 11338
Configure the "Turn on definition updates through both WSUS and Windows Update" setting to organizational standards., CC ID: 11339
Configure the "Turn on economical application of administratively assigned Offline Files" setting to organizational standards., CC ID: 11342
Configure the "Turn on Mapper I/O (LLTDIO) driver" setting to organizational standards., CC ID: 11346
Configure the "Turn on recommended updates via Automatic Updates" setting to organizational standards., CC ID: 11347
Configure the "Turn on root certificate propagation from smart card" setting to organizational standards., CC ID: 11349
Configure the "Turn on Software Notifications" setting to organizational standards., CC ID: 11352
Configure the "Turn on TPM backup to Active Directory Domain Services" setting to organizational standards., CC ID: 11356
Configure the "Use forest search order" setting for "Key Distribution Center (KDC) searches" to organizational standards., CC ID: 11359
Configure the "Use forest search order" setting for "Kerberos client searches" to organizational standards., CC ID: 11360
Configure the "Use IP Address Redirection" setting to organizational standards., CC ID: 11361
Configure the "Use localized subfolder names when redirecting Start Menu and My Documents" setting to organizational standards., CC ID: 11362
Configure the "Use mandatory profiles on the RD Session Host server" setting to organizational standards., CC ID: 11363
Configure the "Verbose vs normal status messages" setting to organizational standards., CC ID: 11368
Configure the "Verify old and new Folder Redirection targets point to the same share before redirecting" setting to organizational standards., CC ID: 11369
Configure the "Windows Scaling Heuristics State" setting to organizational standards., CC ID: 11372
Configure the "Obtain Software Package Updates with apt-get" setting to organizational standards., CC ID: 11375
Configure the "display a banner before authentication" setting for "LightDM" to organizational standards., CC ID: 11385
Configure the "shadow" group to organizational standards., CC ID: 11386
Configure the "AppArmor" setting to organizational standards., CC ID: 11387
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Information system assets should be adequately protected from unauthorised access, misuse or fraudulent modification, insertion, deletion, substitution, suppression or disclosure. (§ 4.1.1, Monetary Authority of Singapore: Technology Risk Management Guidelines)
The FI should configure IT systems and devices with security settings that are consistent with the expected level of protection. The FI should establish baseline standards to facilitate consistent application of security configurations to operating systems, databases, network devices and enterprise … (§ 9.3.1, Monetary Authority of Singapore: Technology Risk Management Guidelines)
If using remote access without the use of a passphrase, the 'forced command' option is used to specify what command is executed and parameter checked is enabled. (Security Control: 0488; Revision: 3, Australian Government Information Security Manual, March 2021)
Device access control software is implemented on workstations and servers to prevent unauthorised devices from being connected. (Security Control: 1418; Revision: 2, Australian Government Information Security Manual, March 2021)
When using infrared keyboards, infrared ports are positioned to prevent line of sight and reflected communications travelling into an unsecured space. (Security Control: 0222; Revision: 2, Australian Government Information Security Manual, March 2021)
Personnel accessing systems or data using an organisation-owned mobile device use an ASD-approved platform, a security configuration in accordance with ACSC guidance, and have enforced separation of work and personal data. (Control: ISM-1482; Revision: 6, Australian Government Information Security Manual, June 2023)
Operating system exploit protection functionality is enabled. (Control: ISM-1492; Revision: 2, Australian Government Information Security Manual, June 2023)
Protective Process Light for LSASS is enabled with a UEFI lock. (Control: ISM-1861; Revision: 0, Australian Government Information Security Manual, June 2023)
Operating system exploit protection functionality is enabled. (Control: ISM-1492; Revision: 2, Australian Government Information Security Manual, September 2023)
Protective Process Light for LSASS is enabled. (Control: ISM-1861; Revision: 1, Australian Government Information Security Manual, September 2023)
The procedures for reviewing user accounts, system parameters, and access controls should be included in the Standard Operating Procedures for the information technology security officer. (Control: 0790 Table Row "System integrity audit", Australian Government Information Security Manual: Controls)
The organization must configure the Database Management System software to run as a separate account with the least amount of privileges needed. (Control: 1249, Australian Government Information Security Manual: Controls)
The organization must store particularly sensitive information in a database only when it is absolutely necessary to meet the business requirements. (Control: 1253, Australian Government Information Security Manual: Controls)
The organization should deny users the ability to disable the screen locking mechanism or session locking mechanism, for systems classified below top secret. (Control: 0427 Bullet 6, Australian Government Information Security Manual: Controls)
The organization must deny users the ability to disable the screen locking mechanism or session locking mechanism, for top secret systems. (Control: 0428 Bullet 6, Australian Government Information Security Manual: Controls)
The organization should use parameter checking when it uses the 'forced command' option for remote access. (Control: 0997, Australian Government Information Security Manual: Controls)
The organization must prevent users from disabling the security functions on mobile devices once it has been issued to them. (Control: 0864, Australian Government Information Security Manual: Controls)
The organization should apply Two-Person Control to extremely sensitive Information Technology assets, e.g., Personal Identification Number generation and encryption keys. (¶ 44(k), APRA Prudential Practice Guide 234: Management of security risk in information and information technology)
High-risk AI systems shall be resilient as regards attempts by unauthorised third parties to alter their use or performance by exploiting the system vulnerabilities. (Article 15 4. ¶ 1, Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
Security parameters on the network, operating system (host and guest), database and application level (where relevant to the cloud service) are configured appropriately to avoid unauthorised access. If no two-factor authentication or use of one-time passwords is possible, the use of secure passwords… (Section 5.7 IDM-11 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
Interview System Administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components. (§ 2.2.3.a, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
Verify that common security parameter settings are included in the system configuration standards. (§ 2.2.3.b, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
For a sample of system components, verify that common security parameters are set appropriately. (§ 2.2.3.c, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
Verify the system configuration standards include procedures for configuring the system security parameters to prevent misuse. (Testing Procedures § 2.2.d Bullet 5, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
The organization must ensure all system security parameters are configured to prevent misuse. (§ 2.2.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components. (§ 2.2.3.a Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
Verify that common security parameter settings are included in the system configuration standards. (§ 2.2.3.b Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
For a sample of system components, verify that common security parameters are set appropriately. (§ 2.2.3.c Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
All insecure required services, protocols, and daemons must have additional security features implemented, such as using secured technologies to protect the insecure services. (PCI DSS Requirements § 2.2.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
System security parameters must be configured to prevent misuse. (PCI DSS Requirements § 2.2.4, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
Configure system security parameters to prevent misuse. (2.2.4, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
Configure system security parameters to prevent misuse. (2.2.4, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
Configure system security parameters to prevent misuse. (2.2.4, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
Do system configuration standards include all of the following:
- Changing of all vendor-supplied defaults and elimination of unnecessary default accounts?
- Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2 (d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
Are common system security parameters settings included in the system configuration standards? (2.2.4 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
Are security parameter settings set appropriately on system components? (2.2.4 (c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
Do system configuration standards include all of the following:
- Changing of all vendor-supplied defaults and elimination of unnecessary default accounts?
- Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2(d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
Are security parameter settings set appropriately on system components? (2.2.4(c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
Do system configuration standards include all of the following:
- Changing of all vendor-supplied defaults and elimination of unnecessary default accounts?
- Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2 (d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
Are common system security parameters settings included in the system configuration standards? (2.2.4 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
Are security parameter settings set appropriately on system components? (2.2.4 (c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
Are security parameter settings set appropriately on system components? (2.2.4(c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
Do system configuration standards include all of the following:
- Changing of all vendor-supplied defaults and elimination of unnecessary default accounts?
- Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2(d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
Are security parameter settings set appropriately on system components? (2.2.4 (c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.1)
Are security parameter settings set appropriately on system components? (2.2.4(c), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.2)
Do system configuration standards include all of the following:
- Changing of all vendor-supplied defaults and elimination of unnecessary default accounts?
- Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2 (d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
Do system configuration standards include all of the following:
- Changing of all vendor-supplied defaults and elimination of unnecessary default accounts?
- Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2(d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
Do system configuration standards include all of the following:
- Changing of all vendor-supplied defaults and elimination of unnecessary default accounts?
- Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2 (d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
Do system configuration standards include all of the following:
- Changing of all vendor-supplied defaults and elimination of unnecessary default accounts?
- Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same ser… (2.2(d), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
Examine the system configuration standards to verify that common security parameter settings are included. (2.2.4.b, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
Select a sample of system components and inspect the common security parameters to verify that they are set appropriately and in accordance with the configuration standards. (2.2.4.c, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components. (2.2.4.a, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
System security parameters are configured to prevent misuse. (2.2.6, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
Examine system configuration standards to verify they include configuring system security parameters to prevent misuse. (2.2.6.a, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Examine system configurations to verify that common security parameters are set appropriately and in accordance with the system configuration standards. (2.2.6.c, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Do system configuration standards include implementing additional security features for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2(d) Bullet 4, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
Do system configuration standards include configuring system security parameters to prevent misuse? (PCI DSS Question 2.2(d) Bullet 5, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
Do system configuration standards include implementing additional security features for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2(d) Bullet 4, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
Do system configuration standards include configuring system security parameters to prevent misuse? (PCI DSS Question 2.2(d) Bullet 5, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.0)
Do system configuration standards include implementing additional security features for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2(d) Bullet 4, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
Do system configuration standards include configuring system security parameters to prevent misuse? (PCI DSS Question 2.2(d) Bullet 5, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
Do system configuration standards include implementing additional security features for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2(d) Bullet 4, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
Do system configuration standards include configuring system security parameters to prevent misuse? (PCI DSS Question 2.2(d) Bullet 5, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
Are additional security features documented and implemented for any required services, protocols, or daemons that are considered to be insecure? (PCI DSS Question 2.2.3, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
System security parameters are configured to prevent misuse. (2.2.6, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
Verify that frameworks protect against mass parameter assignment attacks, or that the application has countermeasures to protect against unsafe parameter assignment, such as marking fields private or similar. (5.1.2, Application Security Verification Standard 4.0.3, 4.0.3)
Verify the application minimizes the number of parameters in a request, such as hidden fields, Ajax variables, cookies and header values. (8.1.3, Application Security Verification Standard 4.0.3, 4.0.3)
Verify that on-chip debugging interfaces such as JTAG or SWD are disabled or that available protection mechanism is enabled and configured appropriately. (C.4, Application Security Verification Standard 4.0.3, 4.0.3)
Verify that any available Intellectual Property protection technologies provided by the chip manufacturer are enabled. (C.17, Application Security Verification Standard 4.0.3, 4.0.3)
Client workstations should be configured with a non-persistent virtualized operating environment that can be easily and quickly restored periodically. (Critical Control 2.9, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
The organization should configure the wireless clients that handle organizational data or access the organization's networks so they cannot connect to public wireless networks, except for those specifically allowed. (Critical Control 7.16, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement. (CIS Control 9: Email and Web Browser Protections, CIS Controls, V8)
Protection Against Malicious Code. Users need to be aware that malicious code may be introduced into their environment through network connections. Malicious code may not be detected before damage is done unless suitable safeguards are implemented. Malicious code may result in compromise of security… (¶ 13.6, ISO 13335-5 Information technology - Guidelines for the management of IT Security - Part 5: Management guidance on network security, 2001)
The system should ensure that security policy enforcement functions succeed before functions are allowed to proceed. (§ 15.10, § J.10, ISO 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008)
SL 3 â Prevent the unauthorized disclosure of information to an entity actively searching for it using sophisticated means with moderate resources, IACS specific skills and moderate motivation. (8.1 ¶ 1 Bullet 3, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
The Information Assurance Officer should regularly scan the security posture of the system to identify potential security weaknesses. Waiting for security violations to occur and reacting to them is not adequate. ACLs can be used to grant or deny access to objects based on security groups (users, us… (§ 2.1, § 5.6, § 5.6.4, Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 7 Release 2, 28 August 2006)
The information assurance officer or network security officer must ensure that all access ports are started in the unauthorized state, when 802.1x port authentication is implemented. (§ 3.4.1.3.3 ¶ AC34.045, DISA Access Control STIG, Version 2, Release 3)
The information assurance officer or network security officer must ensure re-authentication occurs every 60 minutes, when 802.1x port authentication is implemented. (§ 3.4.1.3.3 ¶ AC34.050, DISA Access Control STIG, Version 2, Release 3)
The information assurance officer or network security officer must ensure that if Network Access Control is used, all ports are put into an untrusted state that is not inside the normal forwarding path. (§ 3.4.1.4 ¶ AC34.031, DISA Access Control STIG, Version 2, Release 3)
The System Administrator must ensure security measures have been implemented to prevent security incidents from occurring. (§ 3.2, DISA Secure Remote Computing Security Technical Implementation Guide, Version 1 Release 2)
§ 2.2 (WIR3250) Configure a filter on the GMI server to block the download of prohibited file types. Ensure that all required wireless email servers and device configuration settings are implemented.
§ 3.15.2 Prohibited file types must be blocked from being downloaded on to the smartphone, includi… (§ 2.2 (WIR3250), § 3.15.2, App B.2 Row "Site Access/URL Substitutions", DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, Version 5 Release 2.3)
Authorizations to information contained in an object must be revoked before initial assignment, allocation, or reallocation to a subject from the pool of unused objects. (ECRC-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
Information, including encrypted representations, that is produced by a prior subject's actions must not be available to any subject that gains access to an object that was released back to the system. (ECRC-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
Use of internal tools to detect, identify, and prevent misuse by entity personnel. (App A Objective 13:3h Bullet 4, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
The system boot settings or initialization files must be password-protected. (Exhibit 8 Control 13, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)
Build, install, configure, and test dedicated cyber defense hardware. (T0335, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
The organization should prevent the gradual release of unauthorized information over the managed interfaces. (SG.SC-7 Additional Considerations A2, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
The smart grid Information System should fail securely when the boundary protection device has an operational failure. (SG.SC-7 Additional Considerations A6, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
The smart grid Information System should prevent users from bypassing the host-based intrusion detection and prevention capabilities. (SG.SI-4 Additional Considerations A6, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
Build, install, configure, and test dedicated cyber defense hardware. (T0335, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure. (1798.91.04 (a)(3), California Civil Code Division 3 Part 4 Title 1.81.26 Security of Connected Devices)
