Configure system integrity settings to organizational standards.
CONTROL ID 07605
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" to organizational standards., CC ID: 07606
Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" to organizational standards., CC ID: 07642
Configure the "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" to organizational standards., CC ID: 07681
Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" to organizational standards., CC ID: 07690
Configure the "User Account Control: Only elevate executables that are signed and validated" to organizational standards., CC ID: 07723
Configure the "User Account Control: Run all administrators in Admin Approval Mode" to organizational standards., CC ID: 07726
Configure the "Interactive logon: Do not require CTRL+ALT+DEL" to organizational standards., CC ID: 07775
Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" to organizational standards., CC ID: 07800
Configure the "User Account Control: Detect application installations and prompt for elevation" to organizational standards., CC ID: 07815
Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" to organizational standards., CC ID: 07834
Configure the "User Account Control: Behavior of the elevation prompt for standard users" to organizational standards., CC ID: 07874
Configure the "Do not process the legacy run list" to organizational standards., CC ID: 08167
Configure the "Configure Automatic Updates" to organizational standards., CC ID: 08192
Configure the "Reschedule Automatic Updates scheduled installations" to organizational standards., CC ID: 08195
Configure the "No auto-restart with logged on users for scheduled automatic updates installations" to organizational standards., CC ID: 08216
Configure the "Specify intranet Microsoft update service location" to organizational standards., CC ID: 08224
Configure the "Devices: Unsigned driver installation behavior" to organizational standards., CC ID: 08225
Configure the "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" to organizational standards., CC ID: 08281
Configure the "Allow unmanaged devices" to organizational standards., CC ID: 08391
Configure the "Allow all trusted apps to install" to organizational standards., CC ID: 08392
Configure the "Turn on script execution" to organizational standards., CC ID: 08411
Configure the "Configure registry policy processing" to organizational standards., CC ID: 08426
Configure the "Specify the search server for device driver updates" to organizational standards., CC ID: 08481
Configure the "Configure Windows SmartScreen" to organizational standards., CC ID: 08485
Configure the "Detect compatibility issues for applications and drivers" to organizational standards., CC ID: 08489
Configure the "Turn off Automatic Download of updates" to organizational standards., CC ID: 08498
Configure the "Allow deployment operations in special profiles" to organizational standards., CC ID: 08529
Configure the "Turn off Data Execution Prevention for Explorer" to organizational standards., CC ID: 08531
Configure the "Specify settings for optional component installation and component repair" to organizational standards., CC ID: 08550
Configure the "Refresh interval" to organizational standards., CC ID: 08559
Configure the "Boot-Start Driver Initialization Policy" to organizational standards., CC ID: 08571
Configure the "Turn off the Store application" to organizational standards., CC ID: 08596
Configure the "Periodic Execution of File Integrity" setting to organizational standards., CC ID: 09935
Prohibit the use of binary code or machine code from sources with limited or no warranty absent the source code., CC ID: 10681
Do not allow processes to execute absent supervision., CC ID: 10683
Configure the "Disk Quota policy processing" setting to organizational standards., CC ID: 10884
Configure the "EFS recovery policy processing" setting to organizational standards., CC ID: 10945
Configure the "Enable disk quotas" setting to organizational standards., CC ID: 10947
Configure the "Folder Redirection policy processing" setting to organizational standards., CC ID: 10972
Configure the "Group Policy refresh interval for computers" setting to organizational standards., CC ID: 10980
Configure the "Group Policy refresh interval for domain controllers" setting to organizational standards., CC ID: 10981
Configure the "Internet Explorer Maintenance policy processing" setting to organizational standards., CC ID: 10998
Configure the "IP Security policy processing" setting to organizational standards., CC ID: 10999
Configure the "Leave Windows Installer and Group Policy Software Installation Data" setting to organizational standards., CC ID: 11004
Configure the "Maximum wait time for Group Policy scripts" setting to organizational standards., CC ID: 11042
Configure the "Scripts policy processing" setting to organizational standards., CC ID: 11159
Configure the "Security policy processing" setting to organizational standards., CC ID: 11160
Configure the "Software Installation policy processing" setting to organizational standards., CC ID: 11206
Configure the "Startup policy processing wait time" setting to organizational standards., CC ID: 11229
Configure the "Turn off Local Group Policy objects processing" setting to organizational standards., CC ID: 11286
Configure the "User Group Policy loopback processing mode" setting to organizational standards., CC ID: 11367
Configure the "Wired policy processing" setting to organizational standards., CC ID: 11373
Configure the "Wireless policy processing" setting to organizational standards., CC ID: 11374
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Ensure software integrity (5.7, CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements, ETSI EN 303 645, V2.1.1)
Protect processes with high privileges that can be used to interact with critical system components through use of protected process light, anti-process injection defenses, or other process integrity enforcement measures. (M1025 Privileged Process Integrity, MITRE ATT&CK®, Enterprise Mitigations, Version 13.1)