Back

Configure system integrity settings to organizational standards.


CONTROL ID
07605
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure the "User Account Control: Switch to the secure desktop when prompting for elevation" to organizational standards., CC ID: 07606
  • Configure the "User Account Control: Only elevate UIAccess applications that are installed in secure locations" to organizational standards., CC ID: 07642
  • Configure the "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop" to organizational standards., CC ID: 07681
  • Configure the "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode" to organizational standards., CC ID: 07690
  • Configure the "User Account Control: Only elevate executables that are signed and validated" to organizational standards., CC ID: 07723
  • Configure the "User Account Control: Run all administrators in Admin Approval Mode" to organizational standards., CC ID: 07726
  • Configure the "Interactive logon: Do not require CTRL+ALT+DEL" to organizational standards., CC ID: 07775
  • Configure the "User Account Control: Admin Approval Mode for the Built-in Administrator account" to organizational standards., CC ID: 07800
  • Configure the "User Account Control: Detect application installations and prompt for elevation" to organizational standards., CC ID: 07815
  • Configure the "User Account Control: Virtualize file and registry write failures to per-user locations" to organizational standards., CC ID: 07834
  • Configure the "User Account Control: Behavior of the elevation prompt for standard users" to organizational standards., CC ID: 07874
  • Configure the "Do not process the legacy run list" to organizational standards., CC ID: 08167
  • Configure the "Configure Automatic Updates" to organizational standards., CC ID: 08192
  • Configure the "Reschedule Automatic Updates scheduled installations" to organizational standards., CC ID: 08195
  • Configure the "No auto-restart with logged on users for scheduled automatic updates installations" to organizational standards., CC ID: 08216
  • Configure the "Specify intranet Microsoft update service location" to organizational standards., CC ID: 08224
  • Configure the "Devices: Unsigned driver installation behavior" to organizational standards., CC ID: 08225
  • Configure the "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" to organizational standards., CC ID: 08281
  • Configure the "Allow unmanaged devices" to organizational standards., CC ID: 08391
  • Configure the "Allow all trusted apps to install" to organizational standards., CC ID: 08392
  • Configure the "Turn on script execution" to organizational standards., CC ID: 08411
  • Configure the "Configure registry policy processing" to organizational standards., CC ID: 08426
  • Configure the "Specify the search server for device driver updates" to organizational standards., CC ID: 08481
  • Configure the "Configure Windows SmartScreen" to organizational standards., CC ID: 08485
  • Configure the "Detect compatibility issues for applications and drivers" to organizational standards., CC ID: 08489
  • Configure the "Turn off Automatic Download of updates" to organizational standards., CC ID: 08498
  • Configure the "Allow deployment operations in special profiles" to organizational standards., CC ID: 08529
  • Configure the "Turn off Data Execution Prevention for Explorer" to organizational standards., CC ID: 08531
  • Configure the "Specify settings for optional component installation and component repair" to organizational standards., CC ID: 08550
  • Configure the "Refresh interval" to organizational standards., CC ID: 08559
  • Configure the "Boot-Start Driver Initialization Policy" to organizational standards., CC ID: 08571
  • Configure the "Turn off the Store application" to organizational standards., CC ID: 08596
  • Configure the "Periodic Execution of File Integrity" setting to organizational standards., CC ID: 09935
  • Prohibit the use of binary code or machine code from sources with limited or no warranty absent the source code., CC ID: 10681
  • Do not allow processes to execute absent supervision., CC ID: 10683
  • Configure the "Disk Quota policy processing" setting to organizational standards., CC ID: 10884
  • Configure the "EFS recovery policy processing" setting to organizational standards., CC ID: 10945
  • Configure the "Enable disk quotas" setting to organizational standards., CC ID: 10947
  • Configure the "Folder Redirection policy processing" setting to organizational standards., CC ID: 10972
  • Configure the "Group Policy refresh interval for computers" setting to organizational standards., CC ID: 10980
  • Configure the "Group Policy refresh interval for domain controllers" setting to organizational standards., CC ID: 10981
  • Configure the "Internet Explorer Maintenance policy processing" setting to organizational standards., CC ID: 10998
  • Configure the "IP Security policy processing" setting to organizational standards., CC ID: 10999
  • Configure the "Leave Windows Installer and Group Policy Software Installation Data" setting to organizational standards., CC ID: 11004
  • Configure the "Maximum wait time for Group Policy scripts" setting to organizational standards., CC ID: 11042
  • Configure the "Scripts policy processing" setting to organizational standards., CC ID: 11159
  • Configure the "Security policy processing" setting to organizational standards., CC ID: 11160
  • Configure the "Software Installation policy processing" setting to organizational standards., CC ID: 11206
  • Configure the "Startup policy processing wait time" setting to organizational standards., CC ID: 11229
  • Configure the "Turn off Local Group Policy objects processing" setting to organizational standards., CC ID: 11286
  • Configure the "User Group Policy loopback processing mode" setting to organizational standards., CC ID: 11367
  • Configure the "Wired policy processing" setting to organizational standards., CC ID: 11373
  • Configure the "Wireless policy processing" setting to organizational standards., CC ID: 11374


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Ensure software integrity (5.7, CYBER; Cyber Security for Consumer Internet of Things: Baseline Requirements, ETSI EN 303 645, V2.1.1)
  • Protect processes with high privileges that can be used to interact with critical system components through use of protected process light, anti-process injection defenses, or other process integrity enforcement measures. (M1025 Privileged Process Integrity, MITRE ATT&CK®, Enterprise Mitigations, Version 13.1)