Back

Configure Protocol Configuration settings to organizational standards.


CONTROL ID
07607
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure the "MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds" to organizational standards., CC ID: 07608
  • Configure the "Microsoft network client: Send unencrypted password to third-party SMB servers" to organizational standards., CC ID: 07623
  • Configure the "Network access: Remotely accessible registry paths and sub-paths" to organizational standards., CC ID: 07632
  • Configure the "Microsoft network server: Digitally sign communications (if client agrees)" to organizational standards., CC ID: 07643
  • Configure the "Network access: Let Everyone permissions apply to anonymous users" to organizational standards., CC ID: 07646
  • Configure the "Network security: Allow LocalSystem NULL session fallback" to organizational standards., CC ID: 07650
  • Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" to organizational standards., CC ID: 07682
  • Configure the "Network access: Do not allow storage of passwords and credentials for network authentication" to organizational standards., CC ID: 07694
  • Configure the "Network security: LAN Manager authentication level" to organizational standards., CC ID: 07704
  • Configure the "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" to organizational standards., CC ID: 07705
  • Configure the "Network access: Sharing and security model for local accounts" to organizational standards., CC ID: 07712
  • Configure the "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to organizational standards., CC ID: 07719
  • Configure the "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients" to organizational standards., CC ID: 07721
  • Configure the "Domain member: Digitally encrypt secure channel data (when possible)" to organizational standards., CC ID: 07728
  • Configure the "Network security: Do not store LAN Manager hash value on next password change" to organizational standards., CC ID: 07732
  • Configure the "Domain member: Require strong (Windows 2000 or later) session key" to organizational standards., CC ID: 07741
  • Configure the "Network access: Shares that can be accessed anonymously" to organizational standards., CC ID: 07748
  • Configure the "Network access: Allow anonymous SID/Name translation" to organizational standards., CC ID: 07749
  • Configure the "Microsoft network client: Digitally sign communications (if server agrees)" to organizational standards., CC ID: 07750
  • Configure the "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers" to organizational standards., CC ID: 07754
  • Configure the "Microsoft network client: Digitally sign communications (always)" to organizational standards., CC ID: 07759
  • Configure the "Network security: LDAP client signing requirements" to organizational standards., CC ID: 07760
  • Configure the "MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)" to organizational standards., CC ID: 07772
  • Configure the "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)" to organizational standards., CC ID: 07773
  • Configure the "Network access: Restrict anonymous access to Named Pipes and Shares" to organizational standards., CC ID: 07798
  • Configure the "Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication" to organizational standards., CC ID: 07837
  • Configure the "Domain controller: LDAP server signing requirements" to organizational standards., CC ID: 07857
  • Configure the "Network access: Remotely accessible registry paths" to organizational standards., CC ID: 07863
  • Configure the "Set client connection encryption level" to organizational standards., CC ID: 07881
  • Configure the "Windows Firewall: Allow inbound remote administration exception" to organizational standards., CC ID: 08182
  • Configure the "MSS: (SynAttackProtect) Syn attack protection level (protects against DoS)" to organizational standards., CC ID: 08198
  • Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" to organizational standards, CC ID: 08200
  • Configure the "Turn off Internet download for Web publishing and online ordering wizards" to organizational standards., CC ID: 08259
  • Configure the "Maximum tolerance for computer clock synchronization" to organizational standards., CC ID: 08260
  • Configure the "Maximum lifetime for user ticket" to organizational standards., CC ID: 08299
  • Configure the "Maximum lifetime for service ticket" to organizational standards., CC ID: 08301
  • Configure the "Set IP Stateless Autoconfiguration Limits State" to organizational standards., CC ID: 08348
  • Configure the "Prohibit connection to non-domain networks when connected to domain authenticated network" to organizational standards., CC ID: 08420
  • Configure the "Restrict Unauthenticated RPC clients" to organizational standards., CC ID: 08437
  • Configure the "Enable RPC Endpoint Mapper Client Authentication" to organizational standards., CC ID: 08526
  • Configure the "Minimize the number of simultaneous connections to the Internet or a Windows Domain" to organizational standards., CC ID: 08603


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



This control is an implied control and is included to maintain the legal hierarchy for your selected controls.