-
Notifications
You must be signed in to change notification settings - Fork 167
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
4b41806
commit 2954ef4
Showing
13 changed files
with
3,472 additions
and
0 deletions.
There are no files selected for viewing
583 changes: 583 additions & 0 deletions
583
lists/finding_list_cis_microsoft_windows_10_enterprise_machine.csv
Large diffs are not rendered by default.
Oops, something went wrong.
15 changes: 15 additions & 0 deletions
15
lists/finding_list_cis_microsoft_windows_10_enterprise_user.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Namespace,Property,DefaultValue,RecommendedValue,Operator,Severity | ||
| 19.1.3.1,"Administrative Templates: Control Panel","Enable screen saver",Registry,,"HKCU:\Software\Policies\Microsoft\Windows\Control Panel\Desktop",ScreenSaveActive,,,,,1,=,Medium | ||
| 19.1.3.2,"Administrative Templates: Control Panel","Password protect the screen saver",Registry,,"HKCU:\Software\Policies\Microsoft\Windows\Control Panel\Desktop",ScreenSaverIsSecure,,,,,1,=,Medium | ||
| 19.1.3.3,"Administrative Templates: Control Panel","Screen saver timeout",Registry,,"HKCU:\Software\Policies\Microsoft\Windows\Control Panel\Desktop",ScreenSaveTimeOut,,,,,900,<=,Medium | ||
| 19.5.1.1,"Administrative Templates: Start Menu and Taskbar","Notifications: Turn off toast notifications on the lock screen",Registry,,HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications,NoToastApplicationNotificationOnLockScreen,,,,0,1,=,Medium | ||
| 19.6.6.1.1,"Administrative Templates: System","Internet Communication Management: Internet Communication Settings: Turn off Help Experience Improvement Program",Registry,,HKCU:\Software\Policies\Microsoft\Assistance\Client\1.0,NoImplicitFeedback,,,,0,1,=,Medium | ||
| 19.7.4.1,"Administrative Templates: Windows Components","Attachment Manager: Do not preserve zone information in file attachments",Registry,,HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments,SaveZoneInformation,,,,,0,=,Medium | ||
| 19.7.4.2,"Administrative Templates: Windows Components","Attachment Manager: Notify antivirus programs when opening attachments",Registry,,HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments,ScanWithAntiVirus,,,,,1,=,Medium | ||
| 19.7.8.1,"Administrative Templates: Windows Components","Cloud Content: Configure Windows spotlight on lock screen",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,ConfigureWindowsSpotlight,,,,,0,=,Medium | ||
| 19.7.8.2,"Administrative Templates: Windows Components","Cloud Content: Do not suggest third-party content in Windows spotlight",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,DisableThirdPartySuggestions,,,,0,1,=,Medium | ||
| 19.7.8.3,"Administrative Templates: Windows Components","Cloud Content: Do not use diagnostic data for tailored experiences",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,DisableTailoredExperiencesWithDiagnosticData,,,,0,1,=,Medium | ||
| 19.7.8.4,"Administrative Templates: Windows Components","Cloud Content: Turn off all Windows spotlight features",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,DisableWindowsSpotlightFeatures,,,,0,1,=,Medium | ||
| 19.7.27.1,"Administrative Templates: Windows Components","Network Sharing: Prevent users from sharing files within their profile",Registry,,HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoInplaceSharing,,,,0,1,=,Medium | ||
| 19.7.42.1,"Administrative Templates: Windows Components","Windows Installer: Always install with elevated privileges",Registry,,HKCU:\Software\Policies\Microsoft\Windows\Installer,AlwaysInstallElevated,,,,1,0,=,Medium | ||
| 19.7.46.2.1,"Administrative Templates: Windows Components","Windows Media Player: Playback: Prevent Codec Download",Registry,,HKCU:\Software\Policies\Microsoft\WindowsMediaPlayer,PreventCodecDownload,,,,,1,=,Medium |
412 changes: 412 additions & 0 deletions
412
lists/finding_list_cis_microsoft_windows_server_2019_machine.csv
Large diffs are not rendered by default.
Oops, something went wrong.
16 changes: 16 additions & 0 deletions
16
lists/finding_list_cis_microsoft_windows_server_2019_user.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Namespace,Property,DefaultValue,RecommendedValue,Operator,Severity | ||
| 19.1.3.1,"Administrative Templates: Control Panel","Enable screen saver",Registry,,"HKCU:\Software\Policies\Microsoft\Windows\Control Panel\Desktop",ScreenSaveActive,,,,,1,=,Medium | ||
| 19.1.3.2,"Administrative Templates: Control Panel","Force specific screen saver: Screen saver executable name",Registry,,"HKCU:\Software\Policies\Microsoft\Windows\Control Panel\Desktop",SCRNSAVE.EXE,,,,,scrnsave.scr,=,Medium | ||
| 19.1.3.3,"Administrative Templates: Control Panel","Password protect the screen saver",Registry,,"HKCU:\Software\Policies\Microsoft\Windows\Control Panel\Desktop",ScreenSaverIsSecure,,,,,1,=,Medium | ||
| 19.1.3.4,"Administrative Templates: Control Panel","Screen saver timeout",Registry,,"HKCU:\Software\Policies\Microsoft\Windows\Control Panel\Desktop",ScreenSaveTimeOut,,,,,900,<=,Medium | ||
| 19.5.1.1,"Administrative Templates: Start Menu and Taskbar","Notifications: Turn off toast notifications on the lock screen",Registry,,HKCU:\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications,NoToastApplicationNotificationOnLockScreen,,,,0,1,=,Medium | ||
| 19.6.6.1.1,"Administrative Templates: System","Internet Communication Management: Internet Communication Settings: Turn off Help Experience Improvement Program",Registry,,HKCU:\Software\Policies\Microsoft\Assistance\Client\1.0,NoImplicitFeedback,,,,0,1,=,Medium | ||
| 19.7.4.1,"Administrative Templates: Windows Components","Attachment Manager: Do not preserve zone information in file attachments",Registry,,HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments,SaveZoneInformation,,,,,0,=,Medium | ||
| 19.7.4.2,"Administrative Templates: Windows Components","Attachment Manager: Notify antivirus programs when opening attachments",Registry,,HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments,ScanWithAntiVirus,,,,,1,=,Medium | ||
| 19.7.7.1,"Administrative Templates: Windows Components","Cloud Content: Configure Windows spotlight on lock screen",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,ConfigureWindowsSpotlight,,,,,0,=,Medium | ||
| 19.7.7.2,"Administrative Templates: Windows Components","Cloud Content: Do not suggest third-party content in Windows spotlight",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,DisableThirdPartySuggestions,,,,0,1,=,Medium | ||
| 19.7.7.3,"Administrative Templates: Windows Components","Cloud Content: Do not use diagnostic data for tailored experiences",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,DisableTailoredExperiencesWithDiagnosticData,,,,0,1,=,Medium | ||
| 19.7.7.4,"Administrative Templates: Windows Components","Cloud Content: Turn off all Windows spotlight features",Registry,,HKCU:\Software\Policies\Microsoft\Windows\CloudContent,DisableWindowsSpotlightFeatures,,,,0,1,=,Medium | ||
| 19.7.26.1,"Administrative Templates: Windows Components","Network Sharing: Prevent users from sharing files within their profile",Registry,,HKCU:\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoInplaceSharing,,,,0,1,=,Medium | ||
| 19.7.41.1,"Administrative Templates: Windows Components","Windows Installer: Always install with elevated privileges",Registry,,HKCU:\Software\Policies\Microsoft\Windows\Installer,AlwaysInstallElevated,,,,1,0,=,Medium | ||
| 19.7.45.2.1,"Administrative Templates: Windows Components","Windows Media Player: Playback: Prevent Codec Download",Registry,,HKCU:\Software\Policies\Microsoft\WindowsMediaPlayer,PreventCodecDownload,,,,,1,=,Medium |
14 changes: 14 additions & 0 deletions
14
lists/finding_list_msft_security_baseline_edge_87_machine.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| ID,Category,Name,Method,MethodArgument,RegistryPath,RegistryItem,ClassName,Namespace,Property,DefaultValue,RecommendedValue,Operator,Severity | ||
| 1000,"Microsoft Edge","Allow users to proceed from the HTTPS warning page",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SSLErrorOverrideAllowed,,,,1,0,=,Low | ||
| 1001,"Microsoft Edge","Enable site isolation for every site",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SitePerProcess,,,,0,1,=,Low | ||
| 1002,"Microsoft Edge","Minimum TLS version enabled",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SSLVersionMin,,,,0,tls1.2,=,Medium | ||
| 1003,"Microsoft Edge","Default Adobe Flash setting",Registry,,HKLM:\Software\Policies\Microsoft\Edge,DefaultPluginsSetting,,,,0,2,=,Low | ||
| 1004,"Microsoft Edge","Control which extensions cannot be installed",Registry,,HKLM:\Software\Policies\Microsoft\Edge\ExtensionInstallBlocklist,1,,,,0,*,=,Low | ||
| 1005,"Microsoft Edge","Supported authentication schemes",Registry,,HKLM:\Software\Policies\Microsoft\Edge,AuthSchemes,,,,0,"ntlm,negotiate",=,Low | ||
| 1006,"Microsoft Edge","Allow user-level native messaging hosts (installed without admin permissions)",Registry,,HKLM:\Software\Policies\Microsoft\Edge,NativeMessagingUserLevelHosts,,,,1,0,=,Low | ||
| 1007,"Microsoft Edge","Enable saving passwords to the password manager",Registry,,HKLM:\Software\Policies\Microsoft\Edge,PasswordManagerEnabled,,,,1,0,=,Low | ||
| 1008,"Microsoft Edge","Configure Microsoft Defender SmartScreen",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SmartScreenEnabled,,,,0,1,=,Low | ||
| 1009,"Microsoft Edge","Configure Microsoft Defender SmartScreen to block potentially unwanted apps",Registry,,HKLM:\Software\Policies\Microsoft\Edge,SmartScreenPuaEnabled,,,,0,1,=,Low | ||
| 1010,"Microsoft Edge","Prevent bypassing Microsoft Defender SmartScreen prompts for sites",Registry,,HKLM:\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter,PreventOverride,,,,,1,=,Low | ||
| 1011,"Microsoft Edge","Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads",Registry,,HKLM:\Software\Policies\Microsoft\Edge,PreventSmartScreenPromptOverrideForFiles,,,,0,1,=,Low | ||
| 1012,"Microsoft Edge","Allow certificates signed using SHA-1 when issued by local trust anchors (deprecated)",Registry,,HKLM:\Software\Policies\Microsoft\Edge,EnableSha1ForLocalAnchors,,,,0,0,=,Low |
Oops, something went wrong.