Skip to content
Log In

Microsoft Windows 10 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • Local users on domain-joined computers must not be enumerated.

    The username is one part of logon credentials that could be used to gain access to a system. Preventing the enumeration of users limits this information to authorized personnel.
    Rule Medium Severity
    Show

  • SRG-OS-000373-GPOS-00156

    Group
    Show

  • Users must be prompted for a password on resume from sleep (on battery).

    Authentication must always be required when accessing a system. This setting ensures the user is prompted for a password on resume from sleep (on battery).
    Rule Medium Severity
    Show

  • SRG-OS-000373-GPOS-00156

    Group
    Show

  • The user must be prompted for a password on resume from sleep (plugged in).

    Authentication must always be required when accessing a system. This setting ensures the user is prompted for a password on resume from sleep (plugged in).
    Rule Medium Severity
    Show

  • SRG-OS-000138-GPOS-00069

    Group
    Show

  • Solicited Remote Assistance must not be allowed.

    Remote assistance allows another user to view or take control of the local session of a user. Solicited assistance is help that is specifically requested by the local user. This may allow unautho...
    Rule High Severity
    Show

  • SRG-OS-000379-GPOS-00164

    Group
    Show

  • Unauthenticated RPC clients must be restricted from connecting to the RPC server.

    Configuring RPC to restrict unauthenticated RPC clients from connecting to the RPC server will prevent anonymous connections.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • The setting to allow Microsoft accounts to be optional for modern style apps must be enabled.

    Control of credentials and the system must be maintained within the enterprise. Enabling this setting allows enterprise credentials to be used with modern style apps that support this, instead of ...
    Rule Low Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • SRG-OS-000368-GPOS-00154

    Group
    Show

  • Autoplay must be turned off for non-volume devices.

    Allowing autoplay to execute may introduce malicious code to a system. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs or mu...
    Rule High Severity
    Show

  • SRG-OS-000368-GPOS-00154

    Group
    Show

  • The default autorun behavior must be configured to prevent autorun commands.

    Allowing autorun commands to execute may introduce malicious code to a system. Configuring this setting prevents autorun commands from executing.
    Rule High Severity
    Show

  • SRG-OS-000368-GPOS-00154

    Group
    Show

  • Autoplay must be disabled for all drives.

    Allowing autoplay to execute may introduce malicious code to a system. Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs or mu...
    Rule High Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Enhanced anti-spoofing for facial recognition must be enabled on Window 10.

    Enhanced anti-spoofing provides additional protections when using facial recognition with devices that support it.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules