Skip to content
Log In

Microsoft Windows 10 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • A host-based firewall must be installed and enabled on the system.

    A firewall provides a line of defense against attack, allowing or blocking inbound and outbound connections based on a set of rules.
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Inbound exceptions to the firewall on Windows 10 domain workstations must only allow authorized remote management hosts.

    Allowing inbound access to domain workstations from other systems may allow lateral movement across systems if credentials are compromised. Limiting inbound connections only from authorized remote...
    Rule Medium Severity
    Show

  • SRG-OS-000433-GPOS-00192

    Group
    Show

  • Data Execution Prevention (DEP) must be configured to at least OptOut.

    Attackers are constantly looking for vulnerabilities in systems and applications. Data Execution Prevention (DEP) prevents harmful code from running in protected memory locations reserved for Windo...
    Rule High Severity
    Show

  • SRG-OS-000433-GPOS-00192

    Group
    Show

  • Structured Exception Handling Overwrite Protection (SEHOP) must be enabled.

    Attackers are constantly looking for vulnerabilities in systems and applications. Structured Exception Handling Overwrite Protection (SEHOP) blocks exploits that use the Structured Exception Handli...
    Rule High Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.

    SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks such as collision and preimage attacks as well as not being FIPS complian...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • The Secondary Logon service must be disabled on Windows 10.

    The Secondary Logon service provides a means for entering alternate credentials, typically used to run commands with elevated privileges. Using privileged credentials in a standard user session ca...
    Rule Medium Severity
    Show

  • SRG-OS-000480-GPOS-00227

    Group
    Show

  • Orphaned security identifiers (SIDs) must be removed from user rights on Windows 10.

    Accounts or groups given rights on a system may show up as unresolved SIDs for various reasons including deletion of the accounts or groups. If the account or group objects are reanimated, there i...
    Rule Medium Severity
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • SRG-OS-000095-GPOS-00049

    Group
    Show

  • Bluetooth must be turned off when not in use.

    If not configured properly, Bluetooth may allow rogue devices to communicate with a system. If a rogue device is paired with a system, there is potential for sensitive information to be compromised.
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules