Microsoft Windows 10 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-OS-000480-GPOS-00227
Group -
Domain-joined systems must use Windows 10 Enterprise Edition 64-bit version.
Features such as Credential Guard use virtualization-based security to protect information that could be used in credential theft attacks if compromised. A number of system requirements must be met...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
Windows 10 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use.
Credential Guard uses virtualization-based security to protect information that could be used in credential theft attacks if compromised. A number of system requirements must be met for Credential ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
Windows 10 systems must have Unified Extensible Firmware Interface (UEFI) firmware and be configured to run in UEFI mode, not Legacy BIOS.
UEFI provides additional security features in comparison to legacy BIOS firmware, including Secure Boot. UEFI is required to support additional security features in Windows 10, including Virtualiza...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
Secure Boot must be enabled on Windows 10 systems.
Secure Boot is a standard that ensures systems boot only to a trusted operating system. Secure Boot is required to support additional security features in Windows 10, including Virtualization Based...Rule Low Severity -
SRG-OS-000191-GPOS-00080
Group -
SRG-OS-000185-GPOS-00079
Group -
Windows 10 information systems must use BitLocker to encrypt all disks to protect the confidentiality and integrity of all information at rest.
If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly, t...Rule High Severity -
SRG-OS-000185-GPOS-00079
Group -
Windows 10 systems must use a BitLocker PIN for pre-boot authentication.
If data at rest is unencrypted, it is vulnerable to disclosure. Even if the operating system enforces permissions on data access, an adversary can remove non-volatile memory and read it directly, t...Rule High Severity -
SRG-OS-000185-GPOS-00079
Group -
SRG-OS-000370-GPOS-00155
Group -
SRG-OS-000480-GPOS-00227
Group -
SRG-OS-000480-GPOS-00227
Group -
The Windows 10 system must use an anti-virus program.
Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operati...Rule High Severity -
SRG-OS-000080-GPOS-00048
Group -
SRG-OS-000480-GPOS-00227
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.