Microsoft Windows 10 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Windows Telemetry must not be configured to Full.
<VulnDiscussion>Some features may communicate with the vendor, sending system information or downloading data or components for the feature. ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows Update must not obtain updates from other PCs on the internet.
<VulnDiscussion>Windows 10 allows Windows Update to obtain updates from additional sources instead of Microsoft. In addition to Microsoft, up...Rule Low Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The Windows Defender SmartScreen for Explorer must be enabled.
<VulnDiscussion>Windows Defender SmartScreen helps protect systems from programs downloaded from the internet that may be malicious. Enabling...Rule Medium Severity -
SRG-OS-000433-GPOS-00192
<GroupDescription></GroupDescription>Group -
Explorer Data Execution Prevention must be enabled.
<VulnDiscussion>Data Execution Prevention (DEP) provides additional protection by performing checks on memory to help prevent malicious code...Rule Medium Severity -
SRG-OS-000420-GPOS-00186
<GroupDescription></GroupDescription>Group -
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for malicious websites in Microsoft Edge.
<VulnDiscussion>The Windows Defender SmartScreen filter in Microsoft Edge provides warning messages and blocks potentially malicious websites...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Users must not be allowed to ignore Windows Defender SmartScreen filter warnings for unverified files in Microsoft Edge.
<VulnDiscussion>The Windows Defender SmartScreen filter in Microsoft Edge provides warning messages and blocks potentially malicious websites...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows 10 must be configured to prevent certificate error overrides in Microsoft Edge.
<VulnDiscussion>Web security certificates provide an indication whether a site is legitimate. This policy setting prevents the user from igno...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The password manager function in the Edge browser must be disabled.
<VulnDiscussion>Passwords save locally for re-use when browsing may be subject to compromise. Disabling the Edge password manager will preve...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The Windows Defender SmartScreen filter for Microsoft Edge must be enabled.
<VulnDiscussion>The Windows Defender SmartScreen filter in Microsoft Edge provides warning messages and blocks potentially malicious websites...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows 10 must be configured to disable Windows Game Recording and Broadcasting.
<VulnDiscussion>Windows Game Recording and Broadcasting is intended for use with games, however it could potentially record screen shots of o...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.