Skip to content

II - Mission Support Public

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • Enhanced anti-spoofing for facial recognition must be enabled on Window 10.

    &lt;VulnDiscussion&gt;Enhanced anti-spoofing provides additional protections when using facial recognition with devices that support it.&lt;/VulnDi...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • Microsoft consumer experiences must be turned off.

    &lt;VulnDiscussion&gt;Microsoft consumer experiences provides suggestions and notifications to users, which may include the installation of Windows...
    Rule Low Severity
  • SRG-OS-000134-GPOS-00068

    <GroupDescription></GroupDescription>
    Group
  • Administrator accounts must not be enumerated during elevation.

    &lt;VulnDiscussion&gt;Enumeration of administrator accounts when elevating can provide part of the logon information to an unauthorized user. This...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • If Enhanced diagnostic data is enabled it must be limited to the minimum required to support Windows Analytics.

    &lt;VulnDiscussion&gt;Some features may communicate with the vendor, sending system information or downloading data or components for the feature. ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • Windows Telemetry must not be configured to Full.

    &lt;VulnDiscussion&gt;Some features may communicate with the vendor, sending system information or downloading data or components for the feature. ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • Windows Update must not obtain updates from other PCs on the internet.

    &lt;VulnDiscussion&gt;Windows 10 allows Windows Update to obtain updates from additional sources instead of Microsoft. In addition to Microsoft, up...
    Rule Low Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • The Windows Defender SmartScreen for Explorer must be enabled.

    &lt;VulnDiscussion&gt;Windows Defender SmartScreen helps protect systems from programs downloaded from the internet that may be malicious. Enabling...
    Rule Medium Severity
  • SRG-OS-000433-GPOS-00192

    <GroupDescription></GroupDescription>
    Group
  • Explorer Data Execution Prevention must be enabled.

    &lt;VulnDiscussion&gt;Data Execution Prevention (DEP) provides additional protection by performing checks on memory to help prevent malicious code...
    Rule Medium Severity
  • SRG-OS-000420-GPOS-00186

    <GroupDescription></GroupDescription>
    Group
  • Turning off File Explorer heap termination on corruption must be disabled.

    &lt;VulnDiscussion&gt;Legacy plug-in applications may continue to function when a File Explorer session has become corrupt. Disabling this feature...
    Rule Low Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • File Explorer shell protocol must run in protected mode.

    &lt;VulnDiscussion&gt;The shell protocol will limit the set of folders applications can open when run in protected mode. Restricting files an app...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules