Docstoc

cce-vista-5.20111007

Document Sample
cce-vista-5.20111007 Powered By Docstoc
					  CCE ID        CCE Description             CCE Parameters



             The "reset account lockout
             counter after" policy should
             meet minimum                 (1) number of
CCE-2715-1   requirements.                minutes

             The "account lockout
             duration" policy should meet   (1) number of
CCE-2363-0   minimum requirements.          minutes
             The "account lockout
             threshold" policy should
             meet minimum                   (1) number of
CCE-3177-3   requirements.                  attempts
             Auditing of "account logon"
             events on success should
             be enabled or disabled as
CCE-2820-9   appropriate..                  (1) enabled/disabled
             Auditing of "account logon"
             events on failure should be
             enabled or disabled as
CCE-3089-0   appropriate..                  (1) enabled/disabled

             Auditing of "account
             management" events on
             success should be enabled
CCE-3234-2   or disabled as appropriate.. (1) enabled/disabled

             Auditing of "account
             management" events on
             failure should be enabled or
CCE-3287-0   disabled as appropriate..    (1) enabled/disabled

             Auditing of "directory
             service access" events on
             success should be enabled
CCE-3041-1   or disabled as appropriate.. (1) enabled/disabled

             Auditing of "directory
             service access" events on
             failure should be enabled or
CCE-3309-2   disabled as appropriate..    (1) enabled/disabled
             Auditing of "logon" events
             on success should be
             enabled or disabled as
CCE-3076-7   appropriate..                (1) enabled/disabled
             Auditing of "logon" events
             on failure should be
             enabled or disabled as
CCE-2970-2   appropriate..                 (1) enabled/disabled

             Auditing of "object access"
             events on success should
             be enabled or disabled as
CCE-2724-3   appropriate..               (1) enabled/disabled
             Auditing of "object access"
             events on failure should be
             enabled or disabled as
CCE-3243-3   appropriate..               (1) enabled/disabled

             Auditing of "policy change"
             events on success should
             be enabled or disabled as
CCE-2746-6   appropriate..                 (1) enabled/disabled
             Auditing of "policy change"
             events on failure should be
             enabled or disabled as
CCE-2653-4   appropriate..                 (1) enabled/disabled
             Auditing of "privilege use"
             events on success should
             be enabled or disabled as
CCE-2322-6   appropriate..                 (1) enabled/disabled
             Auditing of "privilege use"
             events on failure should be
             enabled or disabled as
CCE-3257-3   appropriate..                 (1) enabled/disabled

             Auditing of "process
             tracking" events on success
             should be enabled or
CCE-3024-7   disabled as appropriate..     (1) enabled/disabled
             Auditing of "process
             tracking" events on failure
             should be enabled or
CCE-2927-2   disabled as appropriate..     (1) enabled/disabled
             Auditing of "system" events
             on success should be
             enabled or disabled as
CCE-2953-8   appropriate..                 (1) enabled/disabled
             Auditing of "system" events
             on failure should be
             enabled or disabled as
CCE-3222-7   appropriate..                 (1) enabled/disabled

             The "restrict guest access
             to application log" policy
CCE-3121-1   should be set correctly.      (1) enabled/disabled
             The application log
             maximum size should be
CCE-3015-5   configured correctly..        (1) size of file




             The "when maximum log
             size is reached" property
             should be set correctly for
CCE-2905-8   the Application log.          (1) type of retention

             The "restrict guest access
             to security log" policy should
CCE-2659-1   be set correctly.              (1) enabled/disabled



             The security log maximum
             size should be configured
CCE-3302-7   correctly..                   (1) size of file




             The "when maximum log
             size is reached" property
             should be set correctly for
CCE-3196-3   the Security log.             (1) type of retention

             The "restrict guest access
             to system log" policy should
CCE-2839-9   be set correctly.            (1) enabled/disabled



             The system log maximum
             size should be configured
CCE-3165-8   correctly.                    (1) size of file




             The "when maximum log
             size is reached" property
             should be set correctly for
CCE-2931-4   the System log.               (1) type of retention
             The "maximum password
             age" policy should meet
CCE-2967-8   minimum requirements.          (1) number of days
             The "minimum password
             age" policy should meet
CCE-3240-9   minimum requirements.          (1) number of days

             The "minimum password
             length" policy should meet
CCE-2883-7   minimum requirements.          (1) number of days
             The "password must meet
             complexity requirments"
             policy should be set
CCE-3033-8   correctly.                     (1) enabled/disabled

             The "enforce password          (1) number of
             history" policy should meet    passwords
CCE-2323-4   minimum requirements.          remembered

             The "store password using
             reversible encryption for all
             users in the domain" policy
CCE-3311-8   should be set correctly.      (1) enabled/disabled


             The startup type of the        (1)
             Messenger service should       disabled/manual/auto
CCE-3316-7   be correct.                    matic

             The startup type of the
             NetMeeting Remote              (1)
             Desktop Sharing service        disabled/manual/auto
CCE-3082-5   should be correct.             matic
             The behavior surrounding
             Anonymous users' abiliity to
             display lists of SAM
             accounts and shares should     (1)
CCE-3232-6   be correct.                    restricted/unrestricted

             The behavior surrounding
             Anonymous users' abiliity to
             display lists of SAM         (1)
CCE-3272-2   accounts should be correct. restricted/unrestricted
             The behavior surrounding
             Anonymous SID/Name
             translation should be
CCE-2339-0   correct.                     (1) enabled/disabled

             Use of the built-in Guest
             account should be enabled
CCE-3248-2   or disabled as appropriate. (1) enabled/disabled
             Use of the built-in
             Administrator account
             should be enabled or
CCE-3032-0   disabled as appropriate.    (1) enabled/disabled
             The "Message title for users
             attempting to log on" policy
CCE-3314-2   should be set correctly.     (1) text caption

             The "Message text for users
             attempting to log on" policy
CCE-3336-5   should be set correctly.     (1) text statement

             Automatic Logon should be
CCE-3072-6   properly configured.        (1) enabled/disabled
             Autoplay on all Drive Types
             should be properly
CCE-2719-3   configured.                 (1) enabled/disabled

             ICMP Redirects should be
CCE-3239-1   properly configured.           (1) enabled/ignored

                                            (1) 0 = No additional
                                            protection, source
                                            routed packets are
                                            allowed | 1 =
                                            Medium, source
                                            routed packets
                                            ignored when IP
                                            forwarding is enabled
                                            | 2 = Highest
                                            protection, source
             IP Source Routing should       routing is completely
CCE-3261-5   be properly configured.        disabled

             IRDP should be properly
CCE-3279-7   configured.                    (1) enabled/disabled
             Display Last User Name in
             Logon Screen should be
CCE-3173-2   properly configured.           (1) enabled/disabled
             System availability to
             Master Browser should be
CCE-3067-6   properly configured.           (1) available/hidden
             TCP/IP Dead Gateway
             Detection should be
CCE-3120-3   properly configured.           (1) enabled/disabled
             The TCP/IP KeepAlive
             Time should be set correctly   (1) number of
CCE-3142-7   .                              milliseconds
             TCP/IP NetBIOS Name
             Release on Request
             Prevented should be
CCE-2785-4   properly configured.           (1) enabled/disabled
             TCP/IP SYN Flood Attack
             Protection should be
CCE-2679-9   properly configured.           (1) enabled/disabled
             Security Audit log warning
             level should be properly
CCE-3181-5   configured.                    (1) warning level
             Safe DLL Search Mode
             should be properly
CCE-3199-7   configured.                 (1) enabled/disabled
             The built-in Administrator
             account should be correctly
CCE-2714-4   named.                      (1) valid names

             The built-in Guest account
CCE-2359-8   should be correctly named.     (1) valid names
             The amount of idle time
             required before
             disconnecting a session        (1) number of
CCE-2519-7   should be set correctly.       minutes
             The "Audit the access of
             global system objects"
             policy should be set
CCE-3285-4   correctly.                     (1) enabled/disabled
             The "Audit the use of
             backup and restore
             privilege" policy should be
CCE-3303-5   set correctly.                 (1) enabled/disabled
             The "Disable
             CTRL+ALT+Delete
             Requirement for Logon"
             policy should be set
CCE-3307-6   correctly.                     (1) enabled/disabled

             The "Prevent Users from
             Installing Printer Drivers"
             policy should be set
CCE-3325-8   correctly.                     (1) enabled/disabled

             The "Restrict CD-ROM
             Access to Locally Logged-
             On User Only" policy should
CCE-2858-9   be set correctly.           (1) enabled/disabled

             The "Restrict Floppy
             Access to Locally Logged-
             On User Only" policy should
CCE-3168-2   be set correctly.              (1) enabled/disabled
             The "Secure Channel:
             Require Strong (Windows
             2000 or later) Session Key"
             policy should be set
CCE-3212-8   correctly.                     (1) enabled/disabled
             The "Send Unencrypted
             Password to Connect to
             Third-Party SMB Servers"
             policy should be set
CCE-2838-1   correctly.                     (1) enabled/disabled
             The "Users Prompted to
             Change Password Before
             Expiration" policy should be   (1) number of days
CCE-3230-0   set correctly.                 prior to expiration
             The "Shut Down system
             immediately if unable to log
             security audits" policy
CCE-3001-5   should be set correctly.     (1) enabled/disabled

             The "Digitally Sign Client
             Communication (Always)"
             policy should be set
CCE-3252-4   correctly.                    (1) enabled/disabled

             The "Digitally Sign Client
             Communication (When
             Possible)" policy should be
CCE-2380-4   set correctly.                (1) enabled/disabled
             The "Digitally Sign Server
             Communication (Always)"
             policy should be set
CCE-3023-9   correctly.                    (1) enabled/disabled
             The "Digitally Sign Server
             Communication (When
             Possible)" policy should be
CCE-3164-1   set correctly.                (1) enabled/disabled
             The "Number of Previous
             Logons to Cache" policy
CCE-2376-2   should be set correctly.      (1) number of logons
             The "Allowed to Format and
             Eject Removable NTFS
             Media" policy should be set
CCE-3225-0   correctly.                    (1) Group(s)
             The "Secure Channel:
             Digitally Encrypt or Sign
             Secure Channel Data
             (Always)" policy should be
CCE-3330-8   set correctly.                (1) enabled/disabled
             The "Secure Channel:
             Digitally Encrypt Secure
             Channel Data (When
             Possible)" policy should be
CCE-2467-9   set correctly.                (1) enabled/disabled
             The "Secure Channel:
             Digitally Sign Secure
             Channel Data (When
             Possible)" policy should be
CCE-3233-4   set correctly.                (1) enabled/disabled
             The "Smart Card Removal
             Behavior" policy should be
CCE-3251-6   set correctly.                (1) behavior

             The "Prevent System
             Maintenance of Computer
             Account Password" policy
CCE-3255-7   should be set correctly.      (1) enabled/disabled
             The "Limit local account
             user of blank passwords to
             console logon only" policy
CCE-2398-6   should be set correctly.   (1) enabled/disabled

             The "Allow undock without
             having to logon" policy
CCE-3326-6   should be set correctly.        (1) enabled/disabled
             The "Maximum machine
             account password age"
             policy should be set
CCE-3075-9   correctly.                      (1) enabled/disabled

             The "Require Domain
             Controller authentication to
             unlock workstation" policy
CCE-3220-1   should be set correctly.        (1) enabled/disabled
             The "Disconnect clients
             when logon hours expire"
             policy should be set
CCE-3361-3   correctly.                      (1) enabled/disabled
             The "Do not allow storage
             of credentials or .NET
             Passports" policy should be
CCE-3379-5   set correctly.                  (1) enabled/disabled
             The "Let Everyone
             permissions apply to
             anonymous users" policy
CCE-2457-0   should be set correctly.        (1) enabled/disabled
             The "Named Pipes that can
             be accessed anonymously"
             policy should be set            (1) list of named
CCE-3380-3   correctly.                      pipes

             The "Remotely accessible
             registry paths" policy should
CCE-2825-8   be set correctly.               (1) set of paths
             The "Shares that can be
             accessed anonymously"
             policy should be set
CCE-3349-8   correctly.                      (1) set of shares
             The "Sharing and security
             model for local accounts"
             policy should be set            (1) Classic/Guest
CCE-3367-0   correctly.                      only
             The "Do not store LAN
             Manager hash value on
             next password change"
             policy should be set
CCE-3138-5   correctly.                      (1) enabled/disabled
             The "Force logoff when
             logon hours expire" policy
CCE-3283-9   should be set correctly.        (1) enabled/disabled
             The "Screen Saver
             Timeout" setting should be
             configured correctly for the
CCE-3050-2   current user.                 (1) time in seconds
             The "Always Prompt Client
             for Password upon
             Connection" policy should
             be set correctly for Terminal
CCE-3429-8   Services.                     (1) enabled/disabled

             The "Allow Solicited
             Remote Assistance" policy
             should be set correctly for
CCE-3323-3   Terminal Services.             (1) enabled/disabled

             The "Allow Unsolicited
             Remote Assistance" policy
             should be set correctly for
CCE-3217-7   Terminal Services.             (1) enabled/disabled
             The "Configure Automatic
             Updates" should be set
CCE-3358-9   correctly

             The "Do not adjust default
             option to 'Install Updates
             and Shut Down' in Shut
             Down Windows dialog box"
CCE-3345-6   should be set correctly

             The "Do not display 'Install
             Updates and Shut Down'
             option in Shut Down
             Windows dialog box" should
CCE-3363-9   be set correctly
             The "No auto-restart for
             scheduled Automatic
CCE-2462-0   Updates installations
             The "Reschedule Automatic
             Updates scheduled
             installations" should be set
CCE-2852-2   correctly

             The "DCOM: Machine
             access Restrictions in
             Security Descriptor
             Definition Language (SDDL)
             syntax" setting should be
CCE-3371-2   configured correctly.
             The "DCOM: Machine
             Launch Restrictions in the
             Security Descriptor
             Definition Language (SDDL)
             syntax" security option
CCE-3266-4   should be set correctly.
             The "Display user
             information when the
             session is locked" setting
             should be configured
CCE-3411-6   correctly.
             The "Interactive logon:
             Requre smart card" setting
             should be configured
CCE-2772-2   correctly.                 (1) enabled/disabled

             The "Network access:
             Restrict anonymous access
             to named pipes and shares"
             setting should be configured
CCE-3292-0   correctly.

             MSS:(TCPMaxConnectRes
             ponseRetransmission) SYN-
             ACK retansmissions when a
             connection request is not (1) number of
CCE-3459-5   acknowledged              seconds
             MSS:(TCPMaxDataRetrans
             missions) How many times
             unacknowledged data is    (1) number of
CCE-3460-3   retransmitted             retransmissions

             The automatic generation of
             8.3 file names for NTFS
             should be enabled or
CCE-3244-1   disabled as appropriate.    (1) enabled/disabled
             RPC Endpiont Mapper
             Client Authentication (SP2
CCE-3394-4   only)                       (1) enabled/disabled
             Restrictions for
             Unauthenticated RPC
CCE-3160-9   clients (SP2 only)          (1) enabled/disabled

             Domain Profile: Protect all
             network connections (SP2
CCE-3054-4   only)                          (1) enabled/disabled


             Domain Profile: Do not
CCE-3187-2   allow exceptions (SP2 only) (1) enabled/disabled


             Domain Profile: Allow local
CCE-3405-8   program exceptions             (1) enabled/disabled
                                            (1) enabled/disabled
             Domain Profile: Allow          (2) subnets for
CCE-3158-3   remote administration          internal support only

             Domain Profile: Allow file
             and printer sharing
CCE-3431-4   exception (SP2 only)           (1) enabled/disabled


             Domain Profile: Allow    (1) enabled/disabled
             Remote Desktop exception (2) subnets for
CCE-3458-7   (SP2 only)               internal support only

             Domain Profile: Allow UPnP
             framework exception (SP2
CCE-2964-5   only)                           (1) enabled/disabled
             The "Windows Firewall:
             Prohibit notifications" setting
             should be configured
             correctly for the Domain
CCE-3365-4   Profile.                        (1) enabled/disabled



             The "Log Dropped Packets"
             option for the Windows
             Firewall should be
             configured correctly for the
CCE-3260-7   Domain Profile.              (1) enabled/disabled




             The log file path and name
             for the Windows Firewall
             should be configured
             correctly for the Domain
CCE-2533-8   Profile.                       (1) File path




             The log file size limit for the
             Windows Firewall should be
             configured correctly for the
CCE-3299-5   Domain Profile.                 (1) Size limit (KB)
             The "Log Successful
             Connections" option for the
             Windows Firewall should be
             configured correctly for the
CCE-3414-0   Domain Profile.              (1) enabled/disabled

             Unicast response to
             multicast or broadcast
             requests should be enabled
             or disabled as appropriate
CCE-3436-3   for the Domain Profile.    (1) enabled/disabled


             Domain Profile: Define port
CCE-3202-9   exceptions (SP2 only)       (1) enabled/disabled


             Domain Profile: Allow local
CCE-3180-7   port exceptions (SP2 only)     (1) enabled/disabled

             Standard Profile: Protect all
             network connections (SP2
CCE-3329-0   only)                         (1) enabled/disabled


             Standard Profile: Do not
CCE-3347-2   allow exceptions (SP2 only) (1) enabled/disabled

             Standard Profile: Allow local
             program exceptions (SP2
CCE-3334-0   only)                         (1) enabled/disabled

             Standard Profile: Allow
             remote administration
CCE-3352-2   exception (SP2 only)           (1) enabled/disabled


             Standard Profile: Allow file
             and printer sharing
CCE-3369-6   exception (SP2 only)           (1) enabled/disabled

             Standard Profile: Allow
             Remote Desktop exception
CCE-3387-8   (SP2 only)               (1) enabled/disabled

             Standard Profile: Allow
             UPnP framework exception
CCE-3268-0   (SP2 only)               (1) enabled/disabled
             The "Windows Firewall:
             Prohibit notifications" setting
             should be configured
             correctly for the Standard
CCE-3409-0   Profile.                        (1) enabled/disabled

             Unicast response to
             multicast or broadcast
             requests should be enabled
             or disabled as appropriate
CCE-3440-5   for the Standard Profile.  (1) enabled/disabled


             Standard Profile: Define
CCE-3462-9   port exceptions (SP2 only)    (1) enabled/disabled


             Standard Profile: Allow local
CCE-3356-3   port exceptions (SP2 only) (1) enabled/disabled




             Domain Profile - Inbound
CCE-2999-1   Connections




             Domain Profile - Outbound
CCE-3439-7   Connections




             Domain Profile - Apply
CCE-3457-9   Local Firewall Rules




             Domain Profile - Apply
             Local Connection Security
CCE-2977-7   Rules




             Private Profile- Firewall
CCE-3373-8   State
             Private Profile - Inbound
CCE-3395-1   Connections




             Private Profile - Outbound
CCE-3166-6   Connections

             User notifications when a
             program is blocked from
             receiving inbound
             connections by Windows
             Firewall should be enabled
             or disabled as appropriate       (1) yes/no/not
CCE-3417-3   for the Private Profile.         configured



             Unicast response to
             multicast or broadcast
             requests should be enabled
             or disabled as appropriate
CCE-2924-9   for the Private Profile.   (1) enabled/disabled




             Private Profile - Apply Local
CCE-3360-5   Firewall Rules




             Private Profile - Apply Local
CCE-2854-8   Connection Security Rules




CCE-3246-6   Public Profile- Firewall State




             Public Profile - Inbound
CCE-3263-1   Connections
             Public Profile - Outbound
CCE-3351-4   Connections

             User notifications when a
             program is blocked from
             receiving inbound
             connections by Windows
             Firewall should be enabled
             or disabled as appropriate     (1) yes/no/not
CCE-2998-3   for the Public Profile.        configured



             Unicast response to
             multicast or broadcast
             requests should be enabled
             or disabled as appropriate
CCE-2641-9   for the Public Profile.    (1) enabled/disabled




             Public Profile - Apply Local
CCE-2650-0   Firewall Rules




             Public Profile - Apply Local
CCE-3426-4   Connection Security Rules




             Logon - Do not process the
CCE-3320-9   legacy run list




             Logon - Do not process the
CCE-3086-6   run once list
             Group Policy - Registry
CCE-3452-0   policy processing


             Turn off Internet download
             for Web publishing and
CCE-3364-7   online ordering wizards
             Turn off the Windows
             Messenger Customer
             Experience Improvement
CCE-3259-9   Program



             Turn off Search Companion
CCE-2778-9   content file updates



CCE-3421-5   Turn off printing over HTTP


             Turn off downloading of
CCE-2754-0   print drivers over HTTP



             Turn off Windows Update
CCE-3278-9   device driver searching



             Enumerate administrator
CCE-2471-1   accounts on elevation



             Require trusted path for
CCE-3310-0   credential entry



             Deny all add-ons unless
             specifically allowed in the
CCE-3327-4   Add-on List
             The "Do not allow
             passwords to be saved"
             setting should be configured
             correctly for Terminal
CCE-2975-1   Services.

             The "Do not allow drive
             redirection" setting should
             be configured correctly for
CCE-2874-6   Terminal Services.


             Access to registry editing
CCE-3415-7   tools is set correctly.

             Prompt for password on
             resume from
             hibernate/suspend is set
CCE-3169-0   correctly.


             Do not preserve zone
             information in file
CCE-3437-1   attachments is set correcly.



             Hide mechanisms to
             remove zone information is
CCE-2979-3   set correcly.


             Notify antivirus programs
             when opening attachments
CCE-3300-1   is set correcly.

             Outlook Express
             attachment blocking is set
CCE-3305-0   correctly.


             Audit: Force audit policy
             subcategory settings are set
CCE-3450-4   correcly.
             The "Log Access For Setup
             Log" setting should be
CCE-3102-1   configured correctly.        (1) enabled/disabled
             The startup type of the
             Windows Search service
             should be configured
CCE-3388-6   correctly.                   (1) enabled/disabled
             The startup type of
             Microsoft Peer-to-Peer
             Networking Services should
CCE-3270-6   be configured correctly.   (1) enabled/disabled

             The "Prohibit Access of the
             Windows Connect Now
             Wizards" setting should be
CCE-3045-2   configured correctly.           (1) enabled/disabled
             The "Allow remote access
             to the PnP interface" setting
             should be configured
CCE-3331-6   correctly.                      (1) enabled/disabled
             The "Do not create system
             restore point when new
             device driver installed"
             setting should be configured
CCE-3464-5   correctly.                      (1) enabled/disabled
             The "Do not send a
             Windows Error Report
             when a generic driver is
             installed on a device"
             setting should be configured
CCE-3468-6   correctly.                      (1) enabled/disabled
             The "Turn Off Access to All
             Windows Update Feature"
             setting should be configured
CCE-3362-1   correctly.                      (1) enabled/disabled
             The "Turn Off Automatic
             Root Certificates Update"
             setting should be configured
CCE-3454-6   correctly.                      (1) enabled/disabled
             The "Turn Off Event Views
             'Events.asp' Links" setting
             should be configured
CCE-3348-0   correctly.                      (1) enabled/disabled
             The "Turn Off Handwriting
             Reconition Error Reporting"
             setting should be configured
CCE-2868-8   correctly.                      (1) enabled/disabled
             The "Turn Off Help and
             Support Center "Did You
             Know?" Content" setting
             should be configured
CCE-2877-9   correctly.                      (1) enabled/disabled
             The "Turn Off Help and
             Support Center Microsoft
             Knowledge Base Search"
             setting should be configured
CCE-3406-6   correctly.                      (1) enabled/disabled
             The "Turn Off Internet
             Connection Wizard if URL
             Connection is Referring to
             Microsoft.com" setting
             should be configured
CCE-3432-2   correctly.                   (1) enabled/disabled
             The "Turn Off Internet File
             Association Service" setting
             should be configured
CCE-2697-1   correctly.                   (1) enabled/disabled

             The "Turn Off Registration if
             URL Connection is
             Referring to Microsoft.com"
             setting should be configured
CCE-3093-2   correctly.                      (1) enabled/disabled
             The "Turn Off the 'Order
             Prints' Picture Task" setting
             should be configured
CCE-3115-3   correctly.                      (1) enabled/disabled
             The "Turn off the 'Publish to
             Web' task for files and
             folders" setting should be
CCE-2477-8   configured correctly.           (1) enabled/disabled
             The "Turn Off Windows
             Movies Maker Automatic
             Codec Downloads" setting
             should be configured
CCE-3403-3   correctly.                      (1) enabled/disabled
             The "Turn Off Windows
             Movie Maker Online Web
             Links" setting should be
CCE-3297-9   configured correctly.           (1) enabled/disabled
             The "Turn Off Windows
             Movie Maker Saving to
             Online Video Hosting
             Provider" setting should be
CCE-3385-2   configured correctly.           (1) enabled/disabled
             The "Don't Display the
             Getting Started Welcome
             Screen at Logon" setting
             should be configured
CCE-2781-3   correctly.                      (1) enabled/disabled
             The "Turn off Windows
             Startup Sound" setting
             should be configured
CCE-2922-3   correctly.                      (1) enabled/disabled

             The "Require a Password
             when a Computer Wakes
             (On Battery)" setting should
CCE-2821-7   be configured correctly.     (1) enabled/disabled
             The "Require a Password
             when a Computer Wakes
             (Plugged)" setting should be
CCE-3469-4   configured correctly.        (1) enabled/disabled
             The "Allow only Vista or
             later connections" setting
             should be configured
CCE-2742-5   correctly.                   (1) enabled/disabled
             The "Customization
             Warning Messages" setting
             should be configured
CCE-2887-8   correctly.                   (1) enabled/disabled

             The "Turn on bandwidth
             optimization" setting should
CCE-3407-4   be configured correctly.     (1) enabled/disabled

             The "Turn on session
             logging" setting should be
CCE-3271-4   configured correctly.          (1) enabled/disabled

             The "Prevent IIS
             Installation" setting should
CCE-3288-8   be configured correctly.       (1) enabled/disabled

             The "Turn off Active Help"
             setting should be configured
CCE-3434-8   correctly.                   (1) enabled/disabled

             The "Turn off Untrusted
             Content" setting should be
CCE-3046-0   configured correctly.          (1) enabled/disabled
             The "Turn off downloading
             of enclosures" setting
             should be configured
CCE-3477-7   correctly.                     (1) enabled/disabled

             The "Allow indexing of
             encrypted files" setting
             should be configured
CCE-3376-1   correctly.                     (1) enabled/disabled

             The "Prevent indexing
             uncached Exchange
             folders" setting should be
CCE-3143-5   configured correctly.          (1) enabled/disabled

             The "Turn off Windows
             Calendar" setting should be
CCE-2914-0   configured correctly.       (1) enabled/disabled
             The "Allow Corporate
             redirection of Customer
             Experience Improvement
             uploads" setting should be
CCE-3178-1   configured correctly.          (1) enabled/disabled

             The "Turn off Windows
             Defender" setting should be
CCE-3209-4   configured correctly.        (1) enabled/disabled
             The "Turn off Heap
             termination on corruption"
             setting should be configured
CCE-2962-9   correctly.                   (1) enabled/disabled

             The "Turn off shell protocol
             protected mode" setting
             should be configured
CCE-3125-2   correctly.                     (1) enabled/disabled
             The "Prohibit non-
             administrators from
             applying vendor signed
             updates" setting should be
CCE-3398-5   configured correctly.          (1) enabled/disabled
             The "Report Logon Server
             Not Available During User
             logon" setting should be
CCE-3341-5   configured correctly.          (1) enabled/disabled
             The "Turn off the
             communitication features"
             setting should be configured
CCE-2521-3   correctly.                     (1) enabled/disabled

             The "Turn off Windows Mail
             application" setting should
CCE-2525-4   be configured correctly.    (1) enabled/disabled
             The "Prevent Windows
             Media DRM Internet
             Access" setting should be
CCE-3486-8   configured correctly.       (1) enabled/disabled

             The "Turn off Windows
             Meeting Space" setting
             should be configured
CCE-2557-7   correctly.                     (1) enabled/disabled

             The "Turn on Windows
             Meeting Space audting"
             setting should be configured
CCE-3328-2   correctly.                   (1) enabled/disabled

             The "Disable unpacking and
             installation of gadgets that
             are not digitally signed"
             setting should be configured
CCE-3456-1   correctly.                   (1) enabled/disabled
             The "Override the More
             Gadgets Link" setting
             should be configured
CCE-3214-4   correctly.                    (1) enabled/disabled

             The "Turn Off User Installed
             Windows Sidebar Gadgets"
             setting should be configured
CCE-3500-6   correctly.                   (1) enabled/disabled
             The "Do not allow Digital
             Locker to run" setting
             should be configured
CCE-3482-7   correctly.                   (1) enabled/disabled

             The "Turn Off Downloading
             of Game Information"
             setting should be configured
CCE-2755-7   correctly.                   (1) enabled/disabled

             The "IPv6 Block of
             Protocols 41" setting should
CCE-2865-4   be configured correctly.     (1) enabled/disabled

             The "IPv6 Block of UDP
             3544" setting should be
CCE-3508-9   configured correctly.         (1) enabled/disabled
             The "Enforce user logon
             restrictions" policy should
CCE-4662-3   be set correctly.             (1) enabled/disabled
             The "Maximum Service
             Ticket Litfetime" policy      (1) number of
CCE-4666-4   should be set correctly.      minutes
             The "Maximum User Ticket
             Lifetime" policy should be
CCE-3936-2   set correctly.                (1) number of hours
             The "Maximum User
             Renewal Lifetime" policy
CCE-4755-5   should be set correctly.      (1) number of days
             The "Maximum tolerance
             for computer clock
             synchronization" policy       (1) number of
CCE-4702-7   should be set correctly.      minutes
             TCP/IP PMTU Discovery
             should be properly
CCE-3949-5   configured.                   (1) enabled/disabled

             Kerberos and RSVP Traffic
             Protected by IPSec should
CCE-4904-9   be properly configured.    (1) enabled/disabled
             The "Remotely accessible
             registry paths and
             subpaths" policy should be
CCE-4781-1   set correctly.             (1) set of paths
             The "LAN Manager
             Authentication Level" policy (1) authentication
CCE-4922-1   should be set correctly.     level

             The "LDAP client signing
             requirements" policy should
CCE-4940-3   be set correctly.            (1) enabled/disabled
             The "Minimum session
             security for NTLM SSP
             based clients" policy should
CCE-4583-1   be set correctly.            (1) enabled/disabled
             The "Minimum session
             security for NTLM SSP
             based servers" policy
CCE-4213-5   should be set correctly.     (1) enabled/disabled

             The "Recovery Console:
             Allow Automatic
             Administrative Logon" policy
CCE-4107-9   should be set correctly.     (1) enabled/disabled
             The "Recovery Console:
             Allow Floppy Copy and
             Access to All Drives and All
             Folders" policy should be
CCE-3953-7   set correctly.               (1) enabled/disabled
             The "Allow System to be
             Shut Down Without Having
             to Log On" policy should be
CCE-3954-5   set correctly.               (1) enabled/disabled


             The "Clear Virtual Memory
             Pagefile at shutdown" policy
CCE-3969-3   should be set correctly.     (1) enabled/disabled

             The "Use FIPS compliant
             algorithms for encryption,
             hashing, and signing" policy
CCE-4774-6   should be set correctly.     (1) enabled/disabled
             The "Require Case
             Insensitivity for Non-
             Windows Sybsystems"
             policy should be set
CCE-4841-3   correctly.                   (1) enabled/disabled
             The "Strengthen Default
             Permissions of Global
             System Objects" policy
CCE-4011-3   should be set correctly.     (1) enabled/disabled

             The "User Account Control:
             Admin Approval Mode for
             the Built-in Administrator
             account" setting should be
CCE-4955-1   configured correctly.      (1) enabled/disabled
             The "Behavior of the
             elevation prompt for
             administrators in Admin      (1) Prompt for
             Approval Mode" setting       consent/Prompt for
             should be configured         credentials/Automatic
CCE-4016-2   correctly.                   ally deny
             The "Behavior of the
             elevation prompt for
             standard users" setting      (1) Prompt for
             should be configured         credentials/Automatic
CCE-4969-2   correctly.                   ally deny

             The "User Account Control:
             Detect application
             installations and prompt for
             elevation" setting should be
CCE-4612-8   configured correctly.        (1) enabled/disabled

             The "User Account Control:
             Only elevate executables
             that are signed and
             validated" setting should be
CCE-5004-7   configured correctly.        (1) enabled/disabled

             The "User Account Control:
             Only elevate UIAccess
             applications that are
             installed in secure
             locations" setting should be
CCE-4020-4   configured correctly.        (1) enabled/disabled

             The "User Account Control:
             Run all administrators in
             Admin Approval Mode"
             setting should be configured
CCE-4907-2   correctly.                   (1) enabled/disabled

             The "User Account Control:
             Switch to the secure
             desktop when prompting for
             elevation" setting should be
CCE-4925-4   configured correctly.        (1) enabled/disabled

             The "User Account Control:
             Virtualize file and registry
             write failures to per-user
             locations" setting should be
CCE-4194-7   configured correctly.        (1) enabled/disabled

             The "access this computer
             from the network" user right
             should be assigned to the
CCE-4334-9   correct accounts.            (1) set of accounts
             The "act as part of the
             operating system" user right
             should be assigned to the
CCE-4088-1   correct accounts.            (1) set of accounts

             The "adjust memory quotas
             for a process" user right
             should be assigned to the
CCE-4854-6   correct accounts.              (1) set of accounts
             The "log on locally" user
             right should be assigned to
CCE-4872-8   the correct accounts.          (1) set of accounts
             The "allow logon through
             Terminal Services" user
             right should be assigned to
CCE-4264-8   the correct accounts.          (1) set of accounts
             The "back up files and
             directories" user right
             should be assigned to the
CCE-4827-2   correct accounts.              (1) set of accounts
             The "bypass traverse
             checking" user right should
             be assigned to the correct
CCE-4973-4   accounts.                      (1) set of accounts
             The "change the system
             time" user right should be
             assigned to the correct
CCE-4863-7   accounts.                      (1) set of accounts
             The "Change the time zone"
             user right should be
             assigned to the appropriate
CCE-5008-8   accounts.                      (1) list of accounts

             The "create a pagefile" user
             right should be assigned to
CCE-4757-1   the correct accounts.          (1) set of accounts
             The "Create a token object"
             user right should be
             assigned to the correct
CCE-4902-3   accounts.                      (1) set of accounts
             The "Create global objects"
             user right should be
             assigned to the correct
CCE-4792-8   accounts.                      (1) set of accounts
             The "create permanent
             shared objects" user right
             should be assigned to the
CCE-4184-8   correct accounts.              (1) set of accounts

             The "debug programs" user
             right should be assigned to
CCE-4687-0   the correct accounts.       (1) set of accounts
             The "deny access to this
             computer from the network"
             user right should be
             assigned to the correct
CCE-4704-3   accounts.                        (1) set of accounts
             The "deny logon as a batch
             job" user right should be
             assigned to the correct
CCE-4722-5   accounts.                        (1) set of accounts
             The "deny logon as a
             service" user right should
             be assigned to the correct
CCE-4867-8   accounts.                        (1) set of accounts
             The "deny logon locally"
             user right should be
             assigned to the correct
CCE-4889-2   accounts.                        (1) set of accounts
             The "deny logon through
             Terminal Services" user
             right should be assigned to
CCE-4656-5   the correct accounts.            (1) set of accounts
             The "force shutdown from a
             remote system" user right
             should be assigned to the
CCE-4673-0   correct accounts.                (1) set of accounts
             The "generate security
             audits" user right should be
             assigned to the correct
CCE-4488-3   accounts.                        (1) set of accounts
             The "Impersonate a client
             after authentication" user
             right should be assigned to
CCE-4382-8   the correct accounts.            (1) set of accounts

             The "Increase a Process
             Working Set" setting should      (1) Set of users or
CCE-4651-6   be configured correctly.         groups
             The "increase scheduling
             priority" user right should be
             assigned to the correct
CCE-4796-9   accounts.                        (1) set of accounts
             The "load and unload
             device drivers" user right
             should be assigned to the
CCE-4034-5   correct accounts.                (1) set of accounts
             The "lock pages in memory"
             user right should be
             assigned to the correct
CCE-4317-4   accounts.                        (1) set of accounts
             The "log on as a batch job"
             user right should be
             assigned to the correct
CCE-4083-2   accounts.                        (1) set of accounts
             The "log on as a service"
             user right should be
             assigned to the correct
CCE-4038-6   accounts.                      (1) set of accounts
             The "manage auditing and
             security log" user right
             should be assigned to the
CCE-4046-9   correct accounts.              (1) set of accounts
             The "Modify an object label"
             user right should be
             assigned to the appropriate
CCE-4285-3   accounts.                      (1) list of accounts
             The "modify firmware
             environment values" user
             right should be assigned to
CCE-4048-5   the correct accounts.          (1) set of accounts
             The "perform volume
             maintenance tasks" user
             right should be assigned to
CCE-4071-7   the correct accounts.          (1) set of accounts
             The "profile single process"
             user right should be
             assigned to the correct
CCE-4962-7   accounts.                      (1) set of accounts
             The "profile system
             performance" user right
             should be assigned to the
CCE-4618-5   correct accounts.              (1) set of accounts

             The "remove computer from
             docking station" user right
             should be assigned to the
CCE-4861-1   correct accounts.              (1) set of accounts
             The "replace a process-
             level token" user right
             should be assigned to the
CCE-4372-9   correct accounts.              (1) set of accounts
             The "restore files and
             directories" user right
             should be assigned to the
CCE-4948-6   correct accounts.              (1) set of accounts
             The "shut down the system"
             user right should be
             assigned to the correct
CCE-4569-0   accounts.                      (1) set of accounts

             The "synchronize directory
             service data" user right
             should be assigned to the
CCE-4970-0   correct accounts.              (1) set of accounts

             The "take ownership of files
             or other objects" user right
             should be assigned to the
CCE-4988-2   correct accounts.            (1) set of accounts
             The required permissions    (1) set of accounts
             for the WLAN AutoConfig     (2) list of permissions
CCE-4627-6   service should be assigned. (3) applicability




             Internet Explorer Processes
CCE-4992-4   (Zone Elevation Protection) (1) enabled/disabled
             The "Turn on Responder
             (RSPNDR) driver" setting
             should be configured
             correctly for the domain
CCE-4077-4   profile.                    (1) enabled/disabled
             Installation and
             Configuration of Network
             Bridge on the DNS Domain
             Network should be properly
CCE-4152-5   configured.                 (1) enabled/disabled

             The "Prohibit use of Internet
             Connection Firewall on your
             DNS domain network"
             setting should be configured
CCE-5020-3   correctly.                    (1) enabled/disabled


             The startup type of the        (1)
             Internet Connection Sharing    disabled/manual/auto
CCE-4078-2   service should be correct.     matic
             The "Configuration of
             wireless settings using
             Windows Connect Now"
             setting should be configured
             correctly for Wireless
             Connect Now over Ethernet
CCE-5061-7   (UPnP).                        (1) enabled/disabled
             The "Internet Explorer
             Maintenance Policy
             Processing - Allow
             processing across a slow
             network connection" setting
             should be configured
CCE-4081-6   correctly.                  (1) enabled/disabled
             The "Enable Error
             Reporting" policy should be
CCE-4694-6   set correctly.              (1) enabled/disabled

             Use Classic Logon should
CCE-4813-2   be properly configured.     (1) logon type
             The 'Approved Installation
             Sites for ActiveX Controls'
             security mechanism should
             be enabled or disabled as
CCE-4579-9   appropriate.                (1) enabled/disabled
             The setup log maximum
             size should be configured
CCE-4086-5   correctly.                  (1) Size limit (KB)

             The "Do not allow drive
             redirection" setting should
             be configured correctly for
CCE-4501-3   Terminal Services.

             The "Set Client connection
             Encryption Level" policy
             should be set correctly for
CCE-4866-0   Terminal Services.             (1) encryption level
             The "Set time limit for
             disconnected sessions"
             policy should be set
             correctly for Terminal         (1) Time Limit
CCE-5007-0   Services.                      (minutes)
             The "Set time limit for idle
             sessions" policy should be
             set correctly for Terminal     (1) Time limit
CCE-4267-1   Services.                      (minutes)

             Computer-wide, rather than
             per-user, use of Microsoft
             Spynet Reporting for
             Windows Defender should
             be enabled or disabled as      (1) enabled, disabled,
CCE-4761-3   appropriate.                   or not configured
             The "Disable Logging"
             setting should be configured
CCE-4915-5   correctly.                     (1) enabled/disabled
             The "Disable Windows
             Error Reporting" setting
             should be configured
CCE-5034-4   correctly.                     (1) enabled/disabled
             The "Display Error
             Notification" setting should
CCE-4919-7   be configured correctly.       (1) enabled/disabled

             The "Do not send additional
             data" setting should be
CCE-4089-9   configured correctly.          (1) enabled/disabled
             The "Set Safe for Scripting"
             policy should be set
CCE-4991-6   correctly.                     (1) enabled/disabled
             The "Enable User Control
             Over Installs" policy should
CCE-4629-2   be set correctly.              (1) enabled/disabled
             The "Do Not Show First
             Use Dialog Boxes" setting
             for Windows Media Player
             should be configured
CCE-4405-7   correctly.                     (1) enabled/disabled
             The "Disable Media Player
             for automatic updates"
             policy should be set
CCE-4898-3   correctly.                     (1) enabled/disabled
             The "Prevent Desktop
             Shortcut Creation" setting
             for Windows Media Player
             should be configured
CCE-5052-6   correctly.                     (1) enabled/disabled

             The "Do Not Automatically
             Start Windows Messenger"
             policy should be set
CCE-4797-7   correctly.                     (1) enabled/disabled
             The "Password protect the
             screen saver" setting
             should be configured
             correctly for the current
CCE-4290-3   user.                          (1) enabled/disabled
             The "Prevent users from
             sharing files within their
             profile" setting should be
CCE-5070-8   configured correctly.          (1) enabled/disabled
             Auditing of "Account
             Management: Application
             Group Management" events
             on success should be
             enabled or disabled as
CCE-4938-7   appropriate.                   (1) enabled/disabled
             Auditing of "Account
             Management: Application
             Group Management" events
             on failure should be
             enabled or disabled as
CCE-4700-1   appropriate.                  (1) enabled/disabled
             Auditing of "Account
             Management: Computer
             Account Management"
             events on success should
             be enabled or disabled as
CCE-4093-1   appropriate.                  (1) enabled/disabled
             Auditing of "Account
             Management: Computer
             Account Management"
             events on failure should be
             enabled or disabled as
CCE-4228-3   appropriate.                  (1) enabled/disabled
             Auditing of "Account
             Management: Distribution
             Group Management" events
             on success should be
             enabled or disabled as
CCE-4115-2   appropriate.                  (1) enabled/disabled
             Auditing of "Account
             Management: Distribution
             Group Management" events
             on failure should be
             enabled or disabled as
CCE-4140-0   appropriate.                  (1) enabled/disabled

             Auditing of "Account
             Management: Other
             Account Management
             Events" events on success
             should be enabled or
CCE-4916-3   disabled as appropriate.      (1) enabled/disabled
             Auditing of "Account
             Management: Other
             Account Management
             Events" events on failure
             should be enabled or
CCE-4783-7   disabled as appropriate.      (1) enabled/disabled
             Auditing of "Account
             Management: Security
             Group Management" events
             on success should be
             enabled or disabled as
CCE-5048-4   appropriate.                  (1) enabled/disabled
             Auditing of "Account
             Management: Security
             Group Management" events
             on failure should be
             enabled or disabled as
CCE-4142-6   appropriate.                  (1) enabled/disabled
             Auditing of "Account
             Management: User Account
             Management" events on
             success should be enabled
CCE-4833-0   or disabled as appropriate. (1) enabled/disabled

             Auditing of "Account
             Management: User Account
             Management" events on
             failure should be enabled or
CCE-5097-1   disabled as appropriate.     (1) enabled/disabled
             Auditing of "Detailed
             Tracking: DPAPI Activity"
             events on success should
             be enabled or disabled as
CCE-5000-5   appropriate.                 (1) enabled/disabled
             Auditing of "Detailed
             Tracking: DPAPI Activity"
             events on failure should be
             enabled or disabled as
CCE-4493-3   appropriate.                 (1) enabled/disabled

             Auditing of "Detailed
             Tracking: Process Creation"
             events on success should
             be enabled or disabled as
CCE-4166-5   appropriate.                (1) enabled/disabled

             Auditing of "Detailed
             Tracking: Process Creation"
             events on failure should be
             enabled or disabled as
CCE-5094-8   appropriate.                (1) enabled/disabled

             Auditing of "Detailed
             Tracking: Process
             Termination" events on
             success should be enabled
CCE-4869-4   or disabled as appropriate. (1) enabled/disabled

             Auditing of "Detailed
             Tracking: Process
             Termination" events on
             failure should be enabled or
CCE-4363-8   disabled as appropriate.     (1) enabled/disabled
             Auditing of "Detailed
             Tracking: RPC Events"
             events on success should
             be enabled or disabled as
CCE-4891-8   appropriate.                 (1) enabled/disabled
             Auditing of "Detailed
             Tracking: RPC Events"
             events on failure should be
             enabled or disabled as
CCE-4759-7   appropriate.                (1) enabled/disabled

             Auditing of "DS Access:
             Detailed Directory Service
             Replication" events on
             success should be enabled
CCE-5023-7   or disabled as appropriate. (1) enabled/disabled

             Auditing of "DS Access:
             Detailed Directory Service
             Replication" events on
             failure should be enabled or
CCE-4658-1   disabled as appropriate.     (1) enabled/disabled

             Auditing of "DS Access:
             Directory Service Access"
             events on success should
             be enabled or disabled as
CCE-5028-6   appropriate.                (1) enabled/disabled
             Auditing of "DS Access:
             Directory Service Access"
             events on failure should be
             enabled or disabled as
CCE-4931-2   appropriate.                (1) enabled/disabled

             Auditing of "DS Access:
             Directory Service Changes"
             events on success should
             be enabled or disabled as
CCE-5067-4   appropriate.               (1) enabled/disabled

             Auditing of "DS Access:
             Directory Service Changes"
             events on failure should be
             enabled or disabled as
CCE-4808-2   appropriate.                (1) enabled/disabled

             Auditing of "DS Access:
             Directory Service
             Replication" events on
             success should be enabled
CCE-5089-8   or disabled as appropriate. (1) enabled/disabled

             Auditing of "DS Access:
             Directory Service
             Replication" events on
             failure should be enabled or
CCE-4176-4   disabled as appropriate.     (1) enabled/disabled
             Auditing of "Logon/Logoff:
             Account Lockout" events on
             success should be enabled
CCE-4342-2   or disabled as appropriate. (1) enabled/disabled

             Auditing of "Logon/Logoff:
             Account Lockout" events on
             failure should be enabled or
CCE-4857-9   disabled as appropriate.       (1) enabled/disabled
             Auditing of "Logon/Logoff:
             IPsec Extended Mode"
             events on success should
             be enabled or disabled as
CCE-5011-2   appropriate.                   (1) enabled/disabled
             Auditing of "Logon/Logoff:
             IPsec Extended Mode"
             events on failure should be
             enabled or disabled as
CCE-4505-4   appropriate.                   (1) enabled/disabled
             Auditing of "Logon/Logoff:
             IPsec Main Mode" events
             on success should be
             enabled or disabled as
CCE-5016-1   appropriate.                   (1) enabled/disabled
             Auditing of "Logon/Logoff:
             IPsec Main Mode" events
             on failure should be
             enabled or disabled as
CCE-4650-8   appropriate.                   (1) enabled/disabled
             Auditing of "Logon/Logoff:
             IPsec Quick Mode" events
             on success should be
             enabled or disabled as
CCE-5038-5   appropriate.                   (1) enabled/disabled
             Auditing of "Logon/Logoff:
             IPsec Quick Mode" events
             on failure should be
             enabled or disabled as
CCE-4928-8   appropriate.                   (1) enabled/disabled

             Auditing of "Logon/Logoff:
             Logoff" events on success
             should be enabled or
CCE-4703-5   disabled as appropriate.       (1) enabled/disabled
             Auditing of "Logon/Logoff:
             Logoff" events on failure
             should be enabled or
CCE-4183-0   disabled as appropriate.       (1) enabled/disabled

             Auditing of "Logon/Logoff:
             Logon" events on success
             should be enabled or
CCE-5018-7   disabled as appropriate.       (1) enabled/disabled
             Auditing of "Logon/Logoff:
             Logon" events on failure
             should be enabled or
CCE-4423-0   disabled as appropriate.     (1) enabled/disabled

             Auditing of "Logon/Logoff:
             Other Logon/Logoff Events"
             events on success should
             be enabled or disabled as
CCE-5163-1   appropriate.                (1) enabled/disabled
             Auditing of "Logon/Logoff:
             Other Logon/Logoff Events"
             events on failure should be
             enabled or disabled as
CCE-5066-6   appropriate.                (1) enabled/disabled

             Auditing of "Logon/Logoff:
             Special Logon" events on
             success should be enabled
CCE-4956-9   or disabled as appropriate. (1) enabled/disabled

             Auditing of "Logon/Logoff:
             Special Logon" events on
             failure should be enabled or
CCE-4824-9   disabled as appropriate.     (1) enabled/disabled

             Auditing of "Object Access:
             Application Generated"
             events on success should
             be enabled or disabled as
CCE-5084-9   appropriate.                (1) enabled/disabled

             Auditing of "Object Access:
             Application Generated"
             events on failure should be
             enabled or disabled as
CCE-4829-8   appropriate.                (1) enabled/disabled

             Auditing of "Object Access:
             Certification Services"
             events on success should
             be enabled or disabled as
CCE-4714-2   appropriate.                (1) enabled/disabled

             Auditing of "Object Access:
             Certification Services"
             events on failure should be
             enabled or disabled as
CCE-4868-6   appropriate.                (1) enabled/disabled

             Auditing of "Object Access:
             File Share" events on
             success should be enabled
CCE-4200-2   or disabled as appropriate. (1) enabled/disabled
             Auditing of "Object Access:
             File Share" events on failure
             should be enabled or
CCE-5145-8   disabled as appropriate.      (1) enabled/disabled

             Auditing of "Object Access:
             File System" events on
             success should be enabled
CCE-4921-3   or disabled as appropriate. (1) enabled/disabled

             Auditing of "Object Access:
             File System" events on
             failure should be enabled or
CCE-5039-3   disabled as appropriate.     (1) enabled/disabled

             Auditing of "Object Access:
             Filtering Platform
             Connection" events on
             success should be enabled
CCE-4568-2   or disabled as appropriate. (1) enabled/disabled

             Auditing of "Object Access:
             Filtering Platform
             Connection" events on
             failure should be enabled or
CCE-5079-9   disabled as appropriate.     (1) enabled/disabled

             Auditing of "Object Access:
             Filtering Platform Packet
             Drop" events on success
             should be enabled or
CCE-4947-8   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Object Access:
             Filtering Platform Packet
             Drop" events on failure
             should be enabled or
CCE-4335-6   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Object Access:
             Handle Manipulation"
             events on success should
             be enabled or disabled as
CCE-4828-0   appropriate.                (1) enabled/disabled

             Auditing of "Object Access:
             Handle Manipulation"
             events on failure should be
             enabled or disabled as
CCE-4965-0   appropriate.                (1) enabled/disabled
             Auditing of "Object Access:
             Kernel Object" events on
             success should be enabled
CCE-4996-5   or disabled as appropriate. (1) enabled/disabled

             Auditing of "Object Access:
             Kernel Object" events on
             failure should be enabled or
CCE-4885-0   disabled as appropriate.     (1) enabled/disabled

             Auditing of "Object Access:
             Other Object Access
             Events" events on success
             should be enabled or
CCE-5132-6   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Object Access:
             Other Object Access
             Events" events on failure
             should be enabled or
CCE-4691-2   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Object Access:
             Registry" events on success
             should be enabled or
CCE-4594-8   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Object Access:
             Registry" events on failure
             should be enabled or
CCE-5087-2   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Object Access:
             SAM" events on success
             should be enabled or
CCE-4616-9   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Object Access:
             SAM" events on failure
             should be enabled or
CCE-4982-5   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             Audit Policy Change" events
             on success should be
             enabled or disabled as
CCE-4201-0   appropriate.                (1) enabled/disabled
             Auditing of "Policy Change:
             Audit Policy Change" events
             on failure should be
             enabled or disabled as
CCE-5137-5   appropriate.                (1) enabled/disabled
             Auditing of "Policy Change:
             Authentication Policy
             Change" events on success
             should be enabled or
CCE-4877-7   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             Authentication Policy
             Change" events on failure
             should be enabled or
CCE-4516-1   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             Authorization Policy
             Change" events on success
             should be enabled or
CCE-5172-2   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             Authorization Policy
             Change" events on failure
             should be enabled or
CCE-5058-3   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             Filtering Platform Policy
             Change" events on success
             should be enabled or
CCE-5177-1   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             Filtering Platform Policy
             Change" events on failure
             should be enabled or
CCE-4939-5   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             MPSSVC Rule-Level Policy
             Change" events on success
             should be enabled or
CCE-5181-3   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             MPSSVC Rule-Level Policy
             Change" events on failure
             should be enabled or
CCE-4204-4   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Policy Change:
             Other Policy Change
             Events" events on success
             should be enabled or
CCE-4479-2   disabled as appropriate.    (1) enabled/disabled
             Auditing of "Policy Change:
             Other Policy Change
             Events" events on failure
             should be enabled or
CCE-4995-7   disabled as appropriate.    (1) enabled/disabled
             Auditing of "Privilege Use:
             Non Sensitive Privilege
             Use" events on success
             should be enabled or
CCE-5114-4   disabled as appropriate.    (1) enabled/disabled
             Auditing of "Privilege Use:
             Non Sensitive Privilege
             Use" events on failure
             should be enabled or
CCE-4990-8   disabled as appropriate.    (1) enabled/disabled

             Auditing of "Privilege Use:
             Other Privilege Use Events"
             events on success should
             be enabled or disabled as
CCE-5131-8   appropriate.                  (1) enabled/disabled
             Auditing of "Privilege Use:
             Privilege Use: Other
             Privilege Use Events"
             events on failure should be
             enabled or disabled as
CCE-4205-1   appropriate.                  (1) enabled/disabled
             Auditing of "Privilege Use:
             Sensitive Privilege Use"
             events on success should
             be enabled or disabled as
CCE-4300-0   appropriate.                  (1) enabled/disabled
             Auditing of "Privilege Use:
             Sensitive Privilege Use"
             events on failure should be
             enabled or disabled as
CCE-4734-0   appropriate.                  (1) enabled/disabled

             Auditing of "System: Ipsec
             Driver" events on success
             should be enabled or
CCE-4976-7   disabled as appropriate.      (1) enabled/disabled

             Auditing of "System: Ipsec
             Driver" events on failure
             should be enabled or
CCE-4879-3   disabled as appropriate.      (1) enabled/disabled

             Auditing of "System: Other
             System Events" events on
             success should be enabled
CCE-4998-1   or disabled as appropriate. (1) enabled/disabled
             Auditing of "System: Other
             System Events" events on
             failure should be enabled or
CCE-4883-5   disabled as appropriate.     (1) enabled/disabled
             Auditing of "System:
             Security State Change"
             events on success should
             be enabled or disabled as
CCE-4535-1   appropriate.                 (1) enabled/disabled
             Auditing of "System:
             Security State Change"
             events on failure should be
             enabled or disabled as
CCE-5157-3   appropriate.                 (1) enabled/disabled

             Auditing of "System:
             Security System Extension"
             events on success should
             be enabled or disabled as
CCE-5170-6   appropriate.               (1) enabled/disabled

             Auditing of "System:
             Security System Extension"
             events on failure should be
             enabled or disabled as
CCE-4910-6   appropriate.                (1) enabled/disabled

             Auditing of "System:
             System Integrity" events on
             success should be enabled
CCE-5047-6   or disabled as appropriate. (1) enabled/disabled

             Auditing of "System:
             System Integrity" events on
             failure should be enabled or
CCE-4822-3   disabled as appropriate.     (1) enabled/disabled

             User notifications when a
             program is blocked from
             receiving inbound
             connections by Windows
             Firewall should be enabled
             or disabled as appropriate   (1) yes/no/not
CCE-4941-1   for the Domain Profile.      configured



             The "Log Dropped Packets"
             option for the Windows
             Firewall should be
             configured correctly for the
CCE-4597-1   Private Profile.             (1) enabled/disabled
             The "Log Successful
             Connections" option for the
             Windows Firewall should be
             configured correctly for the
CCE-4963-5   Private Profile.             (1) enable/disabled




             The log file path and name
             for the Windows Firewall
             should be configured
             correctly for the Private
CCE-4206-9   Profile.                       (1) File path




             The log file size limit for the
             Windows Firewall should be
             configured correctly for the
CCE-4207-7   Private Profile.                (1) Size limit (KB)



             The "Log Dropped Packets"
             option for the Windows
             Firewall should be
             configured correctly for the
CCE-4507-0   Public Profile.              (1) enabled/disabled
             The "Log Successful
             Connections" option for the
             Windows Firewall should be
             configured correctly for the
CCE-5128-4   Public Profile.              (1) enable/disabled




             The log file path and name
             for the Windows Firewall
             should be configured
             correctly for the Public
CCE-4639-1   Profile.                      (1) File path




             The log file size limit for the
             Windows Firewall should be
             configured correctly for the
CCE-4278-8   Public Profile.                 (1) Size limit (KB)
             The ISATAP tunneling
             protocol for IPv6 should be
             enabled or disabled as
CCE-5146-6   appropriate.                    (1) enabled/disabled

             The 6to4 tunneling protocol
             for IPv6 should be enabled
CCE-5036-9   or disabled as appropriate. (1) enabled/disabled
             The Teredo tunneling
             protocol for IPv6 should be
             enabled or disabled as
CCE-4811-6   appropriate.                (1) enabled/disabled
             The "Turn off Help
             Experience Improvement
             Program" setting should be
CCE-5239-9   configured correctly.       (1) enabled/disabled

             The "Turn off Help Ratings"
             setting should be configured
CCE-4851-2   correctly.                   (1) enabled/disabled
             The "Create Symbolic
             Links" user right should be
             assigned to the appropriate
CCE-4294-5   accounts.                   (1) list of accounts


             The screen saver should be
             enabled or disabled as
             appropriate for the current
CCE-5043-5   user.                       (1) enabled/disabled

             The "Screen Saver
             Executable Name" setting
             should be configured           (1) filename of the
             correctly for the current      screensaver
CCE-5264-7   user.                          executable

                                            (1) 0 = No additional
                                            protection, source
                                            routed packets are
                                            allowed | 1 =
                                            Medium, source
                                            routed packets
                                            ignored when IP
                                            forwarding is enabled
                                            | 2 = Highest
             IP Source Routing should       protection, source
             be properly configured for     routing is completely
CCE-5101-1   IPv6.                          disabled
             The "MSS:
             (TCPMaxDataRetransmissi
             ons) IPv6, how many times
             unacknowledged data is
             retransmitted (3
             recommended, 5 is default)"
             setting should be configured
CCE-4271-3   correctly.                   (1) Numeric value


             The "User Account Control:
             Allow UIAccess applications
             to prompt for elevation"
             setting should be configured
CCE-4467-7   correctly.                     (1) enabled/disabled
             The time in seconds before
             the screen saver grace
             period expires
             (ScreenSaverGracePeriod)
             setting should be configured   (1) number of
CCE-7716-4   correctly.                     seconds
             The "Access credential
             Manager as a trusted caller"
             user right should be
             assigned to the correct
CCE-8458-2   accounts.                      (1) Set of accounts
             The "add workstations to
             domain" user right should
             be assigned to the correct
CCE-7615-8   accounts.                     (1) Set of accounts


                                           (1) Enabled: Do not
                                           execute any autorun
                                           commands Enabled:
             The default behavior for      Automatically
             AutoRun should be properly execute autorun
CCE-8404-6   configured.                   commands Disabled
                                           (1) Silently succeed |
             The "Unsigned Driver          Warn but allow
             Installation Behavior" policy installation | Do not
CCE-8387-3   should be set correctly.      allow installation


             The "Do Not Allow Windows
             Messenger to be Run"
             policy should be set
CCE-8501-9   correctly.                (1) enabled/disabled

             The "Secure Channel:
             Digitally Encrypt Secure
             Channel Data (When
             Possible)" policy should be
CCE-8342-8   set correctly.                (1) enabled/disabled


             The Autoplay policy "Don't
             set the always do this
             checkbox" should be
CCE-8095-2   configured correctly.         (1) enabled/disabled

             The "enable computer and
             user accounts to be trusted
             for delegation" user right
             should be assigned to the
CCE-8034-1   correct accounts.           (1) set of accounts



             Automatic Reboot After
             System Crash should be
             enabled or disabled as
CCE-8250-3   appropriate.                  (1) enabled/disabled




             Administrative Shares
             should be enabled or
CCE-8547-2   disabled as appropriate.      (1) enabled/disabled
             Disable saving of dial-up
             passwords should be
CCE-8389-9   properly configured.         (1) enabled/disabled


             CD Burning features in
             Windows Explorer should
             be enabled or disabled as
CCE-8608-2   appropriate.                 (1) enabled/disabled
             The "Remove Security tab"
             setting should be configured
CCE-7952-5   correctly.                   (1) enabled/disabled

             The "System cryptography:
             Force strong key protection
             for user keys stored on the
             computer" policy should be
             enabled or disabled as
CCE-7624-0   appropriate.                (1) enabled/disabled

             The "System settings: Use
             Certificate Rules on
             Windows Executables for
             Software Restriction
             Policies" setting should be
CCE-7621-6   configured properly.        (1) enabled/disabled
             The Windows Firewall
             "Allow ICMP exceptions"
             policy should be enabled or
             disabled as appropriate for
CCE-8470-7   the Domain Profile.         (1) enabled/disabled

             The Windows Firewall
             "Define inbound program
             exceptions" policy should
             be enabled or disabled as
             appropriate for the Domain
CCE-7629-9   Profile.                   (1) enabled/disabled


             The Windows Firewall
             inbound program
             exceptions list should be set
             appropriately for the
CCE-8516-7   Domain Profile.               (1) List of programs
             The Windows Firewall
             "Allow ICMP exceptions"
             policy should be enabled or
             disabled as appropriate for
CCE-8188-5   the Standard Profile.         (1) enabled/disabled
                                            No
              The 'Audit Credential         auditing/Success/Fail
              Validation' setting should be ure/Success and
CCE-18588-4   configured correctly.         Failure

              The 'Games' features
              should be configured
CCE-18891-2   correctly.                   enabled/disabled



              The 'Internet Information
              Services' features should
CCE-18279-0   be configured correctly.     enabled/disabled



              The 'SimpleTCP Services'
              features should be
CCE-18624-7   configured correctly.        enabled/disabled

              The 'Telnet Client' features
              should be configured
CCE-18129-7   correctly.                   enabled/disabled

              The 'Telnet Server' features
              should be configured
CCE-18284-0   correctly.                   enabled/disabled

              The 'TFTP Client' features
              should be configured
CCE-18700-5   correctly.                   enabled/disabled

              The 'Windows Media
              Center' features should be
CCE-18689-0   configured correctly.        enabled/disabled
                                        Old v4 CCE
             CCE Technical Mechanisms
                                             ID




(1) defined by Local or Group Policy    CCE-733



(1) defined by Local or Group Policy    CCE-980



(1) defined by Local or Group Policy    CCE-658



(1) defined by Local or Group Policy    CCE-2628



(1) defined by Local or Group Policy    CCE-2543




(1) defined by Local or Group Policy    CCE-2000




(1) defined by Local or Group Policy    CCE-1646




(1) defined by Local or Group Policy    CCE-2118




(1) defined by Local or Group Policy    CCE-2390



(1) defined by Local or Group Policy    CCE-1686
(1) defined by Local or Group Policy                  CCE-1744




(1) defined by Local or Group Policy                  CCE-2640



(1) defined by Local or Group Policy                  CCE-1991




(1) defined by Local or Group Policy                  CCE-2412



(1) defined by Local or Group Policy                  CCE-2347



(1) defined by Local or Group Policy                  CCE-2431



(1) defined by Local or Group Policy                  CCE-2584




(1) defined by Local or Group Policy                  CCE-2529



(1) defined by Local or Group Policy                  CCE-2617



(1) defined by Local or Group Policy                  CCE-2420



(1) defined by Local or Group Policy                  CCE-1680
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\EventLog\Application\RestrictGuestAccess
(2) defined by Group Policy                           CCE-299
(1) Computer Configuration\Administrative Templates\Windows
Components\Event Log Service\Application\Maximum Log Size
(2)
HKLM\Software\Policies\Microsoft\Windows\EventLog\Applicati
on!MaxSize                                                    CCE-185

(1) Computer Configuration\Administrative Templates\Windows
Components\Event Log Service\Application\Retain old events
(2)
HKLM\Software\Policies\Microsoft\Windows\EventLog\Applicati
on\Retention
(3)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\EventLog\Application\Retention                              CCE-285
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\EventLog\Security\RestrictGuestAccess
(2) defined by Group Policy                                   CCE-462

(1) Computer Configuration\Administrative Templates\Windows
Components\Event Log Service\Security\Maximum Log Size
(2)
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!
MaxSize                                                       CCE-757

(1) Computer Configuration\Administrative Templates\Windows
Components\Event Log Service\Security\Retain old events
(2)
HKLM\Software\Policies\Microsoft\Windows\EventLog\Security\
Retention
(3)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\EventLog\Application\Retention                              CCE-523
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\EventLog\System\RestrictGuestAccess
(2) defined by Group Policy                                   CCE-726

(1) Computer Configuration\Administrative Templates\Windows
Components\Event Log Service\System\Maximum Log Size
(2)
HKLM\Software\Policies\Microsoft\Windows\EventLog\System!
MaxSize                                                       CCE-735

(1) Computer Configuration\Administrative Templates\Windows
Components\Event Log Service\System\Retain old events
(2)
HKLM\Software\Policies\Microsoft\Windows\EventLog\System\
Retention
(3)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\EventLog\Application\Retention                              CCE-664
(1) defined by Local or Group Policy                   CCE-871


(1) defined by Local or Group Policy                   CCE-324



(1) defined by Local or Group Policy                   CCE-100



(1) defined by Local or Group Policy                   CCE-633



(1) defined by Local or Group Policy                   CCE-60




(1) defined by Local or Group Policy                   CCE-479
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Messenger\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy                           CCE-729
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\mnmsrvc\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy                           CCE-232

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Lsa\RestrictAnonymous
(2) defined by Local or Group Policy                   CCE-195

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Lsa\RestrictAnonymousSAM
(2) defined by Local or Group Policy                   CCE-318
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\
Lsa\AnonymousNameLookup
(2) defined by Local or Group                          CCE-953



(1) Local Users and Groups MMC                         CCE-332



(1) Local Users and Groups MMC                         CCE-499
(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\System\LegalNoticeCaption
(2) defined by Local or Group Policy                    CCE-23
(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\System\LegalNoticeText
(2) defined by Local or Group Policy                    CCE-829

(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\AutoAdminLogon               CCE-283
(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Policies\Explorer\NoDriveTypeAutoRun        CCE-44
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
sTcpip\Parameters\EnableICMPRedirect                    CCE-150




(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Tcpip\Parameters\DisableIPSourceRouting               CCE-564
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Tcpip\Parameters\PerformRouterDiscovery               CCE-952

(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\DontDisplayLastUserName      CCE-65
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Lanmanserver\Parameters\Hidden                        CCE-139
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Tcpip\Parameters\EnableDeadGWDetect                   CCE-897
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Tcpip\Parameters\KeepAliveTime                        CCE-188

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Netbt\Parameters\NoNameReleaseOnDemand                CCE-817
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Tcpip\Parameters\SynAttackProtect                     CCE-284
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Eventlog\Security\WarningLevel                          CCE-125
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Session
Manager\SafeDllSearchMode                                        CCE-271


(1) defined by Local or Group Policy                             CCE-438


(1) defined by Local or Group Policy                             CCE-834
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanManServer\Parameters\AutoDisconnect
(2) defined by Local or Group Policy                             CCE-222
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\AuditBaseObjects
(2) defined by Local or Group Policy                             CCE-2
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\FullPrivilegeAuditing
(2) defined by Local or Group Policy                             CCE-905

(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\System\DisableCAD
(2) defined by Local or Group Policy                             CCE-133

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\P
rint\Providers\LanMan Print Services\Servers\AddPrinterDrivers
(2) defined by Local or Group Policy                             CCE-402


(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateCDRoms
(2) defined by Local or Group Policy                             CCE-565


(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateFloppies
(2) defined by Local or Group Policy                             CCE-463

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Netlogon\Parameters\RequireStrongKey
(2) defined by Local or Group Policy                             CCE-417

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanmanWorkstation\Parameters\EnablePlainTextPassword
(2) defined by Local or Group Policy                             CCE-228

(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\PasswordExpiryWarning
(2) defined by Local or Group Policy                             CCE-814
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\CrashOnAuditFail
(2) defined by Local or Group Policy                    CCE-92

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanmanWorkstation\Parameters\RequireSecuritySignature
(2) defined by Local or Group Policy                    CCE-576

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanmanWorkstation\Parameters\EnableSecuritySignature
(2) defined by Local or Group Policy                    CCE-519
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanManServer\Parameters\RequireSecuritySignature
(2) defined by Local or Group Policy                    CCE-171
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanManServer\Parameters\EnableSecuritySignature
(2) defined by Local or Group Policy                    CCE-104
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\CachedLogonsCount
(2) defined by Local or Group Policy                    CCE-773

(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\AllocateDASD
(2) defined by Local or Group Policy                    CCE-919

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Netlogon\Parameters\RequireSignOrSeal
(2) defined by Local or Group Policy                    CCE-549

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Netlogon\Parameters\SealSecureChannel
(2) defined by Local or Group Policy                    CCE-161

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Netlogon\Parameters\SignSecureChannel
(2) defined by Local or Group Policy                    CCE-918
(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ScRemoveOption
(2) defined by Local or Group Policy                    CCE-443

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Netlogon\Parameters\DisablePasswordChange
(2) defined by Local or Group Policy                    CCE-831
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\LimitBlankPasswordUse
(2) defined by Local or Group Policy                    CCE-533
(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\System\UndockWithoutLogon
(2) defined by Local or Group Policy                    CCE-186
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Netlogon\Parameters\MaximumPasswordAge
(2) defined by Local or Group Policy                    CCE-194


(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\ForceUnlockLogon
(2) defined by Local or Group Policy                    CCE-374
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanManServer\Parameters\EnableForcedLogoff
(2) defined by Local or Group Policy                    CCE-278
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\DisableDomainCreds
(2) defined by Local or Group Policy                    CCE-542
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\EveryoneIncludesAnonymous
(2) defined by Local or Group Policy                    CCE-18
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanManServer\Parameters\NullSessionPipes
(2) defined by Local or Group Policy                    CCE-136
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\S
ecurePipeServers\Winreg\AllowedPathsHKLM
(2) defined by Local or Group Policy                    CCE-189
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LanManServer\Parameters\NullSessionShares
(2) defined by Local or Group Policy                    CCE-942
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\ForceGuest
(2) defined by Local or Group Policy                    CCE-343

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\NoLMHash
(2) defined by Local or Group Policy                    CCE-233


(1) defined by Local or Group Policy                    CCE-775
(1) User Configuration\Administrative Templates\Control
Panel\Display\Screen Saver Timeout
(2) HKCU\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveTimeOut
(3) HKEY_CURRENT_USER\Control
Panel\Desktop\ScreenSaveTimeOut                           CCE-830


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
NT\Terminal Services\fPromptForPassword                   CCE-855


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
NT\Terminal Services\fAllowToGetHelp                      CCE-859


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
NT\Terminal Services\fAllowUnsolicited                    CCE-434


                                                          CCE-306




                                                          CCE-989




                                                          CCE-1


                                                          CCE-641



                                                          CCE-804




                                                          CCE-458
                                                              CCE-740




                                                              CCE-22

(1)
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Sys
tem\SCForceOption                                             CCE-828




                                                              CCE-638



(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Tcpip\Parameters\TcpMaxConnectResponseRetransmissions         CCE-577

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
Tcpip\Parameters\TcpMaxDataRetransmissions                    CCE-872


(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Fi
leSystem\NtfsDisable8dot3NameCreation                         CCE-511
(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
ows NT\RPC\EnableAuthEpResolution                             CCE-145
(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
ows NT\RPC\RestrictRemoteClients                              CCE-423
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Enab
leFirewall                                                    CCE-806
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoN
otAllowExceptions                                             CCE-969
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Auth
orizedApplications\AllowUserPrefMerge                         CCE-502
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Enab
led                                                              CCE-771
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Servi
ces\FileAndPrint\Enabled                                         CCE-555

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Servi
ces\RemoteDesktop\Enabled                                        CCE-832
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Servi
ces\UPnPFramework\Enabled                                        CCE-590

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Disa
bleNotifications                                                 CCE-762
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Loggi
ng\LogDroppedPackets
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Windows Firewall: Allow Logging - Log
Dropped Packets                                                  CCE-251

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Loggi
ng\LogFilePath
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Windows Firewall: Allow Logging - Log
file path and name
(3) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Domain Profile Tab\Logging\Name                       CCE-793
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Loggi
ng\LogFileSize
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Windows Firewall: Allow Logging - Size
limit (KB)                                                       CCE-57
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Loggi
ng\LogSuccessfulConnections
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Windows Firewall: Allow Logging - Log
successful connections                                          CCE-617


(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Disa
bleUnicastResponsesToMulticastBroadcast                         CCE-696
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Glob
allyOpenPorts                                                   CCE-114
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Glob
allyOpenPorts\AllowUserPrefMerge                                CCE-370
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Ena
bleFirewall                                                     CCE-273
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Do
NotAllowExceptions                                              CCE-440
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Aut
horizedApplications\AllowUserPrefMerge                          CCE-352
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Ser
vices\RemoteDesktop                                             CCE-467

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Ser
vices\RemoteDesktop\Enabled                                     CCE-626
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Ser
vices\RemoteDesktop\Enabled                                     CCE-354
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Ser
vices\UPnPFramework\Enabled                                     CCE-266
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Dis
ableNotifications                                              CCE-901


(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Dis
ableUnicastResponsesToMulticastBroadcast                       CCE-632
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Glo
ballyOpenPorts                                                 CCE-196
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Glo
ballyOpenPorts\AllowUserPrefMerge                              CCE-77

(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile\Inbound Connections Tab\
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\DomainProfile\DefaultInboundAction                 CCE-249
(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\DomainProfile\DefaultOutboundAction                CCE-485

(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\DomainProfile\AllowLocalPolicyMerge                CCE-400


(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\DomainProfile\AllowLocalIPsecPolicyMerge           CCE-584
(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PrivateProfile\EnableFirewall                      CCE-7
(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PrivateProfile\DefaultInboundAction                CCE-29
(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PrivateProfile\DefaultOutboundAction               CCE-32


(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PrivateProfile\DisableNotifications                CCE-38

(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PrivateProfile\DisableUnicastResponsesToMulticas
tBroadcast                                                     CCE-70

(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PrivateProfile\AllowLocalPolicyMerge               CCE-117


(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Private Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PrivateProfile\AllowLocalIPsecPolicyMerge          CCE-199
(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PublicProfile\EnableFirewall                       CCE-295
(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PublicProfile\DefaultInboundAction                 CCE-338
(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PublicProfile\DefaultOutboundAction                CCE-342


(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PublicProfile\DisableNotifications                 CCE-390

(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PublicProfile\DisableUnicastResponsesToMulticast
Broadcast                                                      CCE-414

(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PublicProfile\AllowLocalPolicyMerge                CCE-421


(1)Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall Properties\Public Profile\Customized Settings
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
owsFirewall\PublicProfile\AllowLocalIPsecPolicyMerge           CCE-437

(1) Computer Configuration\Administrative
Templates\System\Logon
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Policies\Explorer\DisableLocalMachineRun           CCE-503

(1) Computer Configuration\Administrative
Templates\System\Logon
(2)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Policies\Explorer\DisableLocalMachineRunOnce       CCE-583
(1) Computer Configuration\Administrative
Templates\System\Group Policy
(2) HKLM\Software\Policies\Microsoft\Windows\Group
Policy\{35378EAC-683F-11D2-A89A-
00C04FBBCFA2}!NoBackgroundPolicy,
HKLM\Software\Policies\Microsoft\Windows\Group
Policy\{35378EAC-683F-11D2-A89A-
00C04FBBCFA2}!NoGPOListChanges                                CCE-584
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ex
plorer!NoWebServices                                          CCE-691

(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2) HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP    CCE-722
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)
HKLM\Software\Policies\Microsoft\SearchCompanion!DisableC
ontentFileUpdates                                             CCE-818
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2) HKLM\Software\Policies\Microsoft\Windows
NT\Printers!DisableHTTPPrinting                               CCE-852
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2) HKLM\Software\Policies\Microsoft\Windows
NT\Printers!DisableWebPnPDownload                             CCE-887
(1) Computer Configuration\Administrative
Templates\System\Internet Communication Settings
(2)
HKLM\Software\Policies\Microsoft\Windows\DriverSearching!D
ontSearchWindowsUpdate                                        CCE-927
(1) Computer Configuration\Administrative
Templates\System\Credential User Interface
(2)
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Cr
edUI\EnumerateAdministrators                                  CCE-935
(1) Computer Configuration\Administrative
Templates\System\Credential User Interface
(2)
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Cr
edUI\EnableSecureCredentialPrompting                          CCE-255
(1) Computer Configuration\Administrative Templates\Windows
Components\Internet Explorer\Security Features\Add-on
Management
(2)
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext
!RestrictToList                                               CCE-466
(1) Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Remote Desktop Connection
(2) HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\DisablePasswordSaving                                       CCE-976
(1) Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Device and
Resource Redirection
(2) HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\Terminal Services!fDisableCdm                               CCE-648
(1) User Configuration\Administrative Templates\System
(2)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\Policies\System\DisableRegistryTools                   CCE-405
(1) User Configuration\Administrative Templates\System\Power
Mangement
(2)
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows
\System\Power\PromptPasswordOnResume                           CCE-509
(1) User Configuration\Administrative
Templates\System\Attachment Manager
(2)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\Policies\Attachments\SaveZoneInformation               CCE-12

(1) User Configuration\Administrative
Templates\System\Attachment Manager
(2)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\Policies\Attachments\HideZoneInfoOnProperties          CCE-58
(1) User Configuration\Administrative
Templates\System\Attachment Manager
(2)
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current
Version\Policies\Attachments\ScanWithAntiVirus                 CCE-372
(1) User Configuration\Administrative Templates\Windows
Components\Internet Explorer
(2) HKEY_CURRENT_USER\Software\Microsoft\Outlook
Express\BlockExeAttachments                                    CCE-886
(1) Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options
(2)
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Control\Ls
a\SCENoApplyLegacyAuditPolicy                                  CCE-111
(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\EventLog\Setup\ChannelAccess                                  CCE-1044

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Eventlog\Application\Windows Search Service\Start            CCE-84
(1)
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\
Disabled                                                     CCE-86


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\WCN\UI\DisableWcnUi                                         CCE-629

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\DeviceInstall\Settings\AllowRemoteRPC                       CCE-593


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\DeviceInstall\Settings\DisableSystemRestore                 CCE-849


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\DeviceInstall\Settings\DisableSendGenericDriverNotFoundTo
WER                                                          CCE-571

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\WindowsUpdate\DisableWindowsUpdateAccess                    CCE-91

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemC
ertificates\AuthRoot\DisableRootAutoUpdate                   CCE-858

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventVie
wer\MicrosoftEventVwrDisableLinks                            CCE-263

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\HandwritingErrorReports\PreventHandwritingErrorReports      CCE-430


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealt
h\HelpSvc\Headlines                                          CCE-756


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealt
h\HelpSvc\MicrosoftKBSearchs                                 CCE-1029
(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Internet Connection Wizard\ExitOnMSICW                     CCE-1055

(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Explorer\NoInternetOpenWith                CCE-1064



(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Registration Wizard Control\NoRegistration                 CCE-88

(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Explorer\NoOnlinePrintsWizard              CCE-375

(1) [HKEY_LOCAL_MACHINE | HKEY_CURRENT_USER]
\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo
rer\NoPublishingWizard                                      CCE-1009


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
MovieMaker\CodecDownload                                    CCE-1040

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
MovieMaker\WebHelp                                          CCE-1062


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
MovieMaker\WebPublish                                       CCE-93


(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Explorer\NoWelcomeScreen                   CCE-1020

(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\System\DisableStartupSound                 CCE-681

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\P
owerSettings\0e796bdb-100d-47d6-a2d5-
f7d2daa51f51\DCSettingIndex                                 CCE-346
(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\P
owerSettings\0e796bdb-100d-47d6-a2d5-
f7d2daa51f51\ACSettingIndex                               CCE-1011

(1)
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows
NT\Terminal Services\CreateEncryptedOnlyTickets           CCE-1007

(1)
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows
NT\Terminal Services\UseCustomMessages                    CCE-923

(1)
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows
NT\Terminal Services\UseBandwidthOptimization             CCE-1056

(1)
HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows
NT\Terminal Services\LoggingEnabled                       CCE-835

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
NT\IIS\PreventIISInstall                                  CCE-474

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistan
ce\Client\1.0\NoActiveHelp                                CCE-557

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistan
ce\Client\1.0\NoUntrustedContent                          CCE-95

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet
Explorer\Feeds\DisableEnclosureDownload                   CCE-767


(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
ows\Windows Search\AllowIndexingEncryptedStoresOrItems    CCE-1049

(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
ows\Windows
Search\PreventIndexingUncachedExchangeFolders             CCE-1058

(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Windows\TurnOffWinCal                    CCE-441
(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClie
nt\CorporateSQMURL                                          CCE-97

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
Defender\DisableAntiSpyware                                 CCE-728

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Explorer\NoHeapTerminationOnCorruption                     CCE-384


(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Explorer\PreXPSP2ShellProtocolBehavior     CCE-480


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Installer\DisableLUAPatching                               CCE-612

(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\System\ReportControllerMissing             CCE-392

(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
ows Mail\DisableCommunities                                 CCE-96

(1)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Wind
ows Mail\ManualLaunchAllowed                                CCE-331

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM
\DisableOnline                                              CCE-1089


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Windows Collaboration\TurnOffWindowsCollaboration          CCE-992


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Windows Collaboration\TurnOnWindowsCollaborationAuditing   CCE-105



(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Windows\Sidebar\TurnOffUnsignedGadgets     CCE-297
(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Windows\Sidebar\OverrideMoreGadgetsLink      CCE-702

(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\Windows\Sidebar\TurnOffUserInstalledGadget
s                                                             CCE-644


(1) Computer Configuration\Administrative Templates\Windows
Components\Digital Locker                                     CCE-1747


(1) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Components\Game Explorer                                      CCE-1778

(1) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Outbound Rules                CCE-1795

(1) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Outbound Rules                CCE-1293


                                                              CCE-227


                                                              CCE-6


                                                              CCE-37


                                                              CCE-33



                                                              CCE-588
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\Tcpip\Parameters\EnablePMTUDiscovery                        CCE-998

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\IPSEC\NoDefaultExempt                                       CCE-501
(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security
Options\Network access: Remotely accessible registry paths
and subpaths                                                  CCE-1185
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\LMCompatibilityLevel
(2) defined by Local or Group Policy                              CCE-719
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\
LDAP\LDAPClientIntegrity
(2) defined by Local or Group Policy                              CCE-732
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\MSV1_0\NTLMMinClientSec
(2) defined by Local or Group Policy                              CCE-674
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\MSV1_0\NTLMMinServerSec
(2) defined by Local or Group Policy                              CCE-766


(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel
(2) defined by Local or Group Policy                              CCE-410


(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Setup\RecoveryConsole\SetCommand
(2) defined by Local or Group Policy                              CCE-76
(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\System\ShutdownWithoutLogon
(2) defined by Local or Group Policy                              CCE-224
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\S
ession Manager\Memory
Management\ClearPageFileAtShutdown
(2) defined by Local or Group Policy                              CCE-422

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\L
sa\FIPSAlgorithmPolicy
(2) defined by Local or Group Policy                              CCE-55

(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\S
ession Manager\Kernel\ObCaseInsensitive
(2) defined by Local or Group Policy                              CCE-300
(1)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\S
ession Manager\ProtectionMode
(2) defined by Local or Group Policy                              CCE-508


(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Admin Approval Mode for the Built-in
Administrator account                                             CCE-1078
(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Behavior of the elevation prompt for
administrators in Admin Approval Mode                                  CCE-1063

(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Behavior of the elevation prompt for standard
users                                                                  CCE-1067


(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Detect application installations and prompt for
elevation                                                              CCE-1128


(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Only elevate executables that are signed and
validated                                                              CCE-1104



(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Only elevate UIAccess applications that are
installed in secure locations                                          CCE-986


(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Run all administrators in Admin Approval
Mode                                                                   CCE-1050


(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Switch to the secure desktop when prompting
for elevation                                                          CCE-230


(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\Security Options\User
Account Control: Virtualize file and registry write failures to per-
user locations                                                         CCE-673



(1) defined by the SeNetworkLogonRight setting in Local or
Group Policy                                                           CCE-532
(1) defined the SeTcbPrivilege setting in by Local or Group
Policy                                                             CCE-162



(1) defined the SeIncreaseQuotaPrivilege setting in by Local or
Group Policy                                                       CCE-807

(1) defined the SeInteractiveLogonRight setting in by Local or
Group Policy                                                       CCE-965


(1) defined the SeRemoteInteractiveLogonRight setting in by
Local or Group Policy                                              CCE-883


(1) defined the SeBackupPrivilege setting in by Local or Group
Policy                                                             CCE-931


(1) defined the SeChangeNotifyPrivilege setting in by Local or
Group Policy                                                       CCE-376


(1) defined the SeSystemTimePrivilege setting in by Local or
Group Policy                                                       CCE-799

(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Rights
Assignment\Change the time zone                                    CCE-470


(1) defined the SeCreatePagefilePrivilege setting in by Local or
Group Policy                                                       CCE-895


(1) defined the SeCreateTokenPrivilege setting in by Local or
Group Policy                                                       CCE-926



                                                                   CCE-383


(1) defined the SeCreatePermanentPrivilege setting in by Local
or Group Policy                                                    CCE-335


(1) defined the SeDebugPrivilege setting in by Local or Group
Policy                                                             CCE-842
(1) defined by the SeDenyNetworkLogonRight setting in Local
or Group Policy                                                   CCE-898


(1) defined the SeDenyBatchLogonRight setting in by Local or
Group Policy                                                      CCE-165


(1) defined the SeDenyServiceLogonRight setting in by Local or
Group Policy                                                      CCE-597


(1) defined the SeDenyInteractiveLogonRight setting in by Local
or Group Policy                                                   CCE-64


(1) defined the SeDenyRemoteInteractiveLogonRight setting in
by Local or Group Policy                                          CCE-108


(1) defined the SeRemoteShutdownPrivilege setting in by Local
or Group Policy                                                   CCE-754


(1) defined the SeAuditPrivilege setting in by Local or Group
Policy                                                            CCE-939



                                                                  CCE-304

(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Rights
Assignment\Increase a process working set                         CCE-1027


(1) defined the SeIncreaseBasePriorityPrivilege setting in by
Local or Group Policy                                             CCE-349


(1) defined the SeLoadDriverPrivilege setting in by Local or
Group Policy                                                      CCE-860


(1) defined the SeLockMemoryPrivilege setting in by Local or
Group Policy                                                      CCE-749


(1) defined the SeBatchLogonRight setting in by Local or Group
Policy                                                            CCE-177
(1) defined the SeServiceLogonRight setting in by Local or
Group Policy                                                       CCE-216


(1) defined the SeSecurityPrivilege setting in by Local or Group
Policy                                                             CCE-850

(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Rights
Assignment\Modify an object label                                  CCE-1023


(1) defined the SeSystemEnvironmentPrivilege setting in by
Local or Group Policy                                              CCE-17


(1) defined the SeManageVolumePrivilege setting in by Local or
Group Policy                                                       CCE-314


(1) defined the SeProfileSingleProcessPrivilege setting in by
Local or Group Policy                                              CCE-260


(1) defined the SeSystemProfilePrivilege setting in by Local or
Group Policy                                                       CCE-599



(1) defined the SeUndockPrivilege setting in by Local or Group
Policy                                                             CCE-656


(1) defined the SeAssignPrimaryTokenPrivilege setting in by
Local or Group Policy                                              CCE-667


(1) defined the SeRestorePrivilege setting in by Local or Group
Policy                                                             CCE-553


(1) defined the SeShutdownPrivilege setting in by Local or
Group Policy                                                       CCE-839



(1) defined the SeSynchAgentPrivilege setting in by Local or
Group Policy                                                       CCE-381



(1) defined the SeTakeOwnershipPrivilege setting in by Local or
Group Policy                                                       CCE-492
(1) defined by the object's DACL
(2) defined through group policy                            CCE-957
(1) HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(
Reserved)
(2) HKLM\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!
explorer.exe
(3) HKLM\Software\Policies\Microsoft\Internet
(4) Local Internet Options:
(5) GPO Settings:[Computer Configuration | User
Configuration]/Network/Internet Explorer/Internet Control
Panel/Security Features/Protection From Zone Elevation
(6) Registry Keys:[HKLM |
HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(
Reserved)
(7) [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\
explorer.exe
(8) [HKLM | HKCU]\Software\Policies\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\i
explore.exe                                                 CCE-347


(1) GPO Setting: Computer Configuration\Administrative
Templates\Network\Link-Layer Topology Discovery\Turn on
Responder (RSPNDR) driver                                   CCE-1134


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Network Connections\NC_AllowNetBridge_NLA                  CCE-896



(1) GPO Setting: Computer Configuration\Administrative
Templates\Network\Network Connections\Prohibit use of
Internet Connection Firewall on your DNS domain network     CCE-241
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Start
(2) defined by the Services Administrative Tool
(3) definied by Group Policy                                CCE-672




(1) GPO Setting: Computer Configuration\Administrative
Templates\Network\Windows Connect Now\Configuration of
wireless settings using Windows Connect Now                 CCE-734
(1) GPO Setting: Computer Configuration\Administrative
Templates\System\Group Policy\Internet Explorer Maintenance
Policy Processing                                             CCE-365
(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealt
h\ErrorReporting\DoReport                                     CCE-592
(1)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Policies\system\LogonType                             CCE-231


(1) GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\ActiveX Installer
Service\Approved Installation Sites for ActiveX Controls      CCE-836
GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Event Log
Service\Setup\Maximum Log Size (KB)                           CCE-262
(1) Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Device and
Resource Redirection
(2) HKLM\SOFTWARE\Policies\Microsoft\Windows
NT\Terminal Services!fDisableCdm                              CCE-648


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
NT\Terminal Services\MinEncryptionLevel                       CCE-397


1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
NT\Terminal Services\MaxDisconnectionTime                     CCE-920

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
NT\Terminal Services\MaxIdleTime                              CCE-123




(1) GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Windows
Defender\Configure Microsoft Spynet Reporting                 CCE-312
(1) GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Windows Error
Reporting\Disable Logging                                     CCE-959

(1) GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Windows Error
Reporting\Disable Windows Error Reporting                     CCE-803
(1) GPO Settings: Computer Configuration\Administrative
Templates\System\Error Reporting\Display Error Notification
(2) Computer Configuration\Administrative Templates\Windows
Components\Windows Error Reporting\Display Error
Notification                                                  CCE-259

(1) GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Windows Error Reporting\Do
not send additional data                                      CCE-798
(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Installer\SafeForScripting\                                  CCE-261
(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
\Installer\EnableUserControl                                  CCE-415


(1) GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Windows Media Player\Do
Not Show First Use Dialog Boxes                               CCE-1140

(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows
MediaPlayer\DisableAutoupdate                                 CCE-455


(1) GPO Setting: Computer Configuration\Administrative
Templates\Windows Components\Windows Media
Player\Prevent Desktop Shortcut Creation                      CCE-313


(1)
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messeng
er\Client\PreventAutoRun                                      CCE-309

(1) User Configuration\Administrative Templates\Control
Panel\Display\Password protect the screen saver
(2) HKCU\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure                             CCE-949

(1) GPO Setting: User Configuration\Administrative
Templates\Windows Components\Network Sharing\Prevent
users from sharing files within their profiles                CCE-1144




(1) via auditpol                                              CCE-801
(1) via auditpol   CCE-1016




(1) via auditpol   CCE-1070




(1) via auditpol   CCE-840




(1) via auditpol   CCE-515




(1) via auditpol   CCE-1048




(1) via auditpol   CCE-206




(1) via auditpol   CCE-1202




(1) via auditpol   CCE-1118




(1) via auditpol   CCE-369
(1) via auditpol   CCE-1043




(1) via auditpol   CCE-924




(1) via auditpol   CCE-1413




(1) via auditpol   CCE-699




(1) via auditpol   CCE-913




(1) via auditpol   CCE-1079




(1) via auditpol   CCE-416




(1) via auditpol   CCE-1250




(1) via auditpol   CCE-1219
(1) via auditpol   CCE-1365




(1) via auditpol   CCE-207




(1) via auditpol   CCE-1186




(1) via auditpol   CCE-1199




(1) via auditpol   CCE-459




(1) via auditpol   CCE-317




(1) via auditpol   CCE-982




(1) via auditpol   CCE-881




(1) via auditpol   CCE-247
(1) via auditpol   CCE-1264




(1) via auditpol   CCE-1282




(1) via auditpol   CCE-1028




(1) via auditpol   CCE-362




(1) via auditpol   CCE-1207




(1) via auditpol   CCE-351




(1) via auditpol   CCE-1257




(1) via auditpol   CCE-1274




(1) via auditpol   CCE-493



(1) via auditpol   CCE-996




(1) via auditpol   CCE-1284
(1) via auditpol   CCE-1097




(1) via auditpol   CCE-378




(1) via auditpol   CCE-1208




(1) via auditpol   CCE-371




(1) via auditpol   CCE-1038




(1) via auditpol   CCE-1322




(1) via auditpol   CCE-379




(1) via auditpol   CCE-1345




(1) via auditpol   CCE-1261




(1) via auditpol   CCE-1372
(1) via auditpol   CCE-1033




(1) via auditpol   CCE-1085




(1) via auditpol   CCE-1340




(1) via auditpol   CCE-717




(1) via auditpol   CCE-744




(1) via auditpol   CCE-385




(1) via auditpol   CCE-589




(1) via auditpol   CCE-1363




(1) via auditpol   CCE-1244
(1) via auditpol   CCE-1288




(1) via auditpol   CCE-1305




(1) via auditpol   CCE-642




(1) via auditpol   CCE-1026




(1) via auditpol   CCE-1138




(1) via auditpol   CCE-1283




(1) via auditpol   CCE-446




(1) via auditpol   CCE-451




(1) via auditpol   CCE-1110




(1) via auditpol   CCE-991
(1) via auditpol   CCE-388




(1) via auditpol   CCE-180




(1) via auditpol   CCE-187




(1) via auditpol   CCE-448




(1) via auditpol   CCE-1042




(1) via auditpol   CCE-1112




(1) via auditpol   CCE-203




(1) via auditpol   CCE-879




(1) via auditpol   CCE-205
(1) via auditpol   CCE-787




(1) via auditpol   CCE-391




(1) via auditpol   CCE-404




(1) via auditpol   CCE-1203




(1) via auditpol   CCE-406




(1) via auditpol   CCE-488




(1) via auditpol   CCE-1258




(1) via auditpol   CCE-1177




(1) via auditpol   CCE-1314




(1) via auditpol   CCE-1332
(1) via auditpol                                                 CCE-337




(1) via auditpol                                                 CCE-1121




(1) via auditpol                                                 CCE-1139




(1) via auditpol                                                 CCE-1270




(1) via auditpol                                                 CCE-1102




(1) via auditpol                                                 CCE-856




(1) via auditpol                                                 CCE-336



(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Windows Firewall with Advanced
Security\Windows Firewall with Advanced Security\Windows
Firewall Properties\Domain Profile Tab\Settings\Firewall
settings\Display a notification                                  CCE-1047
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Loggi
ng\LogDroppedPackets
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Private Profile\Windows Firewall: Allow Logging - Log
Dropped Packets                                                  CCE-325
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Loggi
ng\LogSuccessfulConnections
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Private Profile\Windows Firewall: Allow Logging - Log
successful connections
(3) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile Tab\Logging\Logged successful
connections                                                      CCE-327

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Loggi
ng\LogFilePath
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Private Profile\Windows Firewall: Allow Logging - Log
file path and name
(3) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile Tab\Logging\Name                      CCE-999

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Loggi
ng\LogFileSize
(2) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Private Profile Tab\Logging\Size limit (KB)           CCE-1091
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Loggin
g\LogDroppedPackets
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Public Profile\Windows Firewall: Allow Logging - Log
Dropped Packets                                                  CCE-1165
(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Loggin
g\LogSuccessfulConnections
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Public Profile\Windows Firewall: Allow Logging - Log
successful connections
(3) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile Tab\Logging\Logged successful
connections                                                     CCE-534

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Loggin
g\LogFilePath
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Public Profile\Windows Firewall: Allow Logging - Log
file path and name
(3) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile Tab\Logging\Name                      CCE-1263

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Loggin
g\LogFileSize
(2) Computer Configuration\Windows Settings\Security
Settings\Windows Firewall with Advanced Security\Windows
Firewall with Advanced Security\Windows Firewall
Properties\Public Profile Tab\Logging\Size limit (KB)           CCE-1313

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\tcpip6\Parameters\DisableComponents                           CCE-1227

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\tcpip6\Parameters\DisableComponents                           CCE-1036

(1)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service
s\tcpip6\Parameters\DisableComponents                           CCE-1148
(1) GPO Setting: User Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off Help
Experience Improvement Program                                  CCE-174
(1) GPO Setting: User Configuration\Administrative
Templates\System\Internet Communication
Management\Internet Communication settings\Turn off Help
Ratings                                                         CCE-1109
(1) GPO Setting: Computer Configuration\Windows
Settings\Security Settings\Local Policies\User Rights
Assignment\Create Symbolic Links                                 CCE-1176
(1) User Configuration\Administrative Templates\Control
Panel\Display\Screen Saver
(2) HKCU\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverActive
(3) HKEY_CURRENT_USER\Control
Panel\Desktop\ScreenSaveActive
(1) User Configuration\Administrative Templates\Control
Panel\Display\Screen Saver Executable Name
(2) HKCU\Software\Policies\Microsoft\Windows\Control
Panel\Desktop\SCRNSAVE.EXE
(3) HKEY_CURRENT_USER\Control
Panel\Desktop\SCRNSAVE.EXE




(1) Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(DisableIPSourceRouting) IPv6 source routing protection level
(protects against packet spoofing)
(2)
HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\
DisableIPSourceRouting
(1) Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\MSS:
(TCPMaxDataRetransmissions) IPv6, how many times
unacknowledged data is retransmitted (3 recommended, 5 is
default)
(2)
HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\
TcpMaxDataRetransmissions

(1) Computer Configuration\Windows Settings\Security
Settings\Local Policies\Security Options\User Account Control:
Allow UIAccess applications to prompt for elevation
(2)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\System\EnableUIADesktopToggle




(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod


(1) Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Access
credential Manager as a trusted caller                           CCE-389
(1) Computer Configuration\Windows Settings\Security
Settings\Local Policies\User Rights Assignment\Add
workstations to domain                                            CCE-183



(1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\Explorer\NoAutoRun
(2) Computer Configuration\Administrative Templates\Windows
Components\Autoplay Policies\Default behavior for AutoRun
(1) HKLM\Software\Microsoft\Driver Signing\Policy
(2) Computer Configuration\Windows Settings\Local
Policies\Security Options\Devices: Unsigned driver installation
behavior                                                          CCE-413
(1)
HKLM\Software\Policies\Microsoft\Messenger\Client\PreventRu
n
(2) Computer Configuration\Administrative Templates\Windows
Components\Windows Messenger\Do not allow Windows
Messenger to be run                                               CCE-802
(1)
HKLM\System\CurrentControlSet\Services\Netlogon\Parameter
s\sealsecurechannel
(2)Computer Configuration\Windows Settings\Local
Policies\Security Options\Secure Channel: Digitally Encrypt
Secure Channel Data (When Possible)                               CCE-601
(1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\Explorer\DontSetAutoplayCheckbox
(2) Computer Configuration\Adminsitrative Templates\Windows
Components\Autoplay Policies\Don't set the always do this
checkbox



(1) Computer Configuration\Windows Settings\Local
Policies\User Rights Assignment\Enable computer and user
accounts to be trusted for delegation                             CCE-15
(1)
HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\AutoR
eboot
(2) Computer Configuration\Windows Settings\Local
Policies\Security Options\MSS: (AutoReboot) Allow Windows to
automatically restart after a system crash (recommended
except for highly secure environments)                            CCE-137
(1)
HKLM\System\CurrentControlSet\Services\LanmanServer\Para
meters\AutoShareWks
(2) Computer Configuration\Windows Settings\Local
Policies\Security Options\MSS: (AutoShareWks) Enable
Administrative Shares (recommended except for highly secure
environments)                                                     CCE-512
(1)
HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Paramete
rs\DisableSavePassword
(2)Computer Configuration\Windows Settings\Local
Policies\Security Options\MSS: (DisableSavePassword) Prevent
the dial-up passsword from being saved (recommended)               CCE-156

(1)
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Net
work\NoCDBurning
(2) User Configuration\Administrative Templates\Windows
Components\Windows Explorer\Remove CD Burning features             CCE-113
(1) GPO Setting: User Configuration\Administrative
Templates\Windows Components\Windows Explorer\Remove
Security tab                                                       CCE-1022

(1)
HKLM\Software\Policies\Microsoft\Cryptography\ForceKeyProte
ction
(2) Computer Configuration\Windows Settings\Local
Policies\Security Options\System cryptography: Force strong
key protection for user keys stored on the computer                CCE-647

(1)
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifie
rs\AuthenticodeEnabled
(2) Computer Configuration\Windows Settings\Local
Policies\Security Options\System settings: Use Certificate Rules
on Windows Executables for Software Restriction Policies           CCE-572


(1) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows Firewall
\Domain Profile\Allow ICMP exceptions                              CCE-277

(1)
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\Domai
nProfile\AuthorizedApplications\Enabled
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Define inbound program exceptions

(1)
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\Domai
nProfile\AuthorizedApplications\Enabled
(2) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows
Firewall\Domain Profile\Define inbound program exceptions


(1) Computer Configuration\Administrative
Templates\Network\Network Connections\Windows Firewall
\Standard Profile\Allow ICMP exceptions                            CCE-797
(1) Computer Configuration\Windows Settings\Security
Settings\Advanced Audit Policy Configuration\System Audit
Policies\Account Logon\Audit Credential Validation
(1) Control Panel\Programs and Features\Turn Windows
features on or off\Games

(2) %Program Files%\Microsoft Games
(1) Control Panel\Programs and Features\Turn Windows
features on or off\Internet Information Services

(2)
HKLM\SYSTEM\CurrentControlSet\Services\W3Svc\DisplayNa
me
(1) Control Panel\Programs and Features\Turn Windows
features on or off\SimpleTCP Services

(2)
HKLM\SYSTEM\CurrentControlSet\Services\simptcp\DisplayNa
me
(1) Control Panel\Programs and Features\Turn Windows
features on or off\Telnet Client

(2) %windir%\system32\telnet.exe
(1) Control Panel\Programs and Features\Turn Windows
features on or off\Telnet Server

(2) HKLM\SYSTEM\CurrentControlSet\Services\tlntsvr
(1) Control Panel\Programs and Features\Turn Windows
features on or off\TFTP Client

(2) %windir%\system32\tftp.exe
(1) Control Panel\Programs and Features\Turn Windows
features on or off\Windows Media Center

(2) %windir%\ehome\ehshell.exe
    NIST SCAP Windows Vista       NIST SCAP Windows Vista OVAL
     XCCDF (SCAP-WinVista-         (SCAP-WinVista-OVAL.xml rev
    XCCDF.xml rev 2007-02-06)              2007-02-06)




reset-account-lockout-counter     oval:com.secure-elements.oval:def:6009



account-lockout-duration          oval:com.secure-elements.oval:def:6007



account-lockout-threshold         oval:com.secure-elements.oval:def:6008



audit-account-logon-events        oval:com.secure-elements.oval:def:6010



audit-account-logon-events        oval:com.secure-elements.oval:def:6010




audit-account-management          oval:com.secure-elements.oval:def:6011




audit-account-management          oval:com.secure-elements.oval:def:6011




audit-directory-services-access   oval:com.secure-elements.oval:def:6012




audit-directory-services-access   oval:com.secure-elements.oval:def:6012



audit-logon-events                oval:com.secure-elements.oval:def:6013
audit-logon-events                     oval:com.secure-elements.oval:def:6013




audit-object-access                    oval:com.secure-elements.oval:def:6014



audit-object-access                    oval:com.secure-elements.oval:def:6014




audit-policy-change                    oval:com.secure-elements.oval:def:6015



audit-policy-change                    oval:com.secure-elements.oval:def:6015



audit-privilege-use                    oval:com.secure-elements.oval:def:6016



audit-privilege-use                    oval:com.secure-elements.oval:def:6016




audit-process-tracking                 oval:com.secure-elements.oval:def:6017



audit-process-tracking                 oval:com.secure-elements.oval:def:6017



audit-system-events                    oval:com.secure-elements.oval:def:6018



audit-system-events                    oval:com.secure-elements.oval:def:6018



Prevent-Guest-Application-Log-Access   oval:com.secure-elements.oval:def:6509
Maximum-Application-Log-Size           oval:com.secure-elements.oval:def:6506




Retention-Method-For-Application-Log   oval:com.secure-elements.oval:def:6512



Prevent-Guest-Security-Log-Access      oval:com.secure-elements.oval:def:6511




Maximum-Security-Log-Size              oval:com.secure-elements.oval:def:6507




Retention-Method-For-Security-Log      oval:com.secure-elements.oval:def:6513



Prevent-Guest-System-Log-Access        oval:com.secure-elements.oval:def:6510




Maximum-System-Log-Size                oval:com.secure-elements.oval:def:6508




Retention-Method-For-System-Log        oval:com.secure-elements.oval:def:6514
maximum-password-age                    oval:com.secure-elements.oval:def:6002


minimum-password-age                    oval:com.secure-elements.oval:def:6003



minimum-password-length                 oval:com.secure-elements.oval:def:6006



password-complexity                     oval:com.secure-elements.oval:def:6004



enforce-password-history                oval:com.secure-elements.oval:def:6001




reversible-password-encryption          oval:com.secure-elements.oval:def:6005



Do-not-allow-Windows-Messenger-to-be-
run                                     oval:com.secure-elements.oval:def:6601




Disable-remote-Desktop-Sharing          oval:com.secure-elements.oval:def:6595



do-not-allow-anonymous-enumeration-sam-
accounts-shares                         oval:com.secure-elements.oval:def:6071




do-not-allow-anonymous-enumeration-sam oval:com.secure-elements.oval:def:6070



Anonymous-SID-Name-Translation



guest-account-status                    oval:com.secure-elements.oval:def:6020



administrator-account-status            oval:com.secure-elements.oval:def:6019
message-title-users-attempting-logon        oval:com.secure-elements.oval:def:6042



message-text-users-attempting-logon         oval:com.secure-elements.oval:def:6041


enable-automatic-logon                      oval:com.secure-elements.oval:def:6054

                                            oval:com.secure-elements.oval:def:6574,
Turn-off-Autoplay, no-drive-type-auto-run   oval:com.secure-elements.oval:def:6060


enable-icmp-redirect                        oval:com.secure-elements.oval:def:6057




disable-ip-source-routing                   oval:com.secure-elements.oval:def:6055


perform-router-discovery                    oval:com.secure-elements.oval:def:6063


do-not-display-last-user-name               oval:com.secure-elements.oval:def:6039


hide-system-from-browse-list                oval:com.secure-elements.oval:def:6058


enable-dead-gw-detect                       oval:com.secure-elements.oval:def:6056


keep-alive-time                             oval:com.secure-elements.oval:def:6059



no-name-release-on-demand                   oval:com.secure-elements.oval:def:6061


syn-attack-protect                          oval:com.secure-elements.oval:def:6066


warning-level                               oval:com.secure-elements.oval:def:6069
safe-dll-search-mode                      oval:com.secure-elements.oval:def:6064


rename-administrator                      oval:com.secure-elements.oval:def:6022


rename-guest                              oval:com.secure-elements.oval:def:6023


amount-of-idle-time-required-before-
suspending-session                        oval:com.secure-elements.oval:def:6050



audit-access-global-system-objects        oval:com.secure-elements.oval:def:6024



audit-use-backup-restore-privilege        oval:com.secure-elements.oval:def:6025




do-not-require-ctrlaltdel                 oval:com.secure-elements.oval:def:6040




prevent-users-installing-printers         oval:com.secure-elements.oval:def:6030




restrict-cdrom-access-local-users-only    oval:com.secure-elements.oval:def:6031




restrict-floppy-access-local-users-only   oval:com.secure-elements.oval:def:6032




require-strong-session-key                oval:com.secure-elements.oval:def:6038



send-unencrypted-password-to-third-party-
smb-servers                               oval:com.secure-elements.oval:def:6049


prompt-user-to-change-password-before-
expiration                                oval:com.secure-elements.oval:def:6044
shutdown-system-unable-log-audits           oval:com.secure-elements.oval:def:6027




digitally-sign-communications-client-always oval:com.secure-elements.oval:def:6047



digitally-sign-communications-client-server-
agrees                                       oval:com.secure-elements.oval:def:6048


digitally-sign-communications-server-
always                                      oval:com.secure-elements.oval:def:6051


digitally-sign-communications-server-client-
agrees                                       oval:com.secure-elements.oval:def:6052


number-of-previous-logons-to-cache          oval:com.secure-elements.oval:def:6043



allow-format-eject-removable-media          oval:com.secure-elements.oval:def:6029



digitally-encrypt-or-sign-secure-channel-
data-always                                 oval:com.secure-elements.oval:def:6034



digitally-encrypt-secure-channel-data-when-
possible                                    oval:com.secure-elements.oval:def:6033



digitally-sign-secure-channel-data-when-
possible                                    oval:com.secure-elements.oval:def:6035


smart-card-removal-behaviour                oval:com.secure-elements.oval:def:6046



disable-machine-account-password-
changes                                     oval:com.secure-elements.oval:def:6036
limit-blank-password-use                   oval:com.secure-elements.oval:def:6021



allow-undock-no-logon                      oval:com.secure-elements.oval:def:6028



maximum-machine-account-password-age oval:com.secure-elements.oval:def:6037



require-domain-controller-authentication-to-
unlock                                       oval:com.secure-elements.oval:def:6045



disconnect-client-when-logon-hours-expire oval:com.secure-elements.oval:def:6053


do-not-allow-storage-credentials-net-
passports-network-authn                    oval:com.secure-elements.oval:def:6072


let-everyone-permissions-apply-to-
anonymous-users                            oval:com.secure-elements.oval:def:6073



named-pipes-accessed-anonymously           oval:com.secure-elements.oval:def:6074

Remotely-accessible-registry-paths,        oval:com.secure-
Remotely-accessible-registry-paths-and-    elements.oval:def:6075oval:com.secure-
sub-paths                                  elements.oval:def:6076

Shares-that-can-be-accessed-
anonymously -- NOTE: COMMENTED
OUT


Sharing-and-security-model-for-local-
accounts                                   oval:com.secure-elements.oval:def:6079



Do-not-store-LAN-Manager-hash-value-on-
next-password-change                    oval:com.secure-elements.oval:def:6080


Force-logoff-when-logon-hours-expire       oval:com.secure-elements.oval:def:6081
Always-prompt-client-for-password-upon-
connection                                 oval:com.secure-elements.oval:def:6599




Solicited-Remote-Assistance                oval:com.secure-elements.oval:def:6564




Offer-Remote-Assistance                    oval:com.secure-elements.oval:def:6563


Configure-Automatic-Updates                oval:com.secure-elements.oval:def:6604




Do-not-adjust-default-option-to-Install-
Updates-and-Shut-Down                      oval:com.secure-elements.oval:def:6603




Do-not-display-Install-Updates-and-Shut-
Down                                       oval:com.secure-elements.oval:def:6602

No-auto-restart-for-scheduled-Automatic-
Updates-installations                      oval:com.secure-elements.oval:def:6605


Reschedule-Automatic-Updates-scheduled-
installations                           oval:com.secure-elements.oval:def:6606




MachineAccessRestrictions
MachineLaunchRestrictions




Require-Smart-Card                       oval:com.secure-elements.oval:def:6082




Restrict-anonymous-access-to-Named-
Pipes-and-Shares                         oval:com.secure-elements.oval:def:6077




tcp-max-connect-response-retransmissions oval:com.secure-elements.oval:def:6067



tcp-max-data-retransmissions             oval:com.secure-elements.oval:def:6068




ntfs-disable-8dot3-name-creation         oval:com.secure-elements.oval:def:6062

RPC-Endpoint-Mapper-Client-
Authentication                           oval:com.secure-elements.oval:def:6566

Restrictions-for-Unauthenticated-RPC-
clients                                  oval:com.secure-elements.oval:def:6565

Domain-Profile-Firewall-Protect-All-
Network-Connections, Domain-Profile-     oval:com.secure-elements.oval:def:6547,
Firewall-State                           oval:com.secure-elements.oval:def:6515


Domain-Profile-Firewall-Do-Not-Allow-
Exceptions                               oval:com.secure-elements.oval:def:6544


Domain-Profile-Firewall-Allow-Local-
Program-Exceptions                       oval:com.secure-elements.oval:def:6541
Domain-Profile-Firewall-Allow-Inbound-
Remote-Administration-Exception           oval:com.secure-elements.oval:def:6537


Domain-Profile-Firewall-Allow-Inbound-File-
And-Printer-Sharing-Exception               oval:com.secure-elements.oval:def:6536



Domain-Profile-Firewall-Allow-Inbound-
Remote-Desktop-Exceptions                 oval:com.secure-elements.oval:def:6538


Domain-Profile-Firewall-Allow-Inbound-
UPnP-Framework-Exceptions                 oval:com.secure-elements.oval:def:6539


Domain-Profile-Firewall-Prohibit-
Notifications, Domain-Profile-Display-    oval:com.secure-elements.oval:def:6545,
Notification                              oval:com.secure-elements.oval:def:6518
Domain-Profile-Firewall-Prohibit-Unicast-
Response, Domain-Profile-Allow-Unicast-      oval:com.secure-elements.oval:def:6546,
Response                                     oval:com.secure-elements.oval:def:6519


Domain-Profile-Firewall-Define-Inbound-
Port-Exceptions                              oval:com.secure-elements.oval:def:6542


Domain-Profile-Firewall-Allow-Local-Port-
Exceptions                                   oval:com.secure-elements.oval:def:6540


Standard-Profile-Firewall-Protect-All-
Network-Connections                          oval:com.secure-elements.oval:def:6559


Standard-Profile-Firewall-Do-Not-Allow-
Exceptions                                   oval:com.secure-elements.oval:def:6556


Standard-Profile-Firewall-Define-Inbound-
Program-Exceptions                           oval:com.secure-elements.oval:def:6555


Standard-Profile-Firewall-Allow-Inbound-
Remote-Administration-Exception              oval:com.secure-elements.oval:def:6549
Standard-Profile-Firewall-Allow-Inbound-
File-And-Printer-Sharing-
Exception,Standard-Profile-Firewall-Allow-   oval:com.secure-
Inbound-File-And-Printer-Sharing-            elements.oval:def:6548,oval:com.secure-
Exceptions                                   elements.oval:def:6553


Standard-Profile-Firewall-Allow-Inbound-
Remote-Desktop-Exceptions                    oval:com.secure-elements.oval:def:6550


Standard-Profile-Firewall-Allow-Inbound-
UPnP-Framework-Exceptions                    oval:com.secure-elements.oval:def:6551
Standard-Profile-Firewall-Prohibit-
Notifications                               oval:com.secure-elements.oval:def:6557




Standard-Profile-Firewall-Prohibit-Unicast-
Response                                    oval:com.secure-elements.oval:def:6558


Standard-Profile-Firewall-Define-Inbound-
Port-Exceptions                             oval:com.secure-elements.oval:def:6554


Standard-Profile-Firewall-Allow-Local-Port-
Exceptions                                  oval:com.secure-elements.oval:def:6552




Domain-Profile-Inbound-Connections          oval:com.secure-elements.oval:def:6516




Domain-Profile-Outbound-Connections         oval:com.secure-elements.oval:def:6517




Domain-Profile-Apply-Local-Firewall-Rules oval:com.secure-elements.oval:def:6520




Domain-Profile-Apply-Local-Connection-
Security-Rules                              oval:com.secure-elements.oval:def:6521




Private-Profile-Firewall-State              oval:com.secure-elements.oval:def:6522
Private-Profile-Inbound-Connections          oval:com.secure-elements.oval:def:6523




Private-Profile-Outbound-Connections         oval:com.secure-elements.oval:def:6524




Private-Profile-Display-Notification         oval:com.secure-elements.oval:def:6525




Private-Profile-Allow-Unicast-Response       oval:com.secure-elements.oval:def:6526




Private-Profile-Apply-Local-Firewall-Rules   oval:com.secure-elements.oval:def:6527




Private-Profile-Apply-Local-Connection-
Security-Rules                               oval:com.secure-elements.oval:def:6528




Public-Profile-Firewall-State                oval:com.secure-elements.oval:def:6529




Public-Profile-Inbound-Connections           oval:com.secure-elements.oval:def:6530
Public-Profile-Outbound-Connections         oval:com.secure-elements.oval:def:6531




Public-Profile-Display-Notification         oval:com.secure-elements.oval:def:6532




Public-Profile-Allow-Unicast-Response       oval:com.secure-elements.oval:def:6533




Public-Profile-Apply-Local-Firewall-Rules   oval:com.secure-elements.oval:def:6534




Public-Profile-Apply-Local-Connection-
Security-Rules                              oval:com.secure-elements.oval:def:6535




Do-Not-Process-Legacy-Run-List              oval:com.secure-elements.oval:def:6560




Do-Not-Process-Run-Once-List                oval:com.secure-elements.oval:def:6561
Registry-Policy-Processing                  oval:com.secure-elements.oval:def:6562



Turn-off-Internet-download-for-Web-
publishing-and-online-ordering-wizards      oval:com.secure-elements.oval:def:6568

Turn-off-the-Windows-Messenger-
Customer-Experience-Improvement-
Program                                     oval:com.secure-elements.oval:def:6569



Turn-off-Search-Companion-content-file-
updates                                     oval:com.secure-elements.oval:def:6570



Turn-off-printing-over-HTTP                 oval:com.secure-elements.oval:def:6571


Turn-off-downloading-of-print-drivers-over-
HTTP                                        oval:com.secure-elements.oval:def:6572



Turn-off-Windows-Update-device-driver-
searching                                   oval:com.secure-elements.oval:def:6573



Enumerate-administrator-accounts-on-
elevation                                   oval:com.secure-elements.oval:def:6575




Require-trusted-path-for-credential-entry   oval:com.secure-elements.oval:def:6576




Deny-all-add-ons-unless-specifically-
allowed-in-the-Add-on-List                  oval:com.secure-elements.oval:def:6594
Do-not-allow-passwords-to-be-saved          oval:com.secure-elements.oval:def:6596




Do-not-allow-drive-redirection              oval:com.secure-elements.oval:def:6598



                                            oval:com.secure-elements.oval:def:6500



Prompt-for-password-on-resume-from-
hibernate-suspend                           oval:com.secure-elements.oval:def:6714



Do-not-preserve-zone-information-in-file-
attachments                                 oval:com.secure-elements.oval:def:6502




Hide-mechanisms-to-remove-zone-
information                                 oval:com.secure-elements.oval:def:6503



Notify-antivirus-programs-when-opening-
attachments                                 oval:com.secure-elements.oval:def:6504



                                            oval:com.secure-elements.oval:def:6505




override-audit-policy-settings              oval:com.secure-elements.oval:def:6026


Log-Access-For-Setup-Log                    oval:com.secure-elements.oval:def:6701



Windows-Search                              oval:com.secure-elements.oval:def:6148
Turn-Off-Microsoft-Peer-to-Peer-
Networking-Services                        oval:com.secure-elements.oval:def:6662



Prohibit-Access-of-the-Windows-Connect-
Now-Wizards                                oval:com.secure-elements.oval:def:6665



Allow-remote-access-to-the-PnP-interface   oval:com.secure-elements.oval:def:6667



Do-not-create-system-restore-point-when-
new-device-driver-installed                oval:com.secure-elements.oval:def:6668




Do-not-send-Windows-Error-Report-when-
generic-driver-is-installed-on-device  oval:com.secure-elements.oval:def:6669


Turn-Off-Access-to-All-Windows-Update-
Feature                                    oval:com.secure-elements.oval:def:6673


Turn-Off-Automatic-Root-Certificates-
Update                                     oval:com.secure-elements.oval:def:6674



Turn-Off-Event-Views-Events.asp-Links      oval:com.secure-elements.oval:def:6675


Turn-Off-Handwriting-Reconition-Error-
Reporting                                  oval:com.secure-elements.oval:def:6676



Turn-Off-Help-and-Support-Center-Did-you-
Know-Content                              oval:com.secure-elements.oval:def:6677



Turn-Off-Help-and-Support-Center-
Microsoft-Knowledge-Base-Search            oval:com.secure-elements.oval:def:6678
Turn-Off-Internet-Connection-Wizard-if-
URL-Connection-is-Referring-to-
Microsoft.com                                 oval:com.secure-elements.oval:def:6679



Turn-Off-Internet-File-Association-Service    oval:com.secure-elements.oval:def:6680




Turn-Off-Registration-if-URL-Connection-is-
Referring-to-Microsoft.com                  oval:com.secure-elements.oval:def:6681



Turn-Off-the-Order-Prints-Picture-Task        oval:com.secure-elements.oval:def:6682


Turn-off-the-Publish-to-Web-task-for-files-
and-folders                                   oval:com.secure-elements.oval:def:6567



Turn-Off-Windows-Movies-Maker-
Automatic-Codec-Downloads                     oval:com.secure-elements.oval:def:6696


Turn-Off-Windows-Movie-Maker-Online-
Web-Links                                     oval:com.secure-elements.oval:def:6684



Turn-Off-Windows-Movie-Maker-Saving-to-
Online-Video-Hosting-Provider           oval:com.secure-elements.oval:def:6697



Do-Not-Display-the-Getting-Started-
Welcome-Screen-at-Logon                       oval:com.secure-elements.oval:def:6687



Turn-off-Windows-Startup-Sound                oval:com.secure-elements.oval:def:6688



Require-a-Password-when-a-Computer-
Wakes-On-Battery                              oval:com.secure-elements.oval:def:6689
Require-a-Password-when-a-Computer-
Wakes-Plugged                           oval:com.secure-elements.oval:def:6690



Allow-only-Vista-or-later-connections   oval:com.secure-elements.oval:def:6691



Customization-Warning-Messages          oval:com.secure-elements.oval:def:6692



Turn-on-bandwidth-optimization          oval:com.secure-elements.oval:def:6693



Turn-on-session-logging                 oval:com.secure-elements.oval:def:6694



Prevent-IIS-Installation                oval:com.secure-elements.oval:def:6107



Turn-Off-Active-Help                    oval:com.secure-elements.oval:def:6108



Turn-Off-Untrusted-Content              oval:com.secure-elements.oval:def:6109



Turn-off-downloading-enclosures         oval:com.secure-elements.oval:def:6110




Allow-indexing-of-encrypted-files       oval:com.secure-elements.oval:def:6704



Prevent-indexing-uncached-Exchange-
folders                                 oval:com.secure-elements.oval:def:6705



Turn-off-Windows-Calendar               oval:com.secure-elements.oval:def:6111
Allow-Corporate-Redirection-Customer-
Experience-Improvement-Program-
Uploads                                     oval:com.secure-elements.oval:def:6112



Turn-off-Windows-Defender                   oval:com.secure-elements.oval:def:6113



Turn-off-heap-termination-corruption        oval:com.secure-elements.oval:def:6118




Turn-off-shell-protocol-protected-mode      oval:com.secure-elements.oval:def:6119



Prohibit-Non-Administrators-applying-
vendorpatches                               oval:com.secure-elements.oval:def:6122


Report-logon-server-not-available-during-
user-logon                                  oval:com.secure-elements.oval:def:6123



Turn-off-communication-features             oval:com.secure-elements.oval:def:6124



Turn-off-windows-mail-app                   oval:com.secure-elements.oval:def:6125


Prevent-Windows-Media-DRM-Internet-
Access                                      oval:com.secure-elements.oval:def:6126




Turn-off-windows-meeting-space              oval:com.secure-elements.oval:def:6127




Turn-on-windows-meeting-space-auditing      oval:com.secure-elements.oval:def:6128




Disable-unpacking-installation-gadgets-not-
digitally-signed                            oval:com.secure-elements.oval:def:6129
Override-more-gadgets-Lnk                  oval:com.secure-elements.oval:def:6130



Turn-off-user-installed-windows-sidebar-
gidgets                                    oval:com.secure-elements.oval:def:6131



do_not_allow_digital_locker_to_run_var     oval:gov.nist.fdcc.vista:def:6698



turn_off_downloading_of_game_informatio
n                                       oval:gov.nist.fdcc.vista:def:6703



ipv6_block_protocols_41                    oval:gov.nist.fdcc.vistafirewall:def:6491



ipv6_block_udp_3544                        oval:gov.nist.fdcc.vistafirewall:def:6492
screen-saver-grace-period   oval:com.secure-elements.oval:def:6065
  FDCC Windows Vista XCCDF
                                 FDCC Windows Vista OVAL (fdcc-
    (fdcc-accepted-content-
                                 accepted-content-20080110\fdcc-
    20080110\fdcc-winvista-
                                        winvista-oval.xml)
           xccdf.xml)




account_lockout_reset_counter    oval:gov.nist.fdcc.vista:def:6009



account_lockout_duration         oval:gov.nist.fdcc.vista:def:6007



account_lockout_threshold        oval:gov.nist.fdcc.vista:def:6008



audit_account_logon_events       oval:gov.nist.fdcc.vista:def:27



audit_account_logon_events       oval:gov.nist.fdcc.vista:def:27




audit_account_management         oval:gov.nist.fdcc.vista:def:29




audit_account_management         oval:gov.nist.fdcc.vista:def:29




audit_directory_service_access   oval:gov.nist.fdcc.vista:def:30




audit_directory_service_access   oval:gov.nist.fdcc.vista:def:30



audit_logon_events               oval:gov.nist.fdcc.vista:def:32
audit_logon_events       oval:gov.nist.fdcc.vista:def:32




audit_object_access      oval:gov.nist.fdcc.vista:def:34



audit_object_access      oval:gov.nist.fdcc.vista:def:34




audit_policy_change      oval:gov.nist.fdcc.vista:def:35



audit_policy_change      oval:gov.nist.fdcc.vista:def:35



audit_privilege_use      oval:gov.nist.fdcc.vista:def:36



audit_privilege_use      oval:gov.nist.fdcc.vista:def:36




audit_process_tracking   oval:gov.nist.fdcc.vista:def:40



audit_process_tracking   oval:gov.nist.fdcc.vista:def:40



audit_system_events      oval:gov.nist.fdcc.vista:def:37



audit_system_events      oval:gov.nist.fdcc.vista:def:37
maximum_application_log_size   oval:gov.nist.fdcc.vista:def:197




maximum_security_log_size      oval:gov.nist.fdcc.vista:def:198




maximum_system_log_size        oval:gov.nist.fdcc.vista:def:199
password-maximum_age                      oval:gov.nist.fdcc.vista:def:6002


password-minimum-age                      oval:gov.nist.fdcc.vista:def:6003



password-minimum-length                   oval:gov.nist.fdcc.vista:def:6006



password_complexity                       oval:gov.nist.fdcc.vista:def:6004



password_enforce_history                  oval:gov.nist.fdcc.vista:def:6001




password_reversible_encryption            oval:gov.nist.fdcc.vista:def:6005



do_not_allow_windows_messenger_to_be
_run                                 oval:gov.nist.fdcc.vista:def:6601




Disable-remote-Desktop-Sharing            oval:gov.nist.fdcc.vista:def:6595



do-not-allow-anonymous-enumeration-sam-
accounts-shares                         oval:gov.nist.fdcc.vista:def:6071




do-not-allow-anonymous-enumeration-sam oval:gov.nist.fdcc.vista:def:6070



anonymous_sid_name_translation            oval:gov.nist.fdcc.vista:def:6106



guest-account-status                      oval:gov.nist.fdcc.vista:def:6020
message-title-users-attempting-logon   oval:gov.nist.fdcc.vista:def:6042



message-text-users-attempting-logon    oval:gov.nist.fdcc.vista:def:6041


enable-automatic-logon                 oval:gov.nist.fdcc.vista:def:6054


turn_off_autoplay                      oval:gov.nist.fdcc.vista:def:6574


enable-icmp-redirect                   oval:gov.nist.fdcc.vista:def:6057




disable-ip-source-routing              oval:gov.nist.fdcc.vista:def:6055


perform-router-discovery               oval:gov.nist.fdcc.vista:def:6063


do-not-display-last-user-name          oval:gov.nist.fdcc.vista:def:6039


hide-system-from-browse-list           oval:gov.nist.fdcc.vista:def:6058


enable-dead-gw-detect                  oval:gov.nist.fdcc.vista:def:6056


keep-alive-time                        oval:gov.nist.fdcc.vista:def:6059



no-name-release-on-demand              oval:gov.nist.fdcc.vista:def:6061


syn-attack-protect                     oval:gov.nist.fdcc.vista:def:6066


warning-level                          oval:gov.nist.fdcc.vista:def:6069
safe-dll-search-mode                       oval:gov.nist.fdcc.vista:def:6064


rename-administrator                       oval:gov.nist.fdcc.vista:def:6022


rename-guest                               oval:gov.nist.fdcc.vista:def:6023


amount-of-idle-time-required-before-
suspending-session                         oval:gov.nist.fdcc.vista:def:6050



audit-access-global-system-objects         oval:gov.nist.fdcc.vista:def:6024



audit-use-backup-restore-privilege         oval:gov.nist.fdcc.vista:def:6025




do-not-require-ctrlaltdel                  oval:gov.nist.fdcc.vista:def:6040




prevent-users-installing-printers          oval:gov.nist.fdcc.vista:def:6030




restrict-cdrom-access-local-users-only     oval:gov.nist.fdcc.vista:def:6031




restrict-floppy-access-local-users-only    oval:gov.nist.fdcc.vista:def:6032




require-strong-session-key                 oval:gov.nist.fdcc.vista:def:6038



send-unencrypted-password-to-third-party-
smb-servers                               oval:gov.nist.fdcc.vista:def:6049


prompt-user-to-change-password-before-
expiration                                 oval:gov.nist.fdcc.vista:def:6044
shutdown-system-unable-log-audits            oval:gov.nist.fdcc.vista:def:6027




digitally-sign-communications-client-always oval:gov.nist.fdcc.vista:def:6047



digitally-sign-communications-client-server-
agrees                                       oval:gov.nist.fdcc.vista:def:6048


digitally-sign-communications-server-
always                                       oval:gov.nist.fdcc.vista:def:6051


digitally-sign-communications-server-client-
agrees                                       oval:gov.nist.fdcc.vista:def:6052


number-of-previous-logons-to-cache           oval:gov.nist.fdcc.vista:def:6043



allow-format-eject-removable-media           oval:gov.nist.fdcc.vista:def:6029



digitally-encrypt-or-sign-secure-channel-
data-always                                  oval:gov.nist.fdcc.vista:def:6034



digitally-encrypt-secure-channel-data-when-
possible                                    oval:gov.nist.fdcc.vista:def:6033



digitally-sign-secure-channel-data-when-
possible                                     oval:gov.nist.fdcc.vista:def:6035


smart-card-removal-behaviour                 oval:gov.nist.fdcc.vista:def:6046



disable-machine-account-password-
changes                                      oval:gov.nist.fdcc.vista:def:6036
limit-blank-password-use                     oval:gov.nist.fdcc.vista:def:6021



allow-undock-no-logon                        oval:gov.nist.fdcc.vista:def:6028



maximum_machine-account-password-age oval:gov.nist.fdcc.vista:def:6037



require-domain-controller-authentication-to-
unlock                                       oval:gov.nist.fdcc.vista:def:6045



disconnect-client-when-logon-hours-expire oval:gov.nist.fdcc.vista:def:6053


do-not-allow-storage-credentials-net-
passports-network-authn                      oval:gov.nist.fdcc.vista:def:6072


let-everyone-permissions-apply-to-
anonymous-users                              oval:gov.nist.fdcc.vista:def:6073



named-pipes-accessed-anonymously             oval:gov.nist.fdcc.vista:def:6074



Remotely-accessible-registry-paths           oval:gov.nist.fdcc.vista:def:6075


Shares-that-can-be-accessed-
anonymously                                  oval:gov.nist.fdcc.vista:def:60771


Sharing-and-security-model-for-local-
accounts                                     oval:gov.nist.fdcc.vista:def:6079



Do-not-store-LAN-Manager-hash-value-on-
next-password-change                    oval:gov.nist.fdcc.vista:def:6080


Force-logoff-when-logon-hours-expire         oval:gov.nist.fdcc.vista:def:6081
screen_save_timeout                       oval:gov.nist.fdcc.vista:def:6708



Always-prompt-client-for-password-upon-
connection                                oval:gov.nist.fdcc.vista:def:6599




solicited_remote_assistance               oval:gov.nist.fdcc.vista:def:6564




offer_remote_assistance                   oval:gov.nist.fdcc.vista:def:6563




MachineAccessRestrictions                 oval:gov.nist.fdcc.vista:def:608243
MachineLaunchRestrictions                   oval:gov.nist.fdcc.vista:def:608244




Restrict-anonymous-access-to-Named-
Pipes-and-Shares                            oval:gov.nist.fdcc.vista:def:6077




tcp-max-connect-response-retransmissions oval:gov.nist.fdcc.vista:def:6067



tcp-max-data-retransmissions                oval:gov.nist.fdcc.vista:def:6068




ntfs-disable-8dot3-name-creation            oval:gov.nist.fdcc.vista:def:6062

rpc_endpoint_mapper_client_authenticatio
n                                        oval:gov.nist.fdcc.vista:def:6566

restrictions_for_unauthenticated_rpc_client
s                                           oval:gov.nist.fdcc.vista:def:6565
do_not_process_run_once_list   oval:gov.nist.fdcc.vista:def:6561
Turn-off-Internet-download-for-Web-
publishing-and-online-ordering-wizards     oval:gov.nist.fdcc.vista:def:6568

Turn-off-the-Windows-Messenger-
Customer-Experience-Improvement-
Program                                    oval:gov.nist.fdcc.vista:def:6569



Turn-off-Search-Companion-content-file-
updates                                    oval:gov.nist.fdcc.vista:def:6570



Turn-off-printing-over-HTTP                oval:gov.nist.fdcc.vista:def:6571


turn_off_downloading_of_print_drivers_ove
r_http                                    oval:gov.nist.fdcc.vista:def:6572



Turn-off-Windows-Update-device-driver-
searching                                  oval:gov.nist.fdcc.vista:def:6573



enumerate_administrator_accounts_on_ele
vation                                  oval:gov.nist.fdcc.vista:def:6575
Do-not-allow-passwords-to-be-saved         oval:gov.nist.fdcc.vista:def:6596




prompt_for_password_on_resume_from_hi
bernate_suspend                       oval:gov.nist.fdcc.vista:def:6714



do_not_preserve_zone_information_in_file
_attachments                             oval:gov.nist.fdcc.vista:def:6502




hide_mechanisms_to_remove_zone_infor
mation                                     oval:gov.nist.fdcc.vista:def:6503



notify_antivirus_programs_when_opening_
attachments                             oval:gov.nist.fdcc.vista:def:6504




override-audit-policy-settings             oval:gov.nist.fdcc.vista:def:6026
turn_off_microsoft_peer_to_peer_networki
ng_services                              oval:gov.nist.fdcc.vista:def:6662



prohibit_access_of_the_windows_connect_
now_wizards                             oval:gov.nist.fdcc.vista:def:6666


allow_remote_access_to_the_pnp_interfac
e                                       oval:gov.nist.fdcc.vista:def:6667



do_not_create_system_restore_point_whe
n_new_device_driver_installed          oval:gov.nist.fdcc.vista:def:6668




do_not_send_windows_error_report_when
_generic_driver_is_installed_on_device oval:gov.nist.fdcc.vista:def:6669




turn_off_automatic_root_certificates_updat
e                                          oval:gov.nist.fdcc.vista:def:6674



turn_off_event_views_events.asp_links       oval:gov.nist.fdcc.vista:def:6675


turn_off_handwriting_reconition_error_repo
rting                                      oval:gov.nist.fdcc.vista:def:6676
turn_off_internet_connection_wizard_if_url
_connection_is_referring_to_microsoft.com oval:gov.nist.fdcc.vista:def:6679



Turn-Off-Internet-File-Association-Service    oval:gov.nist.fdcc.vista:def:6680




Turn-Off-Registration-if-URL-Connection-is-
Referring-to-Microsoft.com                  oval:gov.nist.fdcc.vista:def:6681



Turn-Off-the-Order-Prints-Picture-Task        oval:gov.nist.fdcc.vista:def:6682


Turn-off-the-Publish-to-Web-task-for-files-
and-folders                                   oval:gov.nist.fdcc.vista:def:6567



Turn-Off-Windows-Movies-Maker-
Automatic-Codec-Downloads                     oval:gov.nist.fdcc.vista:def:6696


Turn-Off-Windows-Movie-Maker-Online-
Web-Links                                     oval:gov.nist.fdcc.vista:def:6684



Turn-Off-Windows-Movie-Maker-Saving-to-
Online-Video-Hosting-Provider           oval:gov.nist.fdcc.vista:def:6697



Do-Not-Display-the-Getting-Started-
Welcome-Screen-at-Logon                       oval:gov.nist.fdcc.vista:def:6687



Turn-off-Windows-Startup-Sound                oval:gov.nist.fdcc.vista:def:6688



Require-a-Password-when-a-Computer-
Wakes-On-Battery                              oval:gov.nist.fdcc.vista:def:6689
Require-a-Password-when-a-Computer-
Wakes-Plugged                         oval:gov.nist.fdcc.vista:def:6690




turn_on_session_logging               oval:gov.nist.fdcc.vista:def:6694



Prevent-IIS-Installation              oval:gov.nist.fdcc.vista:def:6107




turn_off_untrusted_content            oval:gov.nist.fdcc.vista:def:6109



turn_off_downloading_enclosures       oval:gov.nist.fdcc.vista:def:6110




Allow-indexing-of-encrypted-files     oval:gov.nist.fdcc.vista:def:6704



Prevent-indexing-uncached-Exchange-
folders                               oval:gov.nist.fdcc.vista:def:6705
turn_off_heap_termination_corruption        oval:gov.nist.fdcc.vista:def:6118




turn_off_shell_protocol_protected_mode      oval:gov.nist.fdcc.vista:def:6119



prohibit_non_administrators_install_signed
_updates                                   oval:gov.nist.fdcc.vista:def:6122


report_logon_server_not_available_during_
user_logon                                oval:gov.nist.fdcc.vista:def:6123



turn_off_communities_features               oval:gov.nist.fdcc.vista:def:6124



turn_off_windows_mail_app                   oval:gov.nist.fdcc.vista:def:6125


prevent_windows_media_drm_internet_acc
ess                                    oval:gov.nist.fdcc.vista:def:6126




turn_off_windows_meeting_space              oval:gov.nist.fdcc.vista:def:6127




disable_unpacking_installation_gadgets_no
t_digitally_signed                        oval:gov.nist.fdcc.vista:def:6129
override_more_gadgets_lnk                  oval:gov.nist.fdcc.vista:def:6130



turn_off_user_installed_windows_sidebar_
gidgets                                  oval:gov.nist.fdcc.vista:def:6131



do_not_allow_digital_locker_to_run         oval:gov.nist.fdcc.vista:def:6698



turn_off_downloading_of_game_informatio
n                                       oval:gov.nist.fdcc.vista:def:6703




kerberos-enforce-user-logon-restrictions   oval:gov.nist.fdcc.vista:def:987651


kerberos_maximum_lifetime_service_ticket oval:gov.nist.fdcc.vista:def:987652


kerberos_maximum_lifetime_user_ticket      oval:gov.nist.fdcc.vista:def:987653

kerberos_maximum_lifetime_user_ticket_r
enewal                                  oval:gov.nist.fdcc.vista:def:987654


kerberos_maximum_tolerance_computer_
clock_synchronization                oval:gov.nist.fdcc.vista:def:987655


allow-automatic-detection-mtu-size         oval:gov.nist.fdcc.vista:def:407



enable-nodefaultexempt-IPSec-Filtering     oval:gov.nist.fdcc.vista:def:116


Remotely-accessible-registry-paths-and-
sub-paths                                  oval:gov.nist.fdcc.vista:def:6076
Lan-manager-authentication-level            oval:gov.nist.fdcc.vista:def:6094



LDAP-client-signing-requirements            oval:gov.nist.fdcc.vista:def:6095


minimum-session-security-ntlm-ssp-based-
clients                                  oval:gov.nist.fdcc.vista:def:6096


minimum-session-security-ntlm-ssp-based-
servers                                  oval:gov.nist.fdcc.vista:def:6097



recovery-console-allow-administrative-
logon                                       oval:gov.nist.fdcc.vista:def:6098



recovery-console-allow-floppy-copy-access-
all-drives-folders                         oval:gov.nist.fdcc.vista:def:6099


shutdown-allow-system-shutdown-without-
having-logon                            oval:gov.nist.fdcc.vista:def:6100




shutdown-clear-virtual-memory-page          oval:gov.nist.fdcc.vista:def:6101



system-cryptography-use-fips-compliant-
alorithm                                    oval:gov.nist.fdcc.vista:def:6102




system-objects-require-case-insesitivity    oval:gov.nist.fdcc.vista:def:6104


system-objects-strengthen-default-
permissions-internal-system-objects         oval:gov.nist.fdcc.vista:def:6105




admin_approval_mode                         oval:gov.nist.fdcc.vista:def:8081
behavior_elevation_prompt_administrators oval:gov.nist.fdcc.vista:def:8082



behavior_elevation_prompt_standard_user
s                                       oval:gov.nist.fdcc.vista:def:8083




detect_application_installations_prompt_el
evation                                    oval:gov.nist.fdcc.vista:def:8084




only_elevate_executables_signed_validate
d                                        oval:gov.nist.fdcc.vista:def:8085




only_elevate_uiaccess_applications          oval:gov.nist.fdcc.vista:def:8086




run_administrators_admin_approval_mode oval:gov.nist.fdcc.vista:def:8087




switch_secure_desktop_prompting_elevati
on                                      oval:gov.nist.fdcc.vista:def:8088




virtualize_write_failures_per_user_location
s                                           oval:gov.nist.fdcc.vista:def:8089



Access-Computer-From-Network-
Administrators                              oval:gov.nist.fdcc.vista:def:6607
Act-As-Part-Of-Operating-System-None       oval:gov.nist.fdcc.vista:def:6609



Adjust-Memory-Quotas-Administrators-
LocalService-NetworkService                oval:gov.nist.fdcc.vista:def:6612


Allow-Log-On-Locally-Administrators-Users oval:gov.nist.fdcc.vista:def:6613


Allow-Log-On-Through-Terminal-Services-
Administrators-RemoteDesktopUsers       oval:gov.nist.fdcc.vista:def:6616


Back-Up-Files-And-Directories-
Administrators                             oval:gov.nist.fdcc.vista:def:6617

Bypass-Traverse-Checking-
Administrators_Users_LocalService_Netwo
rkService                               oval:gov.nist.fdcc.vista:def:6621


Change-System-Time-LocalService-
Administrators                             oval:gov.nist.fdcc.vista:def:6623


Change-Time-Zone-
Administrators_Users_LocalService          oval:gov.nist.fdcc.vista:def:662381



Create-Pagefile-Administrators             oval:gov.nist.fdcc.vista:def:6624



Create-Token-Object-None                   oval:gov.nist.fdcc.vista:def:6625


Create-Global-Objects-Administrators-
SERVICE-LocalService-NetworkService        oval:gov.nist.fdcc.vista:def:6626



Create-Permanent-Shared-Objects-None       oval:gov.nist.fdcc.vista:def:6627



Debug-Programs-None                        oval:gov.nist.fdcc.vista:def:6628
Deny-Access-From-Network-Guests             oval:gov.nist.fdcc.vista:def:6630



Deny-Logon-As-Batch-Job-Guests              oval:gov.nist.fdcc.vista:def:6631



deny_logon_as_service_none                  oval:gov.nist.fdcc.vista:def:6633



Deny-Logon-Locally-Guests                   oval:gov.nist.fdcc.vista:def:6634


Deny-Logon-Through-Terminal-Services-
Guest                                       oval:gov.nist.fdcc.vista:def:6636


Force-Shutdown-From-Remote-System-
Administrators                              oval:gov.nist.fdcc.vista:def:6638


Generate-Security-Audits-LocalService-
NetworkService                              oval:gov.nist.fdcc.vista:def:6639

Impersonate-Client-After-Authentication-
Administrators-SERVICE-LocalService-
NetworkService                              oval:gov.nist.fdcc.vista:def:6640


Increase-Process-Working-Set-
Administrators_LocalService                 oval:gov.nist.fdcc.vista:def:662391



Increase-Scheduling-Priority-Administrators oval:gov.nist.fdcc.vista:def:6641


Load-And-Unload-Device-Drivers-
Administrators                              oval:gov.nist.fdcc.vista:def:6642



Lock-Pages-In-Memory-None                   oval:gov.nist.fdcc.vista:def:6643



Log-On-As-Batch-Job-None                    oval:gov.nist.fdcc.vista:def:6644
Log-On-As-Service-None                    oval:gov.nist.fdcc.vista:def:6647


Manage-Auditing-And-Security-Log-
Administrators                            oval:gov.nist.fdcc.vista:def:6648



Modify-Object-Label-None                  oval:gov.nist.fdcc.vista:def:662371


Modify-Firmware-Environment-Values-
Administrators                            oval:gov.nist.fdcc.vista:def:6649


Perform-Volume-Maintenance-Tasks-
Administrators                            oval:gov.nist.fdcc.vista:def:6650



Profile-Single-Process-Administrators     oval:gov.nist.fdcc.vista:def:6651


Profile-System-Performance-
Administrators                            oval:gov.nist.fdcc.vista:def:6652



Remove-Computer-From-Docking-Station-
Administrators-Users                  oval:gov.nist.fdcc.vista:def:6653


Replace-Process-Level-Token-
NetworkService-LocalService               oval:gov.nist.fdcc.vista:def:6654


Restore-Files-And-Directories-
Administrators                            oval:gov.nist.fdcc.vista:def:6655



Shut-Down-System-Administrators-Users     oval:gov.nist.fdcc.vista:def:6657




Synchronize-Directory-Service-Data-None   oval:gov.nist.fdcc.vista:def:6658




Take-Ownership-Of-Files-Administrators    oval:gov.nist.fdcc.vista:def:6659
wlan_autoconfig                            oval:gov.nist.fdcc.vista:def:61481




turn_on_mapper_io_lltdio_driver            oval:gov.nist.fdcc.vista:def:6660




turn_on_responder_rspndr_driver            oval:gov.nist.fdcc.vista:def:6661




prohibit_installation_network_bridge       oval:gov.nist.fdcc.vista:def:3366991




prohibit_internet_connection_firewall      oval:gov.nist.fdcc.vista:def:3366992




prohibit_internet_connection_sharing       oval:gov.nist.fdcc.vista:def:3366993




configuration_of_wireless_settings_using_
windows_connect_now                       oval:gov.nist.fdcc.vista:def:6665
internet_explorer_maintenance_policy_pro
cessing_enabled                          oval:gov.nist.fdcc.vista:def:6671


turn_off_windows_error_reporting            oval:gov.nist.fdcc.vista:def:6683


Always-Use-Classic-Logon                    oval:gov.nist.fdcc.vista:def:6686



approved_installation_sites_for_activex_co
ntrols                                     oval:gov.nist.fdcc.vista:def:6695


maximum_setup_log_size                      oval:gov.nist.fdcc.vista:def:19898




Do-not-allow-drive-redirection              oval:gov.nist.fdcc.vista:def:6598




Set-client-connection-encryption-level      oval:gov.nist.fdcc.vista:def:6600




set_timelimit_for_disconnected_sessions     oval:gov.nist.fdcc.vista:def:6726


set_timelimit_for_active_but_idle_terminal_
services_sessions                           oval:gov.nist.fdcc.vista:def:6725




configure_ms_spynet_reporting               oval:gov.nist.fdcc.vista:def:6727


disable_logging                             oval:gov.nist.fdcc.vista:def:6114



disable_windows_error_reporting             oval:gov.nist.fdcc.vista:def:6115
display_error_notification                 oval:gov.nist.fdcc.vista:def:3366994



do_not_send_additional_data                oval:gov.nist.fdcc.vista:def:6117

disable_ie_security_prompt_windows_insta
ller_scripts                             oval:gov.nist.fdcc.vista:def:6120


enable_user_control_over_installs          oval:gov.nist.fdcc.vista:def:6121




do_not_show_first_use_dialog_boxes         oval:gov.nist.fdcc.vista:def:612261221



prevent_automatic_updates                  oval:gov.nist.fdcc.vista:def:612261222




prevent_desktop_shortcut_creation          oval:gov.nist.fdcc.vista:def:612261223



do_not_automatically_start_windows_mess
enger_initially                         oval:gov.nist.fdcc.vista:def:612261224




password_protect_the_screen_saver          oval:gov.nist.fdcc.vista:def:6707


prevent_users_from_sharing_files_within_t
heir_profile                              oval:gov.nist.fdcc.vista:def:6715




application-group-management               oval:gov.nist.fdcc.vista:def:8001
application-group-management      oval:gov.nist.fdcc.vista:def:8001




computer-account-management       oval:gov.nist.fdcc.vista:def:8002




computer-account-management       oval:gov.nist.fdcc.vista:def:8002




distribution-group-management     oval:gov.nist.fdcc.vista:def:8003




distribution-group-management     oval:gov.nist.fdcc.vista:def:8003




other-account-management-events   oval:gov.nist.fdcc.vista:def:8004




other-account-management-events   oval:gov.nist.fdcc.vista:def:8004




security-group-management         oval:gov.nist.fdcc.vista:def:8005




security-group-management         oval:gov.nist.fdcc.vista:def:8005
user-account-management   oval:gov.nist.fdcc.vista:def:8006




user-account-management   oval:gov.nist.fdcc.vista:def:8006




dpapi-activity            oval:gov.nist.fdcc.vista:def:8007




dpapi-activity            oval:gov.nist.fdcc.vista:def:8007




process-creation          oval:gov.nist.fdcc.vista:def:8008




process-creation          oval:gov.nist.fdcc.vista:def:8008




process-termination       oval:gov.nist.fdcc.vista:def:8009




process-termination       oval:gov.nist.fdcc.vista:def:8009




rpc-events                oval:gov.nist.fdcc.vista:def:8010
rpc-events                               oval:gov.nist.fdcc.vista:def:8010




detailed-directory-service-replication   oval:gov.nist.fdcc.vista:def:8011




detailed-directory-service-replication   oval:gov.nist.fdcc.vista:def:8011




directory-service-access                 oval:gov.nist.fdcc.vista:def:8012




directory-service-access                 oval:gov.nist.fdcc.vista:def:8012




directory-service-changes                oval:gov.nist.fdcc.vista:def:8013




directory-service-changes                oval:gov.nist.fdcc.vista:def:8013




directory-service-replication            oval:gov.nist.fdcc.vista:def:8014




directory-service-replication            oval:gov.nist.fdcc.vista:def:8014
account-lockout       oval:gov.nist.fdcc.vista:def:8015




account-lockout       oval:gov.nist.fdcc.vista:def:8015




ipsec-extended-mode   oval:gov.nist.fdcc.vista:def:8016




ipsec-extended-mode   oval:gov.nist.fdcc.vista:def:8016




ipsec-main-mode       oval:gov.nist.fdcc.vista:def:8017




ipsec-main-mode       oval:gov.nist.fdcc.vista:def:8017




ipsec-quick-mode      oval:gov.nist.fdcc.vista:def:8018




ipsec-quick-mode      oval:gov.nist.fdcc.vista:def:8018




logoff                oval:gov.nist.fdcc.vista:def:8019



logoff                oval:gov.nist.fdcc.vista:def:8019




logon                 oval:gov.nist.fdcc.vista:def:8020
logon                       oval:gov.nist.fdcc.vista:def:8020




other-logon-logoff-events   oval:gov.nist.fdcc.vista:def:8021




other-logon-logoff-events   oval:gov.nist.fdcc.vista:def:8021




special-logon               oval:gov.nist.fdcc.vista:def:8022




special-logon               oval:gov.nist.fdcc.vista:def:8022




application-generated       oval:gov.nist.fdcc.vista:def:8023




application-generated       oval:gov.nist.fdcc.vista:def:8023




certification-services      oval:gov.nist.fdcc.vista:def:8024




certification-services      oval:gov.nist.fdcc.vista:def:8024




file-share                  oval:gov.nist.fdcc.vista:def:8025
file-share                       oval:gov.nist.fdcc.vista:def:8025




file-system                      oval:gov.nist.fdcc.vista:def:8026




file-system                      oval:gov.nist.fdcc.vista:def:8026




filtering-platform-connection    oval:gov.nist.fdcc.vista:def:8027




filtering-platform-connection    oval:gov.nist.fdcc.vista:def:8027




filtering-platform-packet-drop   oval:gov.nist.fdcc.vista:def:8028




filtering-platform-packet-drop   oval:gov.nist.fdcc.vista:def:8028




handle-manipulation              oval:gov.nist.fdcc.vista:def:8029




handle-manipulation              oval:gov.nist.fdcc.vista:def:8029
kernel-object                oval:gov.nist.fdcc.vista:def:8030




kernel-object                oval:gov.nist.fdcc.vista:def:8030




other-object-access-events   oval:gov.nist.fdcc.vista:def:8031




other-object-access-events   oval:gov.nist.fdcc.vista:def:8031




registry                     oval:gov.nist.fdcc.vista:def:8032




registry                     oval:gov.nist.fdcc.vista:def:8032




sam                          oval:gov.nist.fdcc.vista:def:8033




sam                          oval:gov.nist.fdcc.vista:def:8033




policy_change_audit          oval:gov.nist.fdcc.vista:def:8034




policy_change_audit          oval:gov.nist.fdcc.vista:def:8034
authentication-policy-change       oval:gov.nist.fdcc.vista:def:8035




authentication-policy-change       oval:gov.nist.fdcc.vista:def:8035




authorization-policy-change        oval:gov.nist.fdcc.vista:def:8036




authorization-policy-change        oval:gov.nist.fdcc.vista:def:8036




filtering-platform-policy-change   oval:gov.nist.fdcc.vista:def:8037




filtering-platform-policy-change   oval:gov.nist.fdcc.vista:def:8037




mpssvc-rule-level-policy-change    oval:gov.nist.fdcc.vista:def:8038




mpssvc-rule-level-policy-change    oval:gov.nist.fdcc.vista:def:8038




other-policy-change-events         oval:gov.nist.fdcc.vista:def:8039
other-policy-change-events    oval:gov.nist.fdcc.vista:def:8039




non-sensitive-privilege-use   oval:gov.nist.fdcc.vista:def:8040




non-sensitive-privilege-use   oval:gov.nist.fdcc.vista:def:8040




other-privilege-use-events    oval:gov.nist.fdcc.vista:def:8041




other-privilege-use-events    oval:gov.nist.fdcc.vista:def:8041




sensitive-privilege-use       oval:gov.nist.fdcc.vista:def:8042




sensitive-privilege-use       oval:gov.nist.fdcc.vista:def:8042




ipsec-driver                  oval:gov.nist.fdcc.vista:def:8043




ipsec-driver                  oval:gov.nist.fdcc.vista:def:8043




other-system-events           oval:gov.nist.fdcc.vista:def:8044
other-system-events         oval:gov.nist.fdcc.vista:def:8044




security-state-change       oval:gov.nist.fdcc.vista:def:8045




security-state-change       oval:gov.nist.fdcc.vista:def:8045




security-system-extension   oval:gov.nist.fdcc.vista:def:8046




security-system-extension   oval:gov.nist.fdcc.vista:def:8046




system-integrity            oval:gov.nist.fdcc.vista:def:8047




system-integrity            oval:gov.nist.fdcc.vista:def:8047
disable_isatap_teredo_6to4_tunneling_prot
ocols                                     oval:gov.nist.fdcc.vista:def:6566666


disable_isatap_teredo_6to4_tunneling_prot
ocols                                     oval:gov.nist.fdcc.vista:def:6566666


disable_isatap_teredo_6to4_tunneling_prot
ocols                                     oval:gov.nist.fdcc.vista:def:6566666


turn_off_help_experience_improvement_pr
ogram                                   oval:gov.nist.fdcc.vista:def:8091



turn_off_help_ratings                      oval:gov.nist.fdcc.vista:def:8090
TBD   TBD
 FDCC Windows Vista Firewall     FDCC Windows Vista Firewall
XCCDF (fdcc-accepted-content-    OVAL (fdcc-accepted-content-
  20080110\fdcc-vistafirewall-    20080110\fdcc-vistafirewall-
         xccdf.xml)                       oval.xml)
domain_profile_firewall_state   oval:gov.nist.fdcc.vistafirewall:def:6515
domain_profile_log_dropped_packets   oval:gov.nist.fdcc.vistafirewall:def:6401




domain_profile_name                  oval:gov.nist.fdcc.vistafirewall:def:6403




domain_profile_size_limit            oval:gov.nist.fdcc.vistafirewall:def:6404
domain_profile_logged_successful_connec
tions                                   oval:gov.nist.fdcc.vistafirewall:def:6402




domain_profile_allow_unicast_response      oval:gov.nist.fdcc.vistafirewall:def:6519
domain_profile_inbound_connections          oval:gov.nist.fdcc.vistafirewall:def:6516




domain_profile_outbound_connections         oval:gov.nist.fdcc.vistafirewall:def:6517




domain_profile_apply_local_firewall_rules   oval:gov.nist.fdcc.vistafirewall:def:6520




private_profile_firewall_state              oval:gov.nist.fdcc.vistafirewall:def:6522
private_profile_inbound_connections          oval:gov.nist.fdcc.vistafirewall:def:6523




private_profile_outbound_connections         oval:gov.nist.fdcc.vistafirewall:def:6524




private_profile_display_notification         oval:gov.nist.fdcc.vistafirewall:def:6525




private_profile_allow_unicast_response       oval:gov.nist.fdcc.vistafirewall:def:6526




private_profile_apply_local_firewall_rules   oval:gov.nist.fdcc.vistafirewall:def:6527




private_profile_apply_local_connection_sec
urity_rules                                oval:gov.nist.fdcc.vistafirewall:def:6528




public_profile_firewall_state                oval:gov.nist.fdcc.vistafirewall:def:6529




public_profile_inbound_connections           oval:gov.nist.fdcc.vistafirewall:def:6530
public_profile_outbound_connections         oval:gov.nist.fdcc.vistafirewall:def:6531




public_profile_display_notification         oval:gov.nist.fdcc.vistafirewall:def:6532




public_profile_allow_unicast_response       oval:gov.nist.fdcc.vistafirewall:def:6533




public_profile_apply_local_firewall_rules   oval:gov.nist.fdcc.vistafirewall:def:6534




public_profile_apply_local_connection_sec
urity_rules                               oval:gov.nist.fdcc.vistafirewall:def:6535
ipv6_block_protocols_41   oval:gov.nist.fdcc.vistafirewall:def:6491



ipv6_block_udp_3544       oval:gov.nist.fdcc.vistafirewall:def:6492
domain_profile_display_notification   oval:gov.nist.fdcc.vistafirewall:def:6518




private_profile_log_dropped_packets   oval:gov.nist.fdcc.vistafirewall:def:6411
private_profile_logged_successful_connect
ions                                      oval:gov.nist.fdcc.vistafirewall:def:6412




private_profile_name                        oval:gov.nist.fdcc.vistafirewall:def:6413




private_profile_size_limit                  oval:gov.nist.fdcc.vistafirewall:def:6414




public_profile_log_dropped_packets          oval:gov.nist.fdcc.vistafirewall:def:6421
public_profile_logged_successful_connecti
ons                                       oval:gov.nist.fdcc.vistafirewall:def:6422




public_profile_name                         oval:gov.nist.fdcc.vistafirewall:def:6423




public_profile_size_limit                   oval:gov.nist.fdcc.vistafirewall:def:6424
USGCB XCCDF (USGCB-     USGCB OVAL (USGCB-
 Windows-Vista-xccdf)    Windows-Vista-oval)
Audit_Credential_Validation     oval:gov.nist.usgcb.vista:def:20037



games                           oval:gov.nist.usgcb.vista:def:20000




Internet_Information_Services   oval:gov.nist.usgcb.vista:def:20001




Simple_TCPIP_Services           oval:gov.nist.usgcb.vista:def:20002



Telnet_Client                   oval:gov.nist.usgcb.vista:def:20003



Telnet_Server                   oval:gov.nist.usgcb.vista:def:20004



TFTP_Client                     oval:gov.nist.usgcb.vista:def:20005



Windows_Media_Center            oval:gov.nist.usgcb.vista:def:20006

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:9
posted:12/19/2011
language:
pages:276