SRG-OS-000095-GPOS-00049 Controls

STIG IDVersionTitleProduct
RHEL-08-030741V1R6RHEL 8 must disable the chrony daemon from acting as a server.
RHEL-08-030742V1R6RHEL 8 must disable network management of the chrony daemon.
RHEL-08-040000V1R6RHEL 8 must not have the telnet-server package installed.
RHEL-08-040001V1R6RHEL 8 must not have any automated bug reporting tools installed.
RHEL-08-040002V1R6RHEL 8 must not have the sendmail package installed.
RHEL-08-040004V1R6RHEL 8 must enable mitigations against processor-based vulnerabilities.
RHEL-08-040010V1R6RHEL 8 must not have the rsh-server package installed.
RHEL-08-040020V1R6RHEL 8 must cover or disable the built-in or attached camera when not in use.
RHEL-08-040021V1R6RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.
RHEL-08-040022V1R6RHEL 8 must disable the controller area network (CAN) protocol.
RHEL-08-040023V1R6RHEL 8 must disable the stream control transmission protocol (SCTP).
RHEL-08-040024V1R6RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.
RHEL-08-040025V1R6RHEL 8 must disable mounting of cramfs.
RHEL-08-040026V1R6RHEL 8 must disable IEEE 1394 (FireWire) Support.
WN19-00-000270V3R1Windows Server 2019 must have the roles and features required by the system documented.
WN19-00-000320V3R1Windows Server 2019 must not have the Fax Server role installed.
WN19-00-000340V3R1Windows Server 2019 must not have the Peer Name Resolution Protocol installed.
WN19-00-000350V3R1Windows Server 2019 must not have Simple TCP/IP Services installed.
WN19-00-000370V3R1Windows Server 2019 must not have the TFTP Client installed.
WN19-00-000380V3R1Windows Server 2019 must not have the Server Message Block (SMB) v1 protocol installed.
WN19-00-000390V3R1Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.
WN19-00-000400V3R1Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.
WN19-00-000410V3R1Windows Server 2019 must not have Windows PowerShell 2.0 installed.
WN19-CC-000010V3R1Windows Server 2019 must prevent the display of slide shows on the lock screen.
WN19-CC-000020V3R1Windows Server 2019 must have WDigest Authentication disabled.
WN19-CC-000150V3R1Windows Server 2019 downloading print driver packages over HTTP must be turned off.
WN19-CC-000160V3R1Windows Server 2019 printing over HTTP must be turned off.
WN19-CC-000170V3R1Windows Server 2019 network selection user interface (UI) must not be displayed on the logon screen.
WN19-CC-000200V3R1Windows Server 2019 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN19-CC-000300V3R1Windows Server 2019 Windows Defender SmartScreen must be enabled.
WN19-CC-000400V3R1Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP.
WN19-CC-000410V3R1Windows Server 2019 must prevent Indexing of encrypted files.
WN19-DC-000130V3R1Windows Server 2019 domain controllers must run on a machine dedicated to that function.
WN19-MS-000030V3R1Windows Server 2019 local users on domain-joined member servers must not be enumerated.
WN19-CC-000451V3R1The Windows Explorer Preview pane must be disabled for Windows Server 2019.
UBTU-18-010018V2R12The Ubuntu operating system must not have the Network Information Service (NIS) package installed.
UBTU-18-010019V2R12The Ubuntu operating system must not have the rsh-server package installed.
UBTU-20-010406V1R6The Ubuntu operating system must not have the rsh-server package installed.
APPL-14-002004V1R1The macOS system must disable Location Services.
APPL-14-002005V1R1The macOS system must disable Bonjour multicast.
APPL-14-002007V1R1The macOS system must disable Internet Sharing.
APPL-14-002010V1R1The macOS system must disable FaceTime.app.
APPL-14-002012V1R1The macOS system must disable the iCloud Calendar services.
APPL-14-002013V1R1The macOS system must disable iCloud Reminders.
APPL-14-002014V1R1The macOS system must disable iCloud Address Book.
APPL-14-002015V1R1The macOS system must disable iCloud Mail.
APPL-14-002016V1R1The macOS system must disable iCloud Notes.
APPL-14-002017V1R1The macOS system must disable the camera.
APPL-14-002020V1R1The macOS system must disable Siri.
APPL-14-002035V1R1The macOS system must disable Apple ID setup during Setup Assistant.
APPL-14-002036V1R1The macOS system must disable Privacy Setup services during Setup Assistant.
APPL-14-002037V1R1The macOS system must disable iCloud Storage Setup during Setup Assistant.
APPL-14-002039V1R1The macOS system must disable Siri Setup during Setup Assistant.
APPL-14-002040V1R1The macOS system must disable iCloud Keychain synchronization.
APPL-14-002041V1R1The macOS system must disable iCloud Document synchronization.
APPL-14-002042V1R1The macOS system must disable iCloud Bookmarks.
APPL-14-002043V1R1The macOS system must disable iCloud Photo Library.
APPL-14-002051V1R1The macOS system must disable the TouchID System Settings pane.
APPL-14-002052V1R1The macOS system must disable the System Settings pane for Wallet and Apple Pay.
APPL-14-002053V1R1The macOS system must disable the system settings pane for Siri.
APPL-14-002080V1R1The macOS system must disable Airplay Receiver.
APPL-14-002120V1R1The macOS system must disable AppleID and Internet Account modifications.
APPL-14-002130V1R1The macOS system must disable CD/DVD Sharing.
APPL-14-002140V1R1The macOS system must disable content caching service.
APPL-14-002150V1R1The macOS system must disable iCloud desktop and document folder synchronization.
APPL-14-002160V1R1The macOS system must disable iCloud Game Center.
APPL-14-002170V1R1The macOS system must disable iCloud Private Relay.
APPL-14-002180V1R1The macOS system must disable Find My service.
APPL-14-002190V1R1The macOS system must disable password autofill.
APPL-14-002200V1R1The macOS system must disable personalized advertising.
APPL-14-002210V1R1The macOS system must disable sending Siri and Dictation information to Apple.
APPL-14-002220V1R1The macOS system must enforce on device dictation.
APPL-14-002230V1R1The macOS system must disable dictation.
APPL-14-002240V1R1The macOS system must disable Printer Sharing.
APPL-14-002250V1R1The macOS system must disable Remote Management.
APPL-14-002260V1R1The macOS system must disable the Bluetooth system settings pane.
APPL-14-002270V1R1The macOS system must disable the iCloud Freeform services.
APPL-14-005054V1R1The macOS system must disable TouchID prompt during Setup Assistant.
APPL-14-005055V1R1The macOS system must disable Screen Time prompt during Setup Assistant.
APPL-14-005056V1R1The macOS system must disable Unlock with Apple Watch during Setup Assistant.
APPL-14-005060V1R1The macOS system must disable proximity-based password sharing requests.
APPL-14-005061V1R1The macOS system must disable Erase Content and Settings.
APPL-13-002001V1R5The macOS system must be configured to disable SMB File Sharing unless it is required.
APPL-13-002003V1R5The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required.
APPL-13-002004V1R5The macOS system must be configured to disable Location Services.
APPL-13-002005V1R5The macOS system must be configured to disable Bonjour multicast advertising.
APPL-13-002006V1R5The macOS system must be configured to disable the UUCP service.
APPL-13-002007V1R5The macOS system must be configured to disable Internet Sharing.
APPL-13-002008V1R5The macOS system must be configured to disable Web Sharing.
APPL-13-002009V1R5The macOS system must be configured to disable AirDrop.
APPL-13-002012V1R5The macOS system must be configured to disable the iCloud Calendar services.
APPL-13-002013V1R5The macOS system must be configured to disable the iCloud Reminders services.
APPL-13-002014V1R5The macOS system must be configured to disable iCloud Address Book services.
APPL-13-002015V1R5The macOS system must be configured to disable the iCloud Mail services.
APPL-13-002016V1R5The macOS system must be configured to disable the iCloud Notes services.
APPL-13-002017V1R5The macOS system must cover or disable the built-in or attached camera when not in use.
APPL-13-002020V1R5The macOS system must be configured to disable Siri and dictation.
APPL-13-002032V1R5The macOS system must be configured to disable the system preference pane for Internet Accounts.
APPL-13-002035V1R5The macOS system must be configured to disable the Cloud Setup services.
APPL-13-002036V1R5The macOS system must be configured to disable the Privacy Setup services.
APPL-13-002037V1R5The macOS system must be configured to disable the Cloud Storage Setup services.
APPL-13-002039V1R5The macOS system must be configured to disable the Siri Setup services.
APPL-13-002040V1R5The macOS system must disable iCloud Keychain synchronization.
APPL-13-002041V1R5The macOS system must disable iCloud Document synchronization.
APPL-13-002042V1R5The macOS system must disable iCloud Bookmark synchronization.
APPL-13-002043V1R5The macOS system must disable the iCloud Photo Library.
APPL-13-002051V1R5The macOS system must be configured to disable the system preference pane for TouchID and Password.
APPL-13-002052V1R5The macOS system must be configured to disable the system preference pane for Wallet and ApplePay.
APPL-13-002053V1R5The macOS system must be configured to disable the system preference pane for Siri.
APPL-13-005054V1R5The macOS system must be configured to disable prompts to configure Touch ID.
APPL-13-005055V1R5The macOS system must be configured to disable prompts to configure ScreenTime.
APPL-13-005056V1R5The macOS system must be configured to disable prompts to configure Unlock with Watch.
APPL-13-005058V1R5The macOS system must be configured to prevent activity continuation between Apple devices.
APPL-13-005060V1R5The macOS system must be configured to prevent password proximity sharing requests from nearby Apple devices.
APPL-13-005061V1R5The macOS system must be configured to prevent users from erasing all system content and settings.
OL07-00-020000V3R1The Oracle Linux operating system must not have the rsh-server package installed.
OL07-00-020010V3R1The Oracle Linux operating system must not have the ypserv package installed.
OL07-00-021710V3R1The Oracle Linux operating system must not have the telnet-server package installed.
RHEL-07-020000V3R6The Red Hat Enterprise Linux operating system must not have the rsh-server package installed.
RHEL-07-020010V3R6The Red Hat Enterprise Linux operating system must not have the ypserv package installed.
RHEL-07-021710V3R6The Red Hat Enterprise Linux operating system must not have the telnet-server package installed.
APPL-15-002004V1R1The macOS system must disable Location Services.
APPL-15-002005V1R1The macOS system must disable Bonjour multicast.
APPL-15-002007V1R1The macOS system must disable Internet Sharing.
APPL-15-002010V1R1The macOS system must disable FaceTime.app.
APPL-15-002012V1R1The macOS system must disable the iCloud Calendar services.
APPL-15-002013V1R1The macOS system must disable iCloud Reminders.
APPL-15-002014V1R1The macOS system must disable iCloud Address Book.
APPL-15-002015V1R1The macOS system must disable iCloud Mail.
APPL-15-002016V1R1The macOS system must disable iCloud Notes.
APPL-15-002017V1R1The macOS system must disable the camera.
APPL-15-002020V1R1The macOS system must disable Siri.
APPL-15-002035V1R1The macOS system must disable Apple ID setup during Setup Assistant.
APPL-15-002036V1R1The macOS system must disable Privacy Setup services during Setup Assistant.
APPL-15-002037V1R1The macOS system must disable iCloud storage setup during Setup Assistant.
APPL-15-002039V1R1The macOS system must disable Siri Setup during Setup Assistant.
APPL-15-002040V1R1The macOS system must disable iCloud Keychain Sync.
APPL-15-002041V1R1The macOS system must disable iCloud Document Sync.
APPL-15-002042V1R1The macOS system must disable iCloud Bookmarks.
APPL-15-002043V1R1The macOS system must disable iCloud Photo Library.
APPL-15-002052V1R1The macOS system must disable the System Settings pane for Wallet and Apple Pay.
APPL-15-002053V1R1The macOS system must disable the system settings pane for Siri.
APPL-15-002080V1R1The macOS system must disable Airplay Receiver.
APPL-15-002120V1R1The macOS system must disable AppleID and internet Account Modification.
APPL-15-002130V1R1The macOS system must disable CD/DVD Sharing.
APPL-15-002140V1R1The macOS system must disable Content Caching service.
APPL-15-002150V1R1The macOS system must disable iCloud Desktop and Document folder sync.
APPL-15-002160V1R1The macOS system must disable iCloud Game Center.
APPL-15-002170V1R1The macOS system must disable iCloud Private Relay.
APPL-15-002180V1R1The macOS system must disable Find My service.
APPL-15-002200V1R1The macOS system must disable Personalized Advertising.
APPL-15-002210V1R1The macOS system must disable sending Siri and Dictation information to Apple.
APPL-15-002220V1R1The macOS system must enforce On Device Dictation.
APPL-15-002230V1R1The macOS system must disable Dictation.
APPL-15-002240V1R1The macOS system must disable Printer Sharing.
APPL-15-002250V1R1The macOS system must disable Remote Management.
APPL-15-002260V1R1The macOS system must disable the Bluetooth System Settings pane.
APPL-15-002270V1R1The macOS system must disable the iCloud Freeform services.
APPL-15-005054V1R1The macOS system must disable the TouchID prompt during Setup Assistant.
APPL-15-005055V1R1The macOS system must disable the Screen Time prompt during Setup Assistant.
APPL-15-005056V1R1The macOS system must disable Unlock with Apple Watch during Setup Assistant.
APPL-15-005060V1R1The macOS system must disable proximity-based password sharing requests.
APPL-15-005061V1R1The macOS system must disable Erase Content and Settings.
APPL-15-005140V1R1The macOS system must disable Genmoji.
APPL-15-005150V1R1The macOS system must disable Apple Intelligence Image Generation.
APPL-15-005160V1R1The macOS system must disable Apple Intelligence Writing Tools.
APPL-15-002023V1R1The macOS system must disable sending audio recordings and transcripts to Apple.
APPL-15-002024V1R1The macOS system must disable sending search data from Spotlight to Apple.
ALMA-09-028510V1R1AlmaLinux OS 9 must disable remote management of the chrony daemon.
ALMA-09-028620V1R1AlmaLinux OS 9 must prevent the chrony daemon from acting as a server.
ALMA-09-028730V1R1AlmaLinux OS 9 must not have the iprutils package installed.
ALMA-09-028840V1R1AlmaLinux OS 9 must not have the quagga package installed.
ALMA-09-028950V1R1AlmaLinux OS 9 must not have the sendmail package installed.
ALMA-09-029060V1R1AlmaLinux OS 9 must not have the telnet-server package installed.
ALMA-09-029170V1R1AlmaLinux OS 9 must not have a Trivial File Transfer Protocol (TFTP) client package installed.
ALMA-09-029390V1R1AlmaLinux OS 9 must not have the cups package installed.
ALMA-09-029500V1R1AlmaLinux OS 9 must not have the gssproxy package installed.
ALMA-09-029610V1R1AlmaLinux OS 9 must disable the Asynchronous Transfer Mode (ATM) kernel module.
ALMA-09-029720V1R1AlmaLinux OS 9 must be configured to disable Bluetooth.
ALMA-09-029830V1R1AlmaLinux OS 9 must disable the Controller Area Network (CAN) kernel module.
ALMA-09-029940V1R1AlmaLinux OS 9 must disable mounting of cramfs.
ALMA-09-030050V1R1AlmaLinux OS 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
ALMA-09-030160V1R1AlmaLinux OS 9 must disable mounting of squashfs.
ALMA-09-030270V1R1AlmaLinux OS 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
ALMA-09-030380V1R1AlmaLinux OS 9 must disable mounting of udf.
ALMA-09-030490V1R1Cameras must be disabled or covered when not in use.
ALMA-09-030600V1R1AlmaLinux OS 9 must not have the nfs-utils package installed.
ALMA-09-030710V1R1AlmaLinux OS 9 must not have the rsh package installed.
ALMA-09-030820V1R1AlmaLinux OS 9 must not have the rsh-server package installed.
ALMA-09-030930V1R1AlmaLinux OS 9 must not have the tuned package installed.
ALMA-09-031040V1R1A graphical display manager must not be installed on AlmaLinux OS 9 unless approved.
ALMA-09-031150V1R1AlmaLinux OS 9 must not have the ypserv package installed.
ALMA-09-031260V1R1AlmaLinux OS 9 must not have the avahi package installed.
ALMA-09-031370V1R1AlmaLinux OS 9 must be configured to disable USB mass storage.
OL08-00-030741V1R6OL 8 must disable the chrony daemon from acting as a server.
OL08-00-030742V1R6OL 8 must disable network management of the chrony daemon.
OL08-00-040000V1R6OL 8 must not have the telnet-server package installed.
OL08-00-040001V1R6OL 8 must not have any automated bug reporting tools installed.
OL08-00-040002V1R6OL 8 must not have the sendmail package installed.
OL08-00-040004V1R6OL 8 must enable mitigations against processor-based vulnerabilities.
OL08-00-040010V1R6OL 8 must not have the rsh-server package installed.
OL08-00-040020V1R6OL 8 must cover or disable the built-in or attached camera when not in use.
OL08-00-040024V1R6OL 8 must disable the transparent inter-process communication (TIPC) protocol.
OL08-00-040025V1R6OL 8 must disable mounting of cramfs.
OL08-00-040026V1R6OL 8 must disable IEEE 1394 (FireWire) Support.
OL09-00-000040V1R1OL 9 must be configured to disable the Asynchronous Transfer Mode (ATM) kernel module.
OL09-00-000041V1R1OL 9 must be configured to disable the Controller Area Network (CAN) kernel module.
OL09-00-000042V1R1OL 9 must be configured to disable the FireWire kernel module.
OL09-00-000043V1R1OL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
OL09-00-000044V1R1OL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
OL09-00-000045V1R1OL 9 must disable mounting of cramfs.
OL09-00-000046V1R1OL 9 Bluetooth must be disabled.
OL09-00-000100V1R1OL 9 must not have the nfs-utils package installed.
OL09-00-000105V1R1OL 9 must not have the rsh-server package installed.
OL09-00-000110V1R1OL 9 must not have the telnet-server package installed.
OL09-00-000115V1R1OL 9 must not have the gssproxy package installed.
OL09-00-000120V1R1OL 9 must not have the iprutils package installed.
OL09-00-000125V1R1OL 9 must not have the tuned package installed.
OL09-00-000150V1R1OL 9 must not have the sendmail package installed.
UBTU-24-100040V1R1Ubuntu 24.04 LTS must not have the rsh-server package installed.
UBTU-22-215030V1R1Ubuntu 22.04 LTS must not have the "rsh-server" package installed.
WN11-00-000100V1R6Internet Information System (IIS) or its subcomponents must not be installed on a workstation.
WN11-00-000110V1R6Simple TCP/IP Services must not be installed on the system.
WN11-00-000155V1R6The Windows PowerShell 2.0 feature must be disabled on the system.
WN11-00-000160V1R6The Server Message Block (SMB) v1 protocol must be disabled on the system.
WN11-00-000165V1R6The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN11-00-000170V1R6The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN11-00-000175V1R6The Secondary Logon service must be disabled on Windows 11.
WN11-00-000210V1R6Bluetooth must be turned off unless approved by the organization.
WN11-00-000220V1R6Bluetooth must be turned off when not in use.
WN11-CC-000005V1R6Camera access from the lock screen must be disabled.
WN11-CC-000007V1R6Windows 11 must cover or disable the built-in or attached camera when not in use.
WN11-CC-000010V1R6The display of slide shows on the lock screen must be disabled.
WN11-CC-000038V1R6WDigest Authentication must be disabled.
WN11-CC-000039V1R6Run as different user must be removed from context menus.
WN11-CC-000044V1R6Internet connection sharing must be disabled.
WN11-CC-000100V1R6Downloading print driver packages over HTTP must be prevented.
WN11-CC-000105V1R6Web publishing and online ordering wizards must be prevented from downloading a list of providers.
WN11-CC-000110V1R6Printing over HTTP must be prevented.
WN11-CC-000120V1R6The network selection user interface (UI) must not be displayed on the logon screen.
WN11-CC-000130V1R6Local users on domain-joined computers must not be enumerated.
WN11-CC-000175V1R6The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN11-CC-000197V1R6Microsoft consumer experiences must be turned off.
WN11-CC-000210V1R6The Microsoft Defender SmartScreen for Explorer must be enabled.
WN11-CC-000252V1R6Windows 11 must be configured to disable Windows Game Recording and Broadcasting.
WN11-CC-000300V1R6Basic authentication for RSS feeds over HTTP must not be used.
WN11-CC-000305V1R6Indexing of encrypted files must be turned off.
WN11-CC-000370V1R6The convenience PIN for Windows 11 must be disabled.
WN11-CC-000390V1R6Windows 11 must be configured to prevent users from receiving suggestions for third-party or additional applications.
WN11-UC-000015V1R6Toast notifications to the lock screen must be turned off.
RHEL-09-213045V2R5RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.
RHEL-09-213050V2R5RHEL 9 must be configured to disable the Controller Area Network kernel module.
RHEL-09-213055V2R5RHEL 9 must be configured to disable the FireWire kernel module.
RHEL-09-213060V2R5RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.
RHEL-09-213065V2R5RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.
RHEL-09-215025V2R5RHEL 9 must not have the nfs-utils package installed.
RHEL-09-215030V2R5RHEL 9 must not have the ypserv package installed.
RHEL-09-215035V2R5RHEL 9 must not have the rsh-server package installed.
RHEL-09-215040V2R5RHEL 9 must not have the telnet-server package installed.
RHEL-09-215045V2R5RHEL 9 must not have the gssproxy package installed.
RHEL-09-215050V2R5RHEL 9 must not have the iprutils package installed.
RHEL-09-215055V2R5RHEL 9 must not have the tuned package installed.
RHEL-09-231195V2R5RHEL 9 must disable mounting of cramfs.
RHEL-09-291035V2R5RHEL 9 Bluetooth must be disabled.
WN10-00-000080V3R1Only authorized user accounts must be allowed to create or run virtual machines on Windows 10 systems.
WN10-00-000100V3R1Internet Information System (IIS) or its subcomponents must not be installed on a workstation.
WN10-00-000110V3R1Simple TCP/IP Services must not be installed on the system.
WN10-00-000155V3R1The Windows PowerShell 2.0 feature must be disabled on the system.
WN10-00-000160V3R1The Server Message Block (SMB) v1 protocol must be disabled on the system.
WN10-00-000165V3R1The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN10-00-000170V3R1The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN10-00-000175V3R1The Secondary Logon service must be disabled on Windows 10.
WN10-00-000210V3R1Bluetooth must be turned off unless approved by the organization.
WN10-00-000220V3R1Bluetooth must be turned off when not in use.
WN10-CC-000005V3R1Camera access from the lock screen must be disabled.
WN10-CC-000007V3R1Windows 10 must cover or disable the built-in or attached camera when not in use.
WN10-CC-000010V3R1The display of slide shows on the lock screen must be disabled.
WN10-CC-000038V3R1WDigest Authentication must be disabled.
WN10-CC-000039V3R1Run as different user must be removed from context menus.
WN10-CC-000044V3R1Internet connection sharing must be disabled.
WN10-CC-000100V3R1Downloading print driver packages over HTTP must be prevented.
WN10-CC-000105V3R1Web publishing and online ordering wizards must be prevented from downloading a list of providers.
WN10-CC-000110V3R1Printing over HTTP must be prevented.
WN10-CC-000120V3R1The network selection user interface (UI) must not be displayed on the logon screen.
WN10-CC-000130V3R1Local users on domain-joined computers must not be enumerated.
WN10-CC-000175V3R1The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN10-CC-000197V3R1Microsoft consumer experiences must be turned off.
WN10-CC-000210V3R1The Windows Defender SmartScreen for Explorer must be enabled.
WN10-CC-000252V3R1Windows 10 must be configured to disable Windows Game Recording and Broadcasting.
WN10-CC-000300V3R1Basic authentication for RSS feeds over HTTP must not be used.
WN10-CC-000305V3R1Indexing of encrypted files must be turned off.
WN10-CC-000370V3R1The convenience PIN for Windows 10 must be disabled.
WN10-CC-000385V3R1Windows Ink Workspace must be configured to disallow access above the lock.
WN10-CC-000390V3R1Windows 10 should be configured to prevent users from receiving suggestions for third-party or additional applications.
WN10-UC-000015V3R1Toast notifications to the lock screen must be turned off.
WN16-00-000300V2R9The roles and features required by the system must be documented.
WN16-00-000350V2R9The Fax Server role must not be installed.
WN16-00-000370V2R9The Peer Name Resolution Protocol must not be installed.
WN16-00-000380V2R9Simple TCP/IP Services must not be installed.
WN16-00-000400V2R9The TFTP Client must not be installed.
WN16-00-000410V2R9The Server Message Block (SMB) v1 protocol must be uninstalled.
WN16-00-000411V2R9The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.
WN16-00-000412V2R9The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
WN16-00-000420V2R9Windows PowerShell 2.0 must not be installed.
WN16-CC-000010V2R9The display of slide shows on the lock screen must be disabled.
WN16-CC-000030V2R9WDigest Authentication must be disabled on Windows Server 2016.
WN16-CC-000160V2R9Downloading print driver packages over HTTP must be prevented.
WN16-CC-000170V2R9Printing over HTTP must be prevented.
WN16-CC-000180V2R9The network selection user interface (UI) must not be displayed on the logon screen.
WN16-CC-000240V2R9The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN16-CC-000330V2R9Windows Server 2016 Windows SmartScreen must be enabled.
WN16-CC-000430V2R9Basic authentication for RSS feeds over HTTP must not be used.
WN16-CC-000440V2R9Indexing of encrypted files must be turned off.
WN16-DC-000130V2R9Domain controllers must run on a machine dedicated to that function.
WN16-MS-000030V2R9Local users on domain-joined computers must not be enumerated.
WN16-CC-000421V2R9The Windows Explorer Preview pane must be disabled for Windows Server 2016.
WN22-00-000270V2R5Windows Server 2022 must have the roles and features required by the system documented.
WN22-00-000320V2R5Windows Server 2022 must not have the Fax Server role installed.
WN22-00-000340V2R5Windows Server 2022 must not have the Peer Name Resolution Protocol installed.
WN22-00-000350V2R5Windows Server 2022 must not have Simple TCP/IP Services installed.
WN22-00-000370V2R5Windows Server 2022 must not have the TFTP Client installed.
WN22-00-000380V2R5Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed.
WN22-00-000390V2R5Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.
WN22-00-000400V2R5Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.
WN22-00-000410V2R5Windows Server 2022 must not have Windows PowerShell 2.0 installed.
WN22-CC-000010V2R5Windows Server 2022 must prevent the display of slide shows on the lock screen.
WN22-CC-000020V2R5Windows Server 2022 must have WDigest Authentication disabled.
WN22-CC-000150V2R5Windows Server 2022 downloading print driver packages over HTTP must be turned off.
WN22-CC-000160V2R5Windows Server 2022 printing over HTTP must be turned off.
WN22-CC-000170V2R5Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen.
WN22-CC-000200V2R5Windows Server 2022 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
WN22-CC-000300V2R5Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled.
WN22-CC-000400V2R5Windows Server 2022 must disable Basic authentication for RSS feeds over HTTP.
WN22-CC-000410V2R5Windows Server 2022 must prevent Indexing of encrypted files.
WN22-DC-000130V2R5Windows Server 2022 domain controllers must run on a machine dedicated to that function.
WN22-MS-000030V2R5Windows Server 2022 local users on domain-joined member servers must not be enumerated.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.