Skip to content

Instantly share code, notes, and snippets.

@jessereynolds

jessereynolds/os_compliance_fact.yaml

Last active June 21, 2019 14:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jessereynolds/c0bb0e617052f930b677bd10d810e41d to your computer and use it in GitHub Desktop.
Save jessereynolds/c0bb0e617052f930b677bd10d810e41d to your computer and use it in GitHub Desktop.
Download ZIP
Example output of the os_compliance fact on Windows 2016 when run with details enabled and debug enabled
Raw
os_compliance_fact.yaml
os_compliance:
cis_level_1:
version: cis_windows_2016rtm1607_member_server_1.1.0
percent_compliant: 21.03448275862069
percent_implemented: 32.75862068965517
counts_by_state:
noncompliant: 34
compliant: 61
unimplemented: 195
number_controls: 290
controls:
noncompliant:
1_1_1:
compliancy: noncompliant
state: "0"
title: (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'
debug_data:
params:
title: (L1) Ensure 'Enforce password history' is set to '24 or more password(s)'
unique_title: ensure_enforce_password_history_is_set_to_24_or_more_passwords
type: ensure_policy_value
policy: Enforce password history
comparitor: 24
operator: ">="
and_not_zero: false
comparitor_loose: 24 or more password(s)
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 24
comparitor_typed: 24
actual_policy_value: "0"
actual_policy_value_typed: 0
1_1_3:
compliancy: noncompliant
state: "0"
title: (L1) Ensure 'Minimum password age' is set to '1 or more day(s)'
debug_data:
params:
title: (L1) Ensure 'Minimum password age' is set to '1 or more day(s)'
unique_title: ensure_minimum_password_age_is_set_to_1_or_more_days
type: ensure_policy_value
policy: Minimum password age
comparitor: 1
operator: ">="
and_not_zero: false
comparitor_loose: 1 or more day(s)
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 1
comparitor_typed: 1
actual_policy_value: "0"
actual_policy_value_typed: 0
1_1_4:
compliancy: noncompliant
state: "0"
title: (L1) Ensure 'Minimum password length' is set to '14 or more character(s)'
debug_data:
params:
title: (L1) Ensure 'Minimum password length' is set to '14 or more character(s)'
unique_title: ensure_minimum_password_length_is_set_to_14_or_more_characters
type: ensure_policy_value
policy: Minimum password length
comparitor: 14
operator: ">="
and_not_zero: false
comparitor_loose: 14 or more character(s)
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 14
comparitor_typed: 14
actual_policy_value: "0"
actual_policy_value_typed: 0
1_2_1:
compliancy: noncompliant
state: ~
message: actual value or comparitor is nil
title: (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'
debug_data:
params:
title: (L1) Ensure 'Account lockout duration' is set to '15 or more minute(s)'
unique_title: ensure_account_lockout_duration_is_set_to_15_or_more_minutes
type: ensure_policy_value
policy: Account lockout duration
comparitor: 15
operator: ">="
and_not_zero: false
comparitor_loose: 15 or more minute(s)
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 15
comparitor_typed: 15
actual_policy_value: ~
actual_policy_value_typed: ~
1_2_2:
compliancy: noncompliant
state: "0"
title: (L1) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'
debug_data:
params:
title: (L1) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0'
unique_title: ensure_account_lockout_threshold_is_set_to_10_or_fewer_invalid_logon_attempts_but_not_0
type: ensure_policy_value
policy: Account lockout threshold
comparitor: 10
operator: <=
and_not_zero: true
comparitor_loose: 10 or fewer invalid logon attempt(s), but not 0
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 10
comparitor_typed: 10
actual_policy_value: "0"
actual_policy_value_typed: 0
1_2_3:
compliancy: noncompliant
state: ~
message: actual value or comparitor is nil
title: (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'
debug_data:
params:
title: (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)'
unique_title: ensure_reset_account_lockout_counter_after_is_set_to_15_or_more_minutes
type: ensure_policy_value
policy: Reset account lockout counter after
comparitor: 15
operator: ">="
and_not_zero: false
comparitor_loose: 15 or more minute(s)
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 15
comparitor_typed: 15
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_7:
compliancy: noncompliant
state: "*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551"
message: comparitor is a String but actual value is not (it's a Array), or the downcased strings do not match
title: (L1) Ensure 'Allow log on locally' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Allow log on locally' is set to 'Administrators'
unique_title: ensure_allow_log_on_locally_is_set_to_administrators
type: ensure_policy_value
policy: Allow log on locally
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551"
actual_policy_value_typed:
- Administrators
- "*S-1-5-32-545"
- "*S-1-5-32-551"
2_2_10:
compliancy: noncompliant
state: "*S-1-5-32-544,*S-1-5-32-551"
message: comparitor is a String but actual value is not (it's a Array), or the downcased strings do not match
title: (L1) Ensure 'Back up files and directories' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Back up files and directories' is set to 'Administrators'
unique_title: ensure_back_up_files_and_directories_is_set_to_administrators
type: ensure_policy_value
policy: Back up files and directories
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544,*S-1-5-32-551"
actual_policy_value_typed:
- Administrators
- "*S-1-5-32-551"
2_2_45:
compliancy: noncompliant
state: "*S-1-5-32-544,*S-1-5-32-551"
message: comparitor is a String but actual value is not (it's a Array), or the downcased strings do not match
title: (L1) Ensure 'Restore files and directories' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Restore files and directories' is set to 'Administrators'
unique_title: ensure_restore_files_and_directories_is_set_to_administrators
type: ensure_policy_value
policy: Restore files and directories
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544,*S-1-5-32-551"
actual_policy_value_typed:
- Administrators
- "*S-1-5-32-551"
2_2_46:
compliancy: noncompliant
state: "*S-1-5-32-544,*S-1-5-32-551"
message: comparitor is a String but actual value is not (it's a Array), or the downcased strings do not match
title: (L1) Ensure 'Shut down the system' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Shut down the system' is set to 'Administrators'
unique_title: ensure_shut_down_the_system_is_set_to_administrators
type: ensure_policy_value
policy: Shut down the system
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544,*S-1-5-32-551"
actual_policy_value_typed:
- Administrators
- "*S-1-5-32-551"
2_3_1_1:
compliancy: noncompliant
state: "1"
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Accounts: Administrator account status' is set to 'Disabled' (MS only)"
debug_data:
params:
title: "(L1) Ensure 'Accounts: Administrator account status' is set to 'Disabled' (MS only)"
unique_title: ensure_accounts_administrator_account_status_is_set_to_disabled_ms_only
type: ensure_policy_value
policy: "Accounts: Administrator account status"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "1"
actual_policy_value_typed: 1
2_3_1_2:
compliancy: noncompliant
state: ~
message: comparitor is a String but actual value is not (it's a NilClass), or the downcased strings do not match
title: "(L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'"
debug_data:
params:
title: "(L1) Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts'"
unique_title: ensure_accounts_block_microsoft_accounts_is_set_to_users_cant_add_or_log_on_with_microsoft_accounts
type: ensure_policy_value
policy: "Accounts: Block Microsoft accounts"
comparitor: Users can't add or log on with Microsoft accounts
operator: ==
and_not_zero: false
comparitor_loose: Users can't add or log on with Microsoft accounts
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Users can't add or log on with Microsoft accounts
comparitor_typed: Users can't add or log on with Microsoft accounts
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_2_1:
compliancy: noncompliant
state: ~
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled'"
unique_title: ensure_audit_force_audit_policy_subcategory_settings_windows_vista_or_later_to_override_audit_policy_category_settings_is_set_to_enabled
type: ensure_policy_value
policy: "Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_4_1:
compliancy: noncompliant
state: ~
message: comparitor is a String but actual value is not (it's a NilClass), or the downcased strings do not match
title: "(L1) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators'"
debug_data:
params:
title: "(L1) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators'"
unique_title: ensure_devices_allowed_to_format_and_eject_removable_media_is_set_to_administrators
type: ensure_policy_value
policy: "Devices: Allowed to format and eject removable media"
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_7_1:
compliancy: noncompliant
state: "4,0"
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled'"
unique_title: ensure_interactive_logon_do_not_display_last_user_name_is_set_to_enabled
type: ensure_policy_value
policy: "Interactive logon: Do not display last user name"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_7_3:
compliancy: noncompliant
state: ~
message: actual value or comparitor is nil
title: "(L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'"
debug_data:
params:
title: "(L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0'"
unique_title: ensure_interactive_logon_machine_inactivity_limit_is_set_to_900_or_fewer_seconds_but_not_0
type: ensure_policy_value
policy: "Interactive logon: Machine inactivity limit"
comparitor: 900
operator: <=
and_not_zero: true
comparitor_loose: 900 or fewer second(s), but not 0
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 900
comparitor_typed: 900
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_7_7:
compliancy: noncompliant
state: "4,5"
message: comparitor is a String but actual value is not (it's a Integer), or the downcased strings do not match
title: "(L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'"
debug_data:
params:
title: "(L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days'"
unique_title: ensure_interactive_logon_prompt_user_to_change_password_before_expiration_is_set_to_between_5_and_14_days
type: ensure_policy_value
policy: "Interactive logon: Prompt user to change password before expiration"
comparitor: between 5 and 14 days
operator: ==
and_not_zero: false
comparitor_loose: between 5 and 14 days
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: between 5 and 14 days
comparitor_typed: between 5 and 14 days
actual_policy_value: "4,5"
actual_policy_value_typed: 5
2_3_7_8:
compliancy: noncompliant
state: ~
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only)"
debug_data:
params:
title: "(L1) Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only)"
unique_title: ensure_interactive_logon_require_domain_controller_authentication_to_unlock_workstation_is_set_to_enabled_ms_only
type: ensure_policy_value
policy: "Interactive logon: Require Domain Controller Authentication to unlock workstation"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_7_9:
compliancy: noncompliant
state: 1,"0"
message: comparitor is a String but actual value is not (it's a String), or the downcased strings do not match
title: "(L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher"
debug_data:
params:
title: "(L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher"
unique_title: ensure_interactive_logon_smart_card_removal_behavior_is_set_to_lock_workstation_or_higher
type: ensure_policy_value
policy: "Interactive logon: Smart card removal behavior"
comparitor: Lock Workstation
operator: ==
and_not_zero: false
comparitor_loose: Lock Workstation
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
comparitor: Lock Workstation
comparitor_typed: Lock Workstation
actual_policy_value: 1,"0"
actual_policy_value_typed: 1,"0"
2_3_8_1:
compliancy: noncompliant
state: "4,0"
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'"
unique_title: ensure_microsoft_network_client_digitally_sign_communications_always_is_set_to_enabled
type: ensure_policy_value
policy: "Microsoft network client: Digitally sign communications (always)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_9_2:
compliancy: noncompliant
state: "4,0"
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Microsoft network server: Digitally sign communications (always)' is set to 'Enabled'"
unique_title: ensure_microsoft_network_server_digitally_sign_communications_always_is_set_to_enabled
type: ensure_policy_value
policy: "Microsoft network server: Digitally sign communications (always)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_9_3:
compliancy: noncompliant
state: "4,0"
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled'"
unique_title: ensure_microsoft_network_server_digitally_sign_communications_if_client_agrees_is_set_to_enabled
type: ensure_policy_value
policy: "Microsoft network server: Digitally sign communications (if client agrees)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_9_5:
compliancy: noncompliant
state: ~
message: comparitor is a String but actual value is not (it's a NilClass), or the downcased strings do not match
title: "(L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)"
debug_data:
params:
title: "(L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only)"
unique_title: ensure_microsoft_network_server_server_spn_target_name_validation_level_is_set_to_accept_if_provided_by_client_or_higher_ms_only
type: ensure_policy_value
policy: "Microsoft network server: Server SPN target name validation level"
comparitor: Accept if provided by client
operator: ==
and_not_zero: false
comparitor_loose: Accept if provided by client
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Accept if provided by client
comparitor_typed: Accept if provided by client
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_10_1:
compliancy: noncompliant
state: ~
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'"
debug_data:
params:
title: "(L1) Ensure 'Network access: Allow anonymous SID/Name translation' is set to 'Disabled'"
unique_title: ensure_network_access_allow_anonymous_sidname_translation_is_set_to_disabled
type: ensure_policy_value
policy: "Network access: Allow anonymous SID/Name translation"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_10_3:
compliancy: noncompliant
state: "4,0"
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' (MS only)"
debug_data:
params:
title: "(L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' (MS only)"
unique_title: ensure_network_access_do_not_allow_anonymous_enumeration_of_sam_accounts_and_shares_is_set_to_enabled_ms_only
type: ensure_policy_value
policy: "Network access: Do not allow anonymous enumeration of SAM accounts and shares"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_10_12:
compliancy: noncompliant
state: ~
message: comparitor is a String but actual value is not (it's a NilClass), or the downcased strings do not match
title: "(L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'"
debug_data:
params:
title: "(L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None'"
unique_title: ensure_network_access_shares_that_can_be_accessed_anonymously_is_set_to_none
type: ensure_policy_value
policy: "Network access: Shares that can be accessed anonymously"
comparitor: None
operator: ==
and_not_zero: false
comparitor_loose: None
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: None
comparitor_typed: None
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_10_13:
compliancy: noncompliant
state: "4,0"
message: comparitor is a String but actual value is not (it's a Integer), or the downcased strings do not match
title: "(L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'"
debug_data:
params:
title: "(L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves'"
unique_title: ensure_network_access_sharing_and_security_model_for_local_accounts_is_set_to_classic_local_users_authenticate_as_themselves
type: ensure_policy_value
policy: "Network access: Sharing and security model for local accounts"
comparitor: Classic - local users authenticate as themselves
operator: ==
and_not_zero: false
comparitor_loose: Classic - local users authenticate as themselves
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Classic - local users authenticate as themselves
comparitor_typed: Classic - local users authenticate as themselves
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_11_1:
compliancy: noncompliant
state: ~
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Network security: Allow Local System to use computer identity for NTLM' is set to 'Enabled'"
unique_title: ensure_network_security_allow_local_system_to_use_computer_identity_for_ntlm_is_set_to_enabled
type: ensure_policy_value
policy: "Network security: Allow Local System to use computer identity for NTLM"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_11_6:
compliancy: noncompliant
state: "0"
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Network security: Force logoff when logon hours expire' is set to 'Enabled'"
unique_title: ensure_network_security_force_logoff_when_logon_hours_expire_is_set_to_enabled
type: ensure_policy_value
policy: "Network security: Force logoff when logon hours expire"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "0"
actual_policy_value_typed: 0
2_3_11_7:
compliancy: noncompliant
state: ~
message: comparitor is a String but actual value is not (it's a NilClass), or the downcased strings do not match
title: "(L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'"
debug_data:
params:
title: "(L1) Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM'"
unique_title: ensure_network_security_lan_manager_authentication_level_is_set_to_send_ntlmv2_response_only_refuse_lm_ntlm
type: ensure_policy_value
policy: "Network security: LAN Manager authentication level"
comparitor: Send NTLMv2 response only. Refuse LM & NTLM
operator: ==
and_not_zero: false
comparitor_loose: Send NTLMv2 response only. Refuse LM & NTLM
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Send NTLMv2 response only. Refuse LM & NTLM
comparitor_typed: Send NTLMv2 response only. Refuse LM & NTLM
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_11_8:
compliancy: noncompliant
state: "4,1"
message: comparitor is a String but actual value is not (it's a Integer), or the downcased strings do not match
title: "(L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher"
debug_data:
params:
title: "(L1) Ensure 'Network security: LDAP client signing requirements' is set to 'Negotiate signing' or higher"
unique_title: ensure_network_security_ldap_client_signing_requirements_is_set_to_negotiate_signing_or_higher
type: ensure_policy_value
policy: "Network security: LDAP client signing requirements"
comparitor: Negotiate signing
operator: ==
and_not_zero: false
comparitor_loose: Negotiate signing
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Negotiate signing
comparitor_typed: Negotiate signing
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_17_1:
compliancy: noncompliant
state: ~
message: Comparitor is not a String or Array and is not equal to the actual policy value
title: "(L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Admin Approval Mode for the Built-in Administrator account' is set to 'Enabled'"
unique_title: ensure_user_account_control_admin_approval_mode_for_the_built_in_administrator_account_is_set_to_enabled
type: ensure_policy_value
policy: "User Account Control: Admin Approval Mode for the Built-in Administrator account"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: ~
actual_policy_value_typed: ~
2_3_17_3:
compliancy: noncompliant
state: "4,5"
message: comparitor is a String but actual value is not (it's a Integer), or the downcased strings do not match
title: "(L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop'"
unique_title: ensure_user_account_control_behavior_of_the_elevation_prompt_for_administrators_in_admin_approval_mode_is_set_to_prompt_for_consent_on_the_secure_desktop
type: ensure_policy_value
policy: "User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode"
comparitor: Prompt for consent on the secure desktop
operator: ==
and_not_zero: false
comparitor_loose: Prompt for consent on the secure desktop
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Prompt for consent on the secure desktop
comparitor_typed: Prompt for consent on the secure desktop
actual_policy_value: "4,5"
actual_policy_value_typed: 5
2_3_17_4:
compliancy: noncompliant
state: "4,3"
message: comparitor is a String but actual value is not (it's a Integer), or the downcased strings do not match
title: "(L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests'"
unique_title: ensure_user_account_control_behavior_of_the_elevation_prompt_for_standard_users_is_set_to_automatically_deny_elevation_requests
type: ensure_policy_value
policy: "User Account Control: Behavior of the elevation prompt for standard users"
comparitor: Automatically deny elevation requests
operator: ==
and_not_zero: false
comparitor_loose: Automatically deny elevation requests
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Automatically deny elevation requests
comparitor_typed: Automatically deny elevation requests
actual_policy_value: "4,3"
actual_policy_value_typed: 3
compliant:
1_1_2:
compliancy: compliant
state: 42
title: (L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'
debug_data:
params:
title: (L1) Ensure 'Maximum password age' is set to '60 or fewer days, but not 0'
unique_title: ensure_maximum_password_age_is_set_to_60_or_fewer_days_but_not_0
type: ensure_policy_value
policy: Maximum password age
comparitor: 60
operator: <=
and_not_zero: true
comparitor_loose: 60 or fewer days, but not 0
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 60
comparitor_typed: 60
actual_policy_value: "42"
actual_policy_value_typed: 42
1_1_5:
compliancy: compliant
state: 1
title: (L1) Ensure 'Password must meet complexity requirements' is set to 'Enabled'
debug_data:
params:
title: (L1) Ensure 'Password must meet complexity requirements' is set to 'Enabled'
unique_title: ensure_password_must_meet_complexity_requirements_is_set_to_enabled
type: ensure_policy_value
policy: Password must meet complexity requirements
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "1"
actual_policy_value_typed: 1
1_1_6:
compliancy: compliant
state: 0
title: (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'
debug_data:
params:
title: (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled'
unique_title: ensure_store_passwords_using_reversible_encryption_is_set_to_disabled
type: ensure_policy_value
policy: Store passwords using reversible encryption
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "0"
actual_policy_value_typed: 0
2_2_1:
compliancy: compliant
state: ~
title: (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'
debug_data:
params:
title: (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One'
unique_title: ensure_access_credential_manager_as_a_trusted_caller_is_set_to_no_one
type: ensure_policy_value
policy: Access Credential Manager as a trusted caller
comparitor: No One
operator: ==
and_not_zero: false
comparitor_loose: No One
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: No One
comparitor_typed: ~
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_4:
compliancy: compliant
state: ~
title: (L1) Ensure 'Act as part of the operating system' is set to 'No One'
debug_data:
params:
title: (L1) Ensure 'Act as part of the operating system' is set to 'No One'
unique_title: ensure_act_as_part_of_the_operating_system_is_set_to_no_one
type: ensure_policy_value
policy: Act as part of the operating system
comparitor: No One
operator: ==
and_not_zero: false
comparitor_loose: No One
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: No One
comparitor_typed: ~
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_6:
compliancy: compliant
state:
- Local Service
- Network Service
- Administrators
title: (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'
debug_data:
params:
title: (L1) Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE'
unique_title: ensure_adjust_memory_quotas_for_a_process_is_set_to_administrators_local_service_network_service
type: ensure_policy_value
policy: Adjust memory quotas for a process
comparitor:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
operator: ==
and_not_zero: false
comparitor_loose: Administrators, LOCAL SERVICE, NETWORK SERVICE
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
comparitor_typed:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
actual_policy_value: "*S-1-5-19,*S-1-5-20,*S-1-5-32-544"
actual_policy_value_typed:
- Local Service
- Network Service
- Administrators
2_2_9:
compliancy: compliant
state:
- Administrators
- Remote Desktop Users
title: (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (MS only)
debug_data:
params:
title: (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (MS only)
unique_title: ensure_allow_log_on_through_remote_desktop_services_is_set_to_administrators_remote_desktop_users_ms_only
type: ensure_policy_value
policy: Allow log on through Remote Desktop Services
comparitor:
- Administrators
- Remote Desktop Users
operator: ==
and_not_zero: false
comparitor_loose: Administrators, Remote Desktop Users
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor:
- Administrators
- Remote Desktop Users
comparitor_typed:
- Administrators
- Remote Desktop Users
actual_policy_value: "*S-1-5-32-544,*S-1-5-32-555"
actual_policy_value_typed:
- Administrators
- Remote Desktop Users
2_2_11:
compliancy: compliant
state:
- Local Service
- Administrators
title: (L1) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'
debug_data:
params:
title: (L1) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE'
unique_title: ensure_change_the_system_time_is_set_to_administrators_local_service
type: ensure_policy_value
policy: Change the system time
comparitor:
- Administrators
- LOCAL SERVICE
operator: ==
and_not_zero: false
comparitor_loose: Administrators, LOCAL SERVICE
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor:
- Administrators
- LOCAL SERVICE
comparitor_typed:
- Administrators
- LOCAL SERVICE
actual_policy_value: "*S-1-5-19,*S-1-5-32-544"
actual_policy_value_typed:
- Local Service
- Administrators
2_2_12:
compliancy: compliant
state:
- Local Service
- Administrators
title: (L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'
debug_data:
params:
title: (L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE'
unique_title: ensure_change_the_time_zone_is_set_to_administrators_local_service
type: ensure_policy_value
policy: Change the time zone
comparitor:
- Administrators
- LOCAL SERVICE
operator: ==
and_not_zero: false
comparitor_loose: Administrators, LOCAL SERVICE
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor:
- Administrators
- LOCAL SERVICE
comparitor_typed:
- Administrators
- LOCAL SERVICE
actual_policy_value: "*S-1-5-19,*S-1-5-32-544"
actual_policy_value_typed:
- Local Service
- Administrators
2_2_13:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Create a pagefile' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Create a pagefile' is set to 'Administrators'
unique_title: ensure_create_a_pagefile_is_set_to_administrators
type: ensure_policy_value
policy: Create a pagefile
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_14:
compliancy: compliant
state: ~
title: (L1) Ensure 'Create a token object' is set to 'No One'
debug_data:
params:
title: (L1) Ensure 'Create a token object' is set to 'No One'
unique_title: ensure_create_a_token_object_is_set_to_no_one
type: ensure_policy_value
policy: Create a token object
comparitor: No One
operator: ==
and_not_zero: false
comparitor_loose: No One
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: No One
comparitor_typed: ~
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_15:
compliancy: compliant
state:
- Local Service
- Network Service
- Administrators
- Service
title: (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'
debug_data:
params:
title: (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE'
unique_title: ensure_create_global_objects_is_set_to_administrators_local_service_network_service_service
type: ensure_policy_value
policy: Create global objects
comparitor:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
- SERVICE
operator: ==
and_not_zero: false
comparitor_loose: Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
- SERVICE
comparitor_typed:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
- SERVICE
actual_policy_value: "*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6"
actual_policy_value_typed:
- Local Service
- Network Service
- Administrators
- Service
2_2_16:
compliancy: compliant
state: ~
title: (L1) Ensure 'Create permanent shared objects' is set to 'No One'
debug_data:
params:
title: (L1) Ensure 'Create permanent shared objects' is set to 'No One'
unique_title: ensure_create_permanent_shared_objects_is_set_to_no_one
type: ensure_policy_value
policy: Create permanent shared objects
comparitor: No One
operator: ==
and_not_zero: false
comparitor_loose: No One
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: No One
comparitor_typed: ~
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_18:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (MS only)
debug_data:
params:
title: (L1) Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (MS only)
unique_title: ensure_create_symbolic_links_is_set_to_administrators_nt_virtual_machine_virtual_machines_ms_only
type: ensure_policy_value
policy: Create symbolic links
comparitor:
- Administrators
- NT VIRTUAL MACHINE\Virtual Machines
operator: ==
and_not_zero: false
comparitor_loose: Administrators, NT VIRTUAL MACHINE\Virtual Machines
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor:
- Administrators
- NT VIRTUAL MACHINE\Virtual Machines
comparitor_typed:
- Administrators
- NT VIRTUAL MACHINE\Virtual Machines
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_19:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Debug programs' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Debug programs' is set to 'Administrators'
unique_title: ensure_debug_programs_is_set_to_administrators
type: ensure_policy_value
policy: Debug programs
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_21:
compliancy: compliant
state: ~
title: (L1) Ensure 'Deny access to this computer from the network' is set to 'Guests, Local account and member of Administrators group' (MS only)
debug_data:
params:
title: (L1) Ensure 'Deny access to this computer from the network' is set to 'Guests, Local account and member of Administrators group' (MS only)
unique_title: ensure_deny_access_to_this_computer_from_the_network_is_set_to_guests_local_account_and_member_of_administrators_group_ms_only
type: ensure_policy_value
policy: Deny access to this computer from the network
comparitor:
- Guests
- Local account and member of Administrators group
operator: ==
and_not_zero: false
comparitor_loose: Guests, Local account and member of Administrators group
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor:
- Guests
- Local account and member of Administrators group
comparitor_typed:
- Guests
- Local account and member of Administrators group
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_26:
compliancy: compliant
state: ~
title: (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)
debug_data:
params:
title: (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only)
unique_title: ensure_deny_log_on_through_remote_desktop_services_is_set_to_guests_local_account_ms_only
type: ensure_policy_value
policy: Deny log on through Remote Desktop Services
comparitor:
- Guests
- Local account
operator: ==
and_not_zero: false
comparitor_loose: Guests, Local account
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor:
- Guests
- Local account
comparitor_typed:
- Guests
- Local account
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_28:
compliancy: compliant
state: ~
title: (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only)
debug_data:
params:
title: (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' (MS only)
unique_title: ensure_enable_computer_and_user_accounts_to_be_trusted_for_delegation_is_set_to_no_one_ms_only
type: ensure_policy_value
policy: Enable computer and user accounts to be trusted for delegation
comparitor: No One
operator: ==
and_not_zero: false
comparitor_loose: No One
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: No One
comparitor_typed: ~
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_29:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators'
unique_title: ensure_force_shutdown_from_a_remote_system_is_set_to_administrators
type: ensure_policy_value
policy: Force shutdown from a remote system
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_30:
compliancy: compliant
state:
- Local Service
- Network Service
title: (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'
debug_data:
params:
title: (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE'
unique_title: ensure_generate_security_audits_is_set_to_local_service_network_service
type: ensure_policy_value
policy: Generate security audits
comparitor:
- LOCAL SERVICE
- NETWORK SERVICE
operator: ==
and_not_zero: false
comparitor_loose: LOCAL SERVICE, NETWORK SERVICE
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor:
- LOCAL SERVICE
- NETWORK SERVICE
comparitor_typed:
- LOCAL SERVICE
- NETWORK SERVICE
actual_policy_value: "*S-1-5-19,*S-1-5-20"
actual_policy_value_typed:
- Local Service
- Network Service
2_2_32:
compliancy: compliant
state:
- Local Service
- Network Service
- Administrators
- Service
title: (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS' (MS only)
debug_data:
params:
title: (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS' (MS only)
unique_title: ensure_impersonate_a_client_after_authentication_is_set_to_administrators_local_service_network_service_service_and_when_the_web_server_iis_role_with_web_services_role_service_is_installed_iis_iusrs_ms_only
type: ensure_policy_value
policy: Impersonate a client after authentication
comparitor:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
- SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS
operator: ==
and_not_zero: false
comparitor_loose: Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
- SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS
comparitor_typed:
- Administrators
- LOCAL SERVICE
- NETWORK SERVICE
- SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS
actual_policy_value: "*S-1-5-19,*S-1-5-20,*S-1-5-32-544,*S-1-5-6"
actual_policy_value_typed:
- Local Service
- Network Service
- Administrators
- Service
2_2_33:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Increase scheduling priority' is set to 'Administrators'
unique_title: ensure_increase_scheduling_priority_is_set_to_administrators
type: ensure_policy_value
policy: Increase scheduling priority
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_34:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Load and unload device drivers' is set to 'Administrators'
unique_title: ensure_load_and_unload_device_drivers_is_set_to_administrators
type: ensure_policy_value
policy: Load and unload device drivers
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_35:
compliancy: compliant
state: ~
title: (L1) Ensure 'Lock pages in memory' is set to 'No One'
debug_data:
params:
title: (L1) Ensure 'Lock pages in memory' is set to 'No One'
unique_title: ensure_lock_pages_in_memory_is_set_to_no_one
type: ensure_policy_value
policy: Lock pages in memory
comparitor: No One
operator: ==
and_not_zero: false
comparitor_loose: No One
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: No One
comparitor_typed: ~
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_38:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' (MS only)
debug_data:
params:
title: (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' (MS only)
unique_title: ensure_manage_auditing_and_security_log_is_set_to_administrators_ms_only
type: ensure_policy_value
policy: Manage auditing and security log
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_39:
compliancy: compliant
state: ~
title: (L1) Ensure 'Modify an object label' is set to 'No One'
debug_data:
params:
title: (L1) Ensure 'Modify an object label' is set to 'No One'
unique_title: ensure_modify_an_object_label_is_set_to_no_one
type: ensure_policy_value
policy: Modify an object label
comparitor: No One
operator: ==
and_not_zero: false
comparitor_loose: No One
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: No One
comparitor_typed: ~
actual_policy_value: ~
actual_policy_value_typed: ~
2_2_40:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Modify firmware environment values' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Modify firmware environment values' is set to 'Administrators'
unique_title: ensure_modify_firmware_environment_values_is_set_to_administrators
type: ensure_policy_value
policy: Modify firmware environment values
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_41:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators'
unique_title: ensure_perform_volume_maintenance_tasks_is_set_to_administrators
type: ensure_policy_value
policy: Perform volume maintenance tasks
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_42:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Profile single process' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Profile single process' is set to 'Administrators'
unique_title: ensure_profile_single_process_is_set_to_administrators
type: ensure_policy_value
policy: Profile single process
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_2_43:
compliancy: compliant
state:
- Administrators
- "*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"
title: (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'
debug_data:
params:
title: (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost'
unique_title: ensure_profile_system_performance_is_set_to_administrators_nt_service_wdiservicehost
type: ensure_policy_value
policy: Profile system performance
comparitor:
- Administrators
- NT SERVICE\WdiServiceHost
operator: ==
and_not_zero: false
comparitor_loose: Administrators, NT SERVICE\WdiServiceHost
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor:
- Administrators
- NT SERVICE\WdiServiceHost
comparitor_typed:
- Administrators
- NT SERVICE\WdiServiceHost
actual_policy_value: "*S-1-5-32-544,*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"
actual_policy_value_typed:
- Administrators
- "*S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"
2_2_44:
compliancy: compliant
state:
- Local Service
- Network Service
title: (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'
debug_data:
params:
title: (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE'
unique_title: ensure_replace_a_process_level_token_is_set_to_local_service_network_service
type: ensure_policy_value
policy: Replace a process level token
comparitor:
- LOCAL SERVICE
- NETWORK SERVICE
operator: ==
and_not_zero: false
comparitor_loose: LOCAL SERVICE, NETWORK SERVICE
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor:
- LOCAL SERVICE
- NETWORK SERVICE
comparitor_typed:
- LOCAL SERVICE
- NETWORK SERVICE
actual_policy_value: "*S-1-5-19,*S-1-5-20"
actual_policy_value_typed:
- Local Service
- Network Service
2_2_48:
compliancy: compliant
state: Administrators
title: (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators'
debug_data:
params:
title: (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators'
unique_title: ensure_take_ownership_of_files_or_other_objects_is_set_to_administrators
type: ensure_policy_value
policy: Take ownership of files or other objects
comparitor: Administrators
operator: ==
and_not_zero: false
comparitor_loose: Administrators
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Administrators
comparitor_typed: Administrators
actual_policy_value: "*S-1-5-32-544"
actual_policy_value_typed: Administrators
2_3_1_3:
compliancy: compliant
state: 0
title: "(L1) Ensure 'Accounts: Guest account status' is set to 'Disabled' (MS only)"
debug_data:
params:
title: "(L1) Ensure 'Accounts: Guest account status' is set to 'Disabled' (MS only)"
unique_title: ensure_accounts_guest_account_status_is_set_to_disabled_ms_only
type: ensure_policy_value
policy: "Accounts: Guest account status"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "0"
actual_policy_value_typed: 0
2_3_1_4:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled'"
unique_title: ensure_accounts_limit_local_account_use_of_blank_passwords_to_console_logon_only_is_set_to_enabled
type: ensure_policy_value
policy: "Accounts: Limit local account use of blank passwords to console logon only"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_2_2:
compliancy: compliant
state: 0
title: "(L1) Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'"
debug_data:
params:
title: "(L1) Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled'"
unique_title: ensure_audit_shut_down_system_immediately_if_unable_to_log_security_audits_is_set_to_disabled
type: ensure_policy_value
policy: "Audit: Shut down system immediately if unable to log security audits"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_4_2:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled'"
unique_title: ensure_devices_prevent_users_from_installing_printer_drivers_is_set_to_enabled
type: ensure_policy_value
policy: "Devices: Prevent users from installing printer drivers"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_6_1:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Domain member: Digitally encrypt or sign secure channel data (always)' is set to 'Enabled'"
unique_title: ensure_domain_member_digitally_encrypt_or_sign_secure_channel_data_always_is_set_to_enabled
type: ensure_policy_value
policy: "Domain member: Digitally encrypt or sign secure channel data (always)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_6_2:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled'"
unique_title: ensure_domain_member_digitally_encrypt_secure_channel_data_when_possible_is_set_to_enabled
type: ensure_policy_value
policy: "Domain member: Digitally encrypt secure channel data (when possible)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_6_3:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled'"
unique_title: ensure_domain_member_digitally_sign_secure_channel_data_when_possible_is_set_to_enabled
type: ensure_policy_value
policy: "Domain member: Digitally sign secure channel data (when possible)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_6_4:
compliancy: compliant
state: 0
title: "(L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'"
debug_data:
params:
title: "(L1) Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled'"
unique_title: ensure_domain_member_disable_machine_account_password_changes_is_set_to_disabled
type: ensure_policy_value
policy: "Domain member: Disable machine account password changes"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_6_5:
compliancy: compliant
state: 30
title: "(L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'"
debug_data:
params:
title: "(L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'"
unique_title: ensure_domain_member_maximum_machine_account_password_age_is_set_to_30_or_fewer_days_but_not_0
type: ensure_policy_value
policy: "Domain member: Maximum machine account password age"
comparitor: 30
operator: <=
and_not_zero: true
comparitor_loose: 30 or fewer days, but not 0
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 30
comparitor_typed: 30
actual_policy_value: "4,30"
actual_policy_value_typed: 30
2_3_6_6:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled'"
unique_title: ensure_domain_member_require_strong_windows_2000_or_later_session_key_is_set_to_enabled
type: ensure_policy_value
policy: "Domain member: Require strong (Windows 2000 or later) session key"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_7_2:
compliancy: compliant
state: 0
title: "(L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'"
debug_data:
params:
title: "(L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled'"
unique_title: ensure_interactive_logon_do_not_require_ctrlaltdel_is_set_to_disabled
type: ensure_policy_value
policy: "Interactive logon: Do not require CTRL+ALT+DEL"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_8_2:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Microsoft network client: Digitally sign communications (if server agrees)' is set to 'Enabled'"
unique_title: ensure_microsoft_network_client_digitally_sign_communications_if_server_agrees_is_set_to_enabled
type: ensure_policy_value
policy: "Microsoft network client: Digitally sign communications (if server agrees)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_8_3:
compliancy: compliant
state: 0
title: "(L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'"
debug_data:
params:
title: "(L1) Ensure 'Microsoft network client: Send unencrypted password to third-party SMB servers' is set to 'Disabled'"
unique_title: ensure_microsoft_network_client_send_unencrypted_password_to_third_party_smb_servers_is_set_to_disabled
type: ensure_policy_value
policy: "Microsoft network client: Send unencrypted password to third-party SMB servers"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_9_1:
compliancy: compliant
state: 15
title: "(L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0'"
debug_data:
params:
title: "(L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s), but not 0'"
unique_title: ensure_microsoft_network_server_amount_of_idle_time_required_before_suspending_session_is_set_to_15_or_fewer_minutes_but_not_0
type: ensure_policy_value
policy: "Microsoft network server: Amount of idle time required before suspending session"
comparitor: 15
operator: <=
and_not_zero: true
comparitor_loose: 15 or fewer minute(s), but not 0
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: 15
comparitor_typed: 15
actual_policy_value: "4,15"
actual_policy_value_typed: 15
2_3_9_4:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Microsoft network server: Disconnect clients when logon hours expire' is set to 'Enabled'"
unique_title: ensure_microsoft_network_server_disconnect_clients_when_logon_hours_expire_is_set_to_enabled
type: ensure_policy_value
policy: "Microsoft network server: Disconnect clients when logon hours expire"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_10_2:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (MS only)"
debug_data:
params:
title: "(L1) Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (MS only)"
unique_title: ensure_network_access_do_not_allow_anonymous_enumeration_of_sam_accounts_is_set_to_enabled_ms_only
type: ensure_policy_value
policy: "Network access: Do not allow anonymous enumeration of SAM accounts"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_10_5:
compliancy: compliant
state: 0
title: "(L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'"
debug_data:
params:
title: "(L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled'"
unique_title: ensure_network_access_let_everyone_permissions_apply_to_anonymous_users_is_set_to_disabled
type: ensure_policy_value
policy: "Network access: Let Everyone permissions apply to anonymous users"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_10_10:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled'"
unique_title: ensure_network_access_restrict_anonymous_access_to_named_pipes_and_shares_is_set_to_enabled
type: ensure_policy_value
policy: "Network access: Restrict anonymous access to Named Pipes and Shares"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_11_5:
compliancy: compliant
state: 1
title: "(L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled'"
unique_title: ensure_network_security_do_not_store_lan_manager_hash_value_on_next_password_change_is_set_to_enabled
type: ensure_policy_value
policy: "Network security: Do not store LAN Manager hash value on next password change"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_11_9:
compliancy: compliant
state: 536870912
title: "(L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'"
debug_data:
params:
title: "(L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption'"
unique_title: ensure_network_security_minimum_session_security_for_ntlm_ssp_based_including_secure_rpc_clients_is_set_to_require_ntlmv2_session_security_require_128_bit_encryption
type: ensure_policy_value
policy: "Network security: Minimum session security for NTLM SSP based (including secure RPC) clients"
comparitor:
- Require NTLMv2 session security
- Require 128-bit encryption
operator: ==
and_not_zero: false
comparitor_loose: Require NTLMv2 session security, Require 128-bit encryption
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor:
- Require NTLMv2 session security
- Require 128-bit encryption
comparitor_typed:
- Require NTLMv2 session security
- Require 128-bit encryption
actual_policy_value: "4,536870912"
actual_policy_value_typed: 536870912
2_3_11_10:
compliancy: compliant
state: 536870912
title: "(L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'"
debug_data:
params:
title: "(L1) Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption'"
unique_title: ensure_network_security_minimum_session_security_for_ntlm_ssp_based_including_secure_rpc_servers_is_set_to_require_ntlmv2_session_security_require_128_bit_encryption
type: ensure_policy_value
policy: "Network security: Minimum session security for NTLM SSP based (including secure RPC) servers"
comparitor:
- Require NTLMv2 session security
- Require 128-bit encryption
operator: ==
and_not_zero: false
comparitor_loose: Require NTLMv2 session security, Require 128-bit encryption
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor:
- Require NTLMv2 session security
- Require 128-bit encryption
comparitor_typed:
- Require NTLMv2 session security
- Require 128-bit encryption
actual_policy_value: "4,536870912"
actual_policy_value_typed: 536870912
2_3_13_1:
compliancy: compliant
state: 0
title: "(L1) Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'"
debug_data:
params:
title: "(L1) Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled'"
unique_title: ensure_shutdown_allow_system_to_be_shut_down_without_having_to_log_on_is_set_to_disabled
type: ensure_policy_value
policy: "Shutdown: Allow system to be shut down without having to log on"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_15_1:
compliancy: compliant
state: 1
title: "(L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled'"
unique_title: ensure_system_objects_require_case_insensitivity_for_non_windows_subsystems_is_set_to_enabled
type: ensure_policy_value
policy: "System objects: Require case insensitivity for non-Windows subsystems"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_17_2:
compliancy: compliant
state: 0
title: "(L1) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled'"
unique_title: ensure_user_account_control_allow_uiaccess_applications_to_prompt_for_elevation_without_using_the_secure_desktop_is_set_to_disabled
type: ensure_policy_value
policy: "User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Disabled
comparitor_typed: 0
actual_policy_value: "4,0"
actual_policy_value_typed: 0
2_3_17_5:
compliancy: compliant
state: 1
title: "(L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled'"
unique_title: ensure_user_account_control_detect_application_installations_and_prompt_for_elevation_is_set_to_enabled
type: ensure_policy_value
policy: "User Account Control: Detect application installations and prompt for elevation"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_17_6:
compliancy: compliant
state: 1
title: "(L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled'"
unique_title: ensure_user_account_control_only_elevate_uiaccess_applications_that_are_installed_in_secure_locations_is_set_to_enabled
type: ensure_policy_value
policy: "User Account Control: Only elevate UIAccess applications that are installed in secure locations"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_17_7:
compliancy: compliant
state: 1
title: "(L1) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled'"
unique_title: ensure_user_account_control_run_all_administrators_in_admin_approval_mode_is_set_to_enabled
type: ensure_policy_value
policy: "User Account Control: Run all administrators in Admin Approval Mode"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_17_8:
compliancy: compliant
state: 1
title: "(L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled'"
unique_title: ensure_user_account_control_switch_to_the_secure_desktop_when_prompting_for_elevation_is_set_to_enabled
type: ensure_policy_value
policy: "User Account Control: Switch to the secure desktop when prompting for elevation"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
2_3_17_9:
compliancy: compliant
state: 1
title: "(L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'"
debug_data:
params:
title: "(L1) Ensure 'User Account Control: Virtualize file and registry write failures to per-user locations' is set to 'Enabled'"
unique_title: ensure_user_account_control_virtualize_file_and_registry_write_failures_to_per_user_locations_is_set_to_enabled
type: ensure_policy_value
policy: "User Account Control: Virtualize file and registry write failures to per-user locations"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
comparitor: Enabled
comparitor_typed: 1
actual_policy_value: "4,1"
actual_policy_value_typed: 1
unimplemented:
2_2_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only)
unimplemented_reason: "unhandled_type:snowflake"
message: "I only know how to evaluate controls with specific values. Type found: 'snowflake"
debug_data:
params:
title: (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only)
unique_title: ensure_access_this_computer_from_the_network_is_set_to_administrators_authenticated_users_ms_only
type: snowflake
policy: ~
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
2_2_22:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Deny log on as a batch job' to include 'Guests'
unimplemented_reason: no_comparitor_supplied
message: No comparitor supplied
debug_data:
params:
title: (L1) Ensure 'Deny log on as a batch job' to include 'Guests'
unique_title: ensure_deny_log_on_as_a_batch_job_to_include_guests
type: ensure_policy_value_to_include
policy: Deny log on as a batch job
comparitor: ~
operator: member
and_not_zero: false
comparitor_loose: Guests
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
2_2_23:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Deny log on as a service' to include 'Guests'
unimplemented_reason: no_comparitor_supplied
message: No comparitor supplied
debug_data:
params:
title: (L1) Ensure 'Deny log on as a service' to include 'Guests'
unique_title: ensure_deny_log_on_as_a_service_to_include_guests
type: ensure_policy_value_to_include
policy: Deny log on as a service
comparitor: ~
operator: member
and_not_zero: false
comparitor_loose: Guests
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
2_2_24:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Deny log on locally' to include 'Guests'
unimplemented_reason: no_comparitor_supplied
message: No comparitor supplied
debug_data:
params:
title: (L1) Ensure 'Deny log on locally' to include 'Guests'
unique_title: ensure_deny_log_on_locally_to_include_guests
type: ensure_policy_value_to_include
policy: Deny log on locally
comparitor: ~
operator: member
and_not_zero: false
comparitor_loose: Guests
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
2_3_1_5:
compliancy: unimplemented
state: ~
title: "(L1) Configure 'Accounts: Rename administrator account'"
unimplemented_reason: "unhandled_type:ensure_some_configuration"
message: "I only know how to evaluate controls with specific values. Type found: 'ensure_some_configuration"
debug_data:
params:
title: "(L1) Configure 'Accounts: Rename administrator account'"
unique_title: configure_accounts_rename_administrator_account
type: ensure_some_configuration
policy: "Accounts: Rename administrator account"
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
2_3_1_6:
compliancy: unimplemented
state: ~
title: "(L1) Configure 'Accounts: Rename guest account'"
unimplemented_reason: "unhandled_type:ensure_some_configuration"
message: "I only know how to evaluate controls with specific values. Type found: 'ensure_some_configuration"
debug_data:
params:
title: "(L1) Configure 'Accounts: Rename guest account'"
unique_title: configure_accounts_rename_guest_account
type: ensure_some_configuration
policy: "Accounts: Rename guest account"
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
2_3_7_4:
compliancy: unimplemented
state: ~
title: "(L1) Configure 'Interactive logon: Message text for users attempting to log on'"
unimplemented_reason: "unhandled_type:ensure_some_configuration"
message: "I only know how to evaluate controls with specific values. Type found: 'ensure_some_configuration"
debug_data:
params:
title: "(L1) Configure 'Interactive logon: Message text for users attempting to log on'"
unique_title: configure_interactive_logon_message_text_for_users_attempting_to_log_on
type: ensure_some_configuration
policy: "Interactive logon: Message text for users attempting to log on"
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
2_3_7_5:
compliancy: unimplemented
state: ~
title: "(L1) Configure 'Interactive logon: Message title for users attempting to log on'"
unimplemented_reason: "unhandled_type:ensure_some_configuration"
message: "I only know how to evaluate controls with specific values. Type found: 'ensure_some_configuration"
debug_data:
params:
title: "(L1) Configure 'Interactive logon: Message title for users attempting to log on'"
unique_title: configure_interactive_logon_message_title_for_users_attempting_to_log_on
type: ensure_some_configuration
policy: "Interactive logon: Message title for users attempting to log on"
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
2_3_10_7:
compliancy: unimplemented
state: ~
title: "(L1) Configure 'Network access: Named Pipes that can be accessed anonymously' (MS only)"
unimplemented_reason: "unhandled_type:ensure_some_configuration"
message: "I only know how to evaluate controls with specific values. Type found: 'ensure_some_configuration"
debug_data:
params:
title: "(L1) Configure 'Network access: Named Pipes that can be accessed anonymously' (MS only)"
unique_title: configure_network_access_named_pipes_that_can_be_accessed_anonymously_ms_only
type: ensure_some_configuration
policy: "Network access: Named Pipes that can be accessed anonymously"
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
2_3_10_8:
compliancy: unimplemented
state: ~
title: "(L1) Configure 'Network access: Remotely accessible registry paths'"
unimplemented_reason: "unhandled_type:ensure_some_configuration"
message: "I only know how to evaluate controls with specific values. Type found: 'ensure_some_configuration"
debug_data:
params:
title: "(L1) Configure 'Network access: Remotely accessible registry paths'"
unique_title: configure_network_access_remotely_accessible_registry_paths
type: ensure_some_configuration
policy: "Network access: Remotely accessible registry paths"
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
2_3_10_9:
compliancy: unimplemented
state: ~
title: "(L1) Configure 'Network access: Remotely accessible registry paths and sub-paths'"
unimplemented_reason: "unhandled_type:ensure_some_configuration"
message: "I only know how to evaluate controls with specific values. Type found: 'ensure_some_configuration"
debug_data:
params:
title: "(L1) Configure 'Network access: Remotely accessible registry paths and sub-paths'"
unique_title: configure_network_access_remotely_accessible_registry_paths_and_sub_paths
type: ensure_some_configuration
policy: "Network access: Remotely accessible registry paths and sub-paths"
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
2_3_10_11:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only)"
unimplemented_reason: "invalid_policy:Network access: Restrict clients allowed to make remote calls to SAM"
message: "No policy named 'Network access: Restrict clients allowed to make remote calls to SAM' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only)"
unique_title: ensure_network_access_restrict_clients_allowed_to_make_remote_calls_to_sam_is_set_to_administrators_remote_access_allow_ms_only
type: ensure_policy_value
policy: "Network access: Restrict clients allowed to make remote calls to SAM"
comparitor: "Administrators: Remote Access: Allow"
operator: ==
and_not_zero: false
comparitor_loose: "Administrators: Remote Access: Allow"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
2_3_11_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'"
unimplemented_reason: "invalid_policy:Network security: Allow LocalSystem NULL session fallback"
message: "No policy named 'Network security: Allow LocalSystem NULL session fallback' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled'"
unique_title: ensure_network_security_allow_localsystem_null_session_fallback_is_set_to_disabled
type: ensure_policy_value
policy: "Network security: Allow LocalSystem NULL session fallback"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
2_3_11_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'"
unimplemented_reason: "invalid_policy:Network Security: Allow PKU2U authentication requests to this computer to use online identities"
message: "No policy named 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'"
unique_title: ensure_network_security_allow_pku2u_authentication_requests_to_this_computer_to_use_online_identities_is_set_to_disabled
type: ensure_policy_value
policy: "Network Security: Allow PKU2U authentication requests to this computer to use online identities"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
2_3_11_4:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'"
unimplemented_reason: "invalid_policy:Network security: Configure encryption types allowed for Kerberos"
message: "No policy named 'Network security: Configure encryption types allowed for Kerberos' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types'"
unique_title: ensure_network_security_configure_encryption_types_allowed_for_kerberos_is_set_to_aes128_hmac_sha1_aes256_hmac_sha1_future_encryption_types
type: ensure_policy_value
policy: "Network security: Configure encryption types allowed for Kerberos"
comparitor:
- AES128_HMAC_SHA1
- AES256_HMAC_SHA1
- Future encryption types
operator: ==
and_not_zero: false
comparitor_loose: AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
2_3_15_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'"
unimplemented_reason: "invalid_policy:System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)"
message: "No policy named 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled'"
unique_title: ensure_system_objects_strengthen_default_permissions_of_internal_system_objects_eg_symbolic_links_is_set_to_enabled
type: ensure_policy_value
policy: "System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
9_1_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Domain: Firewall state"
message: "No policy named 'Windows Firewall: Domain: Firewall state' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'"
unique_title: ensure_windows_firewall_domain_firewall_state_is_set_to_on_recommended
type: ensure_policy_value
policy: "Windows Firewall: Domain: Firewall state"
comparitor: On (recommended)
operator: ==
and_not_zero: false
comparitor_loose: On (recommended)
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_1_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Domain: Inbound connections"
message: "No policy named 'Windows Firewall: Domain: Inbound connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'"
unique_title: ensure_windows_firewall_domain_inbound_connections_is_set_to_block_default
type: ensure_policy_value
policy: "Windows Firewall: Domain: Inbound connections"
comparitor: Block (default)
operator: ==
and_not_zero: false
comparitor_loose: Block (default)
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
9_1_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Domain: Outbound connections"
message: "No policy named 'Windows Firewall: Domain: Outbound connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)'"
unique_title: ensure_windows_firewall_domain_outbound_connections_is_set_to_allow_default
type: ensure_policy_value
policy: "Windows Firewall: Domain: Outbound connections"
comparitor: Allow (default)
operator: ==
and_not_zero: false
comparitor_loose: Allow (default)
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_1_4:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'"
unimplemented_reason: "invalid_policy:Windows Firewall: Domain: Settings: Display a notification"
message: "No policy named 'Windows Firewall: Domain: Settings: Display a notification' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Domain: Settings: Display a notification' is set to 'No'"
unique_title: ensure_windows_firewall_domain_settings_display_a_notification_is_set_to_no
type: ensure_policy_value
policy: "Windows Firewall: Domain: Settings: Display a notification"
comparitor: "No"
operator: ==
and_not_zero: false
comparitor_loose: "No"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_1_5:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\\System32\\logfiles\\firewall\\domainfw.log'"
unimplemented_reason: "invalid_policy:Windows Firewall: Domain: Logging: Name"
message: "No policy named 'Windows Firewall: Domain: Logging: Name' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SYSTEMROOT%\\System32\\logfiles\\firewall\\domainfw.log'"
unique_title: ensure_windows_firewall_domain_logging_name_is_set_to_systemroot_system32_logfiles_firewall_domainfwlog
type: ensure_policy_value
policy: "Windows Firewall: Domain: Logging: Name"
comparitor: "%SYSTEMROOT%\\System32\\logfiles\\firewall\\domainfw.log"
operator: ==
and_not_zero: false
comparitor_loose: "%SYSTEMROOT%\\System32\\logfiles\\firewall\\domainfw.log"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_1_6:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'"
unimplemented_reason: "invalid_policy:Windows Firewall: Domain: Logging: Size limit (KB)"
message: "No policy named 'Windows Firewall: Domain: Logging: Size limit (KB)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater'"
unique_title: ensure_windows_firewall_domain_logging_size_limit_kb_is_set_to_16384_kb_or_greater
type: ensure_policy_value
policy: "Windows Firewall: Domain: Logging: Size limit (KB)"
comparitor:
- "16"
- 384 KB or greater
operator: ==
and_not_zero: false
comparitor_loose: 16,384 KB or greater
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_1_7:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'"
unimplemented_reason: "invalid_policy:Windows Firewall: Domain: Logging: Log dropped packets"
message: "No policy named 'Windows Firewall: Domain: Logging: Log dropped packets' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes'"
unique_title: ensure_windows_firewall_domain_logging_log_dropped_packets_is_set_to_yes
type: ensure_policy_value
policy: "Windows Firewall: Domain: Logging: Log dropped packets"
comparitor: "Yes"
operator: ==
and_not_zero: false
comparitor_loose: "Yes"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_1_8:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'"
unimplemented_reason: "invalid_policy:Windows Firewall: Domain: Logging: Log successful connections"
message: "No policy named 'Windows Firewall: Domain: Logging: Log successful connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes'"
unique_title: ensure_windows_firewall_domain_logging_log_successful_connections_is_set_to_yes
type: ensure_policy_value
policy: "Windows Firewall: Domain: Logging: Log successful connections"
comparitor: "Yes"
operator: ==
and_not_zero: false
comparitor_loose: "Yes"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_2_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Private: Firewall state"
message: "No policy named 'Windows Firewall: Private: Firewall state' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'"
unique_title: ensure_windows_firewall_private_firewall_state_is_set_to_on_recommended
type: ensure_policy_value
policy: "Windows Firewall: Private: Firewall state"
comparitor: On (recommended)
operator: ==
and_not_zero: false
comparitor_loose: On (recommended)
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_2_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Private: Inbound connections"
message: "No policy named 'Windows Firewall: Private: Inbound connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)'"
unique_title: ensure_windows_firewall_private_inbound_connections_is_set_to_block_default
type: ensure_policy_value
policy: "Windows Firewall: Private: Inbound connections"
comparitor: Block (default)
operator: ==
and_not_zero: false
comparitor_loose: Block (default)
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
9_2_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Private: Outbound connections"
message: "No policy named 'Windows Firewall: Private: Outbound connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)'"
unique_title: ensure_windows_firewall_private_outbound_connections_is_set_to_allow_default
type: ensure_policy_value
policy: "Windows Firewall: Private: Outbound connections"
comparitor: Allow (default)
operator: ==
and_not_zero: false
comparitor_loose: Allow (default)
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_2_4:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'"
unimplemented_reason: "invalid_policy:Windows Firewall: Private: Settings: Display a notification"
message: "No policy named 'Windows Firewall: Private: Settings: Display a notification' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Private: Settings: Display a notification' is set to 'No'"
unique_title: ensure_windows_firewall_private_settings_display_a_notification_is_set_to_no
type: ensure_policy_value
policy: "Windows Firewall: Private: Settings: Display a notification"
comparitor: "No"
operator: ==
and_not_zero: false
comparitor_loose: "No"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_2_5:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\\System32\\logfiles\\firewall\\privatefw.log'"
unimplemented_reason: "invalid_policy:Windows Firewall: Private: Logging: Name"
message: "No policy named 'Windows Firewall: Private: Logging: Name' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SYSTEMROOT%\\System32\\logfiles\\firewall\\privatefw.log'"
unique_title: ensure_windows_firewall_private_logging_name_is_set_to_systemroot_system32_logfiles_firewall_privatefwlog
type: ensure_policy_value
policy: "Windows Firewall: Private: Logging: Name"
comparitor: "%SYSTEMROOT%\\System32\\logfiles\\firewall\\privatefw.log"
operator: ==
and_not_zero: false
comparitor_loose: "%SYSTEMROOT%\\System32\\logfiles\\firewall\\privatefw.log"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_2_6:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater'"
unimplemented_reason: "invalid_policy:Windows Firewall: Private: Logging: Size limit (KB)"
message: "No policy named 'Windows Firewall: Private: Logging: Size limit (KB)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater'"
unique_title: ensure_windows_firewall_private_logging_size_limit_kb_is_set_to_16384_kb_or_greater
type: ensure_policy_value
policy: "Windows Firewall: Private: Logging: Size limit (KB)"
comparitor:
- "16"
- 384 KB or greater
operator: ==
and_not_zero: false
comparitor_loose: 16,384 KB or greater
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_2_7:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'"
unimplemented_reason: "invalid_policy:Windows Firewall: Private: Logging: Log dropped packets"
message: "No policy named 'Windows Firewall: Private: Logging: Log dropped packets' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Private: Logging: Log dropped packets' is set to 'Yes'"
unique_title: ensure_windows_firewall_private_logging_log_dropped_packets_is_set_to_yes
type: ensure_policy_value
policy: "Windows Firewall: Private: Logging: Log dropped packets"
comparitor: "Yes"
operator: ==
and_not_zero: false
comparitor_loose: "Yes"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_2_8:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'"
unimplemented_reason: "invalid_policy:Windows Firewall: Private: Logging: Log successful connections"
message: "No policy named 'Windows Firewall: Private: Logging: Log successful connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes'"
unique_title: ensure_windows_firewall_private_logging_log_successful_connections_is_set_to_yes
type: ensure_policy_value
policy: "Windows Firewall: Private: Logging: Log successful connections"
comparitor: "Yes"
operator: ==
and_not_zero: false
comparitor_loose: "Yes"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_3_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Firewall state"
message: "No policy named 'Windows Firewall: Public: Firewall state' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)'"
unique_title: ensure_windows_firewall_public_firewall_state_is_set_to_on_recommended
type: ensure_policy_value
policy: "Windows Firewall: Public: Firewall state"
comparitor: On (recommended)
operator: ==
and_not_zero: false
comparitor_loose: On (recommended)
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_3_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Inbound connections"
message: "No policy named 'Windows Firewall: Public: Inbound connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)'"
unique_title: ensure_windows_firewall_public_inbound_connections_is_set_to_block_default
type: ensure_policy_value
policy: "Windows Firewall: Public: Inbound connections"
comparitor: Block (default)
operator: ==
and_not_zero: false
comparitor_loose: Block (default)
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
9_3_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Outbound connections"
message: "No policy named 'Windows Firewall: Public: Outbound connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)'"
unique_title: ensure_windows_firewall_public_outbound_connections_is_set_to_allow_default
type: ensure_policy_value
policy: "Windows Firewall: Public: Outbound connections"
comparitor: Allow (default)
operator: ==
and_not_zero: false
comparitor_loose: Allow (default)
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_3_4:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Settings: Display a notification"
message: "No policy named 'Windows Firewall: Public: Settings: Display a notification' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Settings: Display a notification' is set to 'No'"
unique_title: ensure_windows_firewall_public_settings_display_a_notification_is_set_to_no
type: ensure_policy_value
policy: "Windows Firewall: Public: Settings: Display a notification"
comparitor: "No"
operator: ==
and_not_zero: false
comparitor_loose: "No"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_3_5:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Settings: Apply local firewall rules"
message: "No policy named 'Windows Firewall: Public: Settings: Apply local firewall rules' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Settings: Apply local firewall rules' is set to 'No'"
unique_title: ensure_windows_firewall_public_settings_apply_local_firewall_rules_is_set_to_no
type: ensure_policy_value
policy: "Windows Firewall: Public: Settings: Apply local firewall rules"
comparitor: "No"
operator: ==
and_not_zero: false
comparitor_loose: "No"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_3_6:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Settings: Apply local connection security rules"
message: "No policy named 'Windows Firewall: Public: Settings: Apply local connection security rules' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No'"
unique_title: ensure_windows_firewall_public_settings_apply_local_connection_security_rules_is_set_to_no
type: ensure_policy_value
policy: "Windows Firewall: Public: Settings: Apply local connection security rules"
comparitor: "No"
operator: ==
and_not_zero: false
comparitor_loose: "No"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_3_7:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SYSTEMROOT%\\System32\\logfiles\\firewall\\publicfw.log'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Logging: Name"
message: "No policy named 'Windows Firewall: Public: Logging: Name' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SYSTEMROOT%\\System32\\logfiles\\firewall\\publicfw.log'"
unique_title: ensure_windows_firewall_public_logging_name_is_set_to_systemroot_system32_logfiles_firewall_publicfwlog
type: ensure_policy_value
policy: "Windows Firewall: Public: Logging: Name"
comparitor: "%SYSTEMROOT%\\System32\\logfiles\\firewall\\publicfw.log"
operator: ==
and_not_zero: false
comparitor_loose: "%SYSTEMROOT%\\System32\\logfiles\\firewall\\publicfw.log"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_3_8:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Logging: Size limit (KB)"
message: "No policy named 'Windows Firewall: Public: Logging: Size limit (KB)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater'"
unique_title: ensure_windows_firewall_public_logging_size_limit_kb_is_set_to_16384_kb_or_greater
type: ensure_policy_value
policy: "Windows Firewall: Public: Logging: Size limit (KB)"
comparitor:
- "16"
- 384 KB or greater
operator: ==
and_not_zero: false
comparitor_loose: 16,384 KB or greater
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
9_3_9:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Logging: Log dropped packets"
message: "No policy named 'Windows Firewall: Public: Logging: Log dropped packets' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes'"
unique_title: ensure_windows_firewall_public_logging_log_dropped_packets_is_set_to_yes
type: ensure_policy_value
policy: "Windows Firewall: Public: Logging: Log dropped packets"
comparitor: "Yes"
operator: ==
and_not_zero: false
comparitor_loose: "Yes"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
9_3_10:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'"
unimplemented_reason: "invalid_policy:Windows Firewall: Public: Logging: Log successful connections"
message: "No policy named 'Windows Firewall: Public: Logging: Log successful connections' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'"
unique_title: ensure_windows_firewall_public_logging_log_successful_connections_is_set_to_yes
type: ensure_policy_value
policy: "Windows Firewall: Public: Logging: Log successful connections"
comparitor: "Yes"
operator: ==
and_not_zero: false
comparitor_loose: "Yes"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
17_1_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Credential Validation"
message: No policy named 'Audit Credential Validation' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure'
unique_title: ensure_audit_credential_validation_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Credential Validation
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_2_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Application Group Management"
message: No policy named 'Audit Application Group Management' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'
unique_title: ensure_audit_application_group_management_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Application Group Management
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
17_2_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Computer Account Management' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Computer Account Management"
message: No policy named 'Audit Computer Account Management' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Computer Account Management' is set to 'Success and Failure'
unique_title: ensure_audit_computer_account_management_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Computer Account Management
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
17_2_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Other Account Management Events"
message: No policy named 'Audit Other Account Management Events' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Other Account Management Events' is set to 'Success and Failure'
unique_title: ensure_audit_other_account_management_events_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Other Account Management Events
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_2_5:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Security Group Management' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Security Group Management"
message: No policy named 'Audit Security Group Management' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Security Group Management' is set to 'Success and Failure'
unique_title: ensure_audit_security_group_management_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Security Group Management
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_2_6:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit User Account Management"
message: No policy named 'Audit User Account Management' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit User Account Management' is set to 'Success and Failure'
unique_title: ensure_audit_user_account_management_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit User Account Management
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_3_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit PNP Activity' is set to 'Success'
unimplemented_reason: "invalid_policy:Audit PNP Activity"
message: No policy named 'Audit PNP Activity' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit PNP Activity' is set to 'Success'
unique_title: ensure_audit_pnp_activity_is_set_to_success
type: ensure_policy_value
policy: Audit PNP Activity
comparitor: Success
operator: ==
and_not_zero: false
comparitor_loose: Success
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
17_3_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Process Creation' is set to 'Success'
unimplemented_reason: "invalid_policy:Audit Process Creation"
message: No policy named 'Audit Process Creation' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Process Creation' is set to 'Success'
unique_title: ensure_audit_process_creation_is_set_to_success
type: ensure_policy_value
policy: Audit Process Creation
comparitor: Success
operator: ==
and_not_zero: false
comparitor_loose: Success
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_5_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Account Lockout' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Account Lockout"
message: No policy named 'Audit Account Lockout' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Account Lockout' is set to 'Success and Failure'
unique_title: ensure_audit_account_lockout_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Account Lockout
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_5_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Group Membership' is set to 'Success'
unimplemented_reason: "invalid_policy:Audit Group Membership"
message: No policy named 'Audit Group Membership' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Group Membership' is set to 'Success'
unique_title: ensure_audit_group_membership_is_set_to_success
type: ensure_policy_value
policy: Audit Group Membership
comparitor: Success
operator: ==
and_not_zero: false
comparitor_loose: Success
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_5_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Logoff' is set to 'Success'
unimplemented_reason: "invalid_policy:Audit Logoff"
message: No policy named 'Audit Logoff' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Logoff' is set to 'Success'
unique_title: ensure_audit_logoff_is_set_to_success
type: ensure_policy_value
policy: Audit Logoff
comparitor: Success
operator: ==
and_not_zero: false
comparitor_loose: Success
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_5_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Logon' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Logon"
message: No policy named 'Audit Logon' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Logon' is set to 'Success and Failure'
unique_title: ensure_audit_logon_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Logon
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_5_5:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Other Logon/Logoff Events"
message: No policy named 'Audit Other Logon/Logoff Events' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure'
unique_title: ensure_audit_other_logonlogoff_events_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Other Logon/Logoff Events
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
17_5_6:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Special Logon' is set to 'Success'
unimplemented_reason: "invalid_policy:Audit Special Logon"
message: No policy named 'Audit Special Logon' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Special Logon' is set to 'Success'
unique_title: ensure_audit_special_logon_is_set_to_success
type: ensure_policy_value
policy: Audit Special Logon
comparitor: Success
operator: ==
and_not_zero: false
comparitor_loose: Success
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_6_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Other Object Access Events"
message: No policy named 'Audit Other Object Access Events' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Other Object Access Events' is set to 'Success and Failure'
unique_title: ensure_audit_other_object_access_events_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Other Object Access Events
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_6_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Removable Storage"
message: No policy named 'Audit Removable Storage' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure'
unique_title: ensure_audit_removable_storage_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Removable Storage
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
17_7_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Audit Policy Change' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Audit Policy Change"
message: No policy named 'Audit Audit Policy Change' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Audit Policy Change' is set to 'Success and Failure'
unique_title: ensure_audit_audit_policy_change_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Audit Policy Change
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
17_7_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Authentication Policy Change' is set to 'Success'
unimplemented_reason: "invalid_policy:Audit Authentication Policy Change"
message: No policy named 'Audit Authentication Policy Change' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Authentication Policy Change' is set to 'Success'
unique_title: ensure_audit_authentication_policy_change_is_set_to_success
type: ensure_policy_value
policy: Audit Authentication Policy Change
comparitor: Success
operator: ==
and_not_zero: false
comparitor_loose: Success
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
17_7_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Authorization Policy Change' is set to 'Success'
unimplemented_reason: "invalid_policy:Audit Authorization Policy Change"
message: No policy named 'Audit Authorization Policy Change' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Authorization Policy Change' is set to 'Success'
unique_title: ensure_audit_authorization_policy_change_is_set_to_success
type: ensure_policy_value
policy: Audit Authorization Policy Change
comparitor: Success
operator: ==
and_not_zero: false
comparitor_loose: Success
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
17_8_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Sensitive Privilege Use"
message: No policy named 'Audit Sensitive Privilege Use' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Sensitive Privilege Use' is set to 'Success and Failure'
unique_title: ensure_audit_sensitive_privilege_use_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Sensitive Privilege Use
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
17_9_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit IPsec Driver"
message: No policy named 'Audit IPsec Driver' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit IPsec Driver' is set to 'Success and Failure'
unique_title: ensure_audit_ipsec_driver_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit IPsec Driver
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
17_9_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Other System Events"
message: No policy named 'Audit Other System Events' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Other System Events' is set to 'Success and Failure'
unique_title: ensure_audit_other_system_events_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Other System Events
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
17_9_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Security State Change' is set to 'Success'
unimplemented_reason: "invalid_policy:Audit Security State Change"
message: No policy named 'Audit Security State Change' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Security State Change' is set to 'Success'
unique_title: ensure_audit_security_state_change_is_set_to_success
type: ensure_policy_value
policy: Audit Security State Change
comparitor: Success
operator: ==
and_not_zero: false
comparitor_loose: Success
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
17_9_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit Security System Extension' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit Security System Extension"
message: No policy named 'Audit Security System Extension' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit Security System Extension' is set to 'Success and Failure'
unique_title: ensure_audit_security_system_extension_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit Security System Extension
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
17_9_5:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'
unimplemented_reason: "invalid_policy:Audit System Integrity"
message: No policy named 'Audit System Integrity' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Audit System Integrity' is set to 'Success and Failure'
unique_title: ensure_audit_system_integrity_is_set_to_success_and_failure
type: ensure_policy_value
policy: Audit System Integrity
comparitor: Success and Failure
operator: ==
and_not_zero: false
comparitor_loose: Success and Failure
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_1_1_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Prevent enabling lock screen camera"
message: No policy named 'Prevent enabling lock screen camera' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled'
unique_title: ensure_prevent_enabling_lockeen_camera_is_set_to_enabled
type: ensure_policy_value
policy: Prevent enabling lock screen camera
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_1_1_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Prevent enabling lock screen slide show"
message: No policy named 'Prevent enabling lock screen slide show' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled'
unique_title: ensure_prevent_enabling_lockeen_slide_show_is_set_to_enabled
type: ensure_policy_value
policy: Prevent enabling lock screen slide show
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_1_2_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Allow input personalization' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Allow input personalization"
message: No policy named 'Allow input personalization' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Allow input personalization' is set to 'Disabled'
unique_title: ensure_allow_input_personalization_is_set_to_disabled
type: ensure_policy_value
policy: Allow input personalization
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_2_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)
unimplemented_reason: "unhandled_type:snowflake"
message: "I only know how to evaluate controls with specific values. Type found: 'snowflake"
debug_data:
params:
title: (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only)
unique_title: ensure_laps_admpwd_gpo_extension_cse_is_installed_ms_only
type: snowflake
policy: ~
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_2_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only)
unimplemented_reason: "invalid_policy:Do not allow password expiration time longer than required by policy"
message: No policy named 'Do not allow password expiration time longer than required by policy' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not allow password expiration time longer than required by policy' is set to 'Enabled' (MS only)
unique_title: ensure_do_not_allow_password_expiration_time_longer_than_required_by_policy_is_set_to_enabled_ms_only
type: ensure_policy_value
policy: Do not allow password expiration time longer than required by policy
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_2_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)
unimplemented_reason: "invalid_policy:Enable Local Admin Password Management"
message: No policy named 'Enable Local Admin Password Management' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only)
unique_title: ensure_enable_local_admin_password_management_is_set_to_enabled_ms_only
type: ensure_policy_value
policy: Enable Local Admin Password Management
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_2_4:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' (MS only)"
unimplemented_reason: "invalid_policy:Password Settings: Password Complexity"
message: "No policy named 'Password Settings: Password Complexity' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' (MS only)"
unique_title: ensure_password_settings_password_complexity_is_set_to_enabled_large_letters_small_letters_numbers_special_characters_ms_only
type: ensure_policy_value
policy: "Password Settings: Password Complexity"
comparitor: "Enabled: Large letters + small letters + numbers + special characters"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Large letters + small letters + numbers + special characters"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_2_5:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' (MS only)"
unimplemented_reason: "invalid_policy:Password Settings: Password Length"
message: "No policy named 'Password Settings: Password Length' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' (MS only)"
unique_title: ensure_password_settings_password_length_is_set_to_enabled_15_or_more_ms_only
type: ensure_policy_value
policy: "Password Settings: Password Length"
comparitor: "Enabled: 15 or more"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 15 or more"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_2_6:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' (MS only)"
unimplemented_reason: "invalid_policy:Password Settings: Password Age (Days)"
message: "No policy named 'Password Settings: Password Age (Days)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' (MS only)"
unique_title: ensure_password_settings_password_age_days_is_set_to_enabled_30_or_fewer_ms_only
type: ensure_policy_value
policy: "Password Settings: Password Age (Days)"
comparitor: "Enabled: 30 or fewer"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 30 or fewer"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_3_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled' (MS only)
unimplemented_reason: "invalid_policy:Apply UAC restrictions to local accounts on network logons"
message: No policy named 'Apply UAC restrictions to local accounts on network logons' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Apply UAC restrictions to local accounts on network logons' is set to 'Enabled' (MS only)
unique_title: ensure_apply_uac_restrictions_to_local_accounts_on_network_logons_is_set_to_enabled_ms_only
type: ensure_policy_value
policy: Apply UAC restrictions to local accounts on network logons
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_3_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver'"
unimplemented_reason: "invalid_policy:Configure SMB v1 client driver"
message: No policy named 'Configure SMB v1 client driver' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver'"
unique_title: ensure_configure_smb_v1_client_driver_is_set_to_enabled_disable_driver
type: ensure_policy_value
policy: Configure SMB v1 client driver
comparitor: "Enabled: Disable driver"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Disable driver"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_3_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Configure SMB v1 server"
message: No policy named 'Configure SMB v1 server' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'
unique_title: ensure_configure_smb_v1_server_is_set_to_disabled
type: ensure_policy_value
policy: Configure SMB v1 server
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_3_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Enable Structured Exception Handling Overwrite Protection (SEHOP)"
message: No policy named 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'
unique_title: ensure_enable_structured_exception_handling_overwrite_protection_sehop_is_set_to_enabled
type: ensure_policy_value
policy: Enable Structured Exception Handling Overwrite Protection (SEHOP)
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_3_5:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn on Windows Defender protection against Potentially Unwanted Applications' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn on Windows Defender protection against Potentially Unwanted Applications"
message: No policy named 'Turn on Windows Defender protection against Potentially Unwanted Applications' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn on Windows Defender protection against Potentially Unwanted Applications' is set to 'Enabled'
unique_title: ensure_turn_on_windows_defender_protection_against_potentially_unwanted_applications_is_set_to_enabled
type: ensure_policy_value
policy: Turn on Windows Defender protection against Potentially Unwanted Applications
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_3_6:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'WDigest Authentication' is set to 'Disabled'
unimplemented_reason: "invalid_policy:WDigest Authentication"
message: No policy named 'WDigest Authentication' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'WDigest Authentication' is set to 'Disabled'
unique_title: ensure_wdigest_authentication_is_set_to_disabled
type: ensure_policy_value
policy: WDigest Authentication
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_4_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'"
unimplemented_reason: "invalid_policy:MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)"
message: "No policy named 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled'"
unique_title: ensure_mss_autoadminlogon_enable_automatic_logon_not_recommended_is_set_to_disabled
type: ensure_policy_value
policy: "MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_4_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'"
unimplemented_reason: "invalid_policy:MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)"
message: "No policy named 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'"
unique_title: ensure_mss_disableipsourcerouting_ipv6_ip_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_enabled_highest_protection_source_routing_is_completely_disabled
type: ensure_policy_value
policy: "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)"
comparitor:
- "Enabled: Highest protection"
- source routing is completely disabled
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Highest protection, source routing is completely disabled"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_4_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'"
unimplemented_reason: "invalid_policy:MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)"
message: "No policy named 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'"
unique_title: ensure_mss_disableipsourcerouting_ip_source_routing_protection_level_protects_against_packet_spoofing_is_set_to_enabled_highest_protection_source_routing_is_completely_disabled
type: ensure_policy_value
policy: "MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)"
comparitor:
- "Enabled: Highest protection"
- source routing is completely disabled
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Highest protection, source routing is completely disabled"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_4_4:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'"
unimplemented_reason: "invalid_policy:MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes"
message: "No policy named 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'"
unique_title: ensure_mss_enableicmpredirect_allow_icmp_redirects_to_override_ospf_generated_routes_is_set_to_disabled
type: ensure_policy_value
policy: "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_4_6:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'"
unimplemented_reason: "invalid_policy:MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers"
message: "No policy named 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'"
unique_title: ensure_mss_nonamereleaseondemand_allow_the_computer_to_ignore_netbios_name_release_requests_except_from_wins_servers_is_set_to_enabled
type: ensure_policy_value
policy: "MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_4_8:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'"
unimplemented_reason: "invalid_policy:MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)"
message: "No policy named 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled'"
unique_title: ensure_mss_safedllsearchmode_enable_safe_dll_search_mode_recommended_is_set_to_enabled
type: ensure_policy_value
policy: "MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)"
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_4_9:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'"
unimplemented_reason: "invalid_policy:MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)"
message: "No policy named 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds'"
unique_title: ensure_mss_screensavergraceperiod_the_time_in_seconds_before_theeen_saver_grace_period_expires_0_recommended_is_set_to_enabled_5_or_fewer_seconds
type: ensure_policy_value
policy: "MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)"
comparitor: "Enabled: 5 or fewer seconds"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 5 or fewer seconds"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_4_12:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'"
unimplemented_reason: "invalid_policy:MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning"
message: "No policy named 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'"
unique_title: ensure_mss_warninglevel_percentage_threshold_for_the_security_event_log_at_which_the_system_will_generate_a_warning_is_set_to_enabled_90_or_less
type: ensure_policy_value
policy: "MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning"
comparitor: "Enabled: 90% or less"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 90% or less"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_5_4_1:
compliancy: unimplemented
state: ~
title: (L1) Set 'NetBIOS node type' to 'P-node' (Ensure NetBT Parameter 'NodeType' is set to '0x2 (2)') (MS Only)
unimplemented_reason: "unhandled_type:snowflake"
message: "I only know how to evaluate controls with specific values. Type found: 'snowflake"
debug_data:
params:
title: (L1) Set 'NetBIOS node type' to 'P-node' (Ensure NetBT Parameter 'NodeType' is set to '0x2 (2)') (MS Only)
unique_title: set_netbios_node_type_to_p_node_ensure_netbt_parameter_nodetype_is_set_to_0x2_2_ms_only
type: snowflake
policy: ~
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_5_4_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled' (MS Only)
unimplemented_reason: "invalid_policy:Turn off multicast name resolution"
message: No policy named 'Turn off multicast name resolution' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled' (MS Only)
unique_title: ensure_turn_off_multicast_name_resolution_is_set_to_enabled_ms_only
type: ensure_policy_value
policy: Turn off multicast name resolution
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_5_8_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Enable insecure guest logons"
message: No policy named 'Enable insecure guest logons' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled'
unique_title: ensure_enable_insecure_guest_logons_is_set_to_disabled
type: ensure_policy_value
policy: Enable insecure guest logons
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_5_11_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Prohibit installation and configuration of Network Bridge on your DNS domain network"
message: No policy named 'Prohibit installation and configuration of Network Bridge on your DNS domain network' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'
unique_title: ensure_prohibit_installation_and_configuration_of_network_bridge_on_your_dns_domain_network_is_set_to_enabled
type: ensure_policy_value
policy: Prohibit installation and configuration of Network Bridge on your DNS domain network
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_5_11_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Prohibit use of Internet Connection Sharing on your DNS domain network"
message: No policy named 'Prohibit use of Internet Connection Sharing on your DNS domain network' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled'
unique_title: ensure_prohibit_use_of_internet_connection_sharing_on_your_dns_domain_network_is_set_to_enabled
type: ensure_policy_value
policy: Prohibit use of Internet Connection Sharing on your DNS domain network
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_5_11_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Require domain users to elevate when setting a network's location"
message: No policy named 'Require domain users to elevate when setting a network's location' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'
unique_title: ensure_require_domain_users_to_elevate_when_setting_a_networks_location_is_set_to_enabled
type: ensure_policy_value
policy: Require domain users to elevate when setting a network's location
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_5_14_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'
unimplemented_reason: "invalid_policy:Hardened UNC Paths"
message: No policy named 'Hardened UNC Paths' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares'
unique_title: ensure_hardened_unc_paths_is_set_to_enabled_with_require_mutual_authentication_and_require_integrity_set_for_all_netlogon_and_sysvol_shares
type: ensure_policy_value
policy: Hardened UNC Paths
comparitor:
- Enabled
- with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares
operator: ==
and_not_zero: false
comparitor_loose: Enabled, with "Require Mutual Authentication" and "Require Integrity" set for all NETLOGON and SYSVOL shares
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_5_21_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Minimize the number of simultaneous connections to the Internet or a Windows Domain"
message: No policy named 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled'
unique_title: ensure_minimize_the_number_of_simultaneous_connections_to_the_internet_or_a_windows_domain_is_set_to_enabled
type: ensure_policy_value
policy: Minimize the number of simultaneous connections to the Internet or a Windows Domain
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_3_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Include command line in process creation events' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Include command line in process creation events"
message: No policy named 'Include command line in process creation events' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Include command line in process creation events' is set to 'Disabled'
unique_title: ensure_include_command_line_in_process_creation_events_is_set_to_disabled
type: ensure_policy_value
policy: Include command line in process creation events
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_8_4_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Remote host allows delegation of non-exportable credentials"
message: No policy named 'Remote host allows delegation of non-exportable credentials' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled'
unique_title: ensure_remote_host_allows_delegation_of_non_exportable_credentials_is_set_to_enabled
type: ensure_policy_value
policy: Remote host allows delegation of non-exportable credentials
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_14_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'"
unimplemented_reason: "invalid_policy:Boot-Start Driver Initialization Policy"
message: No policy named 'Boot-Start Driver Initialization Policy' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'"
unique_title: ensure_boot_start_driver_initialization_policy_is_set_to_enabled_good_unknown_and_bad_but_critical
type: ensure_policy_value
policy: Boot-Start Driver Initialization Policy
comparitor:
- "Enabled: Good"
- unknown and bad but critical
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Good, unknown and bad but critical"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_21_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'"
unimplemented_reason: "invalid_policy:Configure registry policy processing: Do not apply during periodic background processing"
message: "No policy named 'Configure registry policy processing: Do not apply during periodic background processing' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Configure registry policy processing: Do not apply during periodic background processing' is set to 'Enabled: FALSE'"
unique_title: ensure_configure_registry_policy_processing_do_not_apply_during_periodic_background_processing_is_set_to_enabled_false
type: ensure_policy_value
policy: "Configure registry policy processing: Do not apply during periodic background processing"
comparitor: "Enabled: FALSE"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: FALSE"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_8_21_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'"
unimplemented_reason: "invalid_policy:Configure registry policy processing: Process even if the Group Policy objects have not changed"
message: "No policy named 'Configure registry policy processing: Process even if the Group Policy objects have not changed' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE'"
unique_title: ensure_configure_registry_policy_processing_process_even_if_the_group_policy_objects_have_not_changed_is_set_to_enabled_true
type: ensure_policy_value
policy: "Configure registry policy processing: Process even if the Group Policy objects have not changed"
comparitor: "Enabled: TRUE"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: TRUE"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_8_21_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Continue experiences on this device' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Continue experiences on this device"
message: No policy named 'Continue experiences on this device' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Continue experiences on this device' is set to 'Disabled'
unique_title: ensure_continue_experiences_on_this_device_is_set_to_disabled
type: ensure_policy_value
policy: Continue experiences on this device
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_8_21_5:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Turn off background refresh of Group Policy"
message: No policy named 'Turn off background refresh of Group Policy' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled'
unique_title: ensure_turn_off_background_refresh_of_group_policy_is_set_to_disabled
type: ensure_policy_value
policy: Turn off background refresh of Group Policy
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_8_22_1_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn off downloading of print drivers over HTTP"
message: No policy named 'Turn off downloading of print drivers over HTTP' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'
unique_title: ensure_turn_off_downloading_of_print_drivers_over_http_is_set_to_enabled
type: ensure_policy_value
policy: Turn off downloading of print drivers over HTTP
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_22_1_5:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn off Internet download for Web publishing and online ordering wizards"
message: No policy named 'Turn off Internet download for Web publishing and online ordering wizards' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'
unique_title: ensure_turn_off_internet_download_for_web_publishing_and_online_ordering_wizards_is_set_to_enabled
type: ensure_policy_value
policy: Turn off Internet download for Web publishing and online ordering wizards
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_22_1_6:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off printing over HTTP' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn off printing over HTTP"
message: No policy named 'Turn off printing over HTTP' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off printing over HTTP' is set to 'Enabled'
unique_title: ensure_turn_off_printing_over_http_is_set_to_enabled
type: ensure_policy_value
policy: Turn off printing over HTTP
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_27_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Block user from showing account details on sign-in' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Block user from showing account details on sign-in"
message: No policy named 'Block user from showing account details on sign-in' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Block user from showing account details on sign-in' is set to 'Enabled'
unique_title: ensure_block_user_from_showing_account_details_on_sign_in_is_set_to_enabled
type: ensure_policy_value
policy: Block user from showing account details on sign-in
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_8_27_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not display network selection UI' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Do not display network selection UI"
message: No policy named 'Do not display network selection UI' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not display network selection UI' is set to 'Enabled'
unique_title: ensure_do_not_display_network_selection_ui_is_set_to_enabled
type: ensure_policy_value
policy: Do not display network selection UI
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_27_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Do not enumerate connected users on domain-joined computers"
message: No policy named 'Do not enumerate connected users on domain-joined computers' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled'
unique_title: ensure_do_not_enumerate_connected_users_on_domain_joined_computers_is_set_to_enabled
type: ensure_policy_value
policy: Do not enumerate connected users on domain-joined computers
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_27_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' (MS only)
unimplemented_reason: "invalid_policy:Enumerate local users on domain-joined computers"
message: No policy named 'Enumerate local users on domain-joined computers' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Enumerate local users on domain-joined computers' is set to 'Disabled' (MS only)
unique_title: ensure_enumerate_local_users_on_domain_joined_computers_is_set_to_disabled_ms_only
type: ensure_policy_value
policy: Enumerate local users on domain-joined computers
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_27_5:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn off app notifications on the lock screen"
message: No policy named 'Turn off app notifications on the lock screen' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled'
unique_title: ensure_turn_off_app_notifications_on_the_lockeen_is_set_to_enabled
type: ensure_policy_value
policy: Turn off app notifications on the lock screen
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_27_6:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off picture password sign-in' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn off picture password sign-in"
message: No policy named 'Turn off picture password sign-in' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off picture password sign-in' is set to 'Enabled'
unique_title: ensure_turn_off_picture_password_sign_in_is_set_to_enabled
type: ensure_policy_value
policy: Turn off picture password sign-in
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_27_7:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Turn on convenience PIN sign-in"
message: No policy named 'Turn on convenience PIN sign-in' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn on convenience PIN sign-in' is set to 'Disabled'
unique_title: ensure_turn_on_convenience_pin_sign_in_is_set_to_disabled
type: ensure_policy_value
policy: Turn on convenience PIN sign-in
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_8_28_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Untrusted Font Blocking' is set to 'Enabled: Block untrusted fonts and log events'"
unimplemented_reason: "invalid_policy:Untrusted Font Blocking"
message: No policy named 'Untrusted Font Blocking' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Untrusted Font Blocking' is set to 'Enabled: Block untrusted fonts and log events'"
unique_title: ensure_untrusted_font_blocking_is_set_to_enabled_block_untrusted_fonts_and_log_events
type: ensure_policy_value
policy: Untrusted Font Blocking
comparitor: "Enabled: Block untrusted fonts and log events"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Block untrusted fonts and log events"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_8_33_6_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Require a password when a computer wakes (on battery)"
message: No policy named 'Require a password when a computer wakes (on battery)' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled'
unique_title: ensure_require_a_password_when_a_computer_wakes_on_battery_is_set_to_enabled
type: ensure_policy_value
policy: Require a password when a computer wakes (on battery)
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_8_33_6_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Require a password when a computer wakes (plugged in)"
message: No policy named 'Require a password when a computer wakes (plugged in)' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled'
unique_title: ensure_require_a_password_when_a_computer_wakes_plugged_in_is_set_to_enabled
type: ensure_policy_value
policy: Require a password when a computer wakes (plugged in)
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_8_35_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Configure Offer Remote Assistance"
message: No policy named 'Configure Offer Remote Assistance' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Configure Offer Remote Assistance' is set to 'Disabled'
unique_title: ensure_configure_offer_remote_assistance_is_set_to_disabled
type: ensure_policy_value
policy: Configure Offer Remote Assistance
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_8_35_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Configure Solicited Remote Assistance"
message: No policy named 'Configure Solicited Remote Assistance' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled'
unique_title: ensure_configure_solicited_remote_assistance_is_set_to_disabled
type: ensure_policy_value
policy: Configure Solicited Remote Assistance
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_8_36_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only)
unimplemented_reason: "invalid_policy:Enable RPC Endpoint Mapper Client Authentication"
message: No policy named 'Enable RPC Endpoint Mapper Client Authentication' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only)
unique_title: ensure_enable_rpc_endpoint_mapper_client_authentication_is_set_to_enabled_ms_only
type: ensure_policy_value
policy: Enable RPC Endpoint Mapper Client Authentication
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_6_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Allow Microsoft accounts to be optional"
message: No policy named 'Allow Microsoft accounts to be optional' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled'
unique_title: ensure_allow_microsoft_accounts_to_be_optional_is_set_to_enabled
type: ensure_policy_value
policy: Allow Microsoft accounts to be optional
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_8_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Disallow Autoplay for non-volume devices"
message: No policy named 'Disallow Autoplay for non-volume devices' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'
unique_title: ensure_disallow_autoplay_for_non_volume_devices_is_set_to_enabled
type: ensure_policy_value
policy: Disallow Autoplay for non-volume devices
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_8_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'"
unimplemented_reason: "invalid_policy:Set the default behavior for AutoRun"
message: No policy named 'Set the default behavior for AutoRun' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands'"
unique_title: ensure_set_the_default_behavior_for_autorun_is_set_to_enabled_do_not_execute_any_autorun_commands
type: ensure_policy_value
policy: Set the default behavior for AutoRun
comparitor: "Enabled: Do not execute any autorun commands"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Do not execute any autorun commands"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_8_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'"
unimplemented_reason: "invalid_policy:Turn off Autoplay"
message: No policy named 'Turn off Autoplay' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Turn off Autoplay' is set to 'Enabled: All drives'"
unique_title: ensure_turn_off_autoplay_is_set_to_enabled_all_drives
type: ensure_policy_value
policy: Turn off Autoplay
comparitor: "Enabled: All drives"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: All drives"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_10_1_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Configure enhanced anti-spoofing"
message: No policy named 'Configure enhanced anti-spoofing' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled'
unique_title: ensure_configure_enhanced_anti_spoofing_is_set_to_enabled
type: ensure_policy_value
policy: Configure enhanced anti-spoofing
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_13_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn off Microsoft consumer experiences"
message: No policy named 'Turn off Microsoft consumer experiences' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled'
unique_title: ensure_turn_off_microsoft_consumer_experiences_is_set_to_enabled
type: ensure_policy_value
policy: Turn off Microsoft consumer experiences
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_14_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Require pin for pairing' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Require pin for pairing"
message: No policy named 'Require pin for pairing' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Require pin for pairing' is set to 'Enabled'
unique_title: ensure_require_pin_for_pairing_is_set_to_enabled
type: ensure_policy_value
policy: Require pin for pairing
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_9_15_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not display the password reveal button' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Do not display the password reveal button"
message: No policy named 'Do not display the password reveal button' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not display the password reveal button' is set to 'Enabled'
unique_title: ensure_do_not_display_the_password_reveal_button_is_set_to_enabled
type: ensure_policy_value
policy: Do not display the password reveal button
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_15_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Enumerate administrator accounts on elevation"
message: No policy named 'Enumerate administrator accounts on elevation' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled'
unique_title: ensure_enumerate_administrator_accounts_on_elevation_is_set_to_disabled
type: ensure_policy_value
policy: Enumerate administrator accounts on elevation
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_16_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Allow Telemetry' is set to 'Enabled: 0 - Security [Enterprise Only]' or 'Enabled: 1 - Basic'"
unimplemented_reason: "invalid_policy:Allow Telemetry"
message: No policy named 'Allow Telemetry' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Allow Telemetry' is set to 'Enabled: 0 - Security [Enterprise Only]' or 'Enabled: 1 - Basic'"
unique_title: ensure_allow_telemetry_is_set_to_enabled_0_security_enterprise_only_or_enabled_1_basic
type: ensure_policy_value
policy: Allow Telemetry
comparitor: "Enabled: 0 - Security [Enterprise Only]' or 'Enabled: 1 - Basic"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 0 - Security [Enterprise Only]' or 'Enabled: 1 - Basic"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_9_16_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Disable pre-release features or settings' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Disable pre-release features or settings"
message: No policy named 'Disable pre-release features or settings' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Disable pre-release features or settings' is set to 'Disabled'
unique_title: ensure_disable_pre_release_features_or_settings_is_set_to_disabled
type: ensure_policy_value
policy: Disable pre-release features or settings
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_16_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not show feedback notifications' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Do not show feedback notifications"
message: No policy named 'Do not show feedback notifications' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not show feedback notifications' is set to 'Enabled'
unique_title: ensure_do_not_show_feedback_notifications_is_set_to_enabled
type: ensure_policy_value
policy: Do not show feedback notifications
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_16_5:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Toggle user control over Insider builds"
message: No policy named 'Toggle user control over Insider builds' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Toggle user control over Insider builds' is set to 'Disabled'
unique_title: ensure_toggle_user_control_over_insider_builds_is_set_to_disabled
type: ensure_policy_value
policy: Toggle user control over Insider builds
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_26_1_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'"
unimplemented_reason: "invalid_policy:Application: Control Event Log behavior when the log file reaches its maximum size"
message: "No policy named 'Application: Control Event Log behavior when the log file reaches its maximum size' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'"
unique_title: ensure_application_control_event_log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_disabled
type: ensure_policy_value
policy: "Application: Control Event Log behavior when the log file reaches its maximum size"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_26_1_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'"
unimplemented_reason: "invalid_policy:Application: Specify the maximum log file size (KB)"
message: "No policy named 'Application: Specify the maximum log file size (KB)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Application: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'"
unique_title: ensure_application_specify_the_maximum_log_file_size_kb_is_set_to_enabled_32768_or_greater
type: ensure_policy_value
policy: "Application: Specify the maximum log file size (KB)"
comparitor:
- "Enabled: 32"
- 768 or greater
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 32,768 or greater"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_26_2_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'"
unimplemented_reason: "invalid_policy:Security: Control Event Log behavior when the log file reaches its maximum size"
message: "No policy named 'Security: Control Event Log behavior when the log file reaches its maximum size' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Security: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'"
unique_title: ensure_security_control_event_log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_disabled
type: ensure_policy_value
policy: "Security: Control Event Log behavior when the log file reaches its maximum size"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_26_2_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'"
unimplemented_reason: "invalid_policy:Security: Specify the maximum log file size (KB)"
message: "No policy named 'Security: Specify the maximum log file size (KB)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Security: Specify the maximum log file size (KB)' is set to 'Enabled: 196,608 or greater'"
unique_title: ensure_security_specify_the_maximum_log_file_size_kb_is_set_to_enabled_196608_or_greater
type: ensure_policy_value
policy: "Security: Specify the maximum log file size (KB)"
comparitor:
- "Enabled: 196"
- 608 or greater
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 196,608 or greater"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_26_3_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'"
unimplemented_reason: "invalid_policy:Setup: Control Event Log behavior when the log file reaches its maximum size"
message: "No policy named 'Setup: Control Event Log behavior when the log file reaches its maximum size' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'"
unique_title: ensure_setup_control_event_log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_disabled
type: ensure_policy_value
policy: "Setup: Control Event Log behavior when the log file reaches its maximum size"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_26_3_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'"
unimplemented_reason: "invalid_policy:Setup: Specify the maximum log file size (KB)"
message: "No policy named 'Setup: Specify the maximum log file size (KB)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Setup: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'"
unique_title: ensure_setup_specify_the_maximum_log_file_size_kb_is_set_to_enabled_32768_or_greater
type: ensure_policy_value
policy: "Setup: Specify the maximum log file size (KB)"
comparitor:
- "Enabled: 32"
- 768 or greater
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 32,768 or greater"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_26_4_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'"
unimplemented_reason: "invalid_policy:System: Control Event Log behavior when the log file reaches its maximum size"
message: "No policy named 'System: Control Event Log behavior when the log file reaches its maximum size' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'System: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled'"
unique_title: ensure_system_control_event_log_behavior_when_the_log_file_reaches_its_maximum_size_is_set_to_disabled
type: ensure_policy_value
policy: "System: Control Event Log behavior when the log file reaches its maximum size"
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_26_4_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'"
unimplemented_reason: "invalid_policy:System: Specify the maximum log file size (KB)"
message: "No policy named 'System: Specify the maximum log file size (KB)' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater'"
unique_title: ensure_system_specify_the_maximum_log_file_size_kb_is_set_to_enabled_32768_or_greater
type: ensure_policy_value
policy: "System: Specify the maximum log file size (KB)"
comparitor:
- "Enabled: 32"
- 768 or greater
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 32,768 or greater"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_30_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Turn off Data Execution Prevention for Explorer"
message: No policy named 'Turn off Data Execution Prevention for Explorer' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'
unique_title: ensure_turn_off_data_execution_prevention_for_explorer_is_set_to_disabled
type: ensure_policy_value
policy: Turn off Data Execution Prevention for Explorer
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_30_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Turn off heap termination on corruption"
message: No policy named 'Turn off heap termination on corruption' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off heap termination on corruption' is set to 'Disabled'
unique_title: ensure_turn_off_heap_termination_on_corruption_is_set_to_disabled
type: ensure_policy_value
policy: Turn off heap termination on corruption
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_30_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Turn off shell protocol protected mode"
message: No policy named 'Turn off shell protocol protected mode' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off shell protocol protected mode' is set to 'Disabled'
unique_title: ensure_turn_off_shell_protocol_protected_mode_is_set_to_disabled
type: ensure_policy_value
policy: Turn off shell protocol protected mode
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_44_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Block all consumer Microsoft account user authentication"
message: No policy named 'Block all consumer Microsoft account user authentication' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Block all consumer Microsoft account user authentication' is set to 'Enabled'
unique_title: ensure_block_all_consumer_microsoft_account_user_authentication_is_set_to_enabled
type: ensure_policy_value
policy: Block all consumer Microsoft account user authentication
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_52_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Prevent the usage of OneDrive for file storage"
message: No policy named 'Prevent the usage of OneDrive for file storage' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled'
unique_title: ensure_prevent_the_usage_of_onedrive_for_file_storage_is_set_to_enabled
type: ensure_policy_value
policy: Prevent the usage of OneDrive for file storage
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_58_2_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Do not allow passwords to be saved"
message: No policy named 'Do not allow passwords to be saved' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not allow passwords to be saved' is set to 'Enabled'
unique_title: ensure_do_not_allow_passwords_to_be_saved_is_set_to_enabled
type: ensure_policy_value
policy: Do not allow passwords to be saved
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_58_3_3_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not allow drive redirection' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Do not allow drive redirection"
message: No policy named 'Do not allow drive redirection' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not allow drive redirection' is set to 'Enabled'
unique_title: ensure_do_not_allow_drive_redirection_is_set_to_enabled
type: ensure_policy_value
policy: Do not allow drive redirection
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_58_3_9_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Always prompt for password upon connection"
message: No policy named 'Always prompt for password upon connection' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled'
unique_title: ensure_always_prompt_for_password_upon_connection_is_set_to_enabled
type: ensure_policy_value
policy: Always prompt for password upon connection
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_58_3_9_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Require secure RPC communication"
message: No policy named 'Require secure RPC communication' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Require secure RPC communication' is set to 'Enabled'
unique_title: ensure_require_secure_rpc_communication_is_set_to_enabled
type: ensure_policy_value
policy: Require secure RPC communication
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_58_3_9_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'"
unimplemented_reason: "invalid_policy:Set client connection encryption level"
message: No policy named 'Set client connection encryption level' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Set client connection encryption level' is set to 'Enabled: High Level'"
unique_title: ensure_set_client_connection_encryption_level_is_set_to_enabled_high_level
type: ensure_policy_value
policy: Set client connection encryption level
comparitor: "Enabled: High Level"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: High Level"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_58_3_11_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Do not delete temp folders upon exit"
message: No policy named 'Do not delete temp folders upon exit' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled'
unique_title: ensure_do_not_delete_temp_folders_upon_exit_is_set_to_disabled
type: ensure_policy_value
policy: Do not delete temp folders upon exit
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_58_3_11_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Do not use temporary folders per session"
message: No policy named 'Do not use temporary folders per session' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled'
unique_title: ensure_do_not_use_temporary_folders_per_session_is_set_to_disabled
type: ensure_policy_value
policy: Do not use temporary folders per session
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_59_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Prevent downloading of enclosures"
message: No policy named 'Prevent downloading of enclosures' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Prevent downloading of enclosures' is set to 'Enabled'
unique_title: ensure_prevent_downloading_of_enclosures_is_set_to_enabled
type: ensure_policy_value
policy: Prevent downloading of enclosures
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_60_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Allow indexing of encrypted files"
message: No policy named 'Allow indexing of encrypted files' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled'
unique_title: ensure_allow_indexing_of_encrypted_files_is_set_to_disabled
type: ensure_policy_value
policy: Allow indexing of encrypted files
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_76_14:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Turn off Windows Defender AntiVirus"
message: No policy named 'Turn off Windows Defender AntiVirus' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'
unique_title: ensure_turn_off_windows_defender_antivirus_is_set_to_disabled
type: ensure_policy_value
policy: Turn off Windows Defender AntiVirus
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_9_76_3_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Configure local setting override for reporting to Microsoft MAPS"
message: No policy named 'Configure local setting override for reporting to Microsoft MAPS' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled'
unique_title: ensure_configure_local_setting_override_for_reporting_to_microsoft_maps_is_set_to_disabled
type: ensure_policy_value
policy: Configure local setting override for reporting to Microsoft MAPS
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_76_7_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn on behavior monitoring"
message: No policy named 'Turn on behavior monitoring' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn on behavior monitoring' is set to 'Enabled'
unique_title: ensure_turn_on_behavior_monitoring_is_set_to_enabled
type: ensure_policy_value
policy: Turn on behavior monitoring
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_76_10_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Scan removable drives' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Scan removable drives"
message: No policy named 'Scan removable drives' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Scan removable drives' is set to 'Enabled'
unique_title: ensure_scan_removable_drives_is_set_to_enabled
type: ensure_policy_value
policy: Scan removable drives
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_76_10_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn on e-mail scanning"
message: No policy named 'Turn on e-mail scanning' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn on e-mail scanning' is set to 'Enabled'
unique_title: ensure_turn_on_e_mail_scanning_is_set_to_enabled
type: ensure_policy_value
policy: Turn on e-mail scanning
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_76_13_1_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Configure Attack Surface Reduction rules"
message: No policy named 'Configure Attack Surface Reduction rules' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'
unique_title: ensure_configure_attack_surface_reduction_rules_is_set_to_enabled
type: ensure_policy_value
policy: Configure Attack Surface Reduction rules
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_76_13_1_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'"
unimplemented_reason: "unhandled_type:snowflake"
message: "I only know how to evaluate controls with specific values. Type found: 'snowflake"
debug_data:
params:
title: "(L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is 'configured'"
unique_title: ensure_configure_attack_surface_reduction_rules_set_the_state_for_each_asr_rule_is_configured
type: snowflake
policy: ~
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_9_76_13_3_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'"
unimplemented_reason: "invalid_policy:Prevent users and apps from accessing dangerous websites"
message: No policy named 'Prevent users and apps from accessing dangerous websites' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'"
unique_title: ensure_prevent_users_and_apps_from_accessing_dangerous_websites_is_set_to_enabled_block
type: ensure_policy_value
policy: Prevent users and apps from accessing dangerous websites
comparitor: "Enabled: Block"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Block"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_9_79_1_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Prevent users from modifying settings"
message: No policy named 'Prevent users from modifying settings' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'
unique_title: ensure_prevent_users_from_modifying_settings_is_set_to_enabled
type: ensure_policy_value
policy: Prevent users from modifying settings
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_80_1_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'"
unimplemented_reason: "invalid_policy:Configure Windows Defender SmartScreen"
message: No policy named 'Configure Windows Defender SmartScreen' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass'"
unique_title: ensure_configure_windows_defender_smartscreen_is_set_to_enabled_warn_and_prevent_bypass
type: ensure_policy_value
policy: Configure Windows Defender SmartScreen
comparitor: "Enabled: Warn and prevent bypass"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Warn and prevent bypass"
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_84_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled' but not 'Enabled: On'"
unimplemented_reason: "invalid_policy:Allow Windows Ink Workspace"
message: No policy named 'Allow Windows Ink Workspace' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Disabled' but not 'Enabled: On'"
unique_title: ensure_allow_windows_ink_workspace_is_set_to_enabled_on_but_disallow_access_above_lock_or_disabled_but_not_enabled_on
type: ensure_policy_value
policy: Allow Windows Ink Workspace
comparitor:
- "Enabled: On"
- "but disallow access above lock' OR 'Disabled' but not 'Enabled: On"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: On, but disallow access above lock' OR 'Disabled' but not 'Enabled: On"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_9_85_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Allow user control over installs' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Allow user control over installs"
message: No policy named 'Allow user control over installs' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Allow user control over installs' is set to 'Disabled'
unique_title: ensure_allow_user_control_over_installs_is_set_to_disabled
type: ensure_policy_value
policy: Allow user control over installs
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_85_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Always install with elevated privileges"
message: No policy named 'Always install with elevated privileges' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'
unique_title: ensure_always_install_with_elevated_privileges_is_set_to_disabled_computer
type: ensure_policy_value
policy: Always install with elevated privileges
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_86_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Sign-in last interactive user automatically after a system-initiated restart"
message: No policy named 'Sign-in last interactive user automatically after a system-initiated restart' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Sign-in last interactive user automatically after a system-initiated restart' is set to 'Disabled'
unique_title: ensure_sign_in_last_interactive_user_automatically_after_a_system_initiated_restart_is_set_to_disabled
type: ensure_policy_value
policy: Sign-in last interactive user automatically after a system-initiated restart
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_95_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Turn on PowerShell Script Block Logging"
message: No policy named 'Turn on PowerShell Script Block Logging' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Disabled'
unique_title: ensure_turn_on_powershell_script_block_logging_is_set_to_disabled
type: ensure_policy_value
policy: Turn on PowerShell Script Block Logging
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_95_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Turn on PowerShell Transcription"
message: No policy named 'Turn on PowerShell Transcription' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn on PowerShell Transcription' is set to 'Disabled'
unique_title: ensure_turn_on_powershell_traiption_is_set_to_disabled
type: ensure_policy_value
policy: Turn on PowerShell Transcription
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_97_1_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Allow Basic authentication"
message: No policy named 'Allow Basic authentication' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'
unique_title: ensure_allow_basic_authentication_is_set_to_disabled_winrm_client
type: ensure_policy_value
policy: Allow Basic authentication
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_97_1_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Allow unencrypted traffic"
message: No policy named 'Allow unencrypted traffic' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'
unique_title: ensure_allow_unencrypted_traffic_is_set_to_disabled_winrm_client
type: ensure_policy_value
policy: Allow unencrypted traffic
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_97_1_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Disallow Digest authentication"
message: No policy named 'Disallow Digest authentication' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'
unique_title: ensure_disallow_digest_authentication_is_set_to_enabled
type: ensure_policy_value
policy: Disallow Digest authentication
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_97_2_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Allow Basic authentication"
message: No policy named 'Allow Basic authentication' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'
unique_title: ensure_allow_basic_authentication_is_set_to_disabled_winrm_service
type: ensure_policy_value
policy: Allow Basic authentication
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_97_2_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Allow unencrypted traffic"
message: No policy named 'Allow unencrypted traffic' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'
unique_title: ensure_allow_unencrypted_traffic_is_set_to_disabled_winrm_service
type: ensure_policy_value
policy: Allow unencrypted traffic
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_97_2_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Disallow WinRM from storing RunAs credentials"
message: No policy named 'Disallow WinRM from storing RunAs credentials' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled'
unique_title: ensure_disallow_winrm_from_storing_runas_credentials_is_set_to_enabled
type: ensure_policy_value
policy: Disallow WinRM from storing RunAs credentials
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
18_9_101_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Configure Automatic Updates"
message: No policy named 'Configure Automatic Updates' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'
unique_title: ensure_configure_automatic_updates_is_set_to_enabled
type: ensure_policy_value
policy: Configure Automatic Updates
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_101_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'"
unimplemented_reason: "invalid_policy:Configure Automatic Updates: Scheduled install day"
message: "No policy named 'Configure Automatic Updates: Scheduled install day' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Configure Automatic Updates: Scheduled install day' is set to '0 - Every day'"
unique_title: ensure_configure_automatic_updates_scheduled_install_day_is_set_to_0_every_day
type: ensure_policy_value
policy: "Configure Automatic Updates: Scheduled install day"
comparitor: 0 - Every day
operator: ==
and_not_zero: false
comparitor_loose: 0 - Every day
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: true
18_9_101_4:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'
unimplemented_reason: "invalid_policy:No auto-restart with logged on users for scheduled automatic updates installations"
message: No policy named 'No auto-restart with logged on users for scheduled automatic updates installations' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled'
unique_title: ensure_no_auto_restart_with_logged_on_users_for_scheduled_automatic_updates_installations_is_set_to_disabled
type: ensure_policy_value
policy: No auto-restart with logged on users for scheduled automatic updates installations
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_101_1_1:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'"
unimplemented_reason: "invalid_policy:Manage preview builds"
message: No policy named 'Manage preview builds' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Manage preview builds' is set to 'Enabled: Disable preview builds'"
unique_title: ensure_manage_preview_builds_is_set_to_enabled_disable_preview_builds
type: ensure_policy_value
policy: Manage preview builds
comparitor: "Enabled: Disable preview builds"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Disable preview builds"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
18_9_101_1_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: Semi-Annual Channel, 180 or more days'"
unimplemented_reason: "invalid_policy:Select when Preview Builds and Feature Updates are received"
message: No policy named 'Select when Preview Builds and Feature Updates are received' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: Semi-Annual Channel, 180 or more days'"
unique_title: ensure_select_when_preview_builds_and_feature_updates_are_received_is_set_to_enabled_semi_annual_channel_180_or_more_days
type: ensure_policy_value
policy: Select when Preview Builds and Feature Updates are received
comparitor:
- "Enabled: Semi-Annual Channel"
- 180 or more days
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: Semi-Annual Channel, 180 or more days"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
18_9_101_1_3:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days'"
unimplemented_reason: "invalid_policy:Select when Quality Updates are received"
message: No policy named 'Select when Quality Updates are received' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Select when Quality Updates are received' is set to 'Enabled: 0 days'"
unique_title: ensure_select_when_quality_updates_are_received_is_set_to_enabled_0_days
type: ensure_policy_value
policy: Select when Quality Updates are received
comparitor: "Enabled: 0 days"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 0 days"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
19_1_3_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Enable screen saver' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Enable screen saver"
message: No policy named 'Enable screen saver' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Enable screen saver' is set to 'Enabled'
unique_title: ensure_enableeen_saver_is_set_to_enabled
type: ensure_policy_value
policy: Enable screen saver
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
19_1_3_2:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'"
unimplemented_reason: "invalid_policy:Force specific screen saver: Screen saver executable name"
message: "No policy named 'Force specific screen saver: Screen saver executable name' in SecurityPolicy - perhaps not a security policy?"
debug_data:
params:
title: "(L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr'"
unique_title: ensure_force_specificeen_saver_screen_saver_executable_name_is_set_to_enablednsav
type: ensure_policy_value
policy: "Force specific screen saver: Screen saver executable name"
comparitor: "Enabled: scrnsave.scr"
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: scrnsave.scr"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
19_1_3_3:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Password protect the screen saver' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Password protect the screen saver"
message: No policy named 'Password protect the screen saver' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Password protect the screen saver' is set to 'Enabled'
unique_title: ensure_password_protect_theeen_saver_is_set_to_enabled
type: ensure_policy_value
policy: Password protect the screen saver
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
19_1_3_4:
compliancy: unimplemented
state: ~
title: "(L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'"
unimplemented_reason: "invalid_policy:Screen saver timeout"
message: No policy named 'Screen saver timeout' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: "(L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0'"
unique_title: ensure_screen_saver_timeout_is_set_to_enabled_900_seconds_or_fewer_but_not_0
type: ensure_policy_value
policy: Screen saver timeout
comparitor:
- "Enabled: 900 seconds or fewer"
- but not 0
operator: ==
and_not_zero: false
comparitor_loose: "Enabled: 900 seconds or fewer, but not 0"
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: false
19_5_1_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Turn off toast notifications on the lock screen"
message: No policy named 'Turn off toast notifications on the lock screen' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Turn off toast notifications on the lock screen' is set to 'Enabled'
unique_title: ensure_turn_off_toast_notifications_on_the_lockeen_is_set_to_enabled
type: ensure_policy_value
policy: Turn off toast notifications on the lock screen
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
19_7_4_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Do not preserve zone information in file attachments"
message: No policy named 'Do not preserve zone information in file attachments' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled'
unique_title: ensure_do_not_preserve_zone_information_in_file_attachments_is_set_to_disabled
type: ensure_policy_value
policy: Do not preserve zone information in file attachments
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
19_7_4_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Notify antivirus programs when opening attachments"
message: No policy named 'Notify antivirus programs when opening attachments' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled'
unique_title: ensure_notify_antivirus_programs_when_opening_attachments_is_set_to_enabled
type: ensure_policy_value
policy: Notify antivirus programs when opening attachments
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
19_7_7_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled'
unimplemented_reason: "unhandled_type:snowflake"
message: "I only know how to evaluate controls with specific values. Type found: 'snowflake"
debug_data:
params:
title: (L1) Ensure 'Configure Windows spotlight on lock screen' is set to Disabled'
unique_title: ensure_configure_windows_spotlight_on_lockeen_is_set_to_disabled
type: snowflake
policy: ~
comparitor: ~
operator: ~
and_not_zero: false
comparitor_loose: ~
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
19_7_7_2:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Do not suggest third-party content in Windows spotlight"
message: No policy named 'Do not suggest third-party content in Windows spotlight' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled'
unique_title: ensure_do_not_suggest_third_party_content_in_windows_spotlight_is_set_to_enabled
type: ensure_policy_value
policy: Do not suggest third-party content in Windows spotlight
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
19_7_26_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'
unimplemented_reason: "invalid_policy:Prevent users from sharing files within their profile."
message: No policy named 'Prevent users from sharing files within their profile.' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled'
unique_title: ensure_prevent_users_from_sharing_files_within_their_profile_is_set_to_enabled
type: ensure_policy_value
policy: Prevent users from sharing files within their profile.
comparitor: Enabled
operator: ==
and_not_zero: false
comparitor_loose: Enabled
deep_operator: ~
deep_comparitor: ~
monitor: false
enforce: true
19_7_40_1:
compliancy: unimplemented
state: ~
title: (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'
unimplemented_reason: "invalid_policy:Always install with elevated privileges"
message: No policy named 'Always install with elevated privileges' in SecurityPolicy - perhaps not a security policy?
debug_data:
params:
title: (L1) Ensure 'Always install with elevated privileges' is set to 'Disabled'
unique_title: ensure_always_install_with_elevated_privileges_is_set_to_disabled_user
type: ensure_policy_value
policy: Always install with elevated privileges
comparitor: Disabled
operator: ==
and_not_zero: false
comparitor_loose: Disabled
deep_operator: ~
deep_comparitor: ~
monitor: true
enforce: false
controls_summary:
- noncompliant:
- 1_1_1
- 1_1_3
- 1_1_4
- 1_2_1
- 1_2_2
- 1_2_3
- 2_2_7
- 2_2_10
- 2_2_45
- 2_2_46
- 2_3_1_1
- 2_3_1_2
- 2_3_2_1
- 2_3_4_1
- 2_3_7_1
- 2_3_7_3
- 2_3_7_7
- 2_3_7_8
- 2_3_7_9
- 2_3_8_1
- 2_3_9_2
- 2_3_9_3
- 2_3_9_5
- 2_3_10_1
- 2_3_10_3
- 2_3_10_12
- 2_3_10_13
- 2_3_11_1
- 2_3_11_6
- 2_3_11_7
- 2_3_11_8
- 2_3_17_1
- 2_3_17_3
- 2_3_17_4
- compliant:
- 1_1_2
- 1_1_5
- 1_1_6
- 2_2_1
- 2_2_4
- 2_2_6
- 2_2_9
- 2_2_11
- 2_2_12
- 2_2_13
- 2_2_14
- 2_2_15
- 2_2_16
- 2_2_18
- 2_2_19
- 2_2_21
- 2_2_26
- 2_2_28
- 2_2_29
- 2_2_30
- 2_2_32
- 2_2_33
- 2_2_34
- 2_2_35
- 2_2_38
- 2_2_39
- 2_2_40
- 2_2_41
- 2_2_42
- 2_2_43
- 2_2_44
- 2_2_48
- 2_3_1_3
- 2_3_1_4
- 2_3_2_2
- 2_3_4_2
- 2_3_6_1
- 2_3_6_2
- 2_3_6_3
- 2_3_6_4
- 2_3_6_5
- 2_3_6_6
- 2_3_7_2
- 2_3_8_2
- 2_3_8_3
- 2_3_9_1
- 2_3_9_4
- 2_3_10_2
- 2_3_10_5
- 2_3_10_10
- 2_3_11_5
- 2_3_11_9
- 2_3_11_10
- 2_3_13_1
- 2_3_15_1
- 2_3_17_2
- 2_3_17_5
- 2_3_17_6
- 2_3_17_7
- 2_3_17_8
- 2_3_17_9
- unimplemented:
- 2_2_3
- 2_2_22
- 2_2_23
- 2_2_24
- 2_3_1_5
- 2_3_1_6
- 2_3_7_4
- 2_3_7_5
- 2_3_10_7
- 2_3_10_8
- 2_3_10_9
- 2_3_10_11
- 2_3_11_2
- 2_3_11_3
- 2_3_11_4
- 2_3_15_2
- 9_1_1
- 9_1_2
- 9_1_3
- 9_1_4
- 9_1_5
- 9_1_6
- 9_1_7
- 9_1_8
- 9_2_1
- 9_2_2
- 9_2_3
- 9_2_4
- 9_2_5
- 9_2_6
- 9_2_7
- 9_2_8
- 9_3_1
- 9_3_2
- 9_3_3
- 9_3_4
- 9_3_5
- 9_3_6
- 9_3_7
- 9_3_8
- 9_3_9
- 9_3_10
- 17_1_1
- 17_2_1
- 17_2_2
- 17_2_4
- 17_2_5
- 17_2_6
- 17_3_1
- 17_3_2
- 17_5_1
- 17_5_2
- 17_5_3
- 17_5_4
- 17_5_5
- 17_5_6
- 17_6_1
- 17_6_2
- 17_7_1
- 17_7_2
- 17_7_3
- 17_8_1
- 17_9_1
- 17_9_2
- 17_9_3
- 17_9_4
- 17_9_5
- 18_1_1_1
- 18_1_1_2
- 18_1_2_2
- 18_2_1
- 18_2_2
- 18_2_3
- 18_2_4
- 18_2_5
- 18_2_6
- 18_3_1
- 18_3_2
- 18_3_3
- 18_3_4
- 18_3_5
- 18_3_6
- 18_4_1
- 18_4_2
- 18_4_3
- 18_4_4
- 18_4_6
- 18_4_8
- 18_4_9
- 18_4_12
- 18_5_4_1
- 18_5_4_2
- 18_5_8_1
- 18_5_11_2
- 18_5_11_3
- 18_5_11_4
- 18_5_14_1
- 18_5_21_1
- 18_8_3_1
- 18_8_4_1
- 18_8_14_1
- 18_8_21_2
- 18_8_21_3
- 18_8_21_4
- 18_8_21_5
- 18_8_22_1_1
- 18_8_22_1_5
- 18_8_22_1_6
- 18_8_27_1
- 18_8_27_2
- 18_8_27_3
- 18_8_27_4
- 18_8_27_5
- 18_8_27_6
- 18_8_27_7
- 18_8_28_1
- 18_8_33_6_3
- 18_8_33_6_4
- 18_8_35_1
- 18_8_35_2
- 18_8_36_1
- 18_9_6_1
- 18_9_8_1
- 18_9_8_2
- 18_9_8_3
- 18_9_10_1_1
- 18_9_13_1
- 18_9_14_1
- 18_9_15_1
- 18_9_15_2
- 18_9_16_1
- 18_9_16_3
- 18_9_16_4
- 18_9_16_5
- 18_9_26_1_1
- 18_9_26_1_2
- 18_9_26_2_1
- 18_9_26_2_2
- 18_9_26_3_1
- 18_9_26_3_2
- 18_9_26_4_1
- 18_9_26_4_2
- 18_9_30_2
- 18_9_30_3
- 18_9_30_4
- 18_9_44_1
- 18_9_52_1
- 18_9_58_2_2
- 18_9_58_3_3_2
- 18_9_58_3_9_1
- 18_9_58_3_9_2
- 18_9_58_3_9_3
- 18_9_58_3_11_1
- 18_9_58_3_11_2
- 18_9_59_1
- 18_9_60_3
- 18_9_76_14
- 18_9_76_3_1
- 18_9_76_7_1
- 18_9_76_10_1
- 18_9_76_10_2
- 18_9_76_13_1_1
- 18_9_76_13_1_2
- 18_9_76_13_3_1
- 18_9_79_1_1
- 18_9_80_1_1
- 18_9_84_2
- 18_9_85_1
- 18_9_85_2
- 18_9_86_1
- 18_9_95_1
- 18_9_95_2
- 18_9_97_1_1
- 18_9_97_1_2
- 18_9_97_1_3
- 18_9_97_2_1
- 18_9_97_2_3
- 18_9_97_2_4
- 18_9_101_2
- 18_9_101_3
- 18_9_101_4
- 18_9_101_1_1
- 18_9_101_1_2
- 18_9_101_1_3
- 19_1_3_1
- 19_1_3_2
- 19_1_3_3
- 19_1_3_4
- 19_5_1_1
- 19_7_4_1
- 19_7_4_2
- 19_7_7_1
- 19_7_7_2
- 19_7_26_1
- 19_7_40_1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment