CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

Impact:

None - the default value is Administrators only. Administrators and Interactive Users will be able to format and eject removable NTFS media.

Default Value:

Administrators. (Only Administrators will be able to format and eject removable NTFS media.)

References:

1. CCE-34355-8

CIS Controls:

Version 6

5.1 Minimize And Sparingly Use Administrative Privileges Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior.

Version 7

4.6 Use of Dedicated Machines For All Administrative Tasks Ensure administrators use a dedicated machine for all administrative tasks or tasks requiring administrative access. This machine will be segmented from the organization's primary network and not be allowed Internet access. This machine will not be used for reading e-mail, composing documents, or browsing the Internet. 8.4 Configure Anti-Malware Scanning of Removable Devices Configure devices so that they automatically conduct an anti-malware scan of removable media when inserted or connected. 13.7 Manage USB Devices If USB storage devices are required, enterprise software should be used that can configure systems to allow the use of specific devices. An inventory of such devices should be maintained.

170 | P a g e