CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.8.2 App-V ............................................................................................................................................... 612 18.8.3 Audit Process Creation............................................................................................................ 613 18.8.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Disabled' (Scored) ............................................................................................................................. 613 18.8.4 Credentials Delegation ............................................................................................................ 615 18.8.4.1 (L1) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients' (Scored) ............................................................................................................... 615 18.8.4.2 (L1) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled' (Scored) ................................................................................... 617 18.8.5 Device Guard ................................................................................................................................ 619 18.8.5.1 (NG) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled' (Scored) ................................................................................................................................................... 619 18.8.5.2 (NG) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot and DMA Protection' (Scored) ........................ 622 18.8.5.3 (NG) Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock' (Scored) ............... 624 18.8.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' (Scored) ...................................... 627 18.8.5.5 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock' (Scored) ............................................. 629 18.8.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled' (Scored) ............................................................................. 632 18.8.6 Device Health Attestation Service ..................................................................................... 633 18.8.7 Device Installation..................................................................................................................... 634 18.8.7.1.1 (BL) Ensure 'Prevent installation of devices that match any of these device IDs' is set to 'Enabled' (Scored) ..................................................................................... 634 18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' (Scored) ...................................................................................................... 638 18.8.7.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.' is set to 'True' (checked) (Scored) ............................................................................................................... 641 18.8.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' (Scored) ................................................... 644

20 | P a g e