Scribd
Upload
78 views6 pages

CIS Hardening Windows 2019 New DC NG

The document contains recommendations for configuring virtualization based security settings in Windows. It lists several security settings along with their recommended configurations and severity levels, including enabling virtualization based security, setting the platform security level to secure boot or higher, enabling code integrity protection with UEFI lock, and configuring LSASS to run as a protected process with UEFI lock. The settings are identified by plugin name and ID numbers.

Uploaded by

kochikohawaii
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
78 views6 pages

CIS Hardening Windows 2019 New DC NG

The document contains recommendations for configuring virtualization based security settings in Windows. It lists several security settings along with their recommended configurations and severity levels, including enabling virtualization based security, setting the platform security level to secure boot or higher, enabling code integrity protection with UEFI lock, and configuring LSASS to run as a protected process with UEFI lock. The settings are identified by plugin name and ID numbers.

Uploaded by

kochikohawaii
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Plugin Plugin Name Family Severity

18.9.5.1 Ensure 'Turn On Virtualization Based Security' is


1004365 N/A High
set to 'Enabled' - Enabled

18.9.5.2 Ensure 'Turn On Virtualization Based Security:


1004366 Select Platform Security Level' is set to 'Secure Boot' or N/A High
higher - Secure Boot and DMA Protection

18.9.5.3 Ensure 'Turn On Virtualization Based Security:


1004367 Virtualization Based Protection of Code Integrity' is set N/A High
to 'Enabled with UEFI lock' - Enabled with UEFI lock

18.9.5.4 Ensure 'Turn On Virtualization Based Security:


1004368 Require UEFI Memory Attributes Table' is set to 'True N/A High
(checked)' - True (checked)

18.9.5.6 Ensure 'Turn On Virtualization Based Security:


1004369 Credential Guard Configuration' is set to 'Disabled' (DC N/A High
Only) - Disabled

18.9.5.7 Ensure 'Turn On Virtualization Based Security:


1004370 Secure Launch Configuration' is set to 'Enabled' - N/A High
Enabled

18.9.25.1 Ensure 'Configures LSASS to run as a protected


1004371 process' is set to 'Enabled: Enabled with UEFI Lock' - N/A High
Enabled: Enabled with UEFI Lock
18.9.5.1 Ensure 'Turn On Virtualization Based Security' is
1004365 N/A High
set to 'Enabled' - Enabled

18.9.5.2 Ensure 'Turn On Virtualization Based Security:


1004366 Select Platform Security Level' is set to 'Secure Boot' or N/A High
higher - Secure Boot and DMA Protection

18.9.5.3 Ensure 'Turn On Virtualization Based Security:


1004367 Virtualization Based Protection of Code Integrity' is set N/A High
to 'Enabled with UEFI lock' - Enabled with UEFI lock

18.9.5.4 Ensure 'Turn On Virtualization Based Security:


1004368 Require UEFI Memory Attributes Table' is set to 'True N/A High
(checked)' - True (checked)

18.9.5.6 Ensure 'Turn On Virtualization Based Security:


1004369 Credential Guard Configuration' is set to 'Disabled' (DC N/A High
Only) - Disabled

18.9.5.7 Ensure 'Turn On Virtualization Based Security:


1004370 Secure Launch Configuration' is set to 'Enabled' - N/A High
Enabled

18.9.25.1 Ensure 'Configures LSASS to run as a protected


1004371 process' is set to 'Enabled: Enabled with UEFI Lock' - N/A High
Enabled: Enabled with UEFI Lock
18.9.5.1 Ensure 'Turn On Virtualization Based Security' is
1004365 N/A High
set to 'Enabled' - Enabled

18.9.5.2 Ensure 'Turn On Virtualization Based Security:


1004366 Select Platform Security Level' is set to 'Secure Boot' or N/A High
higher - Secure Boot and DMA Protection

18.9.5.3 Ensure 'Turn On Virtualization Based Security:


1004367 Virtualization Based Protection of Code Integrity' is set N/A High
to 'Enabled with UEFI lock' - Enabled with UEFI lock

18.9.5.4 Ensure 'Turn On Virtualization Based Security:


1004368 Require UEFI Memory Attributes Table' is set to 'True N/A High
(checked)' - True (checked)

18.9.5.6 Ensure 'Turn On Virtualization Based Security:


1004369 Credential Guard Configuration' is set to 'Disabled' (DC N/A High
Only) - Disabled

18.9.5.7 Ensure 'Turn On Virtualization Based Security:


1004370 Secure Launch Configuration' is set to 'Enabled' - N/A High
Enabled

18.9.25.1 Ensure 'Configures LSASS to run as a protected


1004371 process' is set to 'Enabled: Enabled with UEFI Lock' - N/A High
Enabled: Enabled with UEFI Lock
18.9.5.1 Ensure 'Turn On Virtualization Based Security' is
1004365 N/A High
set to 'Enabled' - Enabled

18.9.5.2 Ensure 'Turn On Virtualization Based Security:


1004366 Select Platform Security Level' is set to 'Secure Boot' or N/A High
higher - Secure Boot and DMA Protection

18.9.5.3 Ensure 'Turn On Virtualization Based Security:


1004367 Virtualization Based Protection of Code Integrity' is set N/A High
to 'Enabled with UEFI lock' - Enabled with UEFI lock

18.9.5.4 Ensure 'Turn On Virtualization Based Security:


1004368 Require UEFI Memory Attributes Table' is set to 'True N/A High
(checked)' - True (checked)

18.9.5.6 Ensure 'Turn On Virtualization Based Security:


1004369 Credential Guard Configuration' is set to 'Disabled' (DC N/A High
Only) - Disabled

18.9.5.7 Ensure 'Turn On Virtualization Based Security:


1004370 Secure Launch Configuration' is set to 'Enabled' - N/A High
Enabled

18.9.25.1 Ensure 'Configures LSASS to run as a protected


1004371 process' is set to 'Enabled: Enabled with UEFI Lock' - N/A High
Enabled: Enabled with UEFI Lock
18.9.5.1 Ensure 'Turn On Virtualization Based Security' is
1004365 N/A High
set to 'Enabled' - Enabled

18.9.5.2 Ensure 'Turn On Virtualization Based Security:


1004366 Select Platform Security Level' is set to 'Secure Boot' or N/A High
higher - Secure Boot and DMA Protection

18.9.5.3 Ensure 'Turn On Virtualization Based Security:


1004367 Virtualization Based Protection of Code Integrity' is set N/A High
to 'Enabled with UEFI lock' - Enabled with UEFI lock

18.9.5.4 Ensure 'Turn On Virtualization Based Security:


1004368 Require UEFI Memory Attributes Table' is set to 'True N/A High
(checked)' - True (checked)

18.9.5.6 Ensure 'Turn On Virtualization Based Security:


1004369 Credential Guard Configuration' is set to 'Disabled' (DC N/A High
Only) - Disabled

18.9.5.7 Ensure 'Turn On Virtualization Based Security:


1004370 Secure Launch Configuration' is set to 'Enabled' - N/A High
Enabled

18.9.25.1 Ensure 'Configures LSASS to run as a protected


1004371 process' is set to 'Enabled: Enabled with UEFI Lock' - N/A High
Enabled: Enabled with UEFI Lock
VPR IP Address Agent ID NetBIOS Name DNS Name MAC Address Repository

10.16.76.97 fa:16:3e:9a:da:4e Individual Scan

10.16.76.97 fa:16:3e:9a:da:4e Individual Scan

10.16.76.97 fa:16:3e:9a:da:4e Individual Scan

10.16.76.97 fa:16:3e:9a:da:4e Individual Scan

10.16.76.97 fa:16:3e:9a:da:4e Individual Scan

10.16.76.97 fa:16:3e:9a:da:4e Individual Scan

10.16.76.97 fa:16:3e:9a:da:4e Individual Scan

10.16.76.101 fa:16:3e:73:84:6c Individual Scan

10.16.76.101 fa:16:3e:73:84:6c Individual Scan

10.16.76.101 fa:16:3e:73:84:6c Individual Scan

10.16.76.101 fa:16:3e:73:84:6c Individual Scan

10.16.76.101 fa:16:3e:73:84:6c Individual Scan

10.16.76.101 fa:16:3e:73:84:6c Individual Scan

10.16.76.101 fa:16:3e:73:84:6c Individual Scan


10.16.76.105 fa:16:3e:89:14:ac Individual Scan

10.16.76.105 fa:16:3e:89:14:ac Individual Scan

10.16.76.105 fa:16:3e:89:14:ac Individual Scan

10.16.76.105 fa:16:3e:89:14:ac Individual Scan

10.16.76.105 fa:16:3e:89:14:ac Individual Scan

10.16.76.105 fa:16:3e:89:14:ac Individual Scan

10.16.76.105 fa:16:3e:89:14:ac Individual Scan

10.16.76.106 fa:16:3e:68:43:70 Individual Scan

10.16.76.106 fa:16:3e:68:43:70 Individual Scan

10.16.76.106 fa:16:3e:68:43:70 Individual Scan

10.16.76.106 fa:16:3e:68:43:70 Individual Scan

10.16.76.106 fa:16:3e:68:43:70 Individual Scan

10.16.76.106 fa:16:3e:68:43:70 Individual Scan

10.16.76.106 fa:16:3e:68:43:70 Individual Scan


10.16.76.107 fa:16:3e:49:d8:ab Individual Scan

10.16.76.107 fa:16:3e:49:d8:ab Individual Scan

10.16.76.107 fa:16:3e:49:d8:ab Individual Scan

10.16.76.107 fa:16:3e:49:d8:ab Individual Scan

10.16.76.107 fa:16:3e:49:d8:ab Individual Scan

10.16.76.107 fa:16:3e:49:d8:ab Individual Scan

10.16.76.107 fa:16:3e:49:d8:ab Individual Scan

You might also like