resources/CISToAttackMappingData.json
|
{
"MappingMetaData": { "Version": "MITRE ATT&CK Mapping, Version 1.0.0, Date: 2023-07-13", "BasedOn": "CIS Microsoft Windows 10 Enterprise Release 21H1 Benchmark, Version: 1.12.0, Date: 2022-02-15", "Compatible": [ "CIS Microsoft Windows 10 Stand-alone Benchmark, Version: 1.0.1, Date: 2022-02-08", "CIS Microsoft Windows 11 Stand-alone Benchmark, Version: 1.0.0, Date: 2022-11-15", "CIS Microsoft Windows 10 Enterprise Release 21H1 Benchmark, Version: 1.12.0, Date: 2022-02-15", "CIS Microsoft Windows 11 Enterprise Release 21H2 Benchmark, Version: 21H2, Date: 2022-02-14", "CIS Microsoft Windows Server 2019 Benchmark, Version: 1.3.0, Date: 2022-03-18", "CIS Microsoft Windows Server 2022, Version: 1.0.0, Date 2022-02-14" ] }, "CISAttackMapping": { "1.1.1": { "Section": "1.1", "Recommendation": "1.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enforce password history\u0027 is set to \u002724 or more password(s)\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "1.1.2": { "Section": "1.1", "Recommendation": "1.1.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Maximum password age\u0027 is set to \u002760 or fewer days, but not 0\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "1.1.3": { "Section": "1.1", "Recommendation": "1.1.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Minimum password age\u0027 is set to \u00271 or more day(s)\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "1.1.4": { "Section": "1.1", "Recommendation": "1.1.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Minimum password length\u0027 is set to \u002714 or more character(s)\u0027", "Technique1": "T1078", "Technique2": "T1110", "Mitigation1": "M1027", "Mitigation2": "M1018" }, "1.1.5": { "Section": "1.1", "Recommendation": "1.1.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Password must meet complexity requirements\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1078", "Technique2": "T1110", "Mitigation1": "M1027", "Mitigation2": "M1018" }, "1.1.6": { "Section": "1.1", "Recommendation": "1.1.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Relax minimum password length limits\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1078", "Technique2": "T1110", "Mitigation1": "M1027", "Mitigation2": "M1018" }, "1.1.7": { "Section": "1.1", "Recommendation": "1.1.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Store passwords using reversible encryption\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1003", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "1.2.1": { "Section": "1.2", "Recommendation": "1.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Account lockout duration\u0027 is set to \u002715 or more minute(s)\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "1.2.2": { "Section": "1.2", "Recommendation": "1.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Account lockout threshold\u0027 is set to \u002710 or fewer invalid logon attempt(s), but not 0\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "1.2.3": { "Section": "1.2", "Recommendation": "1.2.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Reset account lockout counter after\u0027 is set to \u002715 or more minute(s)\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "2.2.1": { "Section": "2.2", "Recommendation": "2.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Access Credential Manager as a trusted caller\u0027 is set to \u0027No One\u0027", "Technique1": "T1115", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "2.2.2": { "Section": "2.2", "Recommendation": "2.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Access this computer from the network\u0027 is set to \u0027Administrators, Remote Desktop Users\u0027", "Technique1": "T1563", "Technique2": "T1021", "Mitigation1": "M1035", "Mitigation2": "M1018" }, "2.2.3": { "Section": "2.2", "Recommendation": "2.2.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Act as part of the operating system\u0027 is set to \u0027No One\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "2.2.4": { "Section": "2.2", "Recommendation": "2.2.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Adjust memory quotas for a process\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE\u0027", "Technique1": "T1496", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.5": { "Section": "2.2", "Recommendation": "2.2.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow log on locally\u0027 is set to \u0027Administrators, Users\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "2.2.6": { "Section": "2.2", "Recommendation": "2.2.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow log on through Remote Desktop Services\u0027 is set to \u0027Administrators, Remote Desktop Users\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "2.2.7": { "Section": "2.2", "Recommendation": "2.2.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Back up files and directories\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1222", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": "M1022" }, "2.2.8": { "Section": "2.2", "Recommendation": "2.2.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Change the system time\u0027 is set to \u0027Administrators, LOCAL SERVICE\u0027", "Technique1": "T1070", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "2.2.9": { "Section": "2.2", "Recommendation": "2.2.9", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Change the time zone\u0027 is set to \u0027Administrators, LOCAL SERVICE, Users\u0027", "Technique1": "T1070", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "2.2.10": { "Section": "2.2", "Recommendation": "2.2.10", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Create a pagefile\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1074", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.11": { "Section": "2.2", "Recommendation": "2.2.11", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Create a token object\u0027 is set to \u0027No One\u0027", "Technique1": "T1134", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.2.12": { "Section": "2.2", "Recommendation": "2.2.12", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Create global objects\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE\u0027", "Technique1": "T1543", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.2.13": { "Section": "2.2", "Recommendation": "2.2.13", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Create permanent shared objects\u0027 is set to \u0027No One\u0027", "Technique1": "T1083", "Technique2": "T1039", "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.14": { "Section": "2.2", "Recommendation": "2.2.14", "Profile": "L1", "RecommendationTitle": "Configure \u0027Create symbolic links\u0027", "Technique1": "T1574", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.2.15": { "Section": "2.2", "Recommendation": "2.2.15", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Debug programs\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1127", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "2.2.16": { "Section": "2.2", "Recommendation": "2.2.16", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Deny access to this computer from the network\u0027 to include \u0027Guests, Local account\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "2.2.17": { "Section": "2.2", "Recommendation": "2.2.17", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Deny log on as a batch job\u0027 to include \u0027Guests\u0027", "Technique1": "T1053", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "2.2.18": { "Section": "2.2", "Recommendation": "2.2.18", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Deny log on as a service\u0027 to include \u0027Guests\u0027", "Technique1": "T1543", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.2.19": { "Section": "2.2", "Recommendation": "2.2.19", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Deny log on locally\u0027 to include \u0027Guests\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "2.2.20": { "Section": "2.2", "Recommendation": "2.2.20", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Deny log on through Remote Desktop Services\u0027 to include \u0027Guests, Local account\u0027", "Technique1": "T1021", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.2.21": { "Section": "2.2", "Recommendation": "2.2.21", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enable computer and user accounts to be trusted for delegation\u0027 is set to \u0027No One\u0027", "Technique1": "T1134", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.2.22": { "Section": "2.2", "Recommendation": "2.2.22", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Force shutdown from a remote system\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1529", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.23": { "Section": "2.2", "Recommendation": "2.2.23", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Generate security audits\u0027 is set to \u0027LOCAL SERVICE, NETWORK SERVICE\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.2.24": { "Section": "2.2", "Recommendation": "2.2.24", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Impersonate a client after authentication\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE\u0027", "Technique1": "T1134", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.2.25": { "Section": "2.2", "Recommendation": "2.2.25", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Increase scheduling priority\u0027 is set to \u0027Administrators, Window Manager\\Window Manager Group\u0027", "Technique1": "T1496", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.26": { "Section": "2.2", "Recommendation": "2.2.26", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Load and unload device drivers\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1547", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.27": { "Section": "2.2", "Recommendation": "2.2.27", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Lock pages in memory\u0027 is set to \u0027No One\u0027", "Technique1": "T1496", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.28": { "Section": "2.2", "Recommendation": "2.2.28", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Log on as a batch job\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1053", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "2.2.29": { "Section": "2.2", "Recommendation": "2.2.29", "Profile": "L2", "RecommendationTitle": "Configure \u0027Log on as a service\u0027", "Technique1": "T1543", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.2.30": { "Section": "2.2", "Recommendation": "2.2.30", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Manage auditing and security log\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.2.31": { "Section": "2.2", "Recommendation": "2.2.31", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Modify an object label\u0027 is set to \u0027No One\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.2.32": { "Section": "2.2", "Recommendation": "2.2.32", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Modify firmware environment values\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1495", "Technique2": null, "Mitigation1": "M1046", "Mitigation2": null }, "2.2.33": { "Section": "2.2", "Recommendation": "2.2.33", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Perform volume maintenance tasks\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1561", "Technique2": null, "Mitigation1": "M1053", "Mitigation2": null }, "2.2.34": { "Section": "2.2", "Recommendation": "2.2.34", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Profile single process\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1057", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.35": { "Section": "2.2", "Recommendation": "2.2.35", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Profile system performance\u0027 is set to \u0027Administrators, NT SERVICE\\WdiServiceHost\u0027", "Technique1": "T1057", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.36": { "Section": "2.2", "Recommendation": "2.2.36", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Replace a process level token\u0027 is set to \u0027LOCAL SERVICE, NETWORK SERVICE\u0027", "Technique1": "T1134", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.2.37": { "Section": "2.2", "Recommendation": "2.2.37", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Restore files and directories\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1485", "Technique2": null, "Mitigation1": "M1053", "Mitigation2": null }, "2.2.38": { "Section": "2.2", "Recommendation": "2.2.38", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Shut down the system\u0027 is set to \u0027Administrators, Users\u0027", "Technique1": "T1529", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.2.39": { "Section": "2.2", "Recommendation": "2.2.39", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Take ownership of files or other objects\u0027 is set to \u0027Administrators\u0027", "Technique1": "T1222", "Technique2": "T1112", "Mitigation1": "M1022", "Mitigation2": "M1024" }, "2.3.1.1": { "Section": "2.3.1", "Recommendation": "2.3.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Accounts: Administrator account status\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1110", "Technique2": "T1078", "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.3.1.2": { "Section": "2.3.1", "Recommendation": "2.3.1.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Accounts: Block Microsoft accounts\u0027 is set to \u0027Users can\u0027t add or log on with Microsoft accounts\u0027", "Technique1": "T1078", "Technique2": "T1136", "Mitigation1": "M1026", "Mitigation2": null }, "2.3.1.3": { "Section": "2.3.1", "Recommendation": "2.3.1.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Accounts: Guest account status\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1110", "Technique2": "T1078", "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.3.1.4": { "Section": "2.3.1", "Recommendation": "2.3.1.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Accounts: Limit local account use of blank passwords to console logon only\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1021", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.3.1.5": { "Section": "2.3.1", "Recommendation": "2.3.1.5", "Profile": "L1", "RecommendationTitle": "Configure \u0027Accounts: Rename administrator account\u0027", "Technique1": "T1110", "Technique2": "T1078", "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.3.1.6": { "Section": "2.3.1", "Recommendation": "2.3.1.6", "Profile": "L1", "RecommendationTitle": "Configure \u0027Accounts: Rename guest account\u0027", "Technique1": "T1110", "Technique2": "T1078", "Mitigation1": "M1018", "Mitigation2": "M1026" }, "2.3.2.1": { "Section": "2.3.2", "Recommendation": "2.3.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "2.3.2.2": { "Section": "2.3.2", "Recommendation": "2.3.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit: Shut down system immediately if unable to log security audits\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "2.3.4.1": { "Section": "2.3.4", "Recommendation": "2.3.4.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Devices: Allowed to format and eject removable media\u0027 is set to \u0027Administrators and Interactive Users\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.4.2": { "Section": "2.3.4", "Recommendation": "2.3.4.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Devices: Prevent users from installing printer drivers\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1574", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "2.3.6.1": { "Section": "2.3.6", "Recommendation": "2.3.6.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Domain member: Digitally encrypt or sign secure channel data (always)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1040", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "2.3.6.2": { "Section": "2.3.6", "Recommendation": "2.3.6.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Domain member: Digitally encrypt secure channel data (when possible)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1040", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "2.3.6.3": { "Section": "2.3.6", "Recommendation": "2.3.6.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Domain member: Digitally sign secure channel data (when possible)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1040", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "2.3.6.4": { "Section": "2.3.6", "Recommendation": "2.3.6.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Domain member: Disable machine account password changes\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1098", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "2.3.6.5": { "Section": "2.3.6", "Recommendation": "2.3.6.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Domain member: Maximum machine account password age\u0027 is set to \u002730 or fewer days, but not 0\u0027", "Technique1": "T1098", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "2.3.6.6": { "Section": "2.3.6", "Recommendation": "2.3.6.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Domain member: Require strong (Windows 2000 or later) session key\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1040", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "2.3.7.1": { "Section": "2.3.7", "Recommendation": "2.3.7.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Interactive logon: Do not require CTRL+ALT+DEL\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1056", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.3.7.2": { "Section": "2.3.7", "Recommendation": "2.3.7.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Interactive logon: Don\u0027t display last signed-in\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "2.3.7.3": { "Section": "2.3.7", "Recommendation": "2.3.7.3", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Interactive logon: Machine account lockout threshold\u0027 is set to \u002710 or fewer invalid logon attempts, but not 0\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1036", "Mitigation2": null }, "2.3.7.4": { "Section": "2.3.7", "Recommendation": "2.3.7.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Interactive logon: Machine inactivity limit\u0027 is set to \u0027900 or fewer second(s), but not 0\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.7.5": { "Section": "2.3.7", "Recommendation": "2.3.7.5", "Profile": "L1", "RecommendationTitle": "Configure \u0027Interactive logon: Message text for users attempting to log on\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.7.6": { "Section": "2.3.7", "Recommendation": "2.3.7.6", "Profile": "L1", "RecommendationTitle": "Configure \u0027Interactive logon: Message title for users attempting to log on\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.7.7": { "Section": "2.3.7", "Recommendation": "2.3.7.7", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Interactive logon: Number of previous logons to cache (in case domain controller is not available)\u0027 is set to \u00274 or fewer logon(s)\u0027", "Technique1": "T1003", "Technique2": "T1555", "Mitigation1": "M1027", "Mitigation2": null }, "2.3.7.8": { "Section": "2.3.7", "Recommendation": "2.3.7.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Interactive logon: Prompt user to change password before expiration\u0027 is set to \u0027between 5 and 14 days\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.7.9": { "Section": "2.3.7", "Recommendation": "2.3.7.9", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Interactive logon: Smart card removal behavior\u0027 is set to \u0027Lock Workstation\u0027 or higher", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.8.1": { "Section": "2.3.8", "Recommendation": "2.3.8.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft network client: Digitally sign communications (always)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1563", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.3.8.2": { "Section": "2.3.8", "Recommendation": "2.3.8.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft network client: Digitally sign communications (if server agrees)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1563", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.3.8.3": { "Section": "2.3.8", "Recommendation": "2.3.8.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft network client: Send unencrypted password to third-party SMB servers\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1563", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.3.9.1": { "Section": "2.3.9", "Recommendation": "2.3.9.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft network server: Amount of idle time required before suspending session\u0027 is set to \u002715 or fewer minute(s)\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.9.2": { "Section": "2.3.9", "Recommendation": "2.3.9.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft network server: Digitally sign communications (always)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1563", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.3.9.3": { "Section": "2.3.9", "Recommendation": "2.3.9.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft network server: Digitally sign communications (if client agrees)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1563", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "2.3.9.4": { "Section": "2.3.9", "Recommendation": "2.3.9.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft network server: Disconnect clients when logon hours expire\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.9.5": { "Section": "2.3.9", "Recommendation": "2.3.9.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft network server: Server SPN target name validation level\u0027 is set to \u0027Accept if provided by client\u0027 or higher", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1035", "Mitigation2": null }, "2.3.10.1": { "Section": "2.3.10", "Recommendation": "2.3.10.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Allow anonymous SID/Name translation\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1036", "Mitigation2": null }, "2.3.10.2": { "Section": "2.3.10", "Recommendation": "2.3.10.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Do not allow anonymous enumeration of SAM accounts\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1110", "Technique2": "T1087", "Mitigation1": "M1036", "Mitigation2": "M1028" }, "2.3.10.3": { "Section": "2.3.10", "Recommendation": "2.3.10.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Do not allow anonymous enumeration of SAM accounts and shares\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1087", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "2.3.10.4": { "Section": "2.3.10", "Recommendation": "2.3.10.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Do not allow storage of passwords and credentials for network authentication\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1003", "Technique2": "T1555", "Mitigation1": "M1027", "Mitigation2": null }, "2.3.10.5": { "Section": "2.3.10", "Recommendation": "2.3.10.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Let Everyone permissions apply to anonymous users\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1083", "Technique2": "T1087", "Mitigation1": "M1028", "Mitigation2": null }, "2.3.10.6": { "Section": "2.3.10", "Recommendation": "2.3.10.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Named Pipes that can be accessed anonymously\u0027 is set to \u0027None\u0027", "Technique1": "T1559", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "2.3.10.7": { "Section": "2.3.10", "Recommendation": "2.3.10.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Remotely accessible registry paths\u0027", "Technique1": "T1112", "Technique2": "T1012", "Mitigation1": "M1024", "Mitigation2": null }, "2.3.10.8": { "Section": "2.3.10", "Recommendation": "2.3.10.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Remotely accessible registry paths and sub-paths\u0027", "Technique1": "T1112", "Technique2": "T1012", "Mitigation1": "M1024", "Mitigation2": null }, "2.3.10.9": { "Section": "2.3.10", "Recommendation": "2.3.10.9", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Restrict anonymous access to Named Pipes and Shares\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1083", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.3.10.10": { "Section": "2.3.10", "Recommendation": "2.3.10.10", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Restrict clients allowed to make remote calls to SAM\u0027 is set to \u0027Administrators: Remote Access: Allow\u0027", "Technique1": "T1110", "Technique2": "T1087", "Mitigation1": "M1036", "Mitigation2": "M1028" }, "2.3.10.11": { "Section": "2.3.10", "Recommendation": "2.3.10.11", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Shares that can be accessed anonymously\u0027 is set to \u0027None\u0027", "Technique1": "T1039", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "2.3.10.12": { "Section": "2.3.10", "Recommendation": "2.3.10.12", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network access: Sharing and security model for local accounts\u0027 is set to \u0027Classic - local users authenticate as themselves\u0027", "Technique1": "T1485", "Technique2": null, "Mitigation1": "M1053", "Mitigation2": null }, "2.3.11.1": { "Section": "2.3.11", "Recommendation": "2.3.11.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: Allow Local System to use computer identity for NTLM\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1035", "Mitigation2": null }, "2.3.11.2": { "Section": "2.3.11", "Recommendation": "2.3.11.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: Allow LocalSystem NULL session fallback\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1565", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "2.3.11.3": { "Section": "2.3.11", "Recommendation": "2.3.11.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network Security: Allow PKU2U authentication requests to this computer to use online identities\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1199", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "2.3.11.4": { "Section": "2.3.11", "Recommendation": "2.3.11.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: Configure encryption types allowed for Kerberos\u0027 is set to \u0027AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types\u0027", "Technique1": "T1558", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "2.3.11.5": { "Section": "2.3.11", "Recommendation": "2.3.11.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: Do not store LAN Manager hash value on next password change\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1003", "Technique2": "T1552", "Mitigation1": "M1041", "Mitigation2": null }, "2.3.11.6": { "Section": "2.3.11", "Recommendation": "2.3.11.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: Force logoff when logon hours expire\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "2.3.11.7": { "Section": "2.3.11", "Recommendation": "2.3.11.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: LAN Manager authentication level\u0027 is set to \u0027Send NTLMv2 response only. Refuse LM \u0026 NTLM\u0027", "Technique1": "T1040", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "2.3.11.8": { "Section": "2.3.11", "Recommendation": "2.3.11.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: LDAP client signing requirements\u0027 is set to \u0027Negotiate signing\u0027 or higher", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1037", "Mitigation2": null }, "2.3.11.9": { "Section": "2.3.11", "Recommendation": "2.3.11.9", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: Minimum session security for NTLM SSP based (including secure RPC) clients\u0027 is set to \u0027Require NTLMv2 session security, Require 128-bit encryption\u0027", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1035", "Mitigation2": null }, "2.3.11.10": { "Section": "2.3.11", "Recommendation": "2.3.11.10", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Network security: Minimum session security for NTLM SSP based (including secure RPC) servers\u0027 is set to \u0027Require NTLMv2 session security, Require 128-bit encryption\u0027", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1035", "Mitigation2": null }, "2.3.14.1": { "Section": "2.3.14", "Recommendation": "2.3.14.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027System cryptography: Force strong key protection for user keys stored on the computer\u0027 is set to \u0027User is prompted when the key is first used\u0027 or higher", "Technique1": "T1550", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "2.3.15.1": { "Section": "2.3.15", "Recommendation": "2.3.15.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027System objects: Require case insensitivity for non-Windows subsystems\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1565", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "2.3.15.2": { "Section": "2.3.15", "Recommendation": "2.3.15.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1222", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "2.3.17.1": { "Section": "2.3.17", "Recommendation": "2.3.17.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027User Account Control: Admin Approval Mode for the Built-in Administrator account\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "2.3.17.2": { "Section": "2.3.17", "Recommendation": "2.3.17.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode\u0027 is set to \u0027Prompt for consent on the secure desktop\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "2.3.17.3": { "Section": "2.3.17", "Recommendation": "2.3.17.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027User Account Control: Behavior of the elevation prompt for standard users\u0027 is set to \u0027Automatically deny elevation requests\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "2.3.17.4": { "Section": "2.3.17", "Recommendation": "2.3.17.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027User Account Control: Detect application installations and prompt for elevation\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "2.3.17.5": { "Section": "2.3.17", "Recommendation": "2.3.17.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027User Account Control: Only elevate UIAccess applications that are installed in secure locations\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "2.3.17.6": { "Section": "2.3.17", "Recommendation": "2.3.17.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027User Account Control: Run all administrators in Admin Approval Mode\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "2.3.17.7": { "Section": "2.3.17", "Recommendation": "2.3.17.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027User Account Control: Switch to the secure desktop when prompting for elevation\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "2.3.17.8": { "Section": "2.3.17", "Recommendation": "2.3.17.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027User Account Control: Virtualize file and registry write failures to per-user locations\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "5.1": { "Section": "5", "Recommendation": "5.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Bluetooth Audio Gateway Service (BTAGService)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1011", "Mitigation1": "M1028", "Mitigation2": "M1022" }, "5.2": { "Section": "5", "Recommendation": "5.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Bluetooth Support Service (bthserv)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1011", "Mitigation1": "M1022", "Mitigation2": "M1028" }, "5.3": { "Section": "5", "Recommendation": "5.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Computer Browser (Browser)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1018", "Mitigation1": "M1022", "Mitigation2": null }, "5.4": { "Section": "5", "Recommendation": "5.4", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Downloaded Maps Manager (MapsBroker)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "5.5": { "Section": "5", "Recommendation": "5.5", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Geolocation Service (lfsvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "5.6": { "Section": "5", "Recommendation": "5.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027IIS Admin Service (IISADMIN)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1505", "Mitigation1": "M1022", "Mitigation2": "M1047" }, "5.7": { "Section": "5", "Recommendation": "5.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Infrared monitor service (irmon)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1011", "Mitigation1": "M1022", "Mitigation2": "M1028" }, "5.8": { "Section": "5", "Recommendation": "5.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Internet Connection Sharing (ICS) (SharedAccess)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1011", "Mitigation1": "M1022", "Mitigation2": "M1028" }, "5.9": { "Section": "5", "Recommendation": "5.9", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Link-Layer Topology Discovery Mapper (lltdsvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1018", "Mitigation1": "M1022", "Mitigation2": null }, "5.10": { "Section": "5", "Recommendation": "5.10", "Profile": "L1", "RecommendationTitle": "Ensure \u0027LxssManager (LxssManager)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "5.11": { "Section": "5", "Recommendation": "5.11", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Microsoft FTP Service (FTPSVC)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1105", "Mitigation1": "M1022", "Mitigation2": "M1031" }, "5.12": { "Section": "5", "Recommendation": "5.12", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Microsoft iSCSI Initiator Service (MSiSCSI)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1048", "Mitigation1": "M1022", "Mitigation2": "M1031" }, "5.13": { "Section": "5", "Recommendation": "5.13", "Profile": "L1", "RecommendationTitle": "Ensure \u0027OpenSSH SSH Server (sshd)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1563", "Mitigation1": "M1022", "Mitigation2": null }, "5.14": { "Section": "5", "Recommendation": "5.14", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Peer Name Resolution Protocol (PNRPsvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": "M1021" }, "5.15": { "Section": "5", "Recommendation": "5.15", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Peer Networking Grouping (p2psvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "5.16": { "Section": "5", "Recommendation": "5.16", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Peer Networking Identity Manager (p2pimsvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "5.17": { "Section": "5", "Recommendation": "5.17", "Profile": "L2", "RecommendationTitle": "Ensure \u0027PNRP Machine Name Publication Service (PNRPAutoReg)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "5.18": { "Section": "5", "Recommendation": "5.18", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Print Spooler (Spooler)\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "5.19": { "Section": "5", "Recommendation": "5.19", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Problem Reports and Solutions Control Panel Support (wercplsupport)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1070", "Mitigation1": "M1022", "Mitigation2": "M1041" }, "5.20": { "Section": "5", "Recommendation": "5.20", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Remote Access Auto Connection Manager (RasAuto)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "5.21": { "Section": "5", "Recommendation": "5.21", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Remote Desktop Configuration (SessionEnv)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1563", "Mitigation1": "M1022", "Mitigation2": "M1026" }, "5.22": { "Section": "5", "Recommendation": "5.22", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Remote Desktop Services (TermService)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1021", "Mitigation1": "M1022", "Mitigation2": "M1018" }, "5.23": { "Section": "5", "Recommendation": "5.23", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Remote Desktop Services UserMode Port Redirector (UmRdpService)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1090", "Mitigation1": "M1022", "Mitigation2": "M1037" }, "5.24": { "Section": "5", "Recommendation": "5.24", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Remote Procedure Call (RPC) Locator (RpcLocator)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1053", "Mitigation1": "M1022", "Mitigation2": "M1028" }, "5.25": { "Section": "5", "Recommendation": "5.25", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Remote Registry (RemoteRegistry)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1112", "Mitigation1": "M1022", "Mitigation2": "M1024" }, "5.26": { "Section": "5", "Recommendation": "5.26", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Routing and Remote Access (RemoteAccess)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1011", "Mitigation1": "M1022", "Mitigation2": "M1028" }, "5.27": { "Section": "5", "Recommendation": "5.27", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Server (LanmanServer)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1011", "Mitigation1": "M1022", "Mitigation2": "M1028" }, "5.28": { "Section": "5", "Recommendation": "5.28", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Simple TCP/IP Services (simptcp)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1011", "Mitigation1": "M1022", "Mitigation2": "M1028" }, "5.29": { "Section": "5", "Recommendation": "5.29", "Profile": "L2", "RecommendationTitle": "Ensure \u0027SNMP Service (SNMP)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1133", "Mitigation1": "M1022", "Mitigation2": "M1042" }, "5.30": { "Section": "5", "Recommendation": "5.30", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Special Administration Console Helper (sacsvr)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1018", "Mitigation1": "M1022", "Mitigation2": null }, "5.31": { "Section": "5", "Recommendation": "5.31", "Profile": "L1", "RecommendationTitle": "Ensure \u0027SSDP Discovery (SSDPSRV)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1120", "Mitigation1": "M1022", "Mitigation2": null }, "5.32": { "Section": "5", "Recommendation": "5.32", "Profile": "L1", "RecommendationTitle": "Ensure \u0027UPnP Device Host (upnphost)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1120", "Mitigation1": "M1022", "Mitigation2": null }, "5.33": { "Section": "5", "Recommendation": "5.33", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Web Management Service (WMSvc)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1505", "Mitigation1": "M1022", "Mitigation2": "M1047" }, "5.34": { "Section": "5", "Recommendation": "5.34", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Windows Error Reporting Service (WerSvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1070", "Mitigation1": "M1022", "Mitigation2": "M1041" }, "5.35": { "Section": "5", "Recommendation": "5.35", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Windows Event Collector (Wecsvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "5.36": { "Section": "5", "Recommendation": "5.36", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Media Player Network Sharing Service (WMPNetworkSvc)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1048", "Mitigation1": "M1022", "Mitigation2": "M1037" }, "5.37": { "Section": "5", "Recommendation": "5.37", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Mobile Hotspot Service (icssvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1048", "Mitigation1": "M1022", "Mitigation2": "M1037" }, "5.38": { "Section": "5", "Recommendation": "5.38", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Windows Push Notifications System Service (WpnService)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1048", "Mitigation1": "M1022", "Mitigation2": "M1037" }, "5.39": { "Section": "5", "Recommendation": "5.39", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Windows PushToInstall Service (PushToInstall)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1072", "Mitigation1": "M1022", "Mitigation2": "M1026" }, "5.40": { "Section": "5", "Recommendation": "5.40", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Windows Remote Management (WS-Management) (WinRM)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1210", "Mitigation1": "M1022", "Mitigation2": "M1042" }, "5.41": { "Section": "5", "Recommendation": "5.41", "Profile": "L1", "RecommendationTitle": "Ensure \u0027World Wide Web Publishing Service (W3SVC)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", "Technique1": "T1569", "Technique2": "T1505", "Mitigation1": "M1022", "Mitigation2": "M1047" }, "5.42": { "Section": "5", "Recommendation": "5.42", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Xbox Accessory Management Service (XboxGipSvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1120", "Mitigation1": "M1022", "Mitigation2": null }, "5.43": { "Section": "5", "Recommendation": "5.43", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Xbox Live Auth Manager (XblAuthManager)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1048", "Mitigation1": "M1022", "Mitigation2": "M1037" }, "5.44": { "Section": "5", "Recommendation": "5.44", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Xbox Live Game Save (XblGameSave)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": "T1048", "Mitigation1": "M1022", "Mitigation2": "M1037" }, "5.45": { "Section": "5", "Recommendation": "5.45", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Xbox Live Networking Service (XboxNetApiSvc)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.1.1": { "Section": "9.1", "Recommendation": "9.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Firewall state\u0027 is set to \u0027On (recommended)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.1.2": { "Section": "9.1", "Recommendation": "9.1.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Inbound connections\u0027 is set to \u0027Block (default)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.1.3": { "Section": "9.1", "Recommendation": "9.1.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.1.4": { "Section": "9.1", "Recommendation": "9.1.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Settings: Display a notification\u0027 is set to \u0027No\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.1.5": { "Section": "9.1", "Recommendation": "9.1.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\domainfw.log\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.1.6": { "Section": "9.1", "Recommendation": "9.1.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.1.7": { "Section": "9.1", "Recommendation": "9.1.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.1.8": { "Section": "9.1", "Recommendation": "9.1.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.2.1": { "Section": "9.2", "Recommendation": "9.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Firewall state\u0027 is set to \u0027On (recommended)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.2.2": { "Section": "9.2", "Recommendation": "9.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Inbound connections\u0027 is set to \u0027Block (default)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.2.3": { "Section": "9.2", "Recommendation": "9.2.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.2.4": { "Section": "9.2", "Recommendation": "9.2.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Settings: Display a notification\u0027 is set to \u0027No\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.2.5": { "Section": "9.2", "Recommendation": "9.2.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\privatefw.log\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.2.6": { "Section": "9.2", "Recommendation": "9.2.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.2.7": { "Section": "9.2", "Recommendation": "9.2.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.2.8": { "Section": "9.2", "Recommendation": "9.2.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.1": { "Section": "9.3", "Recommendation": "9.3.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Firewall state\u0027 is set to \u0027On (recommended)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.2": { "Section": "9.3", "Recommendation": "9.3.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Inbound connections\u0027 is set to \u0027Block (default)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.3": { "Section": "9.3", "Recommendation": "9.3.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.4": { "Section": "9.3", "Recommendation": "9.3.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Display a notification\u0027 is set to \u0027No\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.5": { "Section": "9.3", "Recommendation": "9.3.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Apply local firewall rules\u0027 is set to \u0027No\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.6": { "Section": "9.3", "Recommendation": "9.3.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Apply local connection security rules\u0027 is set to \u0027No\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.7": { "Section": "9.3", "Recommendation": "9.3.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\publicfw.log\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.8": { "Section": "9.3", "Recommendation": "9.3.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.9": { "Section": "9.3", "Recommendation": "9.3.9", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "9.3.10": { "Section": "9.3", "Recommendation": "9.3.10", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.1.1": { "Section": "17.1", "Recommendation": "17.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Credential Validation\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.2.1": { "Section": "17.2", "Recommendation": "17.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Application Group Management\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.2.2": { "Section": "17.2", "Recommendation": "17.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Security Group Management\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.2.3": { "Section": "17.2", "Recommendation": "17.2.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit User Account Management\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.3.1": { "Section": "17.3", "Recommendation": "17.3.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit PNP Activity\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.3.2": { "Section": "17.3", "Recommendation": "17.3.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Process Creation\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.5.1": { "Section": "17.5", "Recommendation": "17.5.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Account Lockout\u0027 is set to include \u0027Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.5.2": { "Section": "17.5", "Recommendation": "17.5.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Group Membership\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.5.3": { "Section": "17.5", "Recommendation": "17.5.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Logoff\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.5.4": { "Section": "17.5", "Recommendation": "17.5.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Logon\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.5.5": { "Section": "17.5", "Recommendation": "17.5.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Other Logon/Logoff Events\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.5.6": { "Section": "17.5", "Recommendation": "17.5.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Special Logon\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.6.1": { "Section": "17.6", "Recommendation": "17.6.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Detailed File Share\u0027 is set to include \u0027Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.6.2": { "Section": "17.6", "Recommendation": "17.6.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit File Share\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.6.3": { "Section": "17.6", "Recommendation": "17.6.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Other Object Access Events\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.6.4": { "Section": "17.6", "Recommendation": "17.6.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Removable Storage\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.7.1": { "Section": "17.7", "Recommendation": "17.7.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Audit Policy Change\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.7.2": { "Section": "17.7", "Recommendation": "17.7.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Authentication Policy Change\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.7.3": { "Section": "17.7", "Recommendation": "17.7.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Authorization Policy Change\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.7.4": { "Section": "17.7", "Recommendation": "17.7.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit MPSSVC Rule-Level Policy Change\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.7.5": { "Section": "17.7", "Recommendation": "17.7.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Other Policy Change Events\u0027 is set to include \u0027Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.8.1": { "Section": "17.8", "Recommendation": "17.8.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Sensitive Privilege Use\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.9.1": { "Section": "17.9", "Recommendation": "17.9.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit IPsec Driver\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.9.2": { "Section": "17.9", "Recommendation": "17.9.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Other System Events\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.9.3": { "Section": "17.9", "Recommendation": "17.9.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Security State Change\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.9.4": { "Section": "17.9", "Recommendation": "17.9.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit Security System Extension\u0027 is set to include \u0027Success\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "17.9.5": { "Section": "17.9", "Recommendation": "17.9.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Audit System Integrity\u0027 is set to \u0027Success and Failure\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.1.3": { "Section": "18.1", "Recommendation": "18.1.3", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow Online Tips\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.1.1.1": { "Section": "18.1.1", "Recommendation": "18.1.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent enabling lock screen camera\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1125", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.1.1.2": { "Section": "18.1.1", "Recommendation": "18.1.1.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent enabling lock screen slide show\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1125", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.1.2.2": { "Section": "18.1.2", "Recommendation": "18.1.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow users to enable online speech recognition services\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.2.1": { "Section": "18.2", "Recommendation": "18.2.1", "Profile": "L1", "RecommendationTitle": "Ensure LAPS AdmPwd GPO Extension / CSE is installed", "Technique1": "T1552", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.2.2": { "Section": "18.2", "Recommendation": "18.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not allow password expiration time longer than required by policy\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.2.3": { "Section": "18.2", "Recommendation": "18.2.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enable Local Admin Password Management\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1552", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.2.4": { "Section": "18.2", "Recommendation": "18.2.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Password Settings: Password Complexity\u0027 is set to \u0027Enabled: Large letters + small letters + numbers + special characters\u0027", "Technique1": "T1078", "Technique2": "T1110", "Mitigation1": "M1027", "Mitigation2": "M1018" }, "18.2.5": { "Section": "18.2", "Recommendation": "18.2.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Password Settings: Password Length\u0027 is set to \u0027Enabled: 15 or more\u0027", "Technique1": "T1078", "Technique2": "T1110", "Mitigation1": "M1027", "Mitigation2": "M1018" }, "18.2.6": { "Section": "18.2", "Recommendation": "18.2.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Password Settings: Password Age (Days)\u0027 is set to \u0027Enabled: 30 or fewer\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.3.1": { "Section": "18.3", "Recommendation": "18.3.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Apply UAC restrictions to local accounts on network logons\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1210", "Technique2": "T1134", "Mitigation1": "M1026", "Mitigation2": null }, "18.3.2": { "Section": "18.3", "Recommendation": "18.3.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure SMB v1 client driver\u0027 is set to \u0027Enabled: Disable driver (recommended)\u0027", "Technique1": "T1021", "Technique2": "T1570", "Mitigation1": "M1037", "Mitigation2": null }, "18.3.3": { "Section": "18.3", "Recommendation": "18.3.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure SMB v1 server\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": "T1570", "Mitigation1": "M1037", "Mitigation2": null }, "18.3.4": { "Section": "18.3", "Recommendation": "18.3.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enable Structured Exception Handling Overwrite Protection (SEHOP)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1203", "Technique2": null, "Mitigation1": "M1050", "Mitigation2": null }, "18.3.5": { "Section": "18.3", "Recommendation": "18.3.5", "Profile": "L1", "RecommendationTitle": "Ensure ?Limits print driver installation to Administrators? is set to ?Enabled?", "Technique1": "T1203", "Technique2": null, "Mitigation1": "M1050", "Mitigation2": null }, "18.3.6": { "Section": "18.3", "Recommendation": "18.3.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027NetBT NodeType configuration\u0027 is set to \u0027Enabled: P-node (recommended)\u0027", "Technique1": "T1018", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.3.7": { "Section": "18.3", "Recommendation": "18.3.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027WDigest Authentication\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1555", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.4.1": { "Section": "18.4", "Recommendation": "18.4.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1552", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "18.4.2": { "Section": "18.4", "Recommendation": "18.4.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)\u0027 is set to \u0027Enabled: Highest protection, source routing is completely disabled\u0027", "Technique1": "T1071", "Technique2": null, "Mitigation1": "M1031", "Mitigation2": null }, "18.4.3": { "Section": "18.4", "Recommendation": "18.4.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)\u0027 is set to \u0027Enabled: Highest protection, source routing is completely disabled\u0027", "Technique1": "T1071", "Technique2": null, "Mitigation1": "M1031", "Mitigation2": null }, "18.4.4": { "Section": "18.4", "Recommendation": "18.4.4", "Profile": "L2", "RecommendationTitle": "Ensure \u0027MSS: (DisableSavePassword) Prevent the dial-up password from being saved\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1552", "Technique2": "T1555", "Mitigation1": "M1027", "Mitigation2": "M1028" }, "18.4.5": { "Section": "18.4", "Recommendation": "18.4.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.4.6": { "Section": "18.4", "Recommendation": "18.4.6", "Profile": "L2", "RecommendationTitle": "Ensure \u0027MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds\u0027 is set to \u0027Enabled: 300,000 or 5 minutes (recommended)\u0027", "Technique1": "T1498", "Technique2": null, "Mitigation1": "M1037", "Mitigation2": null }, "18.4.7": { "Section": "18.4", "Recommendation": "18.4.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1499", "Technique2": null, "Mitigation1": "M1037", "Mitigation2": null }, "18.4.8": { "Section": "18.4", "Recommendation": "18.4.8", "Profile": "L2", "RecommendationTitle": "Ensure \u0027MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1498", "Technique2": null, "Mitigation1": "M1037", "Mitigation2": null }, "18.4.9": { "Section": "18.4", "Recommendation": "18.4.9", "Profile": "L1", "RecommendationTitle": "Ensure \u0027MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1055", "Technique2": null, "Mitigation1": "M1040", "Mitigation2": null }, "18.4.10": { "Section": "18.4", "Recommendation": "18.4.10", "Profile": "L1", "RecommendationTitle": "Ensure \u0027MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)\u0027 is set to \u0027Enabled: 5 or fewer seconds\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.4.11": { "Section": "18.4", "Recommendation": "18.4.11", "Profile": "L2", "RecommendationTitle": "Ensure \u0027MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted\u0027 is set to \u0027Enabled: 3\u0027", "Technique1": "T1499", "Technique2": null, "Mitigation1": "M1037", "Mitigation2": null }, "18.4.12": { "Section": "18.4", "Recommendation": "18.4.12", "Profile": "L2", "RecommendationTitle": "Ensure \u0027MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted\u0027 is set to \u0027Enabled: 3\u0027", "Technique1": "T1499", "Technique2": null, "Mitigation1": "M1037", "Mitigation2": null }, "18.4.13": { "Section": "18.4", "Recommendation": "18.4.13", "Profile": "L1", "RecommendationTitle": "Ensure \u0027MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning\u0027 is set to \u0027Enabled: 90% or less\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.5.4.1": { "Section": "18.5.4", "Recommendation": "18.5.4.1", "Profile": "L1", "RecommendationTitle": "Ensure ?Configure DNS over HTTPS (DoH) name resolution? is set to ?Enabled: Allow DoH? or higher", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.5.4.2": { "Section": "18.5.4", "Recommendation": "18.5.4.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off multicast name resolution\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1037", "Mitigation2": null }, "18.5.5.1": { "Section": "18.5.5", "Recommendation": "18.5.5.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Enable Font Providers\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1195", "Technique2": null, "Mitigation1": "M1016", "Mitigation2": null }, "18.5.8.1": { "Section": "18.5.8", "Recommendation": "18.5.8.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enable insecure guest logons\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "18.5.9.1": { "Section": "18.5.9", "Recommendation": "18.5.9.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn on Mapper I/O (LLTDIO) driver\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1016", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.5.9.2": { "Section": "18.5.9", "Recommendation": "18.5.9.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn on Responder (RSPNDR) driver\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1016", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.5.10.2": { "Section": "18.5.10", "Recommendation": "18.5.10.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off Microsoft Peer-to-Peer Networking Services\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1048", "Technique2": null, "Mitigation1": "M1030", "Mitigation2": null }, "18.5.11.2": { "Section": "18.5.11", "Recommendation": "18.5.11.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prohibit installation and configuration of Network Bridge on your DNS domain network\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1048", "Technique2": null, "Mitigation1": "M1030", "Mitigation2": null }, "18.5.11.3": { "Section": "18.5.11", "Recommendation": "18.5.11.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prohibit use of Internet Connection Sharing on your DNS domain network\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1048", "Technique2": null, "Mitigation1": "M1030", "Mitigation2": null }, "18.5.11.4": { "Section": "18.5.11", "Recommendation": "18.5.11.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Require domain users to elevate when setting a network\u0027s location\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.5.14.1": { "Section": "18.5.14", "Recommendation": "18.5.14.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Hardened UNC Paths\u0027 is set to \u0027Enabled, with \"Require Mutual Authentication\" and \"Require Integrity\" set for all NETLOGON and SYSVOL shares\u0027", "Technique1": "T1135", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.5.19.2.1": { "Section": "18.5.19.2", "Recommendation": "18.5.19.2.1", "Profile": "L2", "RecommendationTitle": "Disable IPv6 (Ensure TCPIP6 Parameter \u0027DisabledComponents\u0027 is set to \u00270xff (255)\u0027)", "Technique1": "T1046", "Technique2": "T1016", "Mitigation1": "M1042", "Mitigation2": null }, "18.5.20.1": { "Section": "18.5.20", "Recommendation": "18.5.20.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Configuration of wireless settings using Windows Connect Now\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1120", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.5.20.2": { "Section": "18.5.20", "Recommendation": "18.5.20.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Prohibit access of the Windows Connect Now wizards\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1120", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.5.21.1": { "Section": "18.5.21", "Recommendation": "18.5.21.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Minimize the number of simultaneous connections to the Internet or a Windows Domain\u0027 is set to \u0027Enabled: 3 = Prevent Wi-Fi when on Ethernet\u0027", "Technique1": "T1011", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.5.21.2": { "Section": "18.5.21", "Recommendation": "18.5.21.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prohibit connection to non-domain networks when connected to domain authenticated network\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1011", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.5.23.2.1": { "Section": "18.5.23.2", "Recommendation": "18.5.23.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1011", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.6.1": { "Section": "18.6", "Recommendation": "18.6.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Print Spooler to accept client connections\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.6.2": { "Section": "18.6", "Recommendation": "18.6.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Point and Print Restrictions: When installing drivers for a new connection\u0027 is set to \u0027Enabled: Show warning and elevation prompt\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.6.3": { "Section": "18.6", "Recommendation": "18.6.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Point and Print Restrictions: When updating drivers for an existing connection\u0027 is set to \u0027Enabled: Show warning and elevation prompt\u0027", "Technique1": null, "Technique2": null, "Mitigation1": null, "Mitigation2": null }, "18.7.1.1": { "Section": "18.7.1", "Recommendation": "18.7.1.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off notifications network usage\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.3.1": { "Section": "18.8.3", "Recommendation": "18.8.3.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Include command line in process creation events\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1552", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "18.8.4.1": { "Section": "18.8.4", "Recommendation": "18.8.4.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Encryption Oracle Remediation\u0027 is set to \u0027Enabled: Force Updated Clients\u0027", "Technique1": "T1212", "Technique2": null, "Mitigation1": "M1051", "Mitigation2": null }, "18.8.4.2": { "Section": "18.8.4", "Recommendation": "18.8.4.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Remote host allows delegation of non-exportable credentials\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1003", "Technique2": null, "Mitigation1": "M1043", "Mitigation2": null }, "18.8.5.1": { "Section": "18.8.5", "Recommendation": "18.8.5.1", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1003", "Technique2": null, "Mitigation1": "M1043", "Mitigation2": null }, "18.8.5.2": { "Section": "18.8.5", "Recommendation": "18.8.5.2", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Select Platform Security Level\u0027 is set to \u0027Secure Boot and DMA Protection\u0027", "Technique1": "T1547", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.8.5.3": { "Section": "18.8.5", "Recommendation": "18.8.5.3", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity\u0027 is set to \u0027Enabled with UEFI lock\u0027", "Technique1": "T1489", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "18.8.5.4": { "Section": "18.8.5", "Recommendation": "18.8.5.4", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Require UEFI Memory Attributes Table\u0027 is set to \u0027True (checked)\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.5.5": { "Section": "18.8.5", "Recommendation": "18.8.5.5", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Credential Guard Configuration\u0027 is set to \u0027Enabled with UEFI lock\u0027", "Technique1": "T1489", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "18.8.5.6": { "Section": "18.8.5", "Recommendation": "18.8.5.6", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Secure Launch Configuration\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1495", "Technique2": null, "Mitigation1": "M1046", "Mitigation2": null }, "18.8.7.1.1": { "Section": "18.8.7.1", "Recommendation": "18.8.7.1.1", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1200", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.8.7.1.2": { "Section": "18.8.7.1", "Recommendation": "18.8.7.1.2", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs\u0027 is set to \u0027PCI\\CC_0C0A\u0027", "Technique1": "T1200", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.8.7.1.3": { "Section": "18.8.7.1", "Recommendation": "18.8.7.1.3", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.\u0027 is set to \u0027True\u0027 (checked)", "Technique1": "T1200", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.8.7.1.4": { "Section": "18.8.7.1", "Recommendation": "18.8.7.1.4", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1200", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.8.7.1.5": { "Section": "18.8.7.1", "Recommendation": "18.8.7.1.5", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup\u0027 is set to \u0027IEEE 1394 device setup classes\u0027", "Technique1": "T1200", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.8.7.1.6": { "Section": "18.8.7.1", "Recommendation": "18.8.7.1.6", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.\u0027 is set to \u0027True\u0027 (checked)", "Technique1": "T1200", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.8.7.2": { "Section": "18.8.7.2", "Recommendation": "18.8.7.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent device metadata retrieval from the Internet\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.14.1": { "Section": "18.8.14", "Recommendation": "18.8.14.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Boot-Start Driver Initialization Policy\u0027 is set to \u0027Enabled: Good, unknown and bad but critical\u0027", "Technique1": "T1542", "Technique2": null, "Mitigation1": "M1046", "Mitigation2": null }, "18.8.21.2": { "Section": "18.8.21", "Recommendation": "18.8.21.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure registry policy processing: Do not apply during periodic background processing\u0027 is set to \u0027Enabled: FALSE\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.21.3": { "Section": "18.8.21", "Recommendation": "18.8.21.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure registry policy processing: Process even if the Group Policy objects have not changed\u0027 is set to \u0027Enabled: TRUE\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.21.4": { "Section": "18.8.21", "Recommendation": "18.8.21.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Continue experiences on this device\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1018", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.8.21.5": { "Section": "18.8.21", "Recommendation": "18.8.21.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off background refresh of Group Policy\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.1": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off access to the Store\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.2": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off downloading of print drivers over HTTP\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1574", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.8.22.1.3": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.3", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off handwriting personalization data sharing\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.4": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.4", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off handwriting recognition error reporting\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.5": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.5", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.6": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off Internet download for Web publishing and online ordering wizards\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.7": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.7", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off printing over HTTP\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1031", "Mitigation2": null }, "18.8.22.1.8": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.8", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off Registration if URL connection is referring to Microsoft.com\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.9": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.9", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off Search Companion content file updates\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.10": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.10", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off the \"Order Prints\" picture task\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.11": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.11", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off the \"Publish to Web\" task for files and folders\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.12": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.12", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off the Windows Messenger Customer Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.13": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.13", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off Windows Customer Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.22.1.14": { "Section": "18.8.22.1", "Recommendation": "18.8.22.1.14", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off Windows Error Reporting\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.25.1": { "Section": "18.8.25", "Recommendation": "18.8.25.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Support device authentication using certificate\u0027 is set to \u0027Enabled: Automatic\u0027", "Technique1": "T1558", "Technique2": null, "Mitigation1": "M1041", "Mitigation2": null }, "18.8.26.1": { "Section": "18.8.26", "Recommendation": "18.8.26.1", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Enumeration policy for external devices incompatible with Kernel DMA Protection\u0027 is set to \u0027Enabled: Block All\u0027", "Technique1": "T1200", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.8.27.1": { "Section": "18.8.27", "Recommendation": "18.8.27.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Disallow copying of user input methods to the system account for sign-in\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.28.1": { "Section": "18.8.28", "Recommendation": "18.8.28.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Block user from showing account details on sign-in\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.8.28.2": { "Section": "18.8.28", "Recommendation": "18.8.28.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not display network selection UI\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1557", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.8.28.3": { "Section": "18.8.28", "Recommendation": "18.8.28.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not enumerate connected users on domain-joined computers\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1087", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.8.28.4": { "Section": "18.8.28", "Recommendation": "18.8.28.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enumerate local users on domain-joined computers\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1087", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.8.28.5": { "Section": "18.8.28", "Recommendation": "18.8.28.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off app notifications on the lock screen\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.28.6": { "Section": "18.8.28", "Recommendation": "18.8.28.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off picture password sign-in\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1003", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.8.28.7": { "Section": "18.8.28", "Recommendation": "18.8.28.7", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn on convenience PIN sign-in\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.8.31.1": { "Section": "18.8.31", "Recommendation": "18.8.31.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow Clipboard synchronization across devices\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1115", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.8.31.2": { "Section": "18.8.31", "Recommendation": "18.8.31.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow upload of User Activities\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.34.6.1": { "Section": "18.8.34.6", "Recommendation": "18.8.34.6.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow network connectivity during connected-standby (on battery)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1018", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.8.34.6.2": { "Section": "18.8.34.6", "Recommendation": "18.8.34.6.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow network connectivity during connected-standby (plugged in)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1018", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.8.34.6.3": { "Section": "18.8.34.6", "Recommendation": "18.8.34.6.3", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Allow standby states (S1-S3) when sleeping (on battery)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1003", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.8.34.6.4": { "Section": "18.8.34.6", "Recommendation": "18.8.34.6.4", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Allow standby states (S1-S3) when sleeping (plugged in)\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1003", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.8.34.6.5": { "Section": "18.8.34.6", "Recommendation": "18.8.34.6.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Require a password when a computer wakes (on battery)\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.34.6.6": { "Section": "18.8.34.6", "Recommendation": "18.8.34.6.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Require a password when a computer wakes (plugged in)\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.36.1": { "Section": "18.8.36", "Recommendation": "18.8.36.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Offer Remote Assistance\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "18.8.36.2": { "Section": "18.8.36", "Recommendation": "18.8.36.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Solicited Remote Assistance\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "18.8.37.1": { "Section": "18.8.37", "Recommendation": "18.8.37.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enable RPC Endpoint Mapper Client Authentication\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "18.8.37.2": { "Section": "18.8.37", "Recommendation": "18.8.37.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Restrict Unauthenticated RPC clients\u0027 is set to \u0027Enabled: Authenticated\u0027", "Technique1": "T1569", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "18.8.48.5.1": { "Section": "18.8.48.5", "Recommendation": "18.8.48.5.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.48.11.1": { "Section": "18.8.48.11", "Recommendation": "18.8.48.11.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Enable/Disable PerfTrack\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.49.1": { "Section": "18.8.50", "Recommendation": "18.8.49.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off the advertising ID\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.8.53.1.1": { "Section": "18.8.53.1", "Recommendation": "18.8.53.1.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Enable Windows NTP Client\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1124", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.8.53.1.2": { "Section": "18.8.53.1", "Recommendation": "18.8.53.1.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Enable Windows NTP Server\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1124", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.9.4.1": { "Section": "18.9.4", "Recommendation": "18.9.4.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow a Windows app to share application data between users\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1135", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.9.4.2": { "Section": "18.9.4", "Recommendation": "18.9.4.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent non-admin users from installing packaged Windows apps\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.9.5.1": { "Section": "18.9.5", "Recommendation": "18.9.5.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Let Windows apps activate with voice while the system is locked\u0027 is set to \u0027Enabled: Force Deny\u0027", "Technique1": "T1123", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.9.6.1": { "Section": "18.9.6", "Recommendation": "18.9.6.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Microsoft accounts to be optional\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.6.2": { "Section": "18.9.6", "Recommendation": "18.9.6.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Block launching Universal Windows apps with Windows Runtime API access from hosted content.\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1106", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.8.1": { "Section": "18.9.8", "Recommendation": "18.9.8.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Disallow Autoplay for non-volume devices\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1091", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.8.2": { "Section": "18.9.8", "Recommendation": "18.9.8.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Set the default behavior for AutoRun\u0027 is set to \u0027Enabled: Do not execute any autorun commands\u0027", "Technique1": "T1091", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.8.3": { "Section": "18.9.8", "Recommendation": "18.9.8.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off Autoplay\u0027 is set to \u0027Enabled: All drives\u0027", "Technique1": "T1091", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.10.1.1": { "Section": "18.9.10.1", "Recommendation": "18.9.10.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure enhanced anti-spoofing\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.4": { "Section": "18.9.11", "Recommendation": "18.9.11.4", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Disable new DMA devices when this computer is locked\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1200", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.9.11.1.1": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.1", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Allow access to BitLocker-protected fixed data drives from earlier versions of Windows\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1140", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.9.11.1.2": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.2", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.3": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.3", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.4": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.4", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Allow 48-digit recovery password\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.5": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.5", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Allow 256-bit recovery key\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.6": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.6", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.7": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.7", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives\u0027 is set to \u0027Enabled: False\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.8": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.8", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS\u0027 is set to \u0027Enabled: Backup recovery passwords and key packages\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.9": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.9", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives\u0027 is set to \u0027Enabled: False\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.10": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.10", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for fixed data drives\u0027 is set to Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.1.11": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.11", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of passwords for fixed data drives\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.9.11.1.12": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.12", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of smart cards on fixed data drives\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1111", "Technique2": null, "Mitigation1": "M1017", "Mitigation2": null }, "18.9.11.1.13": { "Section": "18.9.11.1", "Recommendation": "18.9.11.1.13", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "T1111", "Technique2": null, "Mitigation1": "M1017", "Mitigation2": null }, "18.9.11.2.1": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.1", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Allow enhanced PINs for startup\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.2": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.2", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Allow Secure Boot for integrity validation\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1495", "Technique2": null, "Mitigation1": "M1046", "Mitigation2": null }, "18.9.11.2.3": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.3", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.4": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.4", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: False\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.5": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.5", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Require 48-digit recovery password\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.6": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.6", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Do not allow 256-bit recovery key\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.7": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.7", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.8": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.8", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.9": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.9", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:\u0027 is set to \u0027Enabled: Store recovery passwords and key packages\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.10": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.10", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.11": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.11", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for operating system drives\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.12": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.12", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of passwords for operating system drives\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.9.11.2.13": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.13", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Require additional authentication at startup\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.2.14": { "Section": "18.9.11.2", "Recommendation": "18.9.11.2.14", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Require additional authentication at startup: Allow BitLocker without a compatible TPM\u0027 is set to \u0027Enabled: False\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.1": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.1", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Allow access to BitLocker-protected removable data drives from earlier versions of Windows\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1140", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.9.11.3.2": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.2", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.3": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.3", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.4": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.4", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Do not allow 48-digit recovery password\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.5": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.5", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Do not allow 256-bit recovery key\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.6": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.6", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.7": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.7", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives\u0027 is set to \u0027Enabled: False\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.8": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.8", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:\u0027 is set to \u0027Enabled: Backup recovery passwords and key packages\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.9": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.9", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives\u0027 is set to \u0027Enabled: False\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.10": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.10", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for removable data drives\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.11.3.11": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.11", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of passwords for removable data drives\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1110", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.9.11.3.12": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.12", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of smart cards on removable data drives\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1111", "Technique2": null, "Mitigation1": "M1017", "Mitigation2": null }, "18.9.11.3.13": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.13", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives\u0027 is set to \u0027Enabled: True\u0027", "Technique1": "T1111", "Technique2": null, "Mitigation1": "M1017", "Mitigation2": null }, "18.9.11.3.14": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.14", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Deny write access to removable drives not protected by BitLocker\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1052", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.11.3.15": { "Section": "18.9.11.3", "Recommendation": "18.9.11.3.15", "Profile": "BL", "RecommendationTitle": "Ensure \u0027Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization\u0027 is set to \u0027Enabled: False\u0027", "Technique1": "T1052", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.12.1": { "Section": "18.9.12", "Recommendation": "18.9.12.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow Use of Camera\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1125", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.19.14.1": { "Section": "18.9.14", "Recommendation": "18.19.14.1", "Profile": "L1", "RecommendationTitle": "Ensure ?Turn off cloud consumer account state content? is set to ?Enabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.19.14.2": { "Section": "18.9.14", "Recommendation": "18.19.14.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off cloud optimized content\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.19.14.3": { "Section": "18.9.14", "Recommendation": "18.19.14.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off Microsoft consumer experiences\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.15.1": { "Section": "18.9.15", "Recommendation": "18.9.15.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Require pin for pairing\u0027 is set to \u0027Enabled: First Time\u0027 OR \u0027Enabled: Always\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.16.1": { "Section": "18.9.16", "Recommendation": "18.9.16.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not display the password reveal button\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.16.2": { "Section": "18.9.16", "Recommendation": "18.9.16.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enumerate administrator accounts on elevation\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1087", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.9.16.3": { "Section": "18.9.16", "Recommendation": "18.9.16.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent the use of security questions for local accounts\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1589", "Technique2": null, "Mitigation1": "M1056", "Mitigation2": null }, "18.9.17.1": { "Section": "18.9.17", "Recommendation": "18.9.17.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Diagnostic Data\u0027 is set to \u0027Enabled: Diagnostic data off (not recommended)\u0027 or \u0027Enabled: Send required\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.17.2": { "Section": "18.9.17", "Recommendation": "18.9.17.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service\u0027 is set to \u0027Enabled: Disable Authenticated Proxy usage\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.17.3": { "Section": "18.9.17", "Recommendation": "18.9.17.3", "Profile": "L1", "RecommendationTitle": "Ensure ?Disable OneSettings Downloads? is set to ?Enabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.17.4": { "Section": "18.9.17", "Recommendation": "18.9.17.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not show feedback notifications\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.17.5": { "Section": "18.9.17", "Recommendation": "18.9.17.5", "Profile": "L1", "RecommendationTitle": "Ensure ?Enable OneSettings Auditing? is set to ?Enabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.17.6": { "Section": "18.9.17", "Recommendation": "18.9.17.6", "Profile": "L1", "RecommendationTitle": "Ensure ?Limit Diagnostic Log Collection? is set to ?Enabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.17.7": { "Section": "18.9.17", "Recommendation": "18.9.17.7", "Profile": "L1", "RecommendationTitle": "Ensure ?Limit Dump Collection? is set to ?Enabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.17.8": { "Section": "18.9.17", "Recommendation": "18.9.17.8", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Toggle user control over Insider builds\u0027 is set to \u0027Disabled\u0027 (Automated)", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.18.1": { "Section": "18.9.18", "Recommendation": "18.9.18.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Download Mode\u0027 is NOT set to \u0027Enabled: Internet\u0027", "Technique1": "T1601", "Technique2": null, "Mitigation1": "M1045", "Mitigation2": null }, "18.9.27.1.1": { "Section": "18.9.27.1", "Recommendation": "18.9.27.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Application: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.9.27.1.2": { "Section": "18.9.27.1", "Recommendation": "18.9.27.1.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Application: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.9.27.2.1": { "Section": "18.9.27.2", "Recommendation": "18.9.27.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Security: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.9.27.2.2": { "Section": "18.9.27.2", "Recommendation": "18.9.27.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Security: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 196,608 or greater\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.9.27.3.1": { "Section": "18.9.27.3", "Recommendation": "18.9.27.3.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Setup: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.9.27.3.2": { "Section": "18.9.27.3", "Recommendation": "18.9.27.3.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Setup: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.9.27.4.1": { "Section": "18.9.27.4", "Recommendation": "18.9.27.4.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027System: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.9.27.4.2": { "Section": "18.9.27.4", "Recommendation": "18.9.27.4.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027System: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1022", "Mitigation2": null }, "18.9.31.2": { "Section": "18.9.31", "Recommendation": "18.9.31.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off Data Execution Prevention for Explorer\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1553", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.31.3": { "Section": "18.9.31", "Recommendation": "18.9.31.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off heap termination on corruption\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.31.4": { "Section": "18.9.31", "Recommendation": "18.9.31.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off shell protocol protected mode\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1059", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.36.1": { "Section": "18.9.36", "Recommendation": "18.9.36.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent the computer from joining a homegroup\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.41.1": { "Section": "18.9.41", "Recommendation": "18.9.41.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off location\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1591", "Technique2": null, "Mitigation1": "M1056", "Mitigation2": null }, "18.9.45.1": { "Section": "18.9.45", "Recommendation": "18.9.45.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow Message Service Cloud Sync\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.46.1": { "Section": "18.9.46", "Recommendation": "18.9.46.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Block all consumer Microsoft account user authentication\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1078", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.9.47.14": { "Section": "18.9.47", "Recommendation": "18.9.47.14", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure detection for potentially unwanted applications\u0027 is set to \u0027Enabled: Block\u0027", "Technique1": "T1204", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.47.15": { "Section": "18.9.47", "Recommendation": "18.9.47.15", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off Microsoft Defender AntiVirus\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1553", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.9.47.4.1": { "Section": "18.9.47.4", "Recommendation": "18.9.47.4.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure local setting override for reporting to Microsoft MAPS\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.47.4.2": { "Section": "18.9.47.4", "Recommendation": "18.9.47.4.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Join Microsoft MAPS\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.47.5.1.1": { "Section": "18.9.47.5.1", "Recommendation": "18.9.47.5.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Attack Surface Reduction rules\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1559", "Technique2": "T1218", "Mitigation1": "M1040", "Mitigation2": "M1038" }, "18.9.47.5.1.2": { "Section": "18.9.47.5.1", "Recommendation": "18.9.47.5.1.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Attack Surface Reduction rules: Set the state for each ASR rule\u0027 is \u0027configured\u0027", "Technique1": "T1559", "Technique2": "T1218", "Mitigation1": "M1040", "Mitigation2": "M1038" }, "18.9.47.5.3.1": { "Section": "18.9.47.5.3", "Recommendation": "18.9.47.5.3.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent users and apps from accessing dangerous websites\u0027 is set to \u0027Enabled: Block\u0027", "Technique1": "T1189", "Technique2": "T1566", "Mitigation1": "M1050", "Mitigation2": "M1049" }, "18.9.47.6.1": { "Section": "18.9.47.6", "Recommendation": "18.9.47.6.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Enable file hash computation feature\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1553", "Technique2": null, "Mitigation1": "M1054", "Mitigation2": null }, "18.9.47.9.1": { "Section": "18.9.47.9", "Recommendation": "18.9.47.9.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Scan all downloaded files and attachments\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1059", "Technique2": null, "Mitigation1": "M1049", "Mitigation2": null }, "18.9.47.9.2": { "Section": "18.9.47.9", "Recommendation": "18.9.47.9.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off real-time protection\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1553", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.9.47.9.3": { "Section": "18.9.47.9", "Recommendation": "18.9.47.9.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn on behavior monitoring\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1553", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.9.47.9.4": { "Section": "18.9.47.9", "Recommendation": "18.9.47.9.4", "Profile": "L1", "RecommendationTitle": "Ensure ?Turn on script scanning? is set to ?Enabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.47.11.1": { "Section": "18.9.47.12", "Recommendation": "18.9.47.11.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Scan removable drives\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1091", "Technique2": null, "Mitigation1": "M1034", "Mitigation2": null }, "18.9.47.11.2": { "Section": "18.9.47.12", "Recommendation": "18.9.47.11.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn on e-mail scanning\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1556", "Technique2": null, "Mitigation1": "M1049", "Mitigation2": null }, "18.9.48.1": { "Section": "18.9.50", "Recommendation": "18.9.48.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow Address bar drop-down list suggestions\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.48.2": { "Section": "18.9.50", "Recommendation": "18.9.48.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow Adobe Flash\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1176", "Technique2": null, "Mitigation1": "M1033", "Mitigation2": null }, "18.9.48.3": { "Section": "18.9.50", "Recommendation": "18.9.48.3", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow InPrivate Browsing\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.48.4": { "Section": "18.9.48", "Recommendation": "18.9.48.4", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Allow files to download and save to the host operating system from Microsoft Defender Application Guard\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1211", "Technique2": null, "Mitigation1": "M1048", "Mitigation2": null }, "18.9.48.5": { "Section": "18.9.48", "Recommendation": "18.9.48.5", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting\u0027 is set to \u0027Enabled: Enable clipboard operation from an isolated session to the host\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.48.6": { "Section": "18.9.48", "Recommendation": "18.9.48.6", "Profile": "NG", "RecommendationTitle": "Ensure \u0027Turn on Microsoft Defender Application Guard in Managed Mode\u0027 is set to \u0027Enabled: 1\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.48.7": { "Section": "18.9.50", "Recommendation": "18.9.48.7", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Configure Pop-up Blocker\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1189", "Technique2": null, "Mitigation1": "M1021", "Mitigation2": null }, "18.9.48.8": { "Section": "18.9.50", "Recommendation": "18.9.48.8", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Configure search suggestions in Address bar\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.48.10": { "Section": "18.9.50", "Recommendation": "18.9.48.10", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Prevent access to the about:flags page in Microsoft Edge\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1505", "Technique2": null, "Mitigation1": "M1026", "Mitigation2": null }, "18.9.48.13": { "Section": "18.9.50", "Recommendation": "18.9.48.13", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Prevent using Localhost IP address for WebRTC\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1592", "Technique2": null, "Mitigation1": "M1056", "Mitigation2": null }, "18.9.58.1": { "Section": "18.9.58", "Recommendation": "18.9.58.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent the usage of OneDrive for file storage\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1567", "Technique2": null, "Mitigation1": "M1021", "Mitigation2": null }, "18.9.64.1": { "Section": "18.9.64", "Recommendation": "18.9.64.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off Push To Install service\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1570", "Technique2": null, "Mitigation1": "M1031", "Mitigation2": null }, "18.9.65.2.2": { "Section": "18.9.65.2", "Recommendation": "18.9.65.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not allow passwords to be saved\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1555", "Technique2": null, "Mitigation1": "M1027", "Mitigation2": null }, "18.9.65.3.2.1": { "Section": "18.9.65.3.2", "Recommendation": "18.9.65.3.2.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow users to connect remotely by using Remote Desktop Services\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.3.1": { "Section": "18.9.65.3.3", "Recommendation": "18.9.65.3.3.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow UI Automation redirection\u0027 is set to \u0027Disabled\u0027", "Technique1": null, "Technique2": null, "Mitigation1": null, "Mitigation2": null }, "18.9.65.3.3.2": { "Section": "18.9.65.3.3", "Recommendation": "18.9.65.3.3.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Do not allow COM port redirection\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.3.3": { "Section": "18.9.65.3.3", "Recommendation": "18.9.65.3.3.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not allow drive redirection\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.3.4": { "Section": "18.9.65.3.3", "Recommendation": "18.9.65.3.3.4", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Do not allow location redirection\u0027 is set to \u0027Enabled\u0027", "Technique1": null, "Technique2": null, "Mitigation1": null, "Mitigation2": null }, "18.9.65.3.3.5": { "Section": "18.9.65.3.3", "Recommendation": "18.9.65.3.3.5", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Do not allow LPT port redirection\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.3.6": { "Section": "18.9.65.3.3", "Recommendation": "18.9.65.3.3.6", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Do not allow supported Plug and Play device redirection\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.9.1": { "Section": "18.9.65.3.9", "Recommendation": "18.9.65.3.9.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Always prompt for password upon connection\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.9.2": { "Section": "18.9.65.3.9", "Recommendation": "18.9.65.3.9.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Require secure RPC communication\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1210", "Technique2": "T1557", "Mitigation1": "M1042", "Mitigation2": "M1041" }, "18.9.65.3.9.3": { "Section": "18.9.65.3.9", "Recommendation": "18.9.65.3.9.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Require use of specific security layer for remote (RDP) connections\u0027 is set to \u0027Enabled: SSL\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.9.4": { "Section": "18.9.65.3.9", "Recommendation": "18.9.65.3.9.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Require user authentication for remote connections by using Network Level Authentication\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.9.5": { "Section": "18.9.65.3.9", "Recommendation": "18.9.65.3.9.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Set client connection encryption level\u0027 is set to \u0027Enabled: High Level\u0027", "Technique1": "T1210", "Technique2": "T1557", "Mitigation1": "M1042", "Mitigation2": "M1041" }, "18.9.65.3.10.1": { "Section": "18.9.65.3.10", "Recommendation": "18.9.65.3.10.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Set time limit for active but idle Remote Desktop Services sessions\u0027 is set to \u0027Enabled: 15 minutes or less, but not Never (0)\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.10.2": { "Section": "18.9.65.3.10", "Recommendation": "18.9.65.3.10.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Set time limit for disconnected sessions\u0027 is set to \u0027Enabled: 1 minute\u0027", "Technique1": "T1210", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.65.3.11.1": { "Section": "18.9.65.3.11", "Recommendation": "18.9.65.3.11.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not delete temp folders upon exit\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1210", "Technique2": "T1564", "Mitigation1": "M1042", "Mitigation2": null }, "18.9.66.1": { "Section": "18.9.66", "Recommendation": "18.9.66.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent downloading of enclosures\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1204", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.67.2": { "Section": "18.9.67", "Recommendation": "18.9.67.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow Cloud Search\u0027 is set to \u0027Enabled: Disable Cloud Search\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.67.3": { "Section": "18.9.67", "Recommendation": "18.9.67.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Cortana\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.67.4": { "Section": "18.9.67", "Recommendation": "18.9.67.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Cortana above lock screen\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.67.5": { "Section": "18.9.67", "Recommendation": "18.9.67.5", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow indexing of encrypted files\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1005", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "18.9.67.6": { "Section": "18.9.67", "Recommendation": "18.9.67.6", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow search and Cortana to use location\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1591", "Technique2": null, "Mitigation1": "M1056", "Mitigation2": null }, "18.9.72.1": { "Section": "18.9.72", "Recommendation": "18.9.72.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off KMS Client Online AVS Validation\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.75.1": { "Section": "18.9.75", "Recommendation": "18.9.75.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Disable all apps from Microsoft Store\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.75.2": { "Section": "18.9.75", "Recommendation": "18.9.75.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Only display the private store within the Microsoft Store\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.75.3": { "Section": "18.9.75", "Recommendation": "18.9.75.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off Automatic Download and Install of updates\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.75.4": { "Section": "18.9.75", "Recommendation": "18.9.75.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off the offer to update to the latest version of Windows\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.75.5": { "Section": "18.9.75", "Recommendation": "18.9.75.5", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off the Store application\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.81.1": { "Section": "18.9.81", "Recommendation": "18.9.81.1", "Profile": "L1", "RecommendationTitle": "Ensure ?Allow widgets? is set to ?Disabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.85.1.1": { "Section": "18.9.85.1", "Recommendation": "18.9.85.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Windows Defender SmartScreen\u0027 is set to \u0027Enabled: Warn and prevent bypass\u0027", "Technique1": "T1204", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.85.2.1": { "Section": "18.9.85.2", "Recommendation": "18.9.85.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Windows Defender SmartScreen\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1204", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.85.2.2": { "Section": "18.9.85.2", "Recommendation": "18.9.85.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent bypassing Windows Defender SmartScreen prompts for sites\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1553", "Technique2": null, "Mitigation1": "M1054", "Mitigation2": null }, "18.9.87.1": { "Section": "18.9.87", "Recommendation": "18.9.87.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enables or disables Windows Game Recording and Broadcasting\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1592", "Technique2": null, "Mitigation1": "M1056", "Mitigation2": null }, "18.9.89.1": { "Section": "18.9.89", "Recommendation": "18.9.89.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow suggested apps in Windows Ink Workspace\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.89.2": { "Section": "18.9.89", "Recommendation": "18.9.89.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Windows Ink Workspace\u0027 is set to \u0027Enabled: On, but disallow access above lock\u0027 OR \u0027Disabled\u0027 but not \u0027Enabled: On\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.90.1": { "Section": "18.9.90", "Recommendation": "18.9.90.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow user control over installs\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1204", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.90.2": { "Section": "18.9.90", "Recommendation": "18.9.90.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Always install with elevated privileges\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "18.9.90.3": { "Section": "18.9.90", "Recommendation": "18.9.90.3", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Prevent Internet Explorer security prompt for Windows Installer scripts\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1204", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "18.9.91.1": { "Section": "18.9.91", "Recommendation": "18.9.91.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Sign-in and lock last interactive user automatically after a restart\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.100.1": { "Section": "18.9.100", "Recommendation": "18.9.100.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn on PowerShell Script Block Logging\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1552", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.9.100.2": { "Section": "18.9.100", "Recommendation": "18.9.100.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn on PowerShell Transcription\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1552", "Technique2": null, "Mitigation1": "M1028", "Mitigation2": null }, "18.9.102.1.1": { "Section": "18.9.102.1", "Recommendation": "18.9.102.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Basic authentication\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": "T1557", "Mitigation1": "M1018", "Mitigation2": "M1041" }, "18.9.102.1.2": { "Section": "18.9.102.1", "Recommendation": "18.9.102.1.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow unencrypted traffic\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": "T1557", "Mitigation1": "M1018", "Mitigation2": "M1041" }, "18.9.102.1.3": { "Section": "18.9.102.1", "Recommendation": "18.9.102.1.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Disallow Digest authentication\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1021", "Technique2": "T1557", "Mitigation1": "M1018", "Mitigation2": "M1041" }, "18.9.102.2.1": { "Section": "18.9.102.2", "Recommendation": "18.9.102.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow Basic authentication\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": "T1557", "Mitigation1": "M1018", "Mitigation2": "M1041" }, "18.9.102.2.2": { "Section": "18.9.102.2", "Recommendation": "18.9.102.2.2", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow remote server management through WinRM\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "18.9.102.2.3": { "Section": "18.9.102.2", "Recommendation": "18.9.102.2.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Allow unencrypted traffic\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1021", "Technique2": "T1557", "Mitigation1": "M1018", "Mitigation2": "M1041" }, "18.9.102.2.4": { "Section": "18.9.102.2", "Recommendation": "18.9.102.2.4", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Disallow WinRM from storing RunAs credentials\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1021", "Technique2": "T1555", "Mitigation1": "M1018", "Mitigation2": "M1027" }, "18.9.103.1": { "Section": "18.9.103", "Recommendation": "18.9.103.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Allow Remote Shell Access\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1059", "Technique2": null, "Mitigation1": "M1042", "Mitigation2": null }, "18.9.104.1": { "Section": "18.9.104", "Recommendation": "18.9.104.1", "Profile": "L1", "RecommendationTitle": "Ensure ?Allow clipboard sharing with Windows Sandbox? is set to ?Disabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.104.2": { "Section": "18.9.104", "Recommendation": "18.9.104.2", "Profile": "L1", "RecommendationTitle": "Ensure ?Allow networking in Windows Sandbox? is set to ?Disabled?", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.105.2.1": { "Section": "18.9.105.2", "Recommendation": "18.9.105.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent users from modifying settings\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1562", "Technique2": null, "Mitigation1": "M1018", "Mitigation2": null }, "18.9.108.1.1": { "Section": "18.9.108.1", "Recommendation": "18.9.108.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027No auto-restart with logged on users for scheduled automatic updates installations\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.108.2.1": { "Section": "18.9.108.2", "Recommendation": "18.9.108.2.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Automatic Updates\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.108.2.2": { "Section": "18.9.108.2", "Recommendation": "18.9.108.2.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Automatic Updates: Scheduled install day\u0027 is set to \u00270 - Every day\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.108.2.3": { "Section": "18.9.108.2", "Recommendation": "18.9.108.2.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Remove access to ?Pause updates? feature\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.108.4.1": { "Section": "18.9.108.4", "Recommendation": "18.9.108.4.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Manage preview builds\u0027 is set to \u0027Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.103.4.2": { "Section": "18.9.108.4", "Recommendation": "18.9.103.4.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Select when Preview Builds and Feature Updates are received\u0027 is set to \u0027Enabled: 180 or more days\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "18.9.103.4.3": { "Section": "18.9.108.4", "Recommendation": "18.9.103.4.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Select when Quality Updates are received\u0027 is set to \u0027Enabled: 0 days\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.1.3.1": { "Section": "19.1.3", "Recommendation": "19.1.3.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Enable screen saver\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.1.3.2": { "Section": "19.1.3", "Recommendation": "19.1.3.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Password protect the screen saver\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.1.3.3": { "Section": "19.1.3", "Recommendation": "19.1.3.3", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Screen saver timeout\u0027 is set to \u0027Enabled: 900 seconds or fewer, but not 0\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.5.1.1": { "Section": "19.5.1", "Recommendation": "19.5.1.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Turn off toast notifications on the lock screen\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.6.6.1.1": { "Section": "19.6.6.1", "Recommendation": "19.6.6.1.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off Help Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.7.4.1": { "Section": "19.7.4", "Recommendation": "19.7.4.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not preserve zone information in file attachments\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1204", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null }, "19.7.4.2": { "Section": "19.7.4", "Recommendation": "19.7.4.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Notify antivirus programs when opening attachments\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1027", "Technique2": null, "Mitigation1": "M1049", "Mitigation2": null }, "19.7.8.1": { "Section": "19.7.8", "Recommendation": "19.7.8.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Configure Windows spotlight on lock screen\u0027 is set to Disabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.7.8.2": { "Section": "19.7.8", "Recommendation": "19.7.8.2", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Do not suggest third-party content in Windows spotlight\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.7.8.3": { "Section": "19.7.8", "Recommendation": "19.7.8.3", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Do not use diagnostic data for tailored experiences\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.7.8.4": { "Section": "19.7.8", "Recommendation": "19.7.8.4", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Turn off all Windows spotlight features\u0027 is set to \u0027Enabled\u0027", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.7.8.5": { "Section": "19.7.8", "Recommendation": "19.7.8.5", "Profile": "L2", "RecommendationTitle": "Ensure ?Turn off Spotlight collection on Desktop? is set to ?Enabled", "Technique1": "No MITRE ATT\u0026CK mapping", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK mapping", "Mitigation2": null }, "19.7.28.1": { "Section": "19.7.28", "Recommendation": "19.7.28.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Prevent users from sharing files within their profile.\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1083", "Technique2": null, "Mitigation1": "No MITRE ATT\u0026CK Mitigation", "Mitigation2": null }, "19.7.43.1": { "Section": "19.7.43", "Recommendation": "19.7.43.1", "Profile": "L1", "RecommendationTitle": "Ensure \u0027Always install with elevated privileges\u0027 is set to \u0027Disabled\u0027", "Technique1": "T1548", "Technique2": null, "Mitigation1": "M1052", "Mitigation2": null }, "19.7.47.2.1": { "Section": "19.7.47.2", "Recommendation": "19.7.47.2.1", "Profile": "L2", "RecommendationTitle": "Ensure \u0027Prevent Codec Download\u0027 is set to \u0027Enabled\u0027", "Technique1": "T1204", "Technique2": null, "Mitigation1": "M1038", "Mitigation2": null } }, "AttackTactics": { "TA0043": "Reconnaissance", "TA0042": "Resource Development", "TA0001": "Initial Access", "TA0002": "Execution", "TA0003": "Persistence", "TA0004": "Privilege Escalation", "TA0005": "Defense Evasion", "TA0006": "Credential Access", "TA0007": "Discovery", "TA0008": "Lateral Movement", "TA0009": "Collection", "TA0011": "Command and Control", "TA0010": "Exfiltration", "TA0040": "Impact" }, "AttackTechniques": { "T1548": { "ID": "T1548", "name": "Abuse Elevation Control Mechanism" }, "T1134": { "ID": "T1134", "name": "Access Token Manipulation" }, "T1531": { "ID": "T1531", "name": "Account Access Removal", "categories": "noEasyMitigation" }, "T1087": { "ID": "T1087", "name": "Account Discovery", "categories": "mailVector" }, "T1098": { "ID": "T1098", "name": "Account Manipulation", "categories": "mailVector" }, "T1650": { "ID": "T1650", "name": "Acquire Access", "categories": "orgMeasure noEasyMitigation" }, "T1583": { "ID": "T1583", "name": "Acquire Infrastructure", "categories": "noEasyMitigation" }, "T1595": { "ID": "T1595", "name": "Active Scanning", "categories": "orgMeasure noEasyMitigation" }, "T1557": { "ID": "T1557", "name": "Adversary-in-the-Middle" }, "T1071": { "ID": "T1071", "name": "Application Layer Protocol", "categories": "mailVector" }, "T1010": { "ID": "T1010", "name": "Application Window Discovery", "categories": "noEasyMitigation" }, "T1560": { "ID": "T1560", "name": "Archive Collected Data", "categories": "mailVector" }, "T1123": { "ID": "T1123", "name": "Audio Capture", "categories": "noEasyMitigation" }, "T1119": { "ID": "T1119", "name": "Automated Collection", "categories": "mailVector" }, "T1020": { "ID": "T1020", "name": "Automated Exfiltration", "categories": "noEasyMitigation" }, "T1197": { "ID": "T1197", "name": "BITS Jobs" }, "T1547": { "ID": "T1547", "name": "Boot or Logon Autostart Execution", "categories": "noEasyMitigation" }, "T1037": { "ID": "T1037", "name": "Boot or Logon Initialization Scripts" }, "T1176": { "ID": "T1176", "name": "Browser Extensions" }, "T1217": { "ID": "T1217", "name": "Browser Information Discovery", "categories": "noEasyMitigation" }, "T1185": { "ID": "T1185", "name": "Browser Session Hijacking", "categories": "mailVector" }, "T1110": { "ID": "T1110", "name": "Brute Force" }, "T1612": { "ID": "T1612", "name": "Build Image on Host" }, "T1115": { "ID": "T1115", "name": "Clipboard Data", "categories": "noEasyMitigation" }, "T1651": { "ID": "T1651", "name": "Cloud Administration Command", "categories": "orgMeasure" }, "T1580": { "ID": "T1580", "name": "Cloud Infrastructure Discovery" }, "T1538": { "ID": "T1538", "name": "Cloud Service Dashboard" }, "T1526": { "ID": "T1526", "name": "Cloud Service Discovery", "categories": "noEasyMitigation" }, "T1619": { "ID": "T1619", "name": "Cloud Storage Object Discovery" }, "T1059": { "ID": "T1059", "name": "Command and Scripting Interpreter" }, "T1092": { "ID": "T1092", "name": "Communication Through Removable Media" }, "T1586": { "ID": "T1586", "name": "Compromise Accounts", "categories": "orgMeasure noEasyMitigation mailVector" }, "T1554": { "ID": "T1554", "name": "Compromise Client Software Binary", "categories": "orgMeasure mailVector" }, "T1584": { "ID": "T1584", "name": "Compromise Infrastructure", "categories": "orgMeasure noEasyMitigation" }, "T1609": { "ID": "T1609", "name": "Container Administration Command" }, "T1613": { "ID": "T1613", "name": "Container and Resource Discovery" }, "T1136": { "ID": "T1136", "name": "Create Account" }, "T1543": { "ID": "T1543", "name": "Create or Modify System Process" }, "T1555": { "ID": "T1555", "name": "Credentials from Password Stores", "categories": "mailVector" }, "T1485": { "ID": "T1485", "name": "Data Destruction" }, "T1132": { "ID": "T1132", "name": "Data Encoding" }, "T1486": { "ID": "T1486", "name": "Data Encrypted for Impact" }, "T1565": { "ID": "T1565", "name": "Data Manipulation" }, "T1001": { "ID": "T1001", "name": "Data Obfuscation" }, "T1074": { "ID": "T1074", "name": "Data Staged", "categories": "noEasyMitigation mailVector" }, "T1030": { "ID": "T1030", "name": "Data Transfer Size Limits" }, "T1530": { "ID": "T1530", "name": "Data from Cloud Storage", "categories": "mailVector" }, "T1602": { "ID": "T1602", "name": "Data from Configuration Repository" }, "T1213": { "ID": "T1213", "name": "Data from Information Repositories" }, "T1005": { "ID": "T1005", "name": "Data from Local System", "categories": "mailVector" }, "T1039": { "ID": "T1039", "name": "Data from Network Shared Drive", "categories": "noEasyMitigation mailVector" }, "T1025": { "ID": "T1025", "name": "Data from Removable Media" }, "T1622": { "ID": "T1622", "name": "Debugger Evasion", "categories": "noEasyMitigation" }, "T1491": { "ID": "T1491", "name": "Defacement" }, "T1140": { "ID": "T1140", "name": "Deobfuscate/Decode Files or Information", "categories": "noEasyMitigation mailVector" }, "T1610": { "ID": "T1610", "name": "Deploy Container" }, "T1587": { "ID": "T1587", "name": "Develop Capabilities", "categories": "noEasyMitigation mailVector" }, "T1652": { "ID": "T1652", "name": "Device Driver Discovery", "categories": "noEasyMitigation" }, "T1006": { "ID": "T1006", "name": "Direct Volume Access", "categories": "noEasyMitigation" }, "T1561": { "ID": "T1561", "name": "Disk Wipe" }, "T1484": { "ID": "T1484", "name": "Domain Policy Modification" }, "T1482": { "ID": "T1482", "name": "Domain Trust Discovery" }, "T1189": { "ID": "T1189", "name": "Drive-by Compromise" }, "T1568": { "ID": "T1568", "name": "Dynamic Resolution" }, "T1114": { "ID": "T1114", "name": "Email Collection", "categories": "mailVector" }, "T1573": { "ID": "T1573", "name": "Encrypted Channel" }, "T1499": { "ID": "T1499", "name": "Endpoint Denial of Service", "categories": "mailVector" }, "T1611": { "ID": "T1611", "name": "Escape to Host" }, "T1585": { "ID": "T1585", "name": "Establish Accounts", "categories": "orgMeasure noEasyMitigation mailVector" }, "T1546": { "ID": "T1546", "name": "Event Triggered Execution", "categories": "noEasyMitigation" }, "T1480": { "ID": "T1480", "name": "Execution Guardrails" }, "T1048": { "ID": "T1048", "name": "Exfiltration Over Alternative Protocol", "categories": "mailVector" }, "T1041": { "ID": "T1041", "name": "Exfiltration Over C2 Channel", "categories": "mailVector" }, "T1011": { "ID": "T1011", "name": "Exfiltration Over Other Network Medium" }, "T1052": { "ID": "T1052", "name": "Exfiltration Over Physical Medium" }, "T1567": { "ID": "T1567", "name": "Exfiltration Over Web Service" }, "T1190": { "ID": "T1190", "name": "Exploit Public-Facing Application", "categories": "mailVector" }, "T1203": { "ID": "T1203", "name": "Exploitation for Client Execution", "categories": "mailVector" }, "T1212": { "ID": "T1212", "name": "Exploitation for Credential Access" }, "T1211": { "ID": "T1211", "name": "Exploitation for Defense Evasion" }, "T1068": { "ID": "T1068", "name": "Exploitation for Privilege Escalation" }, "T1210": { "ID": "T1210", "name": "Exploitation of Remote Services" }, "T1133": { "ID": "T1133", "name": "External Remote Services" }, "T1008": { "ID": "T1008", "name": "Fallback Channels" }, "T1083": { "ID": "T1083", "name": "File and Directory Discovery", "categories": "noEasyMitigation" }, "T1222": { "ID": "T1222", "name": "File and Directory Permissions Modification" }, "T1495": { "ID": "T1495", "name": "Firmware Corruption" }, "T1187": { "ID": "T1187", "name": "Forced Authentication" }, "T1606": { "ID": "T1606", "name": "Forge Web Credentials" }, "T1592": { "ID": "T1592", "name": "Gather Victim Host Information", "categories": "noEasyMitigation" }, "T1589": { "ID": "T1589", "name": "Gather Victim Identity Information", "categories": "noEasyMitigation mailVector" }, "T1590": { "ID": "T1590", "name": "Gather Victim Network Information", "categories": "orgMeasure noEasyMitigation" }, "T1591": { "ID": "T1591", "name": "Gather Victim Org Information", "categories": "noEasyMitigation" }, "T1615": { "ID": "T1615", "name": "Group Policy Discovery", "categories": "noEasyMitigation" }, "T1200": { "ID": "T1200", "name": "Hardware Additions" }, "T1564": { "ID": "T1564", "name": "Hide Artifacts", "categories": "noEasyMitigation mailVector" }, "T1574": { "ID": "T1574", "name": "Hijack Execution Flow" }, "T1562": { "ID": "T1562", "name": "Impair Defenses" }, "T1525": { "ID": "T1525", "name": "Implant Internal Image" }, "T1070": { "ID": "T1070", "name": "Indicator Removal", "categories": "mailVector" }, "T1202": { "ID": "T1202", "name": "Indirect Command Execution", "categories": "noEasyMitigation" }, "T1105": { "ID": "T1105", "name": "Ingress Tool Transfer", "categories": "mailVector" }, "T1490": { "ID": "T1490", "name": "Inhibit System Recovery" }, "T1056": { "ID": "T1056", "name": "Input Capture", "categories": "noEasyMitigation" }, "T1559": { "ID": "T1559", "name": "Inter-Process Communication" }, "T1534": { "ID": "T1534", "name": "Internal Spearphishing", "categories": "orgMeasure noEasyMitigation mailVector" }, "T1570": { "ID": "T1570", "name": "Lateral Tool Transfer" }, "T1036": { "ID": "T1036", "name": "Masquerading", "categories": "mailVector" }, "T1556": { "ID": "T1556", "name": "Modify Authentication Process" }, "T1578": { "ID": "T1578", "name": "Modify Cloud Compute Infrastructure" }, "T1112": { "ID": "T1112", "name": "Modify Registry" }, "T1601": { "ID": "T1601", "name": "Modify System Image" }, "T1111": { "ID": "T1111", "name": "Multi-Factor Authentication Interception" }, "T1621": { "ID": "T1621", "name": "Multi-Factor Authentication Request Generation" }, "T1104": { "ID": "T1104", "name": "Multi-Stage Channels" }, "T1106": { "ID": "T1106", "name": "Native API" }, "T1599": { "ID": "T1599", "name": "Network Boundary Bridging", "categories": "orgMeasure" }, "T1498": { "ID": "T1498", "name": "Network Denial of Service", "categories": "mailVector" }, "T1046": { "ID": "T1046", "name": "Network Service Discovery" }, "T1135": { "ID": "T1135", "name": "Network Share Discovery" }, "T1040": { "ID": "T1040", "name": "Network Sniffing" }, "T1095": { "ID": "T1095", "name": "Non-Application Layer Protocol" }, "T1571": { "ID": "T1571", "name": "Non-Standard Port", "categories": "mailVector" }, "T1003": { "ID": "T1003", "name": "OS Credential Dumping", "categories": "mailVector" }, "T1027": { "ID": "T1027", "name": "Obfuscated Files or Information" }, "T1588": { "ID": "T1588", "name": "Obtain Capabilities", "categories": "noEasyMitigation" }, "T1137": { "ID": "T1137", "name": "Office Application Startup", "categories": "mailVector" }, "T1201": { "ID": "T1201", "name": "Password Policy Discovery" }, "T1120": { "ID": "T1120", "name": "Peripheral Device Discovery", "categories": "noEasyMitigation" }, "T1069": { "ID": "T1069", "name": "Permission Groups Discovery", "categories": "noEasyMitigation" }, "T1566": { "ID": "T1566", "name": "Phishing", "categories": "mailVector" }, "T1598": { "ID": "T1598", "name": "Phishing for Information", "categories": "mailVector" }, "T1647": { "ID": "T1647", "name": "Plist File Modification" }, "T1542": { "ID": "T1542", "name": "Pre-OS Boot" }, "T1057": { "ID": "T1057", "name": "Process Discovery", "categories": "noEasyMitigation" }, "T1055": { "ID": "T1055", "name": "Process Injection" }, "T1572": { "ID": "T1572", "name": "Protocol Tunneling" }, "T1090": { "ID": "T1090", "name": "Proxy" }, "T1012": { "ID": "T1012", "name": "Query Registry", "categories": "noEasyMitigation" }, "T1620": { "ID": "T1620", "name": "Reflective Code Loading", "categories": "noEasyMitigation" }, "T1219": { "ID": "T1219", "name": "Remote Access Software" }, "T1563": { "ID": "T1563", "name": "Remote Service Session Hijacking" }, "T1021": { "ID": "T1021", "name": "Remote Services" }, "T1018": { "ID": "T1018", "name": "Remote System Discovery", "categories": "noEasyMitigation" }, "T1091": { "ID": "T1091", "name": "Replication Through Removable Media" }, "T1496": { "ID": "T1496", "name": "Resource Hijacking", "categories": "noEasyMitigation" }, "T1207": { "ID": "T1207", "name": "Rogue Domain Controller", "categories": "noEasyMitigation" }, "T1014": { "ID": "T1014", "name": "Rootkit", "categories": "noEasyMitigation" }, "T1053": { "ID": "T1053", "name": "Scheduled Task/Job" }, "T1029": { "ID": "T1029", "name": "Scheduled Transfer" }, "T1113": { "ID": "T1113", "name": "Screen Capture", "categories": "noEasyMitigation mailVector" }, "T1597": { "ID": "T1597", "name": "Search Closed Sources", "categories": "noEasyMitigation" }, "T1596": { "ID": "T1596", "name": "Search Open Technical Databases", "categories": "noEasyMitigation" }, "T1593": { "ID": "T1593", "name": "Search Open Websites/Domains" }, "T1594": { "ID": "T1594", "name": "Search Victim-Owned Websites", "categories": "orgMeasure noEasyMitigation mailVector" }, "T1505": { "ID": "T1505", "name": "Server Software Component" }, "T1648": { "ID": "T1648", "name": "Serverless Execution", "categories": "mailVector" }, "T1489": { "ID": "T1489", "name": "Service Stop" }, "T1129": { "ID": "T1129", "name": "Shared Modules" }, "T1072": { "ID": "T1072", "name": "Software Deployment Tools" }, "T1518": { "ID": "T1518", "name": "Software Discovery", "categories": "noEasyMitigation" }, "T1608": { "ID": "T1608", "name": "Stage Capabilities", "categories": "noEasyMitigation" }, "T1528": { "ID": "T1528", "name": "Steal Application Access Token", "categories": "mailVector" }, "T1539": { "ID": "T1539", "name": "Steal Web Session Cookie" }, "T1649": { "ID": "T1649", "name": "Steal or Forge Authentication Certificates" }, "T1558": { "ID": "T1558", "name": "Steal or Forge Kerberos Tickets" }, "T1553": { "ID": "T1553", "name": "Subvert Trust Controls" }, "T1195": { "ID": "T1195", "name": "Supply Chain Compromise" }, "T1218": { "ID": "T1218", "name": "System Binary Proxy Execution" }, "T1082": { "ID": "T1082", "name": "System Information Discovery", "categories": "noEasyMitigation" }, "T1614": { "ID": "T1614", "name": "System Location Discovery", "categories": "noEasyMitigation" }, "T1016": { "ID": "T1016", "name": "System Network Configuration Discovery", "categories": "noEasyMitigation mailVector" }, "T1049": { "ID": "T1049", "name": "System Network Connections Discovery", "categories": "noEasyMitigation" }, "T1033": { "ID": "T1033", "name": "System Owner/User Discovery", "categories": "noEasyMitigation mailVector" }, "T1216": { "ID": "T1216", "name": "System Script Proxy Execution" }, "T1007": { "ID": "T1007", "name": "System Service Discovery", "categories": "noEasyMitigation" }, "T1569": { "ID": "T1569", "name": "System Services" }, "T1529": { "ID": "T1529", "name": "System Shutdown/Reboot", "categories": "noEasyMitigation" }, "T1124": { "ID": "T1124", "name": "System Time Discovery", "categories": "noEasyMitigation" }, "T1080": { "ID": "T1080", "name": "Taint Shared Content" }, "T1221": { "ID": "T1221", "name": "Template Injection", "categories": "mailVector" }, "T1205": { "ID": "T1205", "name": "Traffic Signaling" }, "T1537": { "ID": "T1537", "name": "Transfer Data to Cloud Account" }, "T1127": { "ID": "T1127", "name": "Trusted Developer Utilities Proxy Execution" }, "T1199": { "ID": "T1199", "name": "Trusted Relationship" }, "T1552": { "ID": "T1552", "name": "Unsecured Credentials" }, "T1535": { "ID": "T1535", "name": "Unused/Unsupported Cloud Regions" }, "T1550": { "ID": "T1550", "name": "Use Alternate Authentication Material" }, "T1204": { "ID": "T1204", "name": "User Execution" }, "T1078": { "ID": "T1078", "name": "Valid Accounts", "categories": "mailVector" }, "T1125": { "ID": "T1125", "name": "Video Capture", "categories": "noEasyMitigation" }, "T1497": { "ID": "T1497", "name": "Virtualization/Sandbox Evasion", "categories": "noEasyMitigation" }, "T1600": { "ID": "T1600", "name": "Weaken Encryption", "categories": "noEasyMitigation" }, "T1102": { "ID": "T1102", "name": "Web Service" }, "T1047": { "ID": "T1047", "name": "Windows Management Instrumentation" }, "T1220": { "ID": "T1220", "name": "XSL Script Processing" } }, "TechniquesToTactis": { "T1132": "TA0011", "T1594": "TA0043", "T1573": "TA0011", "T1587": "TA0042", "T1556": [ "TA0006", "TA0005", "TA0003" ], "T1137": "TA0003", "T1071": "TA0011", "T1016": "TA0007", "T1601": "TA0005", "T1547": [ "TA0004", "TA0003" ], "T1041": "TA0010", "T1200": "TA0001", "T1055": [ "TA0004", "TA0005" ], "T1176": "TA0003", "T1593": "TA0043", "T1072": [ "TA0008", "TA0002" ], "T1204": "TA0002", "T1218": "TA0005", "T1482": "TA0007", "T1525": "TA0003", "T1129": "TA0002", "T1558": "TA0006", "T1564": "TA0005", "T1207": "TA0005", "T1580": "TA0007", "T1092": "TA0011", "T1133": [ "TA0001", "TA0003" ], "T1571": "TA0011", "T1021": "TA0008", "T1078": [ "TA0004", "TA0005", "TA0001", "TA0003" ], "T1070": "TA0005", "T1113": "TA0009", "T1040": [ "TA0006", "TA0007" ], "T1583": "TA0042", "T1069": "TA0007", "T1202": "TA0005", "T1572": "TA0011", "T1068": "TA0004", "T1652": "TA0007", "T1555": "TA0006", "T1538": "TA0007", "T1563": "TA0008", "T1216": "TA0005", "T1539": "TA0006", "T1489": "TA0040", "T1221": "TA0005", "T1622": [ "TA0005", "TA0007" ], "T1495": "TA0040", "T1535": "TA0005", "T1219": "TA0011", "T1197": [ "TA0005", "TA0003" ], "T1486": "TA0040", "T1649": "TA0006", "T1569": "TA0002", "T1578": "TA0005", "T1497": [ "TA0005", "TA0007" ], "T1091": [ "TA0008", "TA0001" ], "T1083": "TA0007", "T1087": "TA0007", "T1201": "TA0007", "T1537": "TA0010", "T1190": "TA0001", "T1007": "TA0007", "T1112": "TA0005", "T1608": "TA0042", "T1650": "TA0042", "T1110": "TA0006", "T1530": "TA0009", "T1090": "TA0011", "T1039": "TA0009", "T1553": "TA0005", "T1599": "TA0005", "T1619": "TA0007", "T1185": "TA0009", "T1585": "TA0042", "T1588": "TA0042", "T1485": "TA0040", "T1534": "TA0008", "T1098": "TA0003", "T1499": "TA0040", "T1614": "TA0007", "T1602": "TA0009", "T1213": "TA0009", "T1114": "TA0009", "T1052": "TA0010", "T1648": "TA0002", "T1135": "TA0007", "T1621": "TA0006", "T1095": "TA0011", "T1542": [ "TA0005", "TA0003" ], "T1124": "TA0007", "T1119": "TA0009", "T1057": "TA0007", "T1531": "TA0040", "T1136": "TA0003", "T1140": "TA0005", "T1037": [ "TA0004", "TA0003" ], "T1046": "TA0007", "T1505": "TA0003", "T1565": "TA0040", "T1480": "TA0005", "T1612": "TA0005", "T1205": [ "TA0005", "TA0011", "TA0003" ], "T1080": "TA0008", "T1003": "TA0006", "T1552": "TA0006", "T1059": "TA0002", "T1211": "TA0005", "T1550": [ "TA0008", "TA0005" ], "T1543": [ "TA0004", "TA0003" ], "T1595": "TA0043", "T1048": "TA0010", "T1600": "TA0005", "T1005": "TA0009", "T1592": "TA0043", "T1557": [ "TA0009", "TA0006" ], "T1010": "TA0007", "T1561": "TA0040", "T1498": "TA0040", "T1203": "TA0002", "T1546": [ "TA0004", "TA0003" ], "T1125": "TA0009", "T1056": [ "TA0009", "TA0006" ], "T1554": "TA0003", "T1591": "TA0043", "T1187": "TA0006", "T1217": "TA0007", "T1047": "TA0002", "T1647": "TA0005", "T1559": "TA0002", "T1018": "TA0007", "T1074": "TA0009", "T1199": "TA0001", "T1025": "TA0009", "T1610": [ "TA0002", "TA0005" ], "T1548": [ "TA0004", "TA0005" ], "T1210": "TA0008", "T1584": "TA0042", "T1567": "TA0010", "T1120": "TA0007", "T1491": "TA0040", "T1606": "TA0006", "T1001": "TA0011", "T1562": "TA0005", "T1049": "TA0007", "T1105": "TA0011", "T1613": "TA0007", "T1220": "TA0005", "T1082": "TA0007", "T1222": "TA0005", "T1609": "TA0002", "T1651": "TA0002", "T1111": "TA0006", "T1212": "TA0006", "T1611": "TA0004", "T1030": "TA0010", "T1528": "TA0006", "T1102": "TA0011", "T1574": [ "TA0004", "TA0005", "TA0003" ], "T1598": "TA0043", "T1127": "TA0005", "T1570": "TA0008", "T1006": "TA0005", "T1008": "TA0011", "T1589": "TA0043", "T1012": "TA0007", "T1620": "TA0005", "T1496": "TA0040", "T1615": "TA0007", "T1518": "TA0007", "T1566": "TA0001", "T1484": [ "TA0004", "TA0005" ], "T1526": "TA0007", "T1189": "TA0001", "T1029": "TA0010", "T1014": "TA0005", "T1568": "TA0011", "T1134": [ "TA0004", "TA0005" ], "T1104": "TA0011", "T1586": "TA0042", "T1195": "TA0001", "T1011": "TA0010", "T1560": "TA0009", "T1036": "TA0005", "T1106": "TA0002", "T1590": "TA0043", "T1027": "TA0005", "T1529": "TA0040", "T1033": "TA0007", "T1020": "TA0010", "T1490": "TA0040", "T1597": "TA0043", "T1115": "TA0009", "T1053": [ "TA0004", "TA0002", "TA0003" ], "T1596": "TA0043", "T1123": "TA0009" } } |