Autorun: behavior must be configured to prevent Autorun commands

746184bf-3f96-4365-8bb4-c7abf8a772ac

Allowing AutoRun commands to execute may introduce malicious code to a system. Configuring this setting prevents AutoRun commands from executing.

Remediation

Via GPO:
Under Computer Configuration / Administrative Templates / Windows Components / Autoplay Policies / Set the default behavior for AutoRun: Enable - And Select "Do not execute any autorun commands" under "Default Autorun Behavior"

STIG: Server: 2016 - https://www.stigviewer.com/stig/windows_server_2016/2019-01-16/finding/V-73547
Server 2019 - https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93375
Desktop https://www.stigviewer.com/stig/windows_10/2021-03-10/finding/V-220828

Disabling Autorun by GPO: https://www.techrepublic.com/article/how-to-disable-autoplay-and-autorun-in-windows-10/

NIST 800-171: 3.4.6 3.4.7
NIST 800-53 Rev4: CM-7(2)
CMMC Level 2: CM.2.062
CMMC Level 3: CM.3.068