NIST 800 171 Desktop Validation Scripts by EventSentry | EventSentry

PingSentry | Blog | System32 | GitHub | Free tools

EventSentry

Validation Scripts

Scripts

37

Tag

nist800-171-desktop

Accounts: Administrator accounts must not be enumerated during elevation

f3afb7e7-d38a-42f2-8290-56da3b445913

Accounts: Deny log on locally user right must be configured to prevent access from highly privileged domain accounts

fd44a45e-ef9e-4c54-bebf-22bba68a185c

Accounts: Local Guest account should be disabled

538d811a-0a0a-4336-8294-63bc2c092ebb

Accounts: Reversible password encryption must be disabled

71ebd815-0ca9-44c9-b7b8-c96e155e7afb

Auditing: Command line data must be included in process creation events

c787dcd2-355b-4ff5-8265-3eb860f11670

Auditing: Event Log size for Application log must be at least 32768 KB

b38cea25-93f2-42d7-ac5f-f2c1e93f974a

Auditing: Event Log size for Security log must be at least 196608 KB

f9befa07-2636-4c53-a43f-db2035b9cdff

Auditing: Event Log size for System log must be at least 32768 KB

4decda12-e17d-45d8-bb5e-53f26706acbf

Auditing: Must force audit policy subcategory settings to override audit policy category settings

9929dbd2-a4fb-40ea-9a2d-8a1db39a5729

Auditing: Removable Storage

af074caf-14a4-41f5-9ebd-e2214dc48240

Autorun: behavior must be configured to prevent Autorun commands

746184bf-3f96-4365-8bb4-c7abf8a772ac

Compliance: BitLocker should be configured in FIPS mode

330f6517-5c88-4086-b456-d3026307c001

Compliance: BitLocker should use AES 256 encryption

77de846e-473b-4c4d-8d70-85d27342fc45

Debug Programs: User right must only be assigned to the Administrators group

76794e3a-d350-45a6-adf9-a4a9708271f9

Domain Controller: Must require LDAP access signing

9e1e28ee-d597-49db-b33d-cfee0ba15c69

Domain Controllers: Accounts: Deny log on locally user right must be configured to prevent access from highly privileged domain accounts

8d9748ad-695f-489e-bf31-4d1e8e397a7b

Domain Member: LDAP client signing requirements

5c9b1fb7-3d92-4d13-be5f-13d7894e50d0

Domain Member: Local users on domain-joined member servers must not be enumerated

a115da09-58b1-40dd-85ca-6f6e4cac977d

General: AntiVirus/Antimalware Status

6d48a68a-3e44-4a00-8d42-670e41c9942c

General: Machine inactivity limit must be set to 15 minutes or less, locking the system with the screen saver

bf06c136-7223-41ac-8288-e0940126a884

General: Windows Defender SmartScreen must be enabled (Desktop)

4d189e65-af8b-463f-95d1-3880b7c459ec

Local volumes must be formatted with NTFS

b6493fb9-ad83-494c-93e3-3dbfaeb9b303

Network Access: Disable SMBv1

78c4c60a-a039-4a47-b614-3138d7bcfe4f

Network Access: Do not allow anonymous enumeration of SAM accounts and shares

752e0588-decf-451b-9fef-cc3235765d54

Network Access: Must be configured to prevent anonymous users from having the same permissions as the Everyone group

35f2c214-8c49-47cf-b324-9f7620f8dd16

Network Access: Must prevent NTLM from falling back to a Null session

793452ad-d37f-461b-a270-cc4e0ea1c2a5

Network Access: Restrict anonymous access to Named Pipes and Shares

e7aa340c-ec27-4603-b780-851d94a0ecbf

Network Access: Services using Local System when reverting to NTLM authentication must use computer identity

0b49395c-beb5-480b-a1b8-1096622607a1

Network Access: Unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers

9cce3400-f772-4b0c-8f12-11157e102f87

Passwords: Enforce history

d0163b5f-23ab-4377-bc49-709e891a6b2b

Passwords: Maximum Age

794aed82-0f0a-46e0-8135-204c50b12462

Passwords: Minimum Password Age

c3b194cc-701a-43f4-bd84-86caada64337

Passwords: Minimum length

e352dda0-c735-4b4e-ba26-097f5dbab32c

Remote Desktop Services: Idle session time limit

a06670b6-460f-45ae-93ef-02d41f52d45e

TLS/SSL Insecure Ciphers (SCHANNEL)

78fcd8a8-18af-49f4-8a64-bccb901e5557

Windows OS: Build Version Check (End Of Life)

07b6c273-cdb3-4a4d-889d-d1d54dc0eb5f

Windows OS: Build Version Check (OS Updated)

c7b058ab-6360-4b5d-9cd2-45eafef8c489

Full tag list

compliance-server (119) compliance-desktop (101) server (100) security-server (95) stig-medium-server (95) desktop (93) security-desktop (80) stig-medium-desktop (75) nist800-171-server (51) nist800-53-server (47) nist800-53-desktop (38) nist800-171-desktop (37) cmmc2-l2-server (36) bestpractice-desktop (28) cmmc2-l2-desktop (27) bestpractice-server (22) stig-high-desktop (19) stig-high-server (19) cmmc2-l1-server (18) cmmc2-l1-desktop (16) tisax (15) domaincontroller (14) domainmember (14) cis-csc-server (13) pci-dss-v4-server (12) cis-csc-desktop (12) sig-server (9) nist-privacy-server (8) pci-dss-v4-desktop (8) remote-desktop (7) pci-dss-v3.2-server (6) csa-cmm-server (6) privacy-server (6) threat-intel-server (6) health (6) nist-privacy-desktop (6) privacy-desktop (6) cmmc2-l3-server (5) stig-low-desktop (4) stig-medium-ie (4) sig-desktop (4) niap-server (4) niap-desktop (4) cmmc2-l3-desktop (3) fips140-2 (3) domaincontroller-bestpractices (3) stig-low-server (3) threat-intel-desktop (3) cve-server (3) mitre-desktop (3) pci-dss-v3.2-desktop (2) cve-desktop (2) sec-hardening-server (2) sec-hardening-desktop (2) cce-server (2) cce-desktop (2) mitre-server (2) msoffice (2) csf-desktop (1) ul2900-1-desktop (1) ul2900-1-server (1) cjis-desktop (1) cjis-server (1) fedramp-desktop (1) fedramp-server (1) hyper-v (1) domaincontroller-health (1) iis-stig-high (1) csa-cmm-desktop (1) info-desktop (1) exchange-security (1) csf-server (1)

CMMC v2.0 Compliance STIG CIS NIST 800-171 Servers Desktops