This is an old revision of the document!
Path: Control Panel\System
- Windows 10 operating system with 8.00 GB RAM (minimum)
- or
- Windows 7 (x86 or x64) operating system with 4.0 GB RAM (minimum)
- Record output
Path: Control Panel\Administrative Tools\Local Security Policy\Account Policies\Password Policy
| Setting | Value |
|---|---|
| Enforce password history | 5 |
| Maximum password age | 30 |
| Minimum password age | 1 |
| Minimum password length | 8 |
| Password must meet complexity requirements | Enabled |
| Store passwords using reversible encryption | Disabled |
Path: Control Panel\Administrative Tools\Local Security Policy\Account Policies\Account Lockout Policy
| Setting | Value |
|---|---|
| Account lockout duration | 60 mins |
| Account lockout threshold | 3 invalid logon attempts |
| Reset account lockout counter after | 60 mins |
Path: Control Panel\Administrative Tools\Local Security Policy\Local Policies\Audit Policy
- Select all items for audit of success and failure.
Path: Control Panel\Administrative Tools\Local Security Policy\Local Policies\Security Options (s=
| Setting | Value |
|---|---|
| Accounts:Guest account status | Disabled |
| Accounts:Rename administrator account | {New Name} |
| Accounts:Rename administrator account | {New Name} |
Path (Win10): Control Panel\System and Security\Windows Defender Firewall\Customize Settings (See note)
| Setting | Value |
|---|---|
| Private network settings | Turn on Windows Defender Firewall |
| Public network settings | Turn on Windows Defender Firewall |
Path (Win7): Control Panel\System and Security\Windows Firewall\Customize Settings (See note)
| Setting | Value |
|---|---|
| Private network settings | Turn on Windows Firewall |
| Public network settings | Turn on Windows Firewall |
Note: CeRTNA does not require any custom firewall rules to be applied. The only requirement is that a local workstation based firewall is enabled with the default settings. Organizations that have a product like Symantec Endpoint Protection will use the Symantec Endpoint Protection firewall, which will disable the Windows Firewall. Regardless of the local firewall that is used, you will need to show the auditor that the firewall for private and public networks is enabled.
Path (Win10):System\Windows Update
By default Windows 10 Updates are enabled. Verify the Windows Update History to show that the updates are being applied.
Path (Win7):System\Windows Update
| Setting | Value |
|---|---|
| Install updates automatically | Selected |
| Install new updates every day | Selected |
| Allow all users to install updates on this computer | Selected |
Control Panel\All Control Panel Items\Power Options\System Settings
| Setting | Value |
|---|---|
| Require a password on wakeup | Selected |
Path (Win10):Settings\Lock Screen\Screen saver settings
| Setting | Value |
|---|---|
| On resume, display logon screen | Enabled |