| Vulnerability ID |
Message |
|
V-254247
|
Systems at unsupported servicing levels will not receive security updates for...
|
|
V-205849
|
Systems at unsupported servicing levels will not receive security updates for...
|
|
V-253263
|
Windows 11 is maintained by Microsoft at servicing levels for specific period...
|
|
V-220706
|
Windows 10 is maintained by Microsoft at servicing levels for specific period...
|
|
V-254355
|
Enumeration of administrator accounts when elevating can provide part of the ...
|
|
V-205714
|
Enumeration of administrator accounts when elevating can provide part of the ...
|
|
V-253391
|
Enumeration of administrator accounts when elevating can provide part of the ...
|
|
V-220832
|
Enumeration of administrator accounts when elevating can provide part of the ...
|
|
V-205751
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254289
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-205659
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-253301
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-220743
|
The longer a password is in use, the greater the opportunity for someone to g...
|
|
V-254447
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-205909
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-253435
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-220911
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-254291
|
Information systems not protected with strong password schemes (including pas...
|
|
V-205662
|
Information systems not protected with strong password schemes (including pas...
|
|
V-253303
|
Information systems not protected with strong password schemes (including pas...
|
|
V-220745
|
Information systems not protected with strong password schemes (including pas...
|
|
V-254290
|
Permitting passwords to be changed in immediate succession within the same da...
|
|
V-205656
|
Permitting passwords to be changed in immediate succession within the same da...
|
|
V-253302
|
Permitting passwords to be changed in immediate succession within the same da...
|
|
V-220744
|
Permitting passwords to be changed in immediate succession within the same da...
|
|
V-253385
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-220826
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-254351
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-205691
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-254448
|
The built-in guest account is a well-known user account on all Windows system...
|
|
V-205910
|
The built-in guest account is a well-known user account on all Windows system...
|
|
V-220912
|
The built-in guest account is a well-known user account on all Windows system...
|
|
V-253436
|
The built-in guest account is a well-known user account on all Windows system...
|
|
V-254424
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254438
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205670
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205675
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-220971
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-253494
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254440
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205748
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-220973
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-253496
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254426
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205745
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205908
|
An account without a password can allow unauthorized access to a system as on...
|
|
V-254446
|
An account without a password can allow unauthorized access to a system as on...
|
|
V-220910
|
An account without a password can allow unauthorized access to a system as on...
|
|
V-253434
|
An account without a password can allow unauthorized access to a system as on...
|
|
V-254429
|
A compromised local administrator account can provide means for an attacker t...
|
|
V-205715
|
A compromised local administrator account can provide means for an attacker t...
|
|
V-253357
|
A compromised local administrator account can provide means for an attacker t...
|
|
V-220799
|
A compromised local administrator account can provide means for an attacker t...
|
|
V-253432
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-220908
|
The built-in administrator account is a well-known account subject to attack....
|
|
V-254445
|
A system faces an increased vulnerability threat if the built-in guest accoun...
|
|
V-205709
|
A system faces an increased vulnerability threat if the built-in guest accoun...
|
|
V-253433
|
A system faces an increased vulnerability threat if the built-in guest accoun...
|
|
V-220909
|
A system faces an increased vulnerability threat if the built-in guest accoun...
|
|
V-254250
|
The ability to set access permissions and auditing is critical to maintaining...
|
|
V-205663
|
The ability to set access permissions and auditing is critical to maintaining...
|
|
V-253265
|
The ability to set access permissions and auditing is critical to maintaining...
|
|
V-220708
|
The ability to set access permissions and auditing is critical to maintaining...
|
|
V-254372
|
Indexing of encrypted files may expose sensitive data. This setting prevents ...
|
|
V-205694
|
Indexing of encrypted files may expose sensitive data. This setting prevents ...
|
|
V-253409
|
Indexing of encrypted files may expose sensitive data. This setting prevents ...
|
|
V-220855
|
Indexing of encrypted files may expose sensitive data. This setting prevents ...
|
|
V-254494
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-253483
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-220960
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254317
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205840
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253324
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220766
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254285
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-205795
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-253297
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-220739
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-254342
|
An exportable version of credentials is provided to remote hosts when using c...
|
|
V-205863
|
An exportable version of credentials is provided to remote hosts when using c...
|
|
V-253368
|
An exportable version of credentials is provided to remote hosts when using c...
|
|
V-220810
|
An exportable version of credentials is provided to remote hosts when using c...
|
|
V-254376
|
Windows can be configured to automatically sign the user back in after a Wind...
|
|
V-205925
|
Windows can be configured to automatically sign the user back in after a Wind...
|
|
V-253413
|
Windows can be configured to automatically sign the user back in after a Wind...
|
|
V-220859
|
Windows can be configured to automatically sign the user back in after a Wind...
|
|
V-260469
|
A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, ca...
|
|
V-254292
|
The use of complex passwords increases their strength against attack. The bui...
|
|
V-205652
|
The use of complex passwords increases their strength against attack. The bui...
|
|
V-253304
|
The use of complex passwords increases their strength against guessing and br...
|
|
V-260650
|
Use of weak or untested encryption algorithms undermines the purposes of util...
|
|
V-220746
|
The use of complex passwords increases their strength against guessing and br...
|
|
V-254287
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-205630
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-253299
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-220741
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-254257
|
The lack of password protection enables anyone to gain access to the informat...
|
|
V-205700
|
The lack of password protection enables anyone to gain access to the informat...
|
|
V-254293
|
Storing passwords using reversible encryption is essentially the same as stor...
|
|
V-205653
|
Storing passwords using reversible encryption is essentially the same as stor...
|
|
V-253305
|
Storing passwords using reversible encryption is essentially the same as stor...
|
|
V-220747
|
Storing passwords using reversible encryption is essentially the same as stor...
|
|
V-254453
|
Computer account passwords are changed automatically on a regular basis. Disa...
|
|
V-205815
|
Computer account passwords are changed automatically on a regular basis. Disa...
|
|
V-253441
|
Computer account passwords are changed automatically on a regular basis. Disa...
|
|
V-220917
|
Computer account passwords are changed automatically on a regular basis. Disa...
|
|
V-254286
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-205629
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-253298
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-220740
|
The account lockout feature, when enabled, prevents brute-force password atta...
|
|
V-254483
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-205716
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254482
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205811
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253468
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220944
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254485
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205812
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253471
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220947
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254488
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205813
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253474
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220950
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254486
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205718
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253472
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220948
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254489
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205720
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-253475
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220951
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254484
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205717
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-253469
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220945
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254487
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-205719
|
UAC is a security mechanism for limiting the elevation of privileges, includi...
|
|
V-253473
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-220949
|
User Account Control (UAC) is a security mechanism for limiting the elevation...
|
|
V-254349
|
A system that does not require authentication when resuming from sleep may pr...
|
|
V-205867
|
A system that does not require authentication when resuming from sleep may pr...
|
|
V-253380
|
Authentication must always be required when accessing a system. This setting ...
|
|
V-220821
|
Authentication must always be required when accessing a system. This setting ...
|
|
V-254350
|
A system that does not require authentication when resuming from sleep may pr...
|
|
V-205868
|
A system that does not require authentication when resuming from sleep may pr...
|
|
V-253381
|
Authentication must always be required when accessing a system. This setting ...
|
|
V-220822
|
Authentication must always be required when accessing a system. This setting ...
|
|
V-254479
|
If the private key is discovered, an attacker can use the key to authenticate...
|
|
V-205651
|
If the private key is discovered, an attacker can use the key to authenticate...
|
|
V-254341
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205638
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220809
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253367
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254299
|
Protecting audit information also includes identifying and protecting the too...
|
|
V-205731
|
Protecting audit information also includes identifying and protecting the too...
|
|
V-254358
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-205796
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-253337
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-220779
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-254359
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-205797
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-253338
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-220780
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-254360
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-205798
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-253339
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-220781
|
Inadequate log size will cause the log to fill up quickly. This may prevent a...
|
|
V-254449
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205644
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253437
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220913
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254297
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205641
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253341
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220783
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254298
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205642
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253342
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220784
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254352
|
Allowing AutoPlay to execute may introduce malicious code to a system. AutoPl...
|
|
V-205804
|
Allowing AutoPlay to execute may introduce malicious code to a system. AutoPl...
|
|
V-253386
|
Allowing autoplay to execute may introduce malicious code to a system. Autopl...
|
|
V-220827
|
Allowing autoplay to execute may introduce malicious code to a system. Autopl...
|
|
V-254354
|
Allowing AutoPlay to execute may introduce malicious code to a system. AutoPl...
|
|
V-205806
|
Allowing AutoPlay to execute may introduce malicious code to a system. AutoPl...
|
|
V-253388
|
Allowing autoplay to execute may introduce malicious code to a system. Autopl...
|
|
V-220829
|
Allowing autoplay to execute may introduce malicious code to a system. Autopl...
|
|
V-254353
|
Allowing AutoRun commands to execute may introduce malicious code to a system...
|
|
V-205805
|
Allowing AutoRun commands to execute may introduce malicious code to a system...
|
|
V-253387
|
Allowing autorun commands to execute may introduce malicious code to a system...
|
|
V-220828
|
Allowing autorun commands to execute may introduce malicious code to a system...
|
|
V-205624
|
If temporary user accounts remain active when no longer needed or for an exce...
|
|
V-254334
|
When the WDigest Authentication protocol is enabled, plain-text passwords are...
|
|
V-205687
|
When the WDigest Authentication protocol is enabled, plain-text passwords are...
|
|
V-253358
|
When the WDigest Authentication protocol is enabled, plain text passwords are...
|
|
V-220800
|
When the WDigest Authentication protocol is enabled, plain text passwords are...
|
|
V-254500
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-205757
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-253490
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-220967
|
Inappropriate granting of user rights can provide system, administrative, and...
|
|
V-254417
|
WN22-DC-000330
|
|
V-205876
|
Enabling this setting on all domain controllers in a domain prevents domain m...
|
|
V-254416
|
Unsigned network traffic is susceptible to man-in-the-middle attacks, where a...
|
|
V-205820
|
Unsigned network traffic is susceptible to man-in-the-middle attacks, where a...
|
|
V-254391
|
Improper access permissions for directory data-related files could allow unau...
|
|
V-254392
|
Improper access permissions for directory data files could allow unauthorized...
|
|
V-205740
|
Improper access permissions for directory data files could allow unauthorized...
|
|
V-254427
|
The krbtgt account acts as a service account for the Kerberos Key Distributio...
|
|
V-205877
|
The krbtgt account acts as a service account for the Kerberos Key Distributio...
|
|
V-254441
|
Credential Guard uses virtualization-based security to protect data that coul...
|
|
V-205907
|
Credential Guard uses virtualization-based security to protect data that coul...
|
|
V-253370
|
Credential Guard uses virtualization-based security to protect information th...
|
|
V-220812
|
Credential Guard uses virtualization based security to protect information th...
|
|
V-253447
|
The default Windows configuration caches the last logon credentials for users...
|
|
V-220923
|
The default Windows configuration caches the last logon credentials for users...
|
|
V-254432
|
The default Windows configuration caches the last logon credentials for users...
|
|
V-205906
|
The default Windows configuration caches the last logon credentials for users...
|
|
V-254450
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-205821
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-254451
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-205822
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-254452
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-205823
|
Requests sent on the secure channel are authenticated, and sensitive informat...
|
|
V-254345
|
Registry entries for group policy settings can potentially be changed from th...
|
|
V-205866
|
Registry entries for group policy settings can potentially be changed from th...
|
|
V-253373
|
Enabling this setting and then selecting the "Process even if the Group ...
|
|
V-220814
|
Enabling this setting and then selecting the "Process even if the Group ...
|
|
V-254340
|
Additional security requirements are applied to UNC paths specified in harden...
|
|
V-205862
|
Additional security requirements are applied to UNC paths specified in harden...
|
|
V-253362
|
Additional security requirements are applied to Universal Naming Convention (...
|
|
V-250319
|
Additional security requirements are applied to Universal Naming Convention (...
|
|
V-254430
|
The username is one part of logon credentials that could be used to gain acce...
|
|
V-205696
|
The username is one part of logon credentials that could be used to gain acce...
|
|
V-253379
|
The username is one part of logon credentials that could be used to gain acce...
|
|
V-220820
|
The username is one part of logon credentials that could be used to gain acce...
|
|
V-254454
|
Computer account passwords are changed automatically on a regular basis. This...
|
|
V-205911
|
Computer account passwords are changed automatically on a regular basis. This...
|
|
V-253442
|
Computer account passwords are changed automatically on a regular basis. This...
|
|
V-220918
|
Computer account passwords are changed automatically on a regular basis. This...
|
|
V-254476
|
This setting controls the signing requirements for LDAP clients. This must be...
|
|
V-205920
|
This setting controls the signing requirements for LDAP clients. This must be...
|
|
V-253463
|
This setting controls the signing requirements for LDAP clients. This setting...
|
|
V-220939
|
This setting controls the signing requirements for LDAP clients. This setting...
|
|
V-253284
|
Attackers are constantly looking for vulnerabilities in systems and applicati...
|
|
V-220727
|
Attackers are constantly looking for vulnerabilities in systems and applicati...
|
|
V-254364
|
The shell protocol will limit the set of folders that applications can open w...
|
|
V-205872
|
The shell protocol will limit the set of folders that applications can open w...
|
|
V-253398
|
The shell protocol will limit the set of folders applications can open when r...
|
|
V-220839
|
The shell protocol will limit the set of folders applications can open when r...
|
|
V-254248
|
Malicious software can establish a base on individual desktops and servers. E...
|
|
V-205850
|
Malicious software can establish a base on individual desktops and servers. E...
|
|
V-253264
|
Malicious software can establish a base on individual desktops and servers. E...
|
|
V-220707
|
Malicious software can establish a base on individual desktops and servers. E...
|
|
V-254346
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-205688
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-253374
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-220815
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-254344
|
Compromised boot drivers can introduce malware prior to protection mechanisms...
|
|
V-205865
|
Compromised boot drivers can introduce malware prior to protection mechanisms...
|
|
V-253372
|
The default behavior is for Early Launch Antimalware - Boot-Start Driver Init...
|
|
V-220813
|
By being launched first by the kernel, ELAM ( Early Launch Antimalware) is en...
|
|
V-253275
|
IIS is not installed by default. Installation of Internet Information System ...
|
|
V-220718
|
Installation of Internet Information System (IIS) may allow unauthorized inte...
|
|
V-254456
|
Unattended systems are susceptible to unauthorized use and must be locked whe...
|
|
V-205633
|
Unattended systems are susceptible to unauthorized use and should be locked w...
|
|
V-253444
|
Unattended systems are susceptible to unauthorized use and must be locked whe...
|
|
V-220920
|
Unattended systems are susceptible to unauthorized use and should be locked w...
|
|
V-254347
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-205689
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-253376
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-220817
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-253382
|
Remote assistance allows another user to view or take control of the local se...
|
|
V-220823
|
Remote assistance allows another user to view or take control of the local se...
|
|
V-253395
|
Microsoft Defender SmartScreen helps protect systems from programs downloaded...
|
|
V-220836
|
Windows Defender SmartScreen helps protect systems from programs downloaded f...
|
|
V-254361
|
Microsoft Defender antivirus SmartScreen helps protect systems from programs ...
|
|
V-205692
|
Windows Defender SmartScreen helps protect systems from programs downloaded f...
|
|
V-254333
|
Slide shows that are displayed on the lock screen could display sensitive inf...
|
|
V-205686
|
Slide shows that are displayed on the lock screen could display sensitive inf...
|
|
V-254265
|
A firewall provides a line of defense against attack, allowing or blocking in...
|
|
V-253281
|
A firewall provides a line of defense against attack, allowing or blocking in...
|
|
V-220724
|
A firewall provides a line of defense against attack, allowing or blocking in...
|
|
V-214936
|
A firewall provides a line of defense against attack, allowing or blocking in...
|
|
V-254371
|
Basic authentication uses plain-text passwords that could be used to compromi...
|
|
V-205693
|
Basic authentication uses plain-text passwords that could be used to compromi...
|
|
V-253408
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-220854
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-223079
|
This policy setting allows you to manage whether Internet Explorer checks for...
|
|
V-223077
|
This policy setting determines whether Internet Explorer 11 uses 64-bit proce...
|
|
V-254348
|
Enabling interaction with the network selection UI allows users to change con...
|
|
V-205690
|
Enabling interaction with the network selection UI allows users to change con...
|
|
V-253378
|
Enabling interaction with the network selection UI allows users to change con...
|
|
V-220819
|
Enabling interaction with the network selection UI allows users to change con...
|
|
V-254370
|
Attachments from RSS feeds may not be secure. This setting will prevent attac...
|
|
V-205873
|
Attachments from RSS feeds may not be secure. This setting will prevent attac...
|
|
V-253407
|
Attachments from RSS feeds may not be secure. This setting will prevent attac...
|
|
V-220853
|
Attachments from RSS feeds may not be secure. This setting will prevent attac...
|
|
V-254457
|
Failure to display the logon banner prior to a logon attempt will negate lega...
|
|
V-253445
|
Failure to display the logon banner prior to a logon attempt will negate lega...
|
|
V-205631
|
Failure to display the logon banner prior to a logon attempt will negate lega...
|
|
V-220921
|
Failure to display the logon banner prior to a logon attempt will negate lega...
|
|
V-220844
|
The Windows Defender SmartScreen filter in Microsoft Edge provides warning me...
|
|
V-220841
|
The Windows Defender SmartScreen filter in Microsoft Edge provides warning me...
|
|
V-220840
|
The Windows Defender SmartScreen filter in Microsoft Edge provides warning me...
|
|
V-254466
|
Anonymous enumeration of SAM accounts allows anonymous logon users (null sess...
|
|
V-205914
|
Anonymous enumeration of SAM accounts allows anonymous logon users (null sess...
|
|
V-253453
|
Anonymous enumeration of SAM accounts allows anonymous log on users (null ses...
|
|
V-220929
|
Anonymous enumeration of SAM accounts allows anonymous log on users (null ses...
|
|
V-254467
|
Allowing anonymous logon users (null session connections) to list all account...
|
|
V-205724
|
Allowing anonymous logon users (null session connections) to list all account...
|
|
V-253454
|
Allowing anonymous logon users (null session connections) to list all account...
|
|
V-220930
|
Allowing anonymous logon users (null session connections) to list all account...
|
|
V-254339
|
Insecure guest logons allow unauthenticated access to shared folders. Shared ...
|
|
V-205861
|
Insecure guest logons allow unauthenticated access to shared folders. Shared ...
|
|
V-253360
|
Insecure guest logons allow unauthenticated access to shared folders. Shared ...
|
|
V-220802
|
Insecure guest logons allow unauthenticated access to shared folders. Shared ...
|
|
V-254473
|
Certain encryption types are no longer considered secure. The DES and RC4 enc...
|
|
V-205708
|
Certain encryption types are no longer considered secure. The DES and RC4 enc...
|
|
V-253460
|
Certain encryption types are no longer considered secure. This setting config...
|
|
V-220936
|
Certain encryption types are no longer considered secure. This setting config...
|
|
V-254460
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-205825
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-254475
|
The Kerberos v5 authentication protocol is the default for authentication of ...
|
|
V-205919
|
The Kerberos v5 authentication protocol is the default for authentication of ...
|
|
V-253462
|
The Kerberos v5 authentication protocol is the default for authentication of ...
|
|
V-220938
|
The Kerberos v5 authentication protocol is the default for authentication of ...
|
|
V-254461
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-205826
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-254463
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-205827
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-254464
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-205828
|
The server message block (SMB) protocol provides the basis for many network o...
|
|
V-254468
|
Access by anonymous users must be restricted. If this setting is enabled, ano...
|
|
V-205915
|
Access by anonymous users must be restricted. If this setting is enabled, ano...
|
|
V-253455
|
Access by anonymous users must be restricted. If this setting is enabled, the...
|
|
V-220937
|
The LAN Manager hash uses a weak encryption algorithm and there are several t...
|
|
V-254277
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-205684
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-253288
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-220731
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-254276
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-205683
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-253287
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-220730
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-254471
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) session...
|
|
V-205917
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) session...
|
|
V-253458
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) session...
|
|
V-220934
|
NTLM sessions that are allowed to fall back to Null (unauthenticated) session...
|
|
V-254469
|
Allowing anonymous access to named pipes or shares provides the potential for...
|
|
V-205725
|
Allowing anonymous access to named pipes or shares provides the potential for...
|
|
V-253456
|
Allowing anonymous access to named pipes or shares provides the potential for...
|
|
V-220932
|
Allowing anonymous access to named pipes or shares provides the potential for...
|
|
V-254433
|
The Windows SAM stores users' passwords. Restricting Remote Procedure Call (R...
|
|
V-205747
|
The Windows SAM stores users' passwords. Restricting Remote Procedure Call (R...
|
|
V-253457
|
The Windows SAM stores users' passwords. Restricting remote rpc connections t...
|
|
V-220933
|
The Windows SAM stores users' passwords. Restricting remote rpc connections t...
|
|
V-254470
|
Services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-205916
|
Services using Local System that use Negotiate when reverting to NTLM authent...
|
|
V-254477
|
Microsoft has implemented a variety of security support providers for use wit...
|
|
V-205921
|
Microsoft has implemented a variety of security support providers for use wit...
|
|
V-254478
|
Microsoft has implemented a variety of security support providers for use wit...
|
|
V-205922
|
Microsoft has implemented a variety of security support providers for use wit...
|
|
V-254462
|
Some non-Microsoft SMB servers only support unencrypted (plain-text) password...
|
|
V-205655
|
Some non-Microsoft SMB servers only support unencrypted (plain-text) password...
|
|
V-253450
|
Some non-Microsoft SMB servers only support unencrypted (plain text) password...
|
|
V-220926
|
Some non-Microsoft SMB servers only support unencrypted (plain text) password...
|
|
V-254275
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-205682
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is...
|
|
V-254335
|
Configuring the system to disable IPv6 source routing protects against spoofing.
|
|
V-205858
|
Configuring the system to disable IPv6 source routing protects against spoofing.
|
|
V-253353
|
Configuring the system to disable IPv6 source routing protects against spoofing.
|
|
V-220795
|
Configuring the system to disable IPv6 source routing protects against spoofing.
|
|
V-254272
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205680
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-253277
|
"Simple TCP/IP Services" is not installed by default. Some protocols and serv...
|
|
V-220720
|
Some protocols and services do not support required security features, such a...
|
|
V-254336
|
Configuring the system to disable IP source routing protects against spoofing.
|
|
V-205859
|
Configuring the system to disable IP source routing protects against spoofing.
|
|
V-254288
|
A system is more vulnerable to unauthorized access when system users recycle ...
|
|
V-205660
|
A system is more vulnerable to unauthorized access when system users recycle ...
|
|
V-253300
|
A system is more vulnerable to unauthorized access when system users recycle ...
|
|
V-220742
|
A system is more vulnerable to unauthorized access when system users recycle ...
|
|
V-254258
|
Passwords that do not expire or are reused increase the exposure of a passwor...
|
|
V-205658
|
Passwords that do not expire or are reused increase the exposure of a passwor...
|
|
V-253273
|
Passwords that do not expire increase exposure with a greater probability of ...
|
|
V-220716
|
Passwords that do not expire increase exposure with a greater probability of ...
|
|
V-254474
|
The LAN Manager hash uses a weak encryption algorithm and there are several t...
|
|
V-205654
|
The LAN Manager hash uses a weak encryption algorithm and there are several t...
|
|
V-253461
|
The LAN Manager hash uses a weak encryption algorithm and there are several t...
|
|
V-254377
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-205639
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-253414
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-220860
|
Maintaining an audit trail of system activity logs can help identify configur...
|
|
V-254278
|
Windows PowerShell 5.x added advanced logging features that can provide addit...
|
|
V-205685
|
Windows PowerShell 5.x added advanced logging features that can provide addit...
|
|
V-253285
|
Windows PowerShell 5.0 added advanced logging features which can provide addi...
|
|
V-220728
|
Windows PowerShell 5.0 added advanced logging features which can provide addi...
|
|
V-205869
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-253393
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-220834
|
Some features may communicate with the vendor, sending system information or ...
|
|
V-254367
|
This setting controls the ability of users to supply passwords automatically ...
|
|
V-205809
|
This setting controls the ability of users to supply passwords automatically ...
|
|
V-253404
|
This setting controls the ability of users to supply passwords automatically ...
|
|
V-220850
|
This setting controls the ability of users to supply passwords automatically ...
|
|
V-254369
|
Remote connections must be encrypted to prevent interception of data or sensi...
|
|
V-205637
|
Remote connections must be encrypted to prevent interception of data or sensi...
|
|
V-253406
|
Remote connections must be encrypted to prevent interception of data or sensi...
|
|
V-220852
|
Remote connections must be encrypted to prevent interception of data or sensi...
|
|
V-260469
|
A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, ...
|
|
V-260470
|
To mitigate the risk of unauthorized access to sensitive information by ent...
|
|
V-260471
|
If auditing is enabled late in the startup process, the actions of some sta...
|
|
V-260472
|
Restricting access to the kernel message buffer limits access only to root....
|
|
V-260473
|
Kernel core dumps may contain the full contents of system memory at the tim...
|
|
V-260474
|
Some adversaries launch attacks with the intent of executing code in nonexe...
|
|
V-260475
|
Some adversaries launch attacks with the intent of executing code in nonexe...
|
|
V-260476
|
Changes to any software components can have significant effects on the over...
|
|
V-260477
|
Previous versions of software components that are not removed from the info...
|
|
V-260478
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260479
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260480
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260481
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260482
|
It is detrimental for operating systems to provide, or install by default, ...
|
|
V-260483
|
It is detrimental for operating systems to provide, or install by default, ...
|
|
V-260484
|
Operating systems handling data requiring "data at rest" protections must e...
|
|
V-260485
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260486
|
If Ubuntu 22.04 LTS were to allow any user to make changes to software libr...
|
|
V-260487
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260488
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260489
|
Any operating system providing too much information in error messages risks...
|
|
V-260490
|
Any operating system providing too much information in error messages risks...
|
|
V-260491
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260492
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260493
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260494
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260495
|
If Ubuntu 22.04 LTS were to allow any user to make changes to software libr...
|
|
V-260496
|
If Ubuntu 22.04 LTS were to allow any user to make changes to software libr...
|
|
V-260497
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260498
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260499
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260500
|
If the operating system were to allow any user to make changes to software ...
|
|
V-260501
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260502
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260503
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260504
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260505
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260506
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260507
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-260508
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260509
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260510
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260511
|
Only authorized personnel should be aware of errors and the details of the ...
|
|
V-260512
|
Any operating system providing too much information in error messages risks...
|
|
V-260513
|
Preventing unauthorized information transfers mitigates the risk of informa...
|
|
V-260514
|
Remote access services, such as those providing remote access to network de...
|
|
V-260515
|
Remote access services, such as those providing remote access to network de...
|
|
V-260516
|
Firewalls protect computers from network attacks by blocking or limiting ac...
|
|
V-260517
|
Denial of service (DoS) is a condition when a resource is not available for...
|
|
V-260518
|
To prevent unauthorized connection of devices, unauthorized transfer of inf...
|
|
V-260519
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260520
|
Inaccurate time stamps make it more difficult to correlate events and can l...
|
|
V-260521
|
If time stamps are not consistently applied and there is no common time ref...
|
|
V-260522
|
DoS is a condition when a resource is not available for legitimate users. W...
|
|
V-260523
|
Without protection of the transmitted information, confidentiality and inte...
|
|
V-260524
|
Without protection of the transmitted information, confidentiality and inte...
|
|
V-260533
|
Without cryptographic integrity protections provided by FIPS-validated cryp...
|
|
V-260534
|
Nonlocal maintenance and diagnostic activities are those activities conduct...
|
|
V-260537
|
A session lock is a temporary action taken when a user stops work and moves...
|
|
V-260538
|
A session lock is a temporary action taken when a user stops work and moves...
|
|
V-260539
|
A locally logged-on user who presses Ctrl-Alt-Delete, when at the console, ...
|
|
V-260540
|
Without authenticating devices, unidentified or unknown devices may be intr...
|
|
V-260541
|
Without protection of communications with wireless peripherals, confidentia...
|
|
V-260542
|
To ensure individual accountability and prevent unauthorized access, organi...
|
|
V-260543
|
To ensure accountability and prevent unauthenticated access, organizational...
|
|
V-260545
|
Enforcing a minimum password lifetime helps to prevent repeated password ch...
|
|
V-260546
|
Any password, no matter how complex, can eventually be cracked. Therefore, ...
|
|
V-260547
|
Inactive identifiers pose a risk to systems and applications because attack...
|
|
V-260535
|
Display of a standardized and approved use notification before granting acc...
|
|
V-260548
|
Temporary accounts are privileged or nonprivileged accounts established dur...
|
|
V-260549
|
By limiting the number of failed logon attempts, the risk of unauthorized s...
|
|
V-260550
|
Limiting the number of logon attempts over a certain time interval reduces ...
|
|
V-260552
|
Ubuntu 22.04 LTS management includes the ability to control the number of u...
|
|
V-260553
|
A session lock is a temporary action taken when a user stops work and moves...
|
|
V-260554
|
Terminating an idle interactive command shell user session within a short t...
|
|
V-260535
|
Display of a standardized and approved use notification before granting acc...
|
|
V-260536
|
Display of a standardized and approved use notification before granting acc...
|
|
V-260555
|
Setting the most restrictive default permissions ensures newly created acco...
|
|
V-260556
|
Control of program execution is a mechanism used to prevent execution of un...
|
|
V-260557
|
Control of program execution is a mechanism used to prevent execution of un...
|
|
V-260558
|
Without reauthentication, users may access resources or perform tasks for w...
|
|
V-260559
|
An isolation boundary provides access control and protects the integrity of...
|
|
V-260560
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260561
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260562
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260563
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260564
|
If Ubuntu 22.04 LTS allows the user to select passwords based on dictionary...
|
|
V-260565
|
The shorter the password, the lower the number of possible combinations tha...
|
|
V-260566
|
If the operating system allows the user to consecutively reuse extensive po...
|
|
V-260567
|
Use of a complex password helps to increase the time and resources required...
|
|
V-260569
|
Password complexity, or strength, is a measure of the effectiveness of a pa...
|
|
V-260570
|
If an account has an empty password, anyone could log on and run commands w...
|
|
V-260571
|
If an account has an empty password, anyone could log on and run commands w...
|
|
V-260572
|
Passwords need to be protected at all times, and encryption is the standard...
|
|
V-260573
|
Using an authentication device, such as a CAC or token separate from the in...
|
|
V-260574
|
The use of PIV credentials facilitates standardization and reduces the risk...
|
|
V-260575
|
Without the use of multifactor authentication, the ease of access to privil...
|
|
V-260576
|
The use of PIV credentials facilitates standardization and reduces the risk...
|
|
V-260577
|
Without path validation, an informed trust decision by the relying party ca...
|
|
V-260578
|
Without configuring a local cache of revocation data, there is the potentia...
|
|
V-260579
|
Without mapping the certificate used to authenticate to the user account, t...
|
|
V-260580
|
Untrusted certificate authorities (CA) can issue certificates, but they may...
|
|
V-260581
|
If cached authentication information is out-of-date, the validity of the au...
|
|
V-260582
|
Without verification of the security functions, security functions may not ...
|
|
V-260583
|
Without verification of the security functions, security functions may not ...
|
|
V-260584
|
Unauthorized changes to the baseline configuration could make the system vu...
|
|
V-260585
|
Without verification of the security functions, security functions may not ...
|
|
V-260586
|
Protecting the integrity of the tools used for auditing purposes is a criti...
|
|
V-260587
|
Information stored in one location is vulnerable to accidental or incidenta...
|
|
V-260588
|
Failure to a known state can address safety or security in accordance with ...
|
|
V-260589
|
Remote access services, such as those providing remote access to network de...
|
|
V-260590
|
Without establishing the when, where, type, source, and outcome of events t...
|
|
V-260591
|
Without establishing the when, where, type, source, and outcome of events t...
|
|
V-260592
|
Information stored in one location is vulnerable to accidental or incidenta...
|
|
V-260593
|
It is critical for the appropriate personnel to be aware if a system is at ...
|
|
V-260594
|
It is critical that when the operating system is at risk of failing to proc...
|
|
V-260595
|
To ensure operating systems have a sufficient storage capacity in which to ...
|
|
V-260596
|
If security personnel are not notified immediately when storage volume reac...
|
|
V-260597
|
Unauthorized disclosure of audit records can reveal system and configuratio...
|
|
V-260598
|
Unauthorized disclosure of audit records can reveal system and configuratio...
|
|
V-260599
|
Unauthorized disclosure of audit records can reveal system and configuratio...
|
|
V-260600
|
If audit information were to become compromised, then forensic analysis and...
|
|
V-260601
|
Without the capability to restrict which roles and individuals can select w...
|
|
V-260602
|
Without the capability to restrict which roles and individuals can select w...
|
|
V-260603
|
Without the capability to restrict which roles and individuals can select w...
|
|
V-260604
|
Without generating audit records specific to the security and mission needs...
|
|
V-260605
|
Without generating audit records that are specific to the security and miss...
|
|
V-260606
|
Without generating audit records that are specific to the security and miss...
|
|
V-260607
|
Without generating audit records that are specific to the security and miss...
|
|
V-260608
|
Without generating audit records that are specific to the security and miss...
|
|
V-260609
|
Without generating audit records that are specific to the security and miss...
|
|
V-260610
|
Without generating audit records that are specific to the security and miss...
|
|
V-260611
|
Without generating audit records that are specific to the security and miss...
|
|
V-260612
|
Without generating audit records that are specific to the security and miss...
|
|
V-260613
|
Without generating audit records that are specific to the security and miss...
|
|
V-260613
|
Without generating audit records that are specific to the security and miss...
|
|
V-260614
|
Without generating audit records that are specific to the security and miss...
|
|
V-260615
|
Without generating audit records that are specific to the security and miss...
|
|
V-260616
|
Without generating audit records that are specific to the security and miss...
|
|
V-260617
|
Without generating audit records that are specific to the security and miss...
|
|
V-260618
|
Without generating audit records that are specific to the security and miss...
|
|
V-260619
|
Without generating audit records that are specific to the security and miss...
|
|
V-260620
|
Without generating audit records that are specific to the security and miss...
|
|
V-260621
|
Without generating audit records that are specific to the security and miss...
|
|
V-260622
|
Without generating audit records that are specific to the security and miss...
|
|
V-260623
|
Without generating audit records that are specific to the security and miss...
|
|
V-260624
|
Without generating audit records that are specific to the security and miss...
|
|
V-260625
|
Without generating audit records that are specific to the security and miss...
|
|
V-260626
|
Without generating audit records that are specific to the security and miss...
|
|
V-260627
|
Without generating audit records that are specific to the security and miss...
|
|
V-260628
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260629
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260630
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260631
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260632
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260633
|
Without generating audit records specific to the security and mission needs...
|
|
V-260634
|
Without generating audit records specific to the security and mission needs...
|
|
V-260635
|
Without generating audit records specific to the security and mission needs...
|
|
V-260636
|
Without generating audit records specific to the security and mission needs...
|
|
V-260637
|
Without generating audit records that are specific to the security and miss...
|
|
V-260638
|
Without generating audit records specific to the security and mission needs...
|
|
V-260639
|
Without generating audit records specific to the security and mission needs...
|
|
V-260640
|
Once an attacker establishes access to a system, the attacker often attempt...
|
|
V-260641
|
Without generating audit records specific to the security and mission needs...
|
|
V-260642
|
Without generating audit records specific to the security and mission needs...
|
|
V-260643
|
Without generating audit records specific to the security and mission needs...
|
|
V-260644
|
Without generating audit records specific to the security and mission needs...
|
|
V-260645
|
Without generating audit records specific to the security and mission needs...
|
|
V-260646
|
Without generating audit records specific to the security and mission needs...
|
|
V-260647
|
Without generating audit records specific to the security and mission needs...
|
|
V-260648
|
In certain situations, software applications/programs need to execute with ...
|
|
V-260649
|
If events associated with nonlocal administrative access or diagnostic sess...
|
|
V-260650
|
Use of weak or untested encryption algorithms undermines the purposes of ut...
|
|
V-224819
|
Using a privileged account to perform routine functions makes the computer ...
|
|
V-254365
|
Saving passwords in the Remote Desktop Client could allow an unauthorized use...
|
|
V-205808
|
Saving passwords in the Remote Desktop Client could allow an unauthorized use...
|
|
V-253402
|
Saving passwords in the Remote Desktop Client could allow an unauthorized use...
|
|
V-220848
|
Saving passwords in the Remote Desktop Client could allow an unauthorized use...
|
|
V-254366
|
Preventing users from sharing the local drives on their client computers with...
|
|
V-205722
|
Preventing users from sharing the local drives on their client computers with...
|
|
V-224820
|
The longer a password is in use, the greater the opportunity for someone to...
|
|
V-224821
|
Using applications that access the Internet or have potential Internet sour...
|
|
V-224822
|
Backup Operators are able to read and write to any file in the system, rega...
|
|
V-224823
|
Application/service account passwords must be of sufficient length to preve...
|
|
V-224824
|
Setting application account passwords to expire may cause applications to s...
|
|
V-224825
|
Shared accounts (accounts where two or more people log on with the same use...
|
|
V-224826
|
Using an allowlist provides a configuration management method to allow the ...
|
|
V-224827
|
Credential Guard uses virtualization-based security to protect data that co...
|
|
V-224828
|
Systems at unsupported servicing levels will not receive security updates f...
|
|
V-224829
|
Malicious software can establish a base on individual desktops and servers....
|
|
V-224830
|
A properly configured Host-based Intrusion Detection System (HIDS) or Host-...
|
|
V-224831
|
The ability to set access permissions and auditing is critical to maintaini...
|
|
V-224832
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-224833
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-224834
|
Changing the system's file and directory permissions allows the possibility...
|
|
V-224835
|
The registry is integral to the function, security, and stability of the Wi...
|
|
V-224836
|
Windows shares are a means by which files, folders, printers, and other res...
|
|
V-224837
|
Outdated or unused accounts provide penetration points that may go undetect...
|
|
V-224838
|
The lack of password protection enables anyone to gain access to the inform...
|
|
V-224839
|
Passwords that do not expire or are reused increase the exposure of a passw...
|
|
V-224840
|
Monitoring system files for changes against a baseline on a regular basis m...
|
|
V-224841
|
Shares on a system provide network access. To prevent exposing sensitive in...
|
|
V-254368
|
Allowing unsecure RPC communication exposes the system to man-in-the-middle a...
|
|
V-205636
|
Allowing unsecure RPC communication exposes the system to man-in-the-middle a...
|
|
V-254431
|
Unauthenticated RPC clients may allow anonymous access to sensitive informati...
|
|
V-205814
|
Unauthenticated RPC clients may allow anonymous access to sensitive informati...
|
|
V-253383
|
Configuring RPC to restrict unauthenticated RPC clients from connecting to th...
|
|
V-220824
|
Configuring RPC to restrict unauthenticated RPC clients from connecting to th...
|
|
V-254379
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-205816
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-253417
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-220863
|
Unencrypted remote access to a system can allow sensitive information to be c...
|
|
V-224842
|
Use of software certificates and their accompanying installation files for ...
|
|
V-224843
|
This requirement addresses protection of user-generated data as well as ope...
|
|
V-224844
|
Information can be either unintentionally or maliciously disclosed or modif...
|
|
V-224845
|
Unnecessary roles and features increase the attack surface of a system. Lim...
|
|
V-224846
|
A firewall provides a line of defense against attack, allowing or blocking ...
|
|
V-224847
|
Without the use of automated mechanisms to scan for security flaws on a con...
|
|
V-224848
|
If temporary user accounts remain active when no longer needed or for an ex...
|
|
V-224849
|
Emergency administrator accounts are privileged accounts established in res...
|
|
V-224850
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224851
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224852
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224853
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224854
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224855
|
Unnecessary services increase the attack surface of a system. Some of these...
|
|
V-224856
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-224857
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-224858
|
SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 ...
|
|
V-224859
|
Windows PowerShell 5.0 added advanced logging features that can provide add...
|
|
V-224860
|
The FTP service allows remote users to access shared files and directories....
|
|
V-224861
|
The FTP service allows remote users to access shared files and directories ...
|
|
V-224862
|
The Windows Time Service controls time synchronization settings. Time synch...
|
|
V-224863
|
Accounts or groups given rights on a system may show up as unresolved SIDs ...
|
|
V-224864
|
Secure Boot is a standard that ensures systems boot only to a trusted opera...
|
|
V-224865
|
UEFI provides additional security features in comparison to legacy BIOS fir...
|
|
V-224866
|
The account lockout feature, when enabled, prevents brute-force password at...
|
|
V-254378
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-205711
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-253416
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-220862
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-254380
|
Digest authentication is not as strong as other options and may be subject to...
|
|
V-205712
|
Digest authentication is not as strong as other options and may be subject to...
|
|
V-253421
|
Digest authentication is not as strong as other options and may be subject to...
|
|
V-220868
|
Digest authentication is not as strong as other options and may be subject to...
|
|
V-254381
|
Basic authentication uses plain-text passwords that could be used to compromi...
|
|
V-205713
|
Basic authentication uses plain-text passwords that could be used to compromi...
|
|
V-253418
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-220865
|
Basic authentication uses plain text passwords that could be used to compromi...
|
|
V-253426
|
Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (D...
|
|
V-220902
|
Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (D...
|
|
V-224867
|
The account lockout feature, when enabled, prevents brute-force password at...
|
|
V-224868
|
The account lockout feature, when enabled, prevents brute-force password at...
|
|
V-224869
|
A system is more vulnerable to unauthorized access when system users recycl...
|
|
V-224870
|
The longer a password is in use, the greater the opportunity for someone to...
|
|
V-224871
|
Permitting passwords to be changed in immediate succession within the same ...
|
|
V-224872
|
Information systems not protected with strong password schemes (including p...
|
|
V-224873
|
The use of complex passwords increases their strength against attack. The b...
|
|
V-224874
|
Storing passwords using reversible encryption is essentially the same as st...
|
|
V-224875
|
Protection of log data includes assuring the log data is not accidentally l...
|
|
V-224876
|
Protection of log data includes ensuring the log data is not accidentally l...
|
|
V-224877
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224878
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224879
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-218822
|
Vulnerability Discussion
TLS is a required transmission protocol for a web s...
|
|
V-218821
|
TLS encryption is a required security setting for a private web server. Encry...
|
|
V-254263
|
Information can be either unintentionally or maliciously disclosed or modifie...
|
|
V-205829
|
Information can be either unintentionally or maliciously disclosed or modifie...
|
|
V-254343
|
Virtualization Based Security (VBS) provides the platform for the additional ...
|
|
V-205864
|
Virtualization-based security (VBS) provides the platform for the additional ...
|
|
V-253369
|
Virtualization-based Security (VBS) provides the platform for the additional ...
|
|
V-220811
|
Virtualization Based Security (VBS) provides the platform for the additional ...
|
|
V-254374
|
Standard user accounts must not be granted elevated privileges. Enabling Wind...
|
|
V-205802
|
Standard user accounts must not be granted elevated privileges. Enabling Wind...
|
|
V-253411
|
Standard user accounts must not be granted elevated privileges. Enabling Wind...
|
|
V-220857
|
Standard user accounts must not be granted elevated privileges. Enabling Wind...
|
|
V-224880
|
Protecting audit information also includes identifying and protecting the t...
|
|
V-224881
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224882
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224883
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224884
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224885
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224886
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224887
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224888
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224890
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224891
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224892
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224893
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224894
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224895
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224896
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224897
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224898
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224899
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224900
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224901
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224902
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224903
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224904
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224905
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224906
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224907
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224908
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224909
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224910
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224911
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224912
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224913
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224914
|
Slide shows that are displayed on the lock screen could display sensitive i...
|
|
V-224915
|
When the WDigest Authentication protocol is enabled, plain-text passwords a...
|
|
V-224916
|
Configuring the system to disable IPv6 source routing protects against spoo...
|
|
V-224917
|
Configuring the system to disable IP source routing protects against spoofing.
|
|
V-224918
|
Allowing ICMP redirect of routes can lead to traffic not being routed prope...
|
|
V-224919
|
Configuring the system to ignore name release requests, except from WINS se...
|
|
V-224920
|
Insecure guest logons allow unauthenticated access to shared folders. Share...
|
|
V-224921
|
Additional security requirements are applied to Universal Naming Convention...
|
|
V-224922
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224923
|
Virtualization-based security (VBS) provides the platform for the additiona...
|
|
V-224924
|
Compromised boot drivers can introduce malware prior to protection mechanis...
|
|
V-224925
|
Registry entries for group policy settings can potentially be changed from ...
|
|
V-224926
|
Some features may communicate with the vendor, sending system information o...
|
|
V-224927
|
Some features may communicate with the vendor, sending system information o...
|
|
V-224928
|
Enabling interaction with the network selection UI allows users to change c...
|
|
V-224929
|
A system that does not require authentication when resuming from sleep may ...
|
|
V-224930
|
A system that does not require authentication when resuming from sleep may ...
|
|
V-224931
|
Some features may communicate with the vendor, sending system information o...
|
|
V-224932
|
Allowing AutoPlay to execute may introduce malicious code to a system. Auto...
|
|
V-224933
|
Allowing AutoRun commands to execute may introduce malicious code to a syst...
|
|
V-224934
|
Allowing AutoPlay to execute may introduce malicious code to a system. Auto...
|
|
V-224935
|
Enumeration of administrator accounts when elevating can provide part of th...
|
|
V-224936
|
Some features may communicate with the vendor, sending system information o...
|
|
V-224937
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-224938
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-224939
|
Inadequate log size will cause the log to fill up quickly. This may prevent...
|
|
V-224940
|
Windows SmartScreen helps protect systems from programs downloaded from the...
|
|
V-224941
|
Data Execution Prevention provides additional protection by performing chec...
|
|
V-224942
|
Legacy plug-in applications may continue to function when a File Explorer s...
|
|
V-224943
|
The shell protocol will limit the set of folders that applications can open...
|
|
V-224944
|
Saving passwords in the Remote Desktop Client could allow an unauthorized u...
|
|
V-224945
|
Preventing users from sharing the local drives on their client computers wi...
|
|
V-224946
|
This setting controls the ability of users to supply passwords automaticall...
|
|
V-224947
|
Allowing unsecure RPC communication exposes the system to man-in-the-middle...
|
|
V-224948
|
Remote connections must be encrypted to prevent interception of data or sen...
|
|
V-224949
|
Attachments from RSS feeds may not be secure. This setting will prevent att...
|
|
V-236000
|
A known vulnerability in Windows could allow the execution of malicious cod...
|
|
V-224951
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-224952
|
Indexing of encrypted files may expose sensitive data. This setting prevent...
|
|
V-224953
|
Installation options for applications are typically controlled by administr...
|
|
V-224954
|
Standard user accounts must not be granted elevated privileges. Enabling Wi...
|
|
V-224955
|
Web-based programs may attempt to install malicious software on a system. E...
|
|
V-224956
|
Windows can be configured to automatically sign the user back in after a Wi...
|
|
V-224957
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224958
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-224959
|
Unencrypted remote access to a system can allow sensitive information to be...
|
|
V-224960
|
Digest authentication is not as strong as other options and may be subject ...
|
|
V-224961
|
Basic authentication uses plain-text passwords that could be used to compro...
|
|
V-224962
|
Unencrypted remote access to a system can allow sensitive information to be...
|
|
V-224963
|
Storage of administrative credentials could allow unauthorized access. Disa...
|
|
V-257502
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224964
|
An account that does not have Administrator duties must not have Administra...
|
|
V-224965
|
This policy setting determines whether the Kerberos Key Distribution Center...
|
|
V-224966
|
This setting determines the maximum amount of time (in minutes) that a gran...
|
|
V-224967
|
In Kerberos, there are two types of tickets: Ticket Granting Tickets (TGTs)...
|
|
V-224968
|
This setting determines the period of time (in days) during which a user's ...
|
|
V-224969
|
This setting determines the maximum time difference (in minutes) that Kerbe...
|
|
V-224970
|
Improper access permissions for directory data-related files could allow un...
|
|
V-224971
|
Improper access permissions for directory data files could allow unauthoriz...
|
|
V-224972
|
When directory service database objects do not have appropriate access cont...
|
|
V-224973
|
When Active Directory objects do not have appropriate access control permis...
|
|
V-224974
|
When directory service database objects do not have appropriate access cont...
|
|
V-224975
|
When directory service data files, especially for directories used for iden...
|
|
V-224976
|
Executing application servers on the same host machine with a directory ser...
|
|
V-224977
|
Directory data that is not appropriately encrypted is subject to compromise...
|
|
V-224978
|
To the extent that anonymous access to directory data (outside the root DSE...
|
|
V-224979
|
The failure to terminate inactive network connections increases the risk of...
|
|
V-224980
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224981
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224982
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224983
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224984
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224985
|
When inappropriate audit settings are configured for directory service data...
|
|
V-224986
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224987
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224988
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224989
|
Maintaining an audit trail of system activity logs can help identify config...
|
|
V-224991
|
Domain controllers are part of the chain of trust for PKI authentications. ...
|
|
V-224992
|
A PKI implementation depends on the practices established by the Certificat...
|
|
V-224993
|
A PKI implementation depends on the practices established by the Certificat...
|
|
V-224994
|
Smart cards such as the CAC support a two-factor authentication technique. ...
|
|
V-254373
|
Installation options for applications are typically controlled by administrat...
|
|
V-205801
|
Installation options for applications are typically controlled by administrat...
|
|
V-253410
|
Installation options for applications are typically controlled by administrat...
|
|
V-220856
|
Installation options for applications are typically controlled by administrat...
|
|
V-254375
|
Web-based programs may attempt to install malicious software on a system. Ens...
|
|
V-205874
|
Web-based programs may attempt to install malicious software on a system. Ens...
|
|
V-253412
|
Web-based programs may attempt to install malicious software on a system. Ens...
|
|
V-220858
|
Web-based programs may attempt to install malicious software on a system. Ens...
|
|
V-253283
|
Attackers are constantly looking for vulnerabilities in systems and applicati...
|
|
V-220726
|
Attackers are constantly looking for vulnerabilities in systems and applicati...
|
|
V-254362
|
Data Execution Prevention provides additional protection by performing checks...
|
|
V-205830
|
Data Execution Prevention provides additional protection by performing checks...
|
|
V-253396
|
Data Execution Prevention (DEP) provides additional protection by performing ...
|
|
V-220837
|
Data Execution Prevention (DEP) provides additional protection by performing ...
|
|
V-254442
|
To ensure secure DoD websites and DoD-signed code are properly validated, the...
|
|
V-205648
|
To ensure secure DoD websites and DoD-signed code are properly validated, the...
|
|
V-253427
|
To ensure secure DoD websites and DoD-signed code are properly validated, the...
|
|
V-220903
|
To ensure secure DoD websites and DoD-signed code are properly validated, the...
|
|
V-254269
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205678
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-254270
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205697
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-254271
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205679
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-254273
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205698
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-253278
|
The "Telnet Client" is not installed by default. Some protocols and services ...
|
|
V-220721
|
Some protocols and services do not support required security features, such a...
|
|
V-254274
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-205681
|
Unnecessary services increase the attack surface of a system. Some of these s...
|
|
V-253279
|
The "TFTP Client" is not installed by default. Some protocols and services do...
|
|
V-220722
|
Some protocols and services do not support required security features, such a...
|
|
V-254284
|
Secure Boot is a standard that ensures systems boot only to a trusted operati...
|
|
V-205857
|
Secure Boot is a standard that ensures systems boot only to a trusted operati...
|
|
V-253257
|
Secure Boot is a standard that ensures systems boot only to a trusted operati...
|
|
V-220700
|
Secure Boot is a standard that ensures systems boot only to a trusted operati...
|
|
V-254357
|
Windows Update can obtain updates from additional sources instead of Microsof...
|
|
V-205870
|
Windows Update can obtain updates from additional sources instead of Microsof...
|
|
V-253394
|
Windows 11 allows Windows Update to obtain updates from additional sources in...
|
|
V-220835
|
Windows 10 allows Windows Update to obtain updates from additional sources in...
|
|
V-224995
|
Unsigned network traffic is susceptible to man-in-the-middle attacks, where...
|
|
V-224996
|
Enabling this setting on all domain controllers in a domain prevents domain...
|
|
V-224997
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-224998
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-224999
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225000
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225001
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225002
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225003
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-271430
|
Weak mappings give rise to security vulnerabilities and demand hardening me...
|
|
V-225004
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225005
|
Inappropriate granting of user rights can provide system, administrative, a...
|
|
V-225006
|
The krbtgt account acts as a service account for the Kerberos Key Distribut...
|
|
V-225007
|
An account that does not have Administrator duties must not have Administra...
|
|
V-225008
|
A compromised local administrator account can provide means for an attacker...
|