BigFix Compliance: Updated CIS Checklist for Microsoft Windows Server 2019 published 2020-04-13

Release Announcements Compliance (Release Announcements)
1

Product:
BigFix Compliance

Title:
Updated CIS Checklist for Windows server 2019 with bug fixes.

Security Benchmark:
CIS Microsoft Windows Server 2019 Benchmark, v1.0.0

Published Sites:
CIS Checklist for Windows 2019 MS, site version 2
CIS Checklist for Windows 2019 DC, site version 3
(The site version is provided for air-gap customers.)

Details:
Fixed and improved implementation for the following DC and MS checks:

  • (L1) Configure ‘Accounts: Rename guest account’
  • (L1) Configure ‘Accounts: Rename administrator account’
  • (L1) Ensure ‘Do not suggest third-party content in Windows spotlight’ is set to ‘Enabled’
  • (L1) Ensure ‘Do not preserve zone information in file attachments’ is set to ‘Disabled’
  • (L1) Ensure ‘Configure Windows spotlight on lock screen’ is set to Disabled’
  • (L1) Ensure ‘Always install with elevated privileges’ is set to ‘Disabled’ (B)

Fixed and improved implementation for the following DC checks:

  • (L1) Ensure ‘Enable screen saver’ is set to ‘Enabled’
  • (L1) Ensure ‘Force specific screen saver: Screen saver executable name’ is set to ‘Enabled: scrnsave.scr’
  • (L1) Ensure ‘Password protect the screen saver’ is set to ‘Enabled’
  • (L1) Ensure ‘Prevent users from sharing files within their profile.’ is set to ‘Enabled’
  • (L1) Ensure ‘Screen saver timeout’ is set to ‘Enabled: 900 seconds or fewer, but not 0
  • (L1) Ensure ‘Turn off toast notifications on the lock screen’ is set to ‘Enabled’

Actions to take:

More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:

We hope you find this latest release of SCM content useful and effective. Thank you!

– The BigFix Compliance team