BigFix Compliance: Updated CIS Checklist for Windows 11 with bug fixes, published 2025-02-11

Product:
BigFix Compliance

Title:
Updated CIS Checklist for Windows 11 with bug fixes

Security Benchmark:

CIS Microsoft Windows 11 Enterprise Benchmark, V3.0.0

Published Sites:
CIS Checklist for Windows 11, site version 10
(The site version is provided for air-gap customers.)

Details:

Fixed and Improved implementation for the following check:

  • Ensure ‘Allow auditing events in Microsoft Defender Application Guard’ is set to ‘Enabled’
  • Ensure ‘Allow camera and microphone access in Microsoft Defender Application Guard’ is set to ‘Disabled’
  • Ensure ‘Allow data persistence for Microsoft Defender Application Guard’ is set to ‘Disabled’
  • Ensure ‘Allow files to download and save to the host operating system from Microsoft Defender Application Guard’ is set to ‘Disabled’
  • Ensure ‘Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting’ is set to ‘Enabled: Enable clipboard operation from an isolated session to the host’
  • Ensure ‘Turn on Microsoft Defender Application Guard in Managed Mode’ is set to ‘Enabled: 1’
  • Ensure ‘Turn On Virtualization Based Security’ is set to ‘Enabled’
  • Ensure ‘Turn On Virtualization Based Security: Credential Guard Configuration’ is set to ‘Enabled with UEFI lock’
  • Ensure ‘Turn On Virtualization Based Security: Kernel-mode Hardware-enforced Stack Protection’ is set to ‘Enabled: Enabled in enforcement mode’
  • Ensure ‘Turn On Virtualization Based Security: Require UEFI Memory Attributes Table’ is set to ‘True (checked)’
  • Ensure ‘Turn On Virtualization Based Security: Secure Launch Configuration’ is set to ‘Enabled’
  • Ensure ‘Turn On Virtualization Based Security: Select Platform Security Level’ is set to ‘Secure Boot’ or higher
  • Ensure ‘Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity’ is set to ‘Enabled with UEFI lock’

Actions to take:

More information:
To know more about the BigFix Compliance SCM checklists, please see the following resources:

We hope you find this latest release of SCM content useful and effective. Thank you!

– The BigFix Compliance team