emily/atap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
404ee3fec442838b068a79df338bb5074947b599
atap/ATAPHtmlReport/resources/CISToAttackMappingData.json
T
emily 404ee3fec4 a
2026-05-11 09:15:08 +02:00

6287 lines
507 KiB
JSON
Raw Blame History

{
"MappingMetaData": {
"Version": "MITRE ATT&CK Mapping, Version 1.0.0, Date: 2023-07-13",
"BasedOn": "CIS Microsoft Windows 10 Enterprise Release 21H1 Benchmark, Version: 1.12.0, Date: 2022-02-15",
"Compatible": [
"CIS Microsoft Windows 10 Stand-alone Benchmark, Version: 1.0.1, Date: 2022-02-08",
"CIS Microsoft Windows 11 Stand-alone Benchmark, Version: 1.0.0, Date: 2022-11-15",
"CIS Microsoft Windows 10 Enterprise Release 21H1 Benchmark, Version: 1.12.0, Date: 2022-02-15",
"CIS Microsoft Windows 11 Enterprise Release 21H2 Benchmark, Version: 21H2, Date: 2022-02-14",
"CIS Microsoft Windows Server 2019 Benchmark, Version: 1.3.0, Date: 2022-03-18",
"CIS Microsoft Windows Server 2022, Version: 1.0.0, Date 2022-02-14"
]
},
"CISAttackMapping": {
"1.1.1": {
"Section": "1.1",
"Recommendation": "1.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enforce password history\u0027 is set to \u002724 or more password(s)\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"1.1.2": {
"Section": "1.1",
"Recommendation": "1.1.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Maximum password age\u0027 is set to \u002760 or fewer days, but not 0\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"1.1.3": {
"Section": "1.1",
"Recommendation": "1.1.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Minimum password age\u0027 is set to \u00271 or more day(s)\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"1.1.4": {
"Section": "1.1",
"Recommendation": "1.1.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Minimum password length\u0027 is set to \u002714 or more character(s)\u0027",
"Technique1": "T1078",
"Technique2": "T1110",
"Mitigation1": "M1027",
"Mitigation2": "M1018"
},
"1.1.5": {
"Section": "1.1",
"Recommendation": "1.1.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Password must meet complexity requirements\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1078",
"Technique2": "T1110",
"Mitigation1": "M1027",
"Mitigation2": "M1018"
},
"1.1.6": {
"Section": "1.1",
"Recommendation": "1.1.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Relax minimum password length limits\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1078",
"Technique2": "T1110",
"Mitigation1": "M1027",
"Mitigation2": "M1018"
},
"1.1.7": {
"Section": "1.1",
"Recommendation": "1.1.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Store passwords using reversible encryption\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1003",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"1.2.1": {
"Section": "1.2",
"Recommendation": "1.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Account lockout duration\u0027 is set to \u002715 or more minute(s)\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"1.2.2": {
"Section": "1.2",
"Recommendation": "1.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Account lockout threshold\u0027 is set to \u002710 or fewer invalid logon attempt(s), but not 0\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"1.2.3": {
"Section": "1.2",
"Recommendation": "1.2.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Reset account lockout counter after\u0027 is set to \u002715 or more minute(s)\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"2.2.1": {
"Section": "2.2",
"Recommendation": "2.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Access Credential Manager as a trusted caller\u0027 is set to \u0027No One\u0027",
"Technique1": "T1115",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"2.2.2": {
"Section": "2.2",
"Recommendation": "2.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Access this computer from the network\u0027 is set to \u0027Administrators, Remote Desktop Users\u0027",
"Technique1": "T1563",
"Technique2": "T1021",
"Mitigation1": "M1035",
"Mitigation2": "M1018"
},
"2.2.3": {
"Section": "2.2",
"Recommendation": "2.2.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Act as part of the operating system\u0027 is set to \u0027No One\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"2.2.4": {
"Section": "2.2",
"Recommendation": "2.2.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Adjust memory quotas for a process\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE\u0027",
"Technique1": "T1496",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.5": {
"Section": "2.2",
"Recommendation": "2.2.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow log on locally\u0027 is set to \u0027Administrators, Users\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"2.2.6": {
"Section": "2.2",
"Recommendation": "2.2.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow log on through Remote Desktop Services\u0027 is set to \u0027Administrators, Remote Desktop Users\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"2.2.7": {
"Section": "2.2",
"Recommendation": "2.2.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Back up files and directories\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1222",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": "M1022"
},
"2.2.8": {
"Section": "2.2",
"Recommendation": "2.2.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Change the system time\u0027 is set to \u0027Administrators, LOCAL SERVICE\u0027",
"Technique1": "T1070",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"2.2.9": {
"Section": "2.2",
"Recommendation": "2.2.9",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Change the time zone\u0027 is set to \u0027Administrators, LOCAL SERVICE, Users\u0027",
"Technique1": "T1070",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"2.2.10": {
"Section": "2.2",
"Recommendation": "2.2.10",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Create a pagefile\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1074",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.11": {
"Section": "2.2",
"Recommendation": "2.2.11",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Create a token object\u0027 is set to \u0027No One\u0027",
"Technique1": "T1134",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.2.12": {
"Section": "2.2",
"Recommendation": "2.2.12",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Create global objects\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE\u0027",
"Technique1": "T1543",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.2.13": {
"Section": "2.2",
"Recommendation": "2.2.13",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Create permanent shared objects\u0027 is set to \u0027No One\u0027",
"Technique1": "T1083",
"Technique2": "T1039",
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.14": {
"Section": "2.2",
"Recommendation": "2.2.14",
"Profile": "L1",
"RecommendationTitle": "Configure \u0027Create symbolic links\u0027",
"Technique1": "T1574",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.2.15": {
"Section": "2.2",
"Recommendation": "2.2.15",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Debug programs\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1127",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"2.2.16": {
"Section": "2.2",
"Recommendation": "2.2.16",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Deny access to this computer from the network\u0027 to include \u0027Guests, Local account\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"2.2.17": {
"Section": "2.2",
"Recommendation": "2.2.17",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Deny log on as a batch job\u0027 to include \u0027Guests\u0027",
"Technique1": "T1053",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"2.2.18": {
"Section": "2.2",
"Recommendation": "2.2.18",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Deny log on as a service\u0027 to include \u0027Guests\u0027",
"Technique1": "T1543",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.2.19": {
"Section": "2.2",
"Recommendation": "2.2.19",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Deny log on locally\u0027 to include \u0027Guests\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"2.2.20": {
"Section": "2.2",
"Recommendation": "2.2.20",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Deny log on through Remote Desktop Services\u0027 to include \u0027Guests, Local account\u0027",
"Technique1": "T1021",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.2.21": {
"Section": "2.2",
"Recommendation": "2.2.21",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enable computer and user accounts to be trusted for delegation\u0027 is set to \u0027No One\u0027",
"Technique1": "T1134",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.2.22": {
"Section": "2.2",
"Recommendation": "2.2.22",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Force shutdown from a remote system\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1529",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.23": {
"Section": "2.2",
"Recommendation": "2.2.23",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Generate security audits\u0027 is set to \u0027LOCAL SERVICE, NETWORK SERVICE\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.2.24": {
"Section": "2.2",
"Recommendation": "2.2.24",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Impersonate a client after authentication\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE\u0027",
"Technique1": "T1134",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.2.25": {
"Section": "2.2",
"Recommendation": "2.2.25",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Increase scheduling priority\u0027 is set to \u0027Administrators, Window Manager\\Window Manager Group\u0027",
"Technique1": "T1496",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.26": {
"Section": "2.2",
"Recommendation": "2.2.26",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Load and unload device drivers\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1547",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.27": {
"Section": "2.2",
"Recommendation": "2.2.27",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Lock pages in memory\u0027 is set to \u0027No One\u0027",
"Technique1": "T1496",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.28": {
"Section": "2.2",
"Recommendation": "2.2.28",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Log on as a batch job\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1053",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"2.2.29": {
"Section": "2.2",
"Recommendation": "2.2.29",
"Profile": "L2",
"RecommendationTitle": "Configure \u0027Log on as a service\u0027",
"Technique1": "T1543",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.2.30": {
"Section": "2.2",
"Recommendation": "2.2.30",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Manage auditing and security log\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.2.31": {
"Section": "2.2",
"Recommendation": "2.2.31",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Modify an object label\u0027 is set to \u0027No One\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.2.32": {
"Section": "2.2",
"Recommendation": "2.2.32",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Modify firmware environment values\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1495",
"Technique2": null,
"Mitigation1": "M1046",
"Mitigation2": null
},
"2.2.33": {
"Section": "2.2",
"Recommendation": "2.2.33",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Perform volume maintenance tasks\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1561",
"Technique2": null,
"Mitigation1": "M1053",
"Mitigation2": null
},
"2.2.34": {
"Section": "2.2",
"Recommendation": "2.2.34",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Profile single process\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1057",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.35": {
"Section": "2.2",
"Recommendation": "2.2.35",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Profile system performance\u0027 is set to \u0027Administrators, NT SERVICE\\WdiServiceHost\u0027",
"Technique1": "T1057",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.36": {
"Section": "2.2",
"Recommendation": "2.2.36",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Replace a process level token\u0027 is set to \u0027LOCAL SERVICE, NETWORK SERVICE\u0027",
"Technique1": "T1134",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.2.37": {
"Section": "2.2",
"Recommendation": "2.2.37",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Restore files and directories\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1485",
"Technique2": null,
"Mitigation1": "M1053",
"Mitigation2": null
},
"2.2.38": {
"Section": "2.2",
"Recommendation": "2.2.38",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Shut down the system\u0027 is set to \u0027Administrators, Users\u0027",
"Technique1": "T1529",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.2.39": {
"Section": "2.2",
"Recommendation": "2.2.39",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Take ownership of files or other objects\u0027 is set to \u0027Administrators\u0027",
"Technique1": "T1222",
"Technique2": "T1112",
"Mitigation1": "M1022",
"Mitigation2": "M1024"
},
"2.3.1.1": {
"Section": "2.3.1",
"Recommendation": "2.3.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Accounts: Administrator account status\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1110",
"Technique2": "T1078",
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.3.1.2": {
"Section": "2.3.1",
"Recommendation": "2.3.1.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Accounts: Block Microsoft accounts\u0027 is set to \u0027Users can\u0027t add or log on with Microsoft accounts\u0027",
"Technique1": "T1078",
"Technique2": "T1136",
"Mitigation1": "M1026",
"Mitigation2": null
},
"2.3.1.3": {
"Section": "2.3.1",
"Recommendation": "2.3.1.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Accounts: Guest account status\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1110",
"Technique2": "T1078",
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.3.1.4": {
"Section": "2.3.1",
"Recommendation": "2.3.1.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Accounts: Limit local account use of blank passwords to console logon only\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1021",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.3.1.5": {
"Section": "2.3.1",
"Recommendation": "2.3.1.5",
"Profile": "L1",
"RecommendationTitle": "Configure \u0027Accounts: Rename administrator account\u0027",
"Technique1": "T1110",
"Technique2": "T1078",
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.3.1.6": {
"Section": "2.3.1",
"Recommendation": "2.3.1.6",
"Profile": "L1",
"RecommendationTitle": "Configure \u0027Accounts: Rename guest account\u0027",
"Technique1": "T1110",
"Technique2": "T1078",
"Mitigation1": "M1018",
"Mitigation2": "M1026"
},
"2.3.2.1": {
"Section": "2.3.2",
"Recommendation": "2.3.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"2.3.2.2": {
"Section": "2.3.2",
"Recommendation": "2.3.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit: Shut down system immediately if unable to log security audits\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"2.3.4.1": {
"Section": "2.3.4",
"Recommendation": "2.3.4.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Devices: Allowed to format and eject removable media\u0027 is set to \u0027Administrators and Interactive Users\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.4.2": {
"Section": "2.3.4",
"Recommendation": "2.3.4.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Devices: Prevent users from installing printer drivers\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1574",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"2.3.6.1": {
"Section": "2.3.6",
"Recommendation": "2.3.6.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Domain member: Digitally encrypt or sign secure channel data (always)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1040",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"2.3.6.2": {
"Section": "2.3.6",
"Recommendation": "2.3.6.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Domain member: Digitally encrypt secure channel data (when possible)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1040",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"2.3.6.3": {
"Section": "2.3.6",
"Recommendation": "2.3.6.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Domain member: Digitally sign secure channel data (when possible)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1040",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"2.3.6.4": {
"Section": "2.3.6",
"Recommendation": "2.3.6.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Domain member: Disable machine account password changes\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1098",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"2.3.6.5": {
"Section": "2.3.6",
"Recommendation": "2.3.6.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Domain member: Maximum machine account password age\u0027 is set to \u002730 or fewer days, but not 0\u0027",
"Technique1": "T1098",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"2.3.6.6": {
"Section": "2.3.6",
"Recommendation": "2.3.6.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Domain member: Require strong (Windows 2000 or later) session key\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1040",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"2.3.7.1": {
"Section": "2.3.7",
"Recommendation": "2.3.7.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Interactive logon: Do not require CTRL+ALT+DEL\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1056",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.3.7.2": {
"Section": "2.3.7",
"Recommendation": "2.3.7.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Interactive logon: Don\u0027t display last signed-in\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"2.3.7.3": {
"Section": "2.3.7",
"Recommendation": "2.3.7.3",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Interactive logon: Machine account lockout threshold\u0027 is set to \u002710 or fewer invalid logon attempts, but not 0\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1036",
"Mitigation2": null
},
"2.3.7.4": {
"Section": "2.3.7",
"Recommendation": "2.3.7.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Interactive logon: Machine inactivity limit\u0027 is set to \u0027900 or fewer second(s), but not 0\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.7.5": {
"Section": "2.3.7",
"Recommendation": "2.3.7.5",
"Profile": "L1",
"RecommendationTitle": "Configure \u0027Interactive logon: Message text for users attempting to log on\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.7.6": {
"Section": "2.3.7",
"Recommendation": "2.3.7.6",
"Profile": "L1",
"RecommendationTitle": "Configure \u0027Interactive logon: Message title for users attempting to log on\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.7.7": {
"Section": "2.3.7",
"Recommendation": "2.3.7.7",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Interactive logon: Number of previous logons to cache (in case domain controller is not available)\u0027 is set to \u00274 or fewer logon(s)\u0027",
"Technique1": "T1003",
"Technique2": "T1555",
"Mitigation1": "M1027",
"Mitigation2": null
},
"2.3.7.8": {
"Section": "2.3.7",
"Recommendation": "2.3.7.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Interactive logon: Prompt user to change password before expiration\u0027 is set to \u0027between 5 and 14 days\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.7.9": {
"Section": "2.3.7",
"Recommendation": "2.3.7.9",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Interactive logon: Smart card removal behavior\u0027 is set to \u0027Lock Workstation\u0027 or higher",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.8.1": {
"Section": "2.3.8",
"Recommendation": "2.3.8.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft network client: Digitally sign communications (always)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1563",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.3.8.2": {
"Section": "2.3.8",
"Recommendation": "2.3.8.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft network client: Digitally sign communications (if server agrees)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1563",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.3.8.3": {
"Section": "2.3.8",
"Recommendation": "2.3.8.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft network client: Send unencrypted password to third-party SMB servers\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1563",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.3.9.1": {
"Section": "2.3.9",
"Recommendation": "2.3.9.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft network server: Amount of idle time required before suspending session\u0027 is set to \u002715 or fewer minute(s)\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.9.2": {
"Section": "2.3.9",
"Recommendation": "2.3.9.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft network server: Digitally sign communications (always)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1563",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.3.9.3": {
"Section": "2.3.9",
"Recommendation": "2.3.9.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft network server: Digitally sign communications (if client agrees)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1563",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"2.3.9.4": {
"Section": "2.3.9",
"Recommendation": "2.3.9.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft network server: Disconnect clients when logon hours expire\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.9.5": {
"Section": "2.3.9",
"Recommendation": "2.3.9.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft network server: Server SPN target name validation level\u0027 is set to \u0027Accept if provided by client\u0027 or higher",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1035",
"Mitigation2": null
},
"2.3.10.1": {
"Section": "2.3.10",
"Recommendation": "2.3.10.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Allow anonymous SID/Name translation\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1036",
"Mitigation2": null
},
"2.3.10.2": {
"Section": "2.3.10",
"Recommendation": "2.3.10.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Do not allow anonymous enumeration of SAM accounts\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1110",
"Technique2": "T1087",
"Mitigation1": "M1036",
"Mitigation2": "M1028"
},
"2.3.10.3": {
"Section": "2.3.10",
"Recommendation": "2.3.10.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Do not allow anonymous enumeration of SAM accounts and shares\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1087",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"2.3.10.4": {
"Section": "2.3.10",
"Recommendation": "2.3.10.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Do not allow storage of passwords and credentials for network authentication\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1003",
"Technique2": "T1555",
"Mitigation1": "M1027",
"Mitigation2": null
},
"2.3.10.5": {
"Section": "2.3.10",
"Recommendation": "2.3.10.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Let Everyone permissions apply to anonymous users\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1083",
"Technique2": "T1087",
"Mitigation1": "M1028",
"Mitigation2": null
},
"2.3.10.6": {
"Section": "2.3.10",
"Recommendation": "2.3.10.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Named Pipes that can be accessed anonymously\u0027 is set to \u0027None\u0027",
"Technique1": "T1559",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"2.3.10.7": {
"Section": "2.3.10",
"Recommendation": "2.3.10.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Remotely accessible registry paths\u0027",
"Technique1": "T1112",
"Technique2": "T1012",
"Mitigation1": "M1024",
"Mitigation2": null
},
"2.3.10.8": {
"Section": "2.3.10",
"Recommendation": "2.3.10.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Remotely accessible registry paths and sub-paths\u0027",
"Technique1": "T1112",
"Technique2": "T1012",
"Mitigation1": "M1024",
"Mitigation2": null
},
"2.3.10.9": {
"Section": "2.3.10",
"Recommendation": "2.3.10.9",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Restrict anonymous access to Named Pipes and Shares\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1083",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.3.10.10": {
"Section": "2.3.10",
"Recommendation": "2.3.10.10",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Restrict clients allowed to make remote calls to SAM\u0027 is set to \u0027Administrators: Remote Access: Allow\u0027",
"Technique1": "T1110",
"Technique2": "T1087",
"Mitigation1": "M1036",
"Mitigation2": "M1028"
},
"2.3.10.11": {
"Section": "2.3.10",
"Recommendation": "2.3.10.11",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Shares that can be accessed anonymously\u0027 is set to \u0027None\u0027",
"Technique1": "T1039",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"2.3.10.12": {
"Section": "2.3.10",
"Recommendation": "2.3.10.12",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network access: Sharing and security model for local accounts\u0027 is set to \u0027Classic - local users authenticate as themselves\u0027",
"Technique1": "T1485",
"Technique2": null,
"Mitigation1": "M1053",
"Mitigation2": null
},
"2.3.11.1": {
"Section": "2.3.11",
"Recommendation": "2.3.11.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: Allow Local System to use computer identity for NTLM\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1035",
"Mitigation2": null
},
"2.3.11.2": {
"Section": "2.3.11",
"Recommendation": "2.3.11.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: Allow LocalSystem NULL session fallback\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1565",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"2.3.11.3": {
"Section": "2.3.11",
"Recommendation": "2.3.11.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network Security: Allow PKU2U authentication requests to this computer to use online identities\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1199",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"2.3.11.4": {
"Section": "2.3.11",
"Recommendation": "2.3.11.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: Configure encryption types allowed for Kerberos\u0027 is set to \u0027AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types\u0027",
"Technique1": "T1558",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"2.3.11.5": {
"Section": "2.3.11",
"Recommendation": "2.3.11.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: Do not store LAN Manager hash value on next password change\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1003",
"Technique2": "T1552",
"Mitigation1": "M1041",
"Mitigation2": null
},
"2.3.11.6": {
"Section": "2.3.11",
"Recommendation": "2.3.11.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: Force logoff when logon hours expire\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"2.3.11.7": {
"Section": "2.3.11",
"Recommendation": "2.3.11.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: LAN Manager authentication level\u0027 is set to \u0027Send NTLMv2 response only. Refuse LM \u0026 NTLM\u0027",
"Technique1": "T1040",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"2.3.11.8": {
"Section": "2.3.11",
"Recommendation": "2.3.11.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: LDAP client signing requirements\u0027 is set to \u0027Negotiate signing\u0027 or higher",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1037",
"Mitigation2": null
},
"2.3.11.9": {
"Section": "2.3.11",
"Recommendation": "2.3.11.9",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: Minimum session security for NTLM SSP based (including secure RPC) clients\u0027 is set to \u0027Require NTLMv2 session security, Require 128-bit encryption\u0027",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1035",
"Mitigation2": null
},
"2.3.11.10": {
"Section": "2.3.11",
"Recommendation": "2.3.11.10",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Network security: Minimum session security for NTLM SSP based (including secure RPC) servers\u0027 is set to \u0027Require NTLMv2 session security, Require 128-bit encryption\u0027",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1035",
"Mitigation2": null
},
"2.3.14.1": {
"Section": "2.3.14",
"Recommendation": "2.3.14.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027System cryptography: Force strong key protection for user keys stored on the computer\u0027 is set to \u0027User is prompted when the key is first used\u0027 or higher",
"Technique1": "T1550",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"2.3.15.1": {
"Section": "2.3.15",
"Recommendation": "2.3.15.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027System objects: Require case insensitivity for non-Windows subsystems\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1565",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"2.3.15.2": {
"Section": "2.3.15",
"Recommendation": "2.3.15.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1222",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"2.3.17.1": {
"Section": "2.3.17",
"Recommendation": "2.3.17.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027User Account Control: Admin Approval Mode for the Built-in Administrator account\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"2.3.17.2": {
"Section": "2.3.17",
"Recommendation": "2.3.17.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode\u0027 is set to \u0027Prompt for consent on the secure desktop\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"2.3.17.3": {
"Section": "2.3.17",
"Recommendation": "2.3.17.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027User Account Control: Behavior of the elevation prompt for standard users\u0027 is set to \u0027Automatically deny elevation requests\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"2.3.17.4": {
"Section": "2.3.17",
"Recommendation": "2.3.17.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027User Account Control: Detect application installations and prompt for elevation\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"2.3.17.5": {
"Section": "2.3.17",
"Recommendation": "2.3.17.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027User Account Control: Only elevate UIAccess applications that are installed in secure locations\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"2.3.17.6": {
"Section": "2.3.17",
"Recommendation": "2.3.17.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027User Account Control: Run all administrators in Admin Approval Mode\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"2.3.17.7": {
"Section": "2.3.17",
"Recommendation": "2.3.17.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027User Account Control: Switch to the secure desktop when prompting for elevation\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"2.3.17.8": {
"Section": "2.3.17",
"Recommendation": "2.3.17.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027User Account Control: Virtualize file and registry write failures to per-user locations\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"5.1": {
"Section": "5",
"Recommendation": "5.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Bluetooth Audio Gateway Service (BTAGService)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1011",
"Mitigation1": "M1028",
"Mitigation2": "M1022"
},
"5.2": {
"Section": "5",
"Recommendation": "5.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Bluetooth Support Service (bthserv)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1011",
"Mitigation1": "M1022",
"Mitigation2": "M1028"
},
"5.3": {
"Section": "5",
"Recommendation": "5.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Computer Browser (Browser)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1018",
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.4": {
"Section": "5",
"Recommendation": "5.4",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Downloaded Maps Manager (MapsBroker)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.5": {
"Section": "5",
"Recommendation": "5.5",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Geolocation Service (lfsvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.6": {
"Section": "5",
"Recommendation": "5.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027IIS Admin Service (IISADMIN)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1505",
"Mitigation1": "M1022",
"Mitigation2": "M1047"
},
"5.7": {
"Section": "5",
"Recommendation": "5.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Infrared monitor service (irmon)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1011",
"Mitigation1": "M1022",
"Mitigation2": "M1028"
},
"5.8": {
"Section": "5",
"Recommendation": "5.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Internet Connection Sharing (ICS) (SharedAccess)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1011",
"Mitigation1": "M1022",
"Mitigation2": "M1028"
},
"5.9": {
"Section": "5",
"Recommendation": "5.9",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Link-Layer Topology Discovery Mapper (lltdsvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1018",
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.10": {
"Section": "5",
"Recommendation": "5.10",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027LxssManager (LxssManager)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.11": {
"Section": "5",
"Recommendation": "5.11",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Microsoft FTP Service (FTPSVC)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1105",
"Mitigation1": "M1022",
"Mitigation2": "M1031"
},
"5.12": {
"Section": "5",
"Recommendation": "5.12",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Microsoft iSCSI Initiator Service (MSiSCSI)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1048",
"Mitigation1": "M1022",
"Mitigation2": "M1031"
},
"5.13": {
"Section": "5",
"Recommendation": "5.13",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027OpenSSH SSH Server (sshd)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1563",
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.14": {
"Section": "5",
"Recommendation": "5.14",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Peer Name Resolution Protocol (PNRPsvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": "M1021"
},
"5.15": {
"Section": "5",
"Recommendation": "5.15",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Peer Networking Grouping (p2psvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.16": {
"Section": "5",
"Recommendation": "5.16",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Peer Networking Identity Manager (p2pimsvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.17": {
"Section": "5",
"Recommendation": "5.17",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027PNRP Machine Name Publication Service (PNRPAutoReg)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.18": {
"Section": "5",
"Recommendation": "5.18",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Print Spooler (Spooler)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"5.19": {
"Section": "5",
"Recommendation": "5.19",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Problem Reports and Solutions Control Panel Support (wercplsupport)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1070",
"Mitigation1": "M1022",
"Mitigation2": "M1041"
},
"5.20": {
"Section": "5",
"Recommendation": "5.20",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Remote Access Auto Connection Manager (RasAuto)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.21": {
"Section": "5",
"Recommendation": "5.21",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Remote Desktop Configuration (SessionEnv)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1563",
"Mitigation1": "M1022",
"Mitigation2": "M1026"
},
"5.22": {
"Section": "5",
"Recommendation": "5.22",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Remote Desktop Services (TermService)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1021",
"Mitigation1": "M1022",
"Mitigation2": "M1018"
},
"5.23": {
"Section": "5",
"Recommendation": "5.23",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Remote Desktop Services UserMode Port Redirector (UmRdpService)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1090",
"Mitigation1": "M1022",
"Mitigation2": "M1037"
},
"5.24": {
"Section": "5",
"Recommendation": "5.24",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Remote Procedure Call (RPC) Locator (RpcLocator)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1053",
"Mitigation1": "M1022",
"Mitigation2": "M1028"
},
"5.25": {
"Section": "5",
"Recommendation": "5.25",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Remote Registry (RemoteRegistry)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1112",
"Mitigation1": "M1022",
"Mitigation2": "M1024"
},
"5.26": {
"Section": "5",
"Recommendation": "5.26",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Routing and Remote Access (RemoteAccess)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1011",
"Mitigation1": "M1022",
"Mitigation2": "M1028"
},
"5.27": {
"Section": "5",
"Recommendation": "5.27",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Server (LanmanServer)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1011",
"Mitigation1": "M1022",
"Mitigation2": "M1028"
},
"5.28": {
"Section": "5",
"Recommendation": "5.28",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Simple TCP/IP Services (simptcp)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1011",
"Mitigation1": "M1022",
"Mitigation2": "M1028"
},
"5.29": {
"Section": "5",
"Recommendation": "5.29",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027SNMP Service (SNMP)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1133",
"Mitigation1": "M1022",
"Mitigation2": "M1042"
},
"5.30": {
"Section": "5",
"Recommendation": "5.30",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Special Administration Console Helper (sacsvr)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1018",
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.31": {
"Section": "5",
"Recommendation": "5.31",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027SSDP Discovery (SSDPSRV)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1120",
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.32": {
"Section": "5",
"Recommendation": "5.32",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027UPnP Device Host (upnphost)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1120",
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.33": {
"Section": "5",
"Recommendation": "5.33",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Web Management Service (WMSvc)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1505",
"Mitigation1": "M1022",
"Mitigation2": "M1047"
},
"5.34": {
"Section": "5",
"Recommendation": "5.34",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Windows Error Reporting Service (WerSvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1070",
"Mitigation1": "M1022",
"Mitigation2": "M1041"
},
"5.35": {
"Section": "5",
"Recommendation": "5.35",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Windows Event Collector (Wecsvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.36": {
"Section": "5",
"Recommendation": "5.36",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Media Player Network Sharing Service (WMPNetworkSvc)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1048",
"Mitigation1": "M1022",
"Mitigation2": "M1037"
},
"5.37": {
"Section": "5",
"Recommendation": "5.37",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Mobile Hotspot Service (icssvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1048",
"Mitigation1": "M1022",
"Mitigation2": "M1037"
},
"5.38": {
"Section": "5",
"Recommendation": "5.38",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Windows Push Notifications System Service (WpnService)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1048",
"Mitigation1": "M1022",
"Mitigation2": "M1037"
},
"5.39": {
"Section": "5",
"Recommendation": "5.39",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Windows PushToInstall Service (PushToInstall)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1072",
"Mitigation1": "M1022",
"Mitigation2": "M1026"
},
"5.40": {
"Section": "5",
"Recommendation": "5.40",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Windows Remote Management (WS-Management) (WinRM)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1210",
"Mitigation1": "M1022",
"Mitigation2": "M1042"
},
"5.41": {
"Section": "5",
"Recommendation": "5.41",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027World Wide Web Publishing Service (W3SVC)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027",
"Technique1": "T1569",
"Technique2": "T1505",
"Mitigation1": "M1022",
"Mitigation2": "M1047"
},
"5.42": {
"Section": "5",
"Recommendation": "5.42",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Xbox Accessory Management Service (XboxGipSvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1120",
"Mitigation1": "M1022",
"Mitigation2": null
},
"5.43": {
"Section": "5",
"Recommendation": "5.43",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Xbox Live Auth Manager (XblAuthManager)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1048",
"Mitigation1": "M1022",
"Mitigation2": "M1037"
},
"5.44": {
"Section": "5",
"Recommendation": "5.44",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Xbox Live Game Save (XblGameSave)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": "T1048",
"Mitigation1": "M1022",
"Mitigation2": "M1037"
},
"5.45": {
"Section": "5",
"Recommendation": "5.45",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Xbox Live Networking Service (XboxNetApiSvc)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.1.1": {
"Section": "9.1",
"Recommendation": "9.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Firewall state\u0027 is set to \u0027On (recommended)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.1.2": {
"Section": "9.1",
"Recommendation": "9.1.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Inbound connections\u0027 is set to \u0027Block (default)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.1.3": {
"Section": "9.1",
"Recommendation": "9.1.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Outbound connections\u0027 is set to \u0027Allow (default)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.1.4": {
"Section": "9.1",
"Recommendation": "9.1.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Settings: Display a notification\u0027 is set to \u0027No\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.1.5": {
"Section": "9.1",
"Recommendation": "9.1.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\domainfw.log\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.1.6": {
"Section": "9.1",
"Recommendation": "9.1.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.1.7": {
"Section": "9.1",
"Recommendation": "9.1.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.1.8": {
"Section": "9.1",
"Recommendation": "9.1.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.2.1": {
"Section": "9.2",
"Recommendation": "9.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Firewall state\u0027 is set to \u0027On (recommended)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.2.2": {
"Section": "9.2",
"Recommendation": "9.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Inbound connections\u0027 is set to \u0027Block (default)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.2.3": {
"Section": "9.2",
"Recommendation": "9.2.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Outbound connections\u0027 is set to \u0027Allow (default)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.2.4": {
"Section": "9.2",
"Recommendation": "9.2.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Settings: Display a notification\u0027 is set to \u0027No\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.2.5": {
"Section": "9.2",
"Recommendation": "9.2.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\privatefw.log\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.2.6": {
"Section": "9.2",
"Recommendation": "9.2.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.2.7": {
"Section": "9.2",
"Recommendation": "9.2.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.2.8": {
"Section": "9.2",
"Recommendation": "9.2.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.1": {
"Section": "9.3",
"Recommendation": "9.3.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Firewall state\u0027 is set to \u0027On (recommended)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.2": {
"Section": "9.3",
"Recommendation": "9.3.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Inbound connections\u0027 is set to \u0027Block (default)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.3": {
"Section": "9.3",
"Recommendation": "9.3.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Outbound connections\u0027 is set to \u0027Allow (default)\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.4": {
"Section": "9.3",
"Recommendation": "9.3.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Display a notification\u0027 is set to \u0027No\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.5": {
"Section": "9.3",
"Recommendation": "9.3.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Apply local firewall rules\u0027 is set to \u0027No\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.6": {
"Section": "9.3",
"Recommendation": "9.3.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Apply local connection security rules\u0027 is set to \u0027No\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.7": {
"Section": "9.3",
"Recommendation": "9.3.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\publicfw.log\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.8": {
"Section": "9.3",
"Recommendation": "9.3.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.9": {
"Section": "9.3",
"Recommendation": "9.3.9",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"9.3.10": {
"Section": "9.3",
"Recommendation": "9.3.10",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.1.1": {
"Section": "17.1",
"Recommendation": "17.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Credential Validation\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.2.1": {
"Section": "17.2",
"Recommendation": "17.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Application Group Management\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.2.2": {
"Section": "17.2",
"Recommendation": "17.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Security Group Management\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.2.3": {
"Section": "17.2",
"Recommendation": "17.2.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit User Account Management\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.3.1": {
"Section": "17.3",
"Recommendation": "17.3.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit PNP Activity\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.3.2": {
"Section": "17.3",
"Recommendation": "17.3.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Process Creation\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.5.1": {
"Section": "17.5",
"Recommendation": "17.5.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Account Lockout\u0027 is set to include \u0027Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.5.2": {
"Section": "17.5",
"Recommendation": "17.5.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Group Membership\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.5.3": {
"Section": "17.5",
"Recommendation": "17.5.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Logoff\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.5.4": {
"Section": "17.5",
"Recommendation": "17.5.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Logon\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.5.5": {
"Section": "17.5",
"Recommendation": "17.5.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Other Logon/Logoff Events\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.5.6": {
"Section": "17.5",
"Recommendation": "17.5.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Special Logon\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.6.1": {
"Section": "17.6",
"Recommendation": "17.6.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Detailed File Share\u0027 is set to include \u0027Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.6.2": {
"Section": "17.6",
"Recommendation": "17.6.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit File Share\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.6.3": {
"Section": "17.6",
"Recommendation": "17.6.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Other Object Access Events\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.6.4": {
"Section": "17.6",
"Recommendation": "17.6.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Removable Storage\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.7.1": {
"Section": "17.7",
"Recommendation": "17.7.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Audit Policy Change\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.7.2": {
"Section": "17.7",
"Recommendation": "17.7.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Authentication Policy Change\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.7.3": {
"Section": "17.7",
"Recommendation": "17.7.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Authorization Policy Change\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.7.4": {
"Section": "17.7",
"Recommendation": "17.7.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit MPSSVC Rule-Level Policy Change\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.7.5": {
"Section": "17.7",
"Recommendation": "17.7.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Other Policy Change Events\u0027 is set to include \u0027Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.8.1": {
"Section": "17.8",
"Recommendation": "17.8.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Sensitive Privilege Use\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.9.1": {
"Section": "17.9",
"Recommendation": "17.9.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit IPsec Driver\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.9.2": {
"Section": "17.9",
"Recommendation": "17.9.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Other System Events\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.9.3": {
"Section": "17.9",
"Recommendation": "17.9.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Security State Change\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.9.4": {
"Section": "17.9",
"Recommendation": "17.9.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit Security System Extension\u0027 is set to include \u0027Success\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"17.9.5": {
"Section": "17.9",
"Recommendation": "17.9.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Audit System Integrity\u0027 is set to \u0027Success and Failure\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.1.3": {
"Section": "18.1",
"Recommendation": "18.1.3",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow Online Tips\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.1.1.1": {
"Section": "18.1.1",
"Recommendation": "18.1.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent enabling lock screen camera\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1125",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.1.1.2": {
"Section": "18.1.1",
"Recommendation": "18.1.1.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent enabling lock screen slide show\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1125",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.1.2.2": {
"Section": "18.1.2",
"Recommendation": "18.1.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow users to enable online speech recognition services\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.2.1": {
"Section": "18.2",
"Recommendation": "18.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure LAPS AdmPwd GPO Extension / CSE is installed",
"Technique1": "T1552",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.2.2": {
"Section": "18.2",
"Recommendation": "18.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not allow password expiration time longer than required by policy\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.2.3": {
"Section": "18.2",
"Recommendation": "18.2.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enable Local Admin Password Management\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1552",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.2.4": {
"Section": "18.2",
"Recommendation": "18.2.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Password Settings: Password Complexity\u0027 is set to \u0027Enabled: Large letters + small letters + numbers + special characters\u0027",
"Technique1": "T1078",
"Technique2": "T1110",
"Mitigation1": "M1027",
"Mitigation2": "M1018"
},
"18.2.5": {
"Section": "18.2",
"Recommendation": "18.2.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Password Settings: Password Length\u0027 is set to \u0027Enabled: 15 or more\u0027",
"Technique1": "T1078",
"Technique2": "T1110",
"Mitigation1": "M1027",
"Mitigation2": "M1018"
},
"18.2.6": {
"Section": "18.2",
"Recommendation": "18.2.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Password Settings: Password Age (Days)\u0027 is set to \u0027Enabled: 30 or fewer\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.3.1": {
"Section": "18.3",
"Recommendation": "18.3.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Apply UAC restrictions to local accounts on network logons\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1210",
"Technique2": "T1134",
"Mitigation1": "M1026",
"Mitigation2": null
},
"18.3.2": {
"Section": "18.3",
"Recommendation": "18.3.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure SMB v1 client driver\u0027 is set to \u0027Enabled: Disable driver (recommended)\u0027",
"Technique1": "T1021",
"Technique2": "T1570",
"Mitigation1": "M1037",
"Mitigation2": null
},
"18.3.3": {
"Section": "18.3",
"Recommendation": "18.3.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure SMB v1 server\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": "T1570",
"Mitigation1": "M1037",
"Mitigation2": null
},
"18.3.4": {
"Section": "18.3",
"Recommendation": "18.3.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enable Structured Exception Handling Overwrite Protection (SEHOP)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1203",
"Technique2": null,
"Mitigation1": "M1050",
"Mitigation2": null
},
"18.3.5": {
"Section": "18.3",
"Recommendation": "18.3.5",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Limits print driver installation to Administrators? is set to ?Enabled?",
"Technique1": "T1203",
"Technique2": null,
"Mitigation1": "M1050",
"Mitigation2": null
},
"18.3.6": {
"Section": "18.3",
"Recommendation": "18.3.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027NetBT NodeType configuration\u0027 is set to \u0027Enabled: P-node (recommended)\u0027",
"Technique1": "T1018",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.3.7": {
"Section": "18.3",
"Recommendation": "18.3.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027WDigest Authentication\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1555",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.4.1": {
"Section": "18.4",
"Recommendation": "18.4.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1552",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"18.4.2": {
"Section": "18.4",
"Recommendation": "18.4.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)\u0027 is set to \u0027Enabled: Highest protection, source routing is completely disabled\u0027",
"Technique1": "T1071",
"Technique2": null,
"Mitigation1": "M1031",
"Mitigation2": null
},
"18.4.3": {
"Section": "18.4",
"Recommendation": "18.4.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)\u0027 is set to \u0027Enabled: Highest protection, source routing is completely disabled\u0027",
"Technique1": "T1071",
"Technique2": null,
"Mitigation1": "M1031",
"Mitigation2": null
},
"18.4.4": {
"Section": "18.4",
"Recommendation": "18.4.4",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027MSS: (DisableSavePassword) Prevent the dial-up password from being saved\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1552",
"Technique2": "T1555",
"Mitigation1": "M1027",
"Mitigation2": "M1028"
},
"18.4.5": {
"Section": "18.4",
"Recommendation": "18.4.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.4.6": {
"Section": "18.4",
"Recommendation": "18.4.6",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds\u0027 is set to \u0027Enabled: 300,000 or 5 minutes (recommended)\u0027",
"Technique1": "T1498",
"Technique2": null,
"Mitigation1": "M1037",
"Mitigation2": null
},
"18.4.7": {
"Section": "18.4",
"Recommendation": "18.4.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1499",
"Technique2": null,
"Mitigation1": "M1037",
"Mitigation2": null
},
"18.4.8": {
"Section": "18.4",
"Recommendation": "18.4.8",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1498",
"Technique2": null,
"Mitigation1": "M1037",
"Mitigation2": null
},
"18.4.9": {
"Section": "18.4",
"Recommendation": "18.4.9",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1055",
"Technique2": null,
"Mitigation1": "M1040",
"Mitigation2": null
},
"18.4.10": {
"Section": "18.4",
"Recommendation": "18.4.10",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)\u0027 is set to \u0027Enabled: 5 or fewer seconds\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.4.11": {
"Section": "18.4",
"Recommendation": "18.4.11",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted\u0027 is set to \u0027Enabled: 3\u0027",
"Technique1": "T1499",
"Technique2": null,
"Mitigation1": "M1037",
"Mitigation2": null
},
"18.4.12": {
"Section": "18.4",
"Recommendation": "18.4.12",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted\u0027 is set to \u0027Enabled: 3\u0027",
"Technique1": "T1499",
"Technique2": null,
"Mitigation1": "M1037",
"Mitigation2": null
},
"18.4.13": {
"Section": "18.4",
"Recommendation": "18.4.13",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning\u0027 is set to \u0027Enabled: 90% or less\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.5.4.1": {
"Section": "18.5.4",
"Recommendation": "18.5.4.1",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Configure DNS over HTTPS (DoH) name resolution? is set to ?Enabled: Allow DoH? or higher",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.5.4.2": {
"Section": "18.5.4",
"Recommendation": "18.5.4.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off multicast name resolution\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1037",
"Mitigation2": null
},
"18.5.5.1": {
"Section": "18.5.5",
"Recommendation": "18.5.5.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Enable Font Providers\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1195",
"Technique2": null,
"Mitigation1": "M1016",
"Mitigation2": null
},
"18.5.8.1": {
"Section": "18.5.8",
"Recommendation": "18.5.8.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enable insecure guest logons\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"18.5.9.1": {
"Section": "18.5.9",
"Recommendation": "18.5.9.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn on Mapper I/O (LLTDIO) driver\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1016",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.5.9.2": {
"Section": "18.5.9",
"Recommendation": "18.5.9.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn on Responder (RSPNDR) driver\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1016",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.5.10.2": {
"Section": "18.5.10",
"Recommendation": "18.5.10.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off Microsoft Peer-to-Peer Networking Services\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1048",
"Technique2": null,
"Mitigation1": "M1030",
"Mitigation2": null
},
"18.5.11.2": {
"Section": "18.5.11",
"Recommendation": "18.5.11.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prohibit installation and configuration of Network Bridge on your DNS domain network\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1048",
"Technique2": null,
"Mitigation1": "M1030",
"Mitigation2": null
},
"18.5.11.3": {
"Section": "18.5.11",
"Recommendation": "18.5.11.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prohibit use of Internet Connection Sharing on your DNS domain network\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1048",
"Technique2": null,
"Mitigation1": "M1030",
"Mitigation2": null
},
"18.5.11.4": {
"Section": "18.5.11",
"Recommendation": "18.5.11.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Require domain users to elevate when setting a network\u0027s location\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.5.14.1": {
"Section": "18.5.14",
"Recommendation": "18.5.14.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Hardened UNC Paths\u0027 is set to \u0027Enabled, with \"Require Mutual Authentication\" and \"Require Integrity\" set for all NETLOGON and SYSVOL shares\u0027",
"Technique1": "T1135",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.5.19.2.1": {
"Section": "18.5.19.2",
"Recommendation": "18.5.19.2.1",
"Profile": "L2",
"RecommendationTitle": "Disable IPv6 (Ensure TCPIP6 Parameter \u0027DisabledComponents\u0027 is set to \u00270xff (255)\u0027)",
"Technique1": "T1046",
"Technique2": "T1016",
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.5.20.1": {
"Section": "18.5.20",
"Recommendation": "18.5.20.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Configuration of wireless settings using Windows Connect Now\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1120",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.5.20.2": {
"Section": "18.5.20",
"Recommendation": "18.5.20.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Prohibit access of the Windows Connect Now wizards\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1120",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.5.21.1": {
"Section": "18.5.21",
"Recommendation": "18.5.21.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Minimize the number of simultaneous connections to the Internet or a Windows Domain\u0027 is set to \u0027Enabled: 3 = Prevent Wi-Fi when on Ethernet\u0027",
"Technique1": "T1011",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.5.21.2": {
"Section": "18.5.21",
"Recommendation": "18.5.21.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prohibit connection to non-domain networks when connected to domain authenticated network\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1011",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.5.23.2.1": {
"Section": "18.5.23.2",
"Recommendation": "18.5.23.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1011",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.6.1": {
"Section": "18.6",
"Recommendation": "18.6.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Print Spooler to accept client connections\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.6.2": {
"Section": "18.6",
"Recommendation": "18.6.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Point and Print Restrictions: When installing drivers for a new connection\u0027 is set to \u0027Enabled: Show warning and elevation prompt\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.6.3": {
"Section": "18.6",
"Recommendation": "18.6.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Point and Print Restrictions: When updating drivers for an existing connection\u0027 is set to \u0027Enabled: Show warning and elevation prompt\u0027",
"Technique1": null,
"Technique2": null,
"Mitigation1": null,
"Mitigation2": null
},
"18.7.1.1": {
"Section": "18.7.1",
"Recommendation": "18.7.1.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off notifications network usage\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.3.1": {
"Section": "18.8.3",
"Recommendation": "18.8.3.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Include command line in process creation events\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1552",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"18.8.4.1": {
"Section": "18.8.4",
"Recommendation": "18.8.4.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Encryption Oracle Remediation\u0027 is set to \u0027Enabled: Force Updated Clients\u0027",
"Technique1": "T1212",
"Technique2": null,
"Mitigation1": "M1051",
"Mitigation2": null
},
"18.8.4.2": {
"Section": "18.8.4",
"Recommendation": "18.8.4.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Remote host allows delegation of non-exportable credentials\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1003",
"Technique2": null,
"Mitigation1": "M1043",
"Mitigation2": null
},
"18.8.5.1": {
"Section": "18.8.5",
"Recommendation": "18.8.5.1",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1003",
"Technique2": null,
"Mitigation1": "M1043",
"Mitigation2": null
},
"18.8.5.2": {
"Section": "18.8.5",
"Recommendation": "18.8.5.2",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Select Platform Security Level\u0027 is set to \u0027Secure Boot and DMA Protection\u0027",
"Technique1": "T1547",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.8.5.3": {
"Section": "18.8.5",
"Recommendation": "18.8.5.3",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity\u0027 is set to \u0027Enabled with UEFI lock\u0027",
"Technique1": "T1489",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"18.8.5.4": {
"Section": "18.8.5",
"Recommendation": "18.8.5.4",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Require UEFI Memory Attributes Table\u0027 is set to \u0027True (checked)\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.5.5": {
"Section": "18.8.5",
"Recommendation": "18.8.5.5",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Credential Guard Configuration\u0027 is set to \u0027Enabled with UEFI lock\u0027",
"Technique1": "T1489",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"18.8.5.6": {
"Section": "18.8.5",
"Recommendation": "18.8.5.6",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Secure Launch Configuration\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1495",
"Technique2": null,
"Mitigation1": "M1046",
"Mitigation2": null
},
"18.8.7.1.1": {
"Section": "18.8.7.1",
"Recommendation": "18.8.7.1.1",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1200",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.8.7.1.2": {
"Section": "18.8.7.1",
"Recommendation": "18.8.7.1.2",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs\u0027 is set to \u0027PCI\\CC_0C0A\u0027",
"Technique1": "T1200",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.8.7.1.3": {
"Section": "18.8.7.1",
"Recommendation": "18.8.7.1.3",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.\u0027 is set to \u0027True\u0027 (checked)",
"Technique1": "T1200",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.8.7.1.4": {
"Section": "18.8.7.1",
"Recommendation": "18.8.7.1.4",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1200",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.8.7.1.5": {
"Section": "18.8.7.1",
"Recommendation": "18.8.7.1.5",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup\u0027 is set to \u0027IEEE 1394 device setup classes\u0027",
"Technique1": "T1200",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.8.7.1.6": {
"Section": "18.8.7.1",
"Recommendation": "18.8.7.1.6",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.\u0027 is set to \u0027True\u0027 (checked)",
"Technique1": "T1200",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.8.7.2": {
"Section": "18.8.7.2",
"Recommendation": "18.8.7.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent device metadata retrieval from the Internet\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.14.1": {
"Section": "18.8.14",
"Recommendation": "18.8.14.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Boot-Start Driver Initialization Policy\u0027 is set to \u0027Enabled: Good, unknown and bad but critical\u0027",
"Technique1": "T1542",
"Technique2": null,
"Mitigation1": "M1046",
"Mitigation2": null
},
"18.8.21.2": {
"Section": "18.8.21",
"Recommendation": "18.8.21.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure registry policy processing: Do not apply during periodic background processing\u0027 is set to \u0027Enabled: FALSE\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.21.3": {
"Section": "18.8.21",
"Recommendation": "18.8.21.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure registry policy processing: Process even if the Group Policy objects have not changed\u0027 is set to \u0027Enabled: TRUE\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.21.4": {
"Section": "18.8.21",
"Recommendation": "18.8.21.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Continue experiences on this device\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1018",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.8.21.5": {
"Section": "18.8.21",
"Recommendation": "18.8.21.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off background refresh of Group Policy\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.1": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off access to the Store\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.2": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off downloading of print drivers over HTTP\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1574",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.8.22.1.3": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.3",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off handwriting personalization data sharing\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.4": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.4",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off handwriting recognition error reporting\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.5": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.5",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.6": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off Internet download for Web publishing and online ordering wizards\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.7": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.7",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off printing over HTTP\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1031",
"Mitigation2": null
},
"18.8.22.1.8": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.8",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off Registration if URL connection is referring to Microsoft.com\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.9": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.9",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off Search Companion content file updates\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.10": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.10",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off the \"Order Prints\" picture task\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.11": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.11",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off the \"Publish to Web\" task for files and folders\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.12": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.12",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off the Windows Messenger Customer Experience Improvement Program\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.13": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.13",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off Windows Customer Experience Improvement Program\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.22.1.14": {
"Section": "18.8.22.1",
"Recommendation": "18.8.22.1.14",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off Windows Error Reporting\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.25.1": {
"Section": "18.8.25",
"Recommendation": "18.8.25.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Support device authentication using certificate\u0027 is set to \u0027Enabled: Automatic\u0027",
"Technique1": "T1558",
"Technique2": null,
"Mitigation1": "M1041",
"Mitigation2": null
},
"18.8.26.1": {
"Section": "18.8.26",
"Recommendation": "18.8.26.1",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Enumeration policy for external devices incompatible with Kernel DMA Protection\u0027 is set to \u0027Enabled: Block All\u0027",
"Technique1": "T1200",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.8.27.1": {
"Section": "18.8.27",
"Recommendation": "18.8.27.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Disallow copying of user input methods to the system account for sign-in\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.28.1": {
"Section": "18.8.28",
"Recommendation": "18.8.28.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Block user from showing account details on sign-in\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.8.28.2": {
"Section": "18.8.28",
"Recommendation": "18.8.28.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not display network selection UI\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1557",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.8.28.3": {
"Section": "18.8.28",
"Recommendation": "18.8.28.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not enumerate connected users on domain-joined computers\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1087",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.8.28.4": {
"Section": "18.8.28",
"Recommendation": "18.8.28.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enumerate local users on domain-joined computers\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1087",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.8.28.5": {
"Section": "18.8.28",
"Recommendation": "18.8.28.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off app notifications on the lock screen\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.28.6": {
"Section": "18.8.28",
"Recommendation": "18.8.28.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off picture password sign-in\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1003",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.8.28.7": {
"Section": "18.8.28",
"Recommendation": "18.8.28.7",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn on convenience PIN sign-in\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.8.31.1": {
"Section": "18.8.31",
"Recommendation": "18.8.31.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow Clipboard synchronization across devices\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1115",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.8.31.2": {
"Section": "18.8.31",
"Recommendation": "18.8.31.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow upload of User Activities\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.34.6.1": {
"Section": "18.8.34.6",
"Recommendation": "18.8.34.6.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow network connectivity during connected-standby (on battery)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1018",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.8.34.6.2": {
"Section": "18.8.34.6",
"Recommendation": "18.8.34.6.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow network connectivity during connected-standby (plugged in)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1018",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.8.34.6.3": {
"Section": "18.8.34.6",
"Recommendation": "18.8.34.6.3",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Allow standby states (S1-S3) when sleeping (on battery)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1003",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.8.34.6.4": {
"Section": "18.8.34.6",
"Recommendation": "18.8.34.6.4",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Allow standby states (S1-S3) when sleeping (plugged in)\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1003",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.8.34.6.5": {
"Section": "18.8.34.6",
"Recommendation": "18.8.34.6.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Require a password when a computer wakes (on battery)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.34.6.6": {
"Section": "18.8.34.6",
"Recommendation": "18.8.34.6.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Require a password when a computer wakes (plugged in)\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.36.1": {
"Section": "18.8.36",
"Recommendation": "18.8.36.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Offer Remote Assistance\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"18.8.36.2": {
"Section": "18.8.36",
"Recommendation": "18.8.36.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Solicited Remote Assistance\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"18.8.37.1": {
"Section": "18.8.37",
"Recommendation": "18.8.37.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enable RPC Endpoint Mapper Client Authentication\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"18.8.37.2": {
"Section": "18.8.37",
"Recommendation": "18.8.37.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Restrict Unauthenticated RPC clients\u0027 is set to \u0027Enabled: Authenticated\u0027",
"Technique1": "T1569",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"18.8.48.5.1": {
"Section": "18.8.48.5",
"Recommendation": "18.8.48.5.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.48.11.1": {
"Section": "18.8.48.11",
"Recommendation": "18.8.48.11.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Enable/Disable PerfTrack\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.49.1": {
"Section": "18.8.50",
"Recommendation": "18.8.49.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off the advertising ID\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.8.53.1.1": {
"Section": "18.8.53.1",
"Recommendation": "18.8.53.1.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Enable Windows NTP Client\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1124",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.8.53.1.2": {
"Section": "18.8.53.1",
"Recommendation": "18.8.53.1.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Enable Windows NTP Server\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1124",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.9.4.1": {
"Section": "18.9.4",
"Recommendation": "18.9.4.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow a Windows app to share application data between users\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1135",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.9.4.2": {
"Section": "18.9.4",
"Recommendation": "18.9.4.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent non-admin users from installing packaged Windows apps\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.9.5.1": {
"Section": "18.9.5",
"Recommendation": "18.9.5.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Let Windows apps activate with voice while the system is locked\u0027 is set to \u0027Enabled: Force Deny\u0027",
"Technique1": "T1123",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.9.6.1": {
"Section": "18.9.6",
"Recommendation": "18.9.6.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Microsoft accounts to be optional\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.6.2": {
"Section": "18.9.6",
"Recommendation": "18.9.6.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Block launching Universal Windows apps with Windows Runtime API access from hosted content.\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1106",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.8.1": {
"Section": "18.9.8",
"Recommendation": "18.9.8.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Disallow Autoplay for non-volume devices\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1091",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.8.2": {
"Section": "18.9.8",
"Recommendation": "18.9.8.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Set the default behavior for AutoRun\u0027 is set to \u0027Enabled: Do not execute any autorun commands\u0027",
"Technique1": "T1091",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.8.3": {
"Section": "18.9.8",
"Recommendation": "18.9.8.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off Autoplay\u0027 is set to \u0027Enabled: All drives\u0027",
"Technique1": "T1091",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.10.1.1": {
"Section": "18.9.10.1",
"Recommendation": "18.9.10.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure enhanced anti-spoofing\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.4": {
"Section": "18.9.11",
"Recommendation": "18.9.11.4",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Disable new DMA devices when this computer is locked\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1200",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.9.11.1.1": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.1",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Allow access to BitLocker-protected fixed data drives from earlier versions of Windows\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1140",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.9.11.1.2": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.2",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.3": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.3",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.4": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.4",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Allow 48-digit recovery password\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.5": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.5",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Allow 256-bit recovery key\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.6": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.6",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.7": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.7",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives\u0027 is set to \u0027Enabled: False\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.8": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.8",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS\u0027 is set to \u0027Enabled: Backup recovery passwords and key packages\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.9": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.9",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives\u0027 is set to \u0027Enabled: False\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.10": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.10",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for fixed data drives\u0027 is set to Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.1.11": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.11",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of passwords for fixed data drives\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.9.11.1.12": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.12",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of smart cards on fixed data drives\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1111",
"Technique2": null,
"Mitigation1": "M1017",
"Mitigation2": null
},
"18.9.11.1.13": {
"Section": "18.9.11.1",
"Recommendation": "18.9.11.1.13",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "T1111",
"Technique2": null,
"Mitigation1": "M1017",
"Mitigation2": null
},
"18.9.11.2.1": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.1",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Allow enhanced PINs for startup\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.2": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.2",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Allow Secure Boot for integrity validation\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1495",
"Technique2": null,
"Mitigation1": "M1046",
"Mitigation2": null
},
"18.9.11.2.3": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.3",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.4": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.4",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: False\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.5": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.5",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Require 48-digit recovery password\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.6": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.6",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Do not allow 256-bit recovery key\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.7": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.7",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.8": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.8",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.9": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.9",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:\u0027 is set to \u0027Enabled: Store recovery passwords and key packages\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.10": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.10",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.11": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.11",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for operating system drives\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.12": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.12",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of passwords for operating system drives\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.9.11.2.13": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.13",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Require additional authentication at startup\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.2.14": {
"Section": "18.9.11.2",
"Recommendation": "18.9.11.2.14",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Require additional authentication at startup: Allow BitLocker without a compatible TPM\u0027 is set to \u0027Enabled: False\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.1": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.1",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Allow access to BitLocker-protected removable data drives from earlier versions of Windows\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1140",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.9.11.3.2": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.2",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.3": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.3",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.4": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.4",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Do not allow 48-digit recovery password\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.5": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.5",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Do not allow 256-bit recovery key\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.6": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.6",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.7": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.7",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives\u0027 is set to \u0027Enabled: False\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.8": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.8",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:\u0027 is set to \u0027Enabled: Backup recovery passwords and key packages\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.9": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.9",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives\u0027 is set to \u0027Enabled: False\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.10": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.10",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for removable data drives\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.11.3.11": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.11",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of passwords for removable data drives\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1110",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.9.11.3.12": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.12",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of smart cards on removable data drives\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1111",
"Technique2": null,
"Mitigation1": "M1017",
"Mitigation2": null
},
"18.9.11.3.13": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.13",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives\u0027 is set to \u0027Enabled: True\u0027",
"Technique1": "T1111",
"Technique2": null,
"Mitigation1": "M1017",
"Mitigation2": null
},
"18.9.11.3.14": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.14",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Deny write access to removable drives not protected by BitLocker\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1052",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.11.3.15": {
"Section": "18.9.11.3",
"Recommendation": "18.9.11.3.15",
"Profile": "BL",
"RecommendationTitle": "Ensure \u0027Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization\u0027 is set to \u0027Enabled: False\u0027",
"Technique1": "T1052",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.12.1": {
"Section": "18.9.12",
"Recommendation": "18.9.12.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow Use of Camera\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1125",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.19.14.1": {
"Section": "18.9.14",
"Recommendation": "18.19.14.1",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Turn off cloud consumer account state content? is set to ?Enabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.19.14.2": {
"Section": "18.9.14",
"Recommendation": "18.19.14.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off cloud optimized content\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.19.14.3": {
"Section": "18.9.14",
"Recommendation": "18.19.14.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off Microsoft consumer experiences\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.15.1": {
"Section": "18.9.15",
"Recommendation": "18.9.15.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Require pin for pairing\u0027 is set to \u0027Enabled: First Time\u0027 OR \u0027Enabled: Always\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.16.1": {
"Section": "18.9.16",
"Recommendation": "18.9.16.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not display the password reveal button\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.16.2": {
"Section": "18.9.16",
"Recommendation": "18.9.16.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enumerate administrator accounts on elevation\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1087",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.9.16.3": {
"Section": "18.9.16",
"Recommendation": "18.9.16.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent the use of security questions for local accounts\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1589",
"Technique2": null,
"Mitigation1": "M1056",
"Mitigation2": null
},
"18.9.17.1": {
"Section": "18.9.17",
"Recommendation": "18.9.17.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Diagnostic Data\u0027 is set to \u0027Enabled: Diagnostic data off (not recommended)\u0027 or \u0027Enabled: Send required\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.17.2": {
"Section": "18.9.17",
"Recommendation": "18.9.17.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service\u0027 is set to \u0027Enabled: Disable Authenticated Proxy usage\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.17.3": {
"Section": "18.9.17",
"Recommendation": "18.9.17.3",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Disable OneSettings Downloads? is set to ?Enabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.17.4": {
"Section": "18.9.17",
"Recommendation": "18.9.17.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not show feedback notifications\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.17.5": {
"Section": "18.9.17",
"Recommendation": "18.9.17.5",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Enable OneSettings Auditing? is set to ?Enabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.17.6": {
"Section": "18.9.17",
"Recommendation": "18.9.17.6",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Limit Diagnostic Log Collection? is set to ?Enabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.17.7": {
"Section": "18.9.17",
"Recommendation": "18.9.17.7",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Limit Dump Collection? is set to ?Enabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.17.8": {
"Section": "18.9.17",
"Recommendation": "18.9.17.8",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Toggle user control over Insider builds\u0027 is set to \u0027Disabled\u0027 (Automated)",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.18.1": {
"Section": "18.9.18",
"Recommendation": "18.9.18.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Download Mode\u0027 is NOT set to \u0027Enabled: Internet\u0027",
"Technique1": "T1601",
"Technique2": null,
"Mitigation1": "M1045",
"Mitigation2": null
},
"18.9.27.1.1": {
"Section": "18.9.27.1",
"Recommendation": "18.9.27.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Application: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.9.27.1.2": {
"Section": "18.9.27.1",
"Recommendation": "18.9.27.1.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Application: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.9.27.2.1": {
"Section": "18.9.27.2",
"Recommendation": "18.9.27.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Security: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.9.27.2.2": {
"Section": "18.9.27.2",
"Recommendation": "18.9.27.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Security: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 196,608 or greater\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.9.27.3.1": {
"Section": "18.9.27.3",
"Recommendation": "18.9.27.3.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Setup: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.9.27.3.2": {
"Section": "18.9.27.3",
"Recommendation": "18.9.27.3.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Setup: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.9.27.4.1": {
"Section": "18.9.27.4",
"Recommendation": "18.9.27.4.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027System: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.9.27.4.2": {
"Section": "18.9.27.4",
"Recommendation": "18.9.27.4.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027System: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1022",
"Mitigation2": null
},
"18.9.31.2": {
"Section": "18.9.31",
"Recommendation": "18.9.31.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off Data Execution Prevention for Explorer\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1553",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.31.3": {
"Section": "18.9.31",
"Recommendation": "18.9.31.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off heap termination on corruption\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.31.4": {
"Section": "18.9.31",
"Recommendation": "18.9.31.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off shell protocol protected mode\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1059",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.36.1": {
"Section": "18.9.36",
"Recommendation": "18.9.36.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent the computer from joining a homegroup\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.41.1": {
"Section": "18.9.41",
"Recommendation": "18.9.41.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off location\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1591",
"Technique2": null,
"Mitigation1": "M1056",
"Mitigation2": null
},
"18.9.45.1": {
"Section": "18.9.45",
"Recommendation": "18.9.45.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow Message Service Cloud Sync\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.46.1": {
"Section": "18.9.46",
"Recommendation": "18.9.46.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Block all consumer Microsoft account user authentication\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1078",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.9.47.14": {
"Section": "18.9.47",
"Recommendation": "18.9.47.14",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure detection for potentially unwanted applications\u0027 is set to \u0027Enabled: Block\u0027",
"Technique1": "T1204",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.47.15": {
"Section": "18.9.47",
"Recommendation": "18.9.47.15",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off Microsoft Defender AntiVirus\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1553",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.9.47.4.1": {
"Section": "18.9.47.4",
"Recommendation": "18.9.47.4.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure local setting override for reporting to Microsoft MAPS\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.47.4.2": {
"Section": "18.9.47.4",
"Recommendation": "18.9.47.4.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Join Microsoft MAPS\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.47.5.1.1": {
"Section": "18.9.47.5.1",
"Recommendation": "18.9.47.5.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Attack Surface Reduction rules\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1559",
"Technique2": "T1218",
"Mitigation1": "M1040",
"Mitigation2": "M1038"
},
"18.9.47.5.1.2": {
"Section": "18.9.47.5.1",
"Recommendation": "18.9.47.5.1.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Attack Surface Reduction rules: Set the state for each ASR rule\u0027 is \u0027configured\u0027",
"Technique1": "T1559",
"Technique2": "T1218",
"Mitigation1": "M1040",
"Mitigation2": "M1038"
},
"18.9.47.5.3.1": {
"Section": "18.9.47.5.3",
"Recommendation": "18.9.47.5.3.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent users and apps from accessing dangerous websites\u0027 is set to \u0027Enabled: Block\u0027",
"Technique1": "T1189",
"Technique2": "T1566",
"Mitigation1": "M1050",
"Mitigation2": "M1049"
},
"18.9.47.6.1": {
"Section": "18.9.47.6",
"Recommendation": "18.9.47.6.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Enable file hash computation feature\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1553",
"Technique2": null,
"Mitigation1": "M1054",
"Mitigation2": null
},
"18.9.47.9.1": {
"Section": "18.9.47.9",
"Recommendation": "18.9.47.9.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Scan all downloaded files and attachments\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1059",
"Technique2": null,
"Mitigation1": "M1049",
"Mitigation2": null
},
"18.9.47.9.2": {
"Section": "18.9.47.9",
"Recommendation": "18.9.47.9.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off real-time protection\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1553",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.9.47.9.3": {
"Section": "18.9.47.9",
"Recommendation": "18.9.47.9.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn on behavior monitoring\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1553",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.9.47.9.4": {
"Section": "18.9.47.9",
"Recommendation": "18.9.47.9.4",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Turn on script scanning? is set to ?Enabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.47.11.1": {
"Section": "18.9.47.12",
"Recommendation": "18.9.47.11.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Scan removable drives\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1091",
"Technique2": null,
"Mitigation1": "M1034",
"Mitigation2": null
},
"18.9.47.11.2": {
"Section": "18.9.47.12",
"Recommendation": "18.9.47.11.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn on e-mail scanning\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1556",
"Technique2": null,
"Mitigation1": "M1049",
"Mitigation2": null
},
"18.9.48.1": {
"Section": "18.9.50",
"Recommendation": "18.9.48.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow Address bar drop-down list suggestions\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.48.2": {
"Section": "18.9.50",
"Recommendation": "18.9.48.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow Adobe Flash\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1176",
"Technique2": null,
"Mitigation1": "M1033",
"Mitigation2": null
},
"18.9.48.3": {
"Section": "18.9.50",
"Recommendation": "18.9.48.3",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow InPrivate Browsing\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.48.4": {
"Section": "18.9.48",
"Recommendation": "18.9.48.4",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Allow files to download and save to the host operating system from Microsoft Defender Application Guard\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1211",
"Technique2": null,
"Mitigation1": "M1048",
"Mitigation2": null
},
"18.9.48.5": {
"Section": "18.9.48",
"Recommendation": "18.9.48.5",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting\u0027 is set to \u0027Enabled: Enable clipboard operation from an isolated session to the host\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.48.6": {
"Section": "18.9.48",
"Recommendation": "18.9.48.6",
"Profile": "NG",
"RecommendationTitle": "Ensure \u0027Turn on Microsoft Defender Application Guard in Managed Mode\u0027 is set to \u0027Enabled: 1\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.48.7": {
"Section": "18.9.50",
"Recommendation": "18.9.48.7",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Configure Pop-up Blocker\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1189",
"Technique2": null,
"Mitigation1": "M1021",
"Mitigation2": null
},
"18.9.48.8": {
"Section": "18.9.50",
"Recommendation": "18.9.48.8",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Configure search suggestions in Address bar\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.48.10": {
"Section": "18.9.50",
"Recommendation": "18.9.48.10",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Prevent access to the about:flags page in Microsoft Edge\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1505",
"Technique2": null,
"Mitigation1": "M1026",
"Mitigation2": null
},
"18.9.48.13": {
"Section": "18.9.50",
"Recommendation": "18.9.48.13",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Prevent using Localhost IP address for WebRTC\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1592",
"Technique2": null,
"Mitigation1": "M1056",
"Mitigation2": null
},
"18.9.58.1": {
"Section": "18.9.58",
"Recommendation": "18.9.58.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent the usage of OneDrive for file storage\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1567",
"Technique2": null,
"Mitigation1": "M1021",
"Mitigation2": null
},
"18.9.64.1": {
"Section": "18.9.64",
"Recommendation": "18.9.64.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off Push To Install service\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1570",
"Technique2": null,
"Mitigation1": "M1031",
"Mitigation2": null
},
"18.9.65.2.2": {
"Section": "18.9.65.2",
"Recommendation": "18.9.65.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not allow passwords to be saved\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1555",
"Technique2": null,
"Mitigation1": "M1027",
"Mitigation2": null
},
"18.9.65.3.2.1": {
"Section": "18.9.65.3.2",
"Recommendation": "18.9.65.3.2.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow users to connect remotely by using Remote Desktop Services\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.3.1": {
"Section": "18.9.65.3.3",
"Recommendation": "18.9.65.3.3.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow UI Automation redirection\u0027 is set to \u0027Disabled\u0027",
"Technique1": null,
"Technique2": null,
"Mitigation1": null,
"Mitigation2": null
},
"18.9.65.3.3.2": {
"Section": "18.9.65.3.3",
"Recommendation": "18.9.65.3.3.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Do not allow COM port redirection\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.3.3": {
"Section": "18.9.65.3.3",
"Recommendation": "18.9.65.3.3.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not allow drive redirection\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.3.4": {
"Section": "18.9.65.3.3",
"Recommendation": "18.9.65.3.3.4",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Do not allow location redirection\u0027 is set to \u0027Enabled\u0027",
"Technique1": null,
"Technique2": null,
"Mitigation1": null,
"Mitigation2": null
},
"18.9.65.3.3.5": {
"Section": "18.9.65.3.3",
"Recommendation": "18.9.65.3.3.5",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Do not allow LPT port redirection\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.3.6": {
"Section": "18.9.65.3.3",
"Recommendation": "18.9.65.3.3.6",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Do not allow supported Plug and Play device redirection\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.9.1": {
"Section": "18.9.65.3.9",
"Recommendation": "18.9.65.3.9.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Always prompt for password upon connection\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.9.2": {
"Section": "18.9.65.3.9",
"Recommendation": "18.9.65.3.9.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Require secure RPC communication\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1210",
"Technique2": "T1557",
"Mitigation1": "M1042",
"Mitigation2": "M1041"
},
"18.9.65.3.9.3": {
"Section": "18.9.65.3.9",
"Recommendation": "18.9.65.3.9.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Require use of specific security layer for remote (RDP) connections\u0027 is set to \u0027Enabled: SSL\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.9.4": {
"Section": "18.9.65.3.9",
"Recommendation": "18.9.65.3.9.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Require user authentication for remote connections by using Network Level Authentication\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.9.5": {
"Section": "18.9.65.3.9",
"Recommendation": "18.9.65.3.9.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Set client connection encryption level\u0027 is set to \u0027Enabled: High Level\u0027",
"Technique1": "T1210",
"Technique2": "T1557",
"Mitigation1": "M1042",
"Mitigation2": "M1041"
},
"18.9.65.3.10.1": {
"Section": "18.9.65.3.10",
"Recommendation": "18.9.65.3.10.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Set time limit for active but idle Remote Desktop Services sessions\u0027 is set to \u0027Enabled: 15 minutes or less, but not Never (0)\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.10.2": {
"Section": "18.9.65.3.10",
"Recommendation": "18.9.65.3.10.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Set time limit for disconnected sessions\u0027 is set to \u0027Enabled: 1 minute\u0027",
"Technique1": "T1210",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.65.3.11.1": {
"Section": "18.9.65.3.11",
"Recommendation": "18.9.65.3.11.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not delete temp folders upon exit\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1210",
"Technique2": "T1564",
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.66.1": {
"Section": "18.9.66",
"Recommendation": "18.9.66.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent downloading of enclosures\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1204",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.67.2": {
"Section": "18.9.67",
"Recommendation": "18.9.67.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow Cloud Search\u0027 is set to \u0027Enabled: Disable Cloud Search\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.67.3": {
"Section": "18.9.67",
"Recommendation": "18.9.67.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Cortana\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.67.4": {
"Section": "18.9.67",
"Recommendation": "18.9.67.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Cortana above lock screen\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.67.5": {
"Section": "18.9.67",
"Recommendation": "18.9.67.5",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow indexing of encrypted files\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1005",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"18.9.67.6": {
"Section": "18.9.67",
"Recommendation": "18.9.67.6",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow search and Cortana to use location\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1591",
"Technique2": null,
"Mitigation1": "M1056",
"Mitigation2": null
},
"18.9.72.1": {
"Section": "18.9.72",
"Recommendation": "18.9.72.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off KMS Client Online AVS Validation\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.75.1": {
"Section": "18.9.75",
"Recommendation": "18.9.75.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Disable all apps from Microsoft Store\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.75.2": {
"Section": "18.9.75",
"Recommendation": "18.9.75.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Only display the private store within the Microsoft Store\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.75.3": {
"Section": "18.9.75",
"Recommendation": "18.9.75.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off Automatic Download and Install of updates\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.75.4": {
"Section": "18.9.75",
"Recommendation": "18.9.75.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off the offer to update to the latest version of Windows\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.75.5": {
"Section": "18.9.75",
"Recommendation": "18.9.75.5",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off the Store application\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.81.1": {
"Section": "18.9.81",
"Recommendation": "18.9.81.1",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Allow widgets? is set to ?Disabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.85.1.1": {
"Section": "18.9.85.1",
"Recommendation": "18.9.85.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Windows Defender SmartScreen\u0027 is set to \u0027Enabled: Warn and prevent bypass\u0027",
"Technique1": "T1204",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.85.2.1": {
"Section": "18.9.85.2",
"Recommendation": "18.9.85.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Windows Defender SmartScreen\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1204",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.85.2.2": {
"Section": "18.9.85.2",
"Recommendation": "18.9.85.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent bypassing Windows Defender SmartScreen prompts for sites\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1553",
"Technique2": null,
"Mitigation1": "M1054",
"Mitigation2": null
},
"18.9.87.1": {
"Section": "18.9.87",
"Recommendation": "18.9.87.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enables or disables Windows Game Recording and Broadcasting\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1592",
"Technique2": null,
"Mitigation1": "M1056",
"Mitigation2": null
},
"18.9.89.1": {
"Section": "18.9.89",
"Recommendation": "18.9.89.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow suggested apps in Windows Ink Workspace\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.89.2": {
"Section": "18.9.89",
"Recommendation": "18.9.89.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Windows Ink Workspace\u0027 is set to \u0027Enabled: On, but disallow access above lock\u0027 OR \u0027Disabled\u0027 but not \u0027Enabled: On\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.90.1": {
"Section": "18.9.90",
"Recommendation": "18.9.90.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow user control over installs\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1204",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.90.2": {
"Section": "18.9.90",
"Recommendation": "18.9.90.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Always install with elevated privileges\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"18.9.90.3": {
"Section": "18.9.90",
"Recommendation": "18.9.90.3",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Prevent Internet Explorer security prompt for Windows Installer scripts\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1204",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"18.9.91.1": {
"Section": "18.9.91",
"Recommendation": "18.9.91.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Sign-in and lock last interactive user automatically after a restart\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.100.1": {
"Section": "18.9.100",
"Recommendation": "18.9.100.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn on PowerShell Script Block Logging\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1552",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.9.100.2": {
"Section": "18.9.100",
"Recommendation": "18.9.100.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn on PowerShell Transcription\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1552",
"Technique2": null,
"Mitigation1": "M1028",
"Mitigation2": null
},
"18.9.102.1.1": {
"Section": "18.9.102.1",
"Recommendation": "18.9.102.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Basic authentication\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": "T1557",
"Mitigation1": "M1018",
"Mitigation2": "M1041"
},
"18.9.102.1.2": {
"Section": "18.9.102.1",
"Recommendation": "18.9.102.1.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow unencrypted traffic\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": "T1557",
"Mitigation1": "M1018",
"Mitigation2": "M1041"
},
"18.9.102.1.3": {
"Section": "18.9.102.1",
"Recommendation": "18.9.102.1.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Disallow Digest authentication\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1021",
"Technique2": "T1557",
"Mitigation1": "M1018",
"Mitigation2": "M1041"
},
"18.9.102.2.1": {
"Section": "18.9.102.2",
"Recommendation": "18.9.102.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow Basic authentication\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": "T1557",
"Mitigation1": "M1018",
"Mitigation2": "M1041"
},
"18.9.102.2.2": {
"Section": "18.9.102.2",
"Recommendation": "18.9.102.2.2",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow remote server management through WinRM\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"18.9.102.2.3": {
"Section": "18.9.102.2",
"Recommendation": "18.9.102.2.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Allow unencrypted traffic\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1021",
"Technique2": "T1557",
"Mitigation1": "M1018",
"Mitigation2": "M1041"
},
"18.9.102.2.4": {
"Section": "18.9.102.2",
"Recommendation": "18.9.102.2.4",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Disallow WinRM from storing RunAs credentials\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1021",
"Technique2": "T1555",
"Mitigation1": "M1018",
"Mitigation2": "M1027"
},
"18.9.103.1": {
"Section": "18.9.103",
"Recommendation": "18.9.103.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Allow Remote Shell Access\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1059",
"Technique2": null,
"Mitigation1": "M1042",
"Mitigation2": null
},
"18.9.104.1": {
"Section": "18.9.104",
"Recommendation": "18.9.104.1",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Allow clipboard sharing with Windows Sandbox? is set to ?Disabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.104.2": {
"Section": "18.9.104",
"Recommendation": "18.9.104.2",
"Profile": "L1",
"RecommendationTitle": "Ensure ?Allow networking in Windows Sandbox? is set to ?Disabled?",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.105.2.1": {
"Section": "18.9.105.2",
"Recommendation": "18.9.105.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent users from modifying settings\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1562",
"Technique2": null,
"Mitigation1": "M1018",
"Mitigation2": null
},
"18.9.108.1.1": {
"Section": "18.9.108.1",
"Recommendation": "18.9.108.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027No auto-restart with logged on users for scheduled automatic updates installations\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.108.2.1": {
"Section": "18.9.108.2",
"Recommendation": "18.9.108.2.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Automatic Updates\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.108.2.2": {
"Section": "18.9.108.2",
"Recommendation": "18.9.108.2.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Automatic Updates: Scheduled install day\u0027 is set to \u00270 - Every day\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.108.2.3": {
"Section": "18.9.108.2",
"Recommendation": "18.9.108.2.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Remove access to ?Pause updates? feature\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.108.4.1": {
"Section": "18.9.108.4",
"Recommendation": "18.9.108.4.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Manage preview builds\u0027 is set to \u0027Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.103.4.2": {
"Section": "18.9.108.4",
"Recommendation": "18.9.103.4.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Select when Preview Builds and Feature Updates are received\u0027 is set to \u0027Enabled: 180 or more days\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"18.9.103.4.3": {
"Section": "18.9.108.4",
"Recommendation": "18.9.103.4.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Select when Quality Updates are received\u0027 is set to \u0027Enabled: 0 days\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.1.3.1": {
"Section": "19.1.3",
"Recommendation": "19.1.3.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Enable screen saver\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.1.3.2": {
"Section": "19.1.3",
"Recommendation": "19.1.3.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Password protect the screen saver\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.1.3.3": {
"Section": "19.1.3",
"Recommendation": "19.1.3.3",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Screen saver timeout\u0027 is set to \u0027Enabled: 900 seconds or fewer, but not 0\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.5.1.1": {
"Section": "19.5.1",
"Recommendation": "19.5.1.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Turn off toast notifications on the lock screen\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.6.6.1.1": {
"Section": "19.6.6.1",
"Recommendation": "19.6.6.1.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off Help Experience Improvement Program\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.7.4.1": {
"Section": "19.7.4",
"Recommendation": "19.7.4.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not preserve zone information in file attachments\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1204",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
},
"19.7.4.2": {
"Section": "19.7.4",
"Recommendation": "19.7.4.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Notify antivirus programs when opening attachments\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1027",
"Technique2": null,
"Mitigation1": "M1049",
"Mitigation2": null
},
"19.7.8.1": {
"Section": "19.7.8",
"Recommendation": "19.7.8.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Configure Windows spotlight on lock screen\u0027 is set to Disabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.7.8.2": {
"Section": "19.7.8",
"Recommendation": "19.7.8.2",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Do not suggest third-party content in Windows spotlight\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.7.8.3": {
"Section": "19.7.8",
"Recommendation": "19.7.8.3",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Do not use diagnostic data for tailored experiences\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.7.8.4": {
"Section": "19.7.8",
"Recommendation": "19.7.8.4",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Turn off all Windows spotlight features\u0027 is set to \u0027Enabled\u0027",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.7.8.5": {
"Section": "19.7.8",
"Recommendation": "19.7.8.5",
"Profile": "L2",
"RecommendationTitle": "Ensure ?Turn off Spotlight collection on Desktop? is set to ?Enabled",
"Technique1": "No MITRE ATT\u0026CK mapping",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK mapping",
"Mitigation2": null
},
"19.7.28.1": {
"Section": "19.7.28",
"Recommendation": "19.7.28.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Prevent users from sharing files within their profile.\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1083",
"Technique2": null,
"Mitigation1": "No MITRE ATT\u0026CK Mitigation",
"Mitigation2": null
},
"19.7.43.1": {
"Section": "19.7.43",
"Recommendation": "19.7.43.1",
"Profile": "L1",
"RecommendationTitle": "Ensure \u0027Always install with elevated privileges\u0027 is set to \u0027Disabled\u0027",
"Technique1": "T1548",
"Technique2": null,
"Mitigation1": "M1052",
"Mitigation2": null
},
"19.7.47.2.1": {
"Section": "19.7.47.2",
"Recommendation": "19.7.47.2.1",
"Profile": "L2",
"RecommendationTitle": "Ensure \u0027Prevent Codec Download\u0027 is set to \u0027Enabled\u0027",
"Technique1": "T1204",
"Technique2": null,
"Mitigation1": "M1038",
"Mitigation2": null
}
},
"AttackTactics": {
"TA0043": "Reconnaissance",
"TA0042": "Resource Development",
"TA0001": "Initial Access",
"TA0002": "Execution",
"TA0003": "Persistence",
"TA0004": "Privilege Escalation",
"TA0005": "Defense Evasion",
"TA0006": "Credential Access",
"TA0007": "Discovery",
"TA0008": "Lateral Movement",
"TA0009": "Collection",
"TA0011": "Command and Control",
"TA0010": "Exfiltration",
"TA0040": "Impact"
},
"AttackTechniques": {
"T1548": {
"ID": "T1548",
"name": "Abuse Elevation Control Mechanism"
},
"T1134": {
"ID": "T1134",
"name": "Access Token Manipulation"
},
"T1531": {
"ID": "T1531",
"name": "Account Access Removal",
"categories": "noEasyMitigation"
},
"T1087": {
"ID": "T1087",
"name": "Account Discovery",
"categories": "mailVector"
},
"T1098": {
"ID": "T1098",
"name": "Account Manipulation",
"categories": "mailVector"
},
"T1650": {
"ID": "T1650",
"name": "Acquire Access",
"categories": "orgMeasure noEasyMitigation"
},
"T1583": {
"ID": "T1583",
"name": "Acquire Infrastructure",
"categories": "noEasyMitigation"
},
"T1595": {
"ID": "T1595",
"name": "Active Scanning",
"categories": "orgMeasure noEasyMitigation"
},
"T1557": {
"ID": "T1557",
"name": "Adversary-in-the-Middle"
},
"T1071": {
"ID": "T1071",
"name": "Application Layer Protocol",
"categories": "mailVector"
},
"T1010": {
"ID": "T1010",
"name": "Application Window Discovery",
"categories": "noEasyMitigation"
},
"T1560": {
"ID": "T1560",
"name": "Archive Collected Data",
"categories": "mailVector"
},
"T1123": {
"ID": "T1123",
"name": "Audio Capture",
"categories": "noEasyMitigation"
},
"T1119": {
"ID": "T1119",
"name": "Automated Collection",
"categories": "mailVector"
},
"T1020": {
"ID": "T1020",
"name": "Automated Exfiltration",
"categories": "noEasyMitigation"
},
"T1197": {
"ID": "T1197",
"name": "BITS Jobs"
},
"T1547": {
"ID": "T1547",
"name": "Boot or Logon Autostart Execution",
"categories": "noEasyMitigation"
},
"T1037": {
"ID": "T1037",
"name": "Boot or Logon Initialization Scripts"
},
"T1176": {
"ID": "T1176",
"name": "Browser Extensions"
},
"T1217": {
"ID": "T1217",
"name": "Browser Information Discovery",
"categories": "noEasyMitigation"
},
"T1185": {
"ID": "T1185",
"name": "Browser Session Hijacking",
"categories": "mailVector"
},
"T1110": {
"ID": "T1110",
"name": "Brute Force"
},
"T1612": {
"ID": "T1612",
"name": "Build Image on Host"
},
"T1115": {
"ID": "T1115",
"name": "Clipboard Data",
"categories": "noEasyMitigation"
},
"T1651": {
"ID": "T1651",
"name": "Cloud Administration Command",
"categories": "orgMeasure"
},
"T1580": {
"ID": "T1580",
"name": "Cloud Infrastructure Discovery"
},
"T1538": {
"ID": "T1538",
"name": "Cloud Service Dashboard"
},
"T1526": {
"ID": "T1526",
"name": "Cloud Service Discovery",
"categories": "noEasyMitigation"
},
"T1619": {
"ID": "T1619",
"name": "Cloud Storage Object Discovery"
},
"T1059": {
"ID": "T1059",
"name": "Command and Scripting Interpreter"
},
"T1092": {
"ID": "T1092",
"name": "Communication Through Removable Media"
},
"T1586": {
"ID": "T1586",
"name": "Compromise Accounts",
"categories": "orgMeasure noEasyMitigation mailVector"
},
"T1554": {
"ID": "T1554",
"name": "Compromise Client Software Binary",
"categories": "orgMeasure mailVector"
},
"T1584": {
"ID": "T1584",
"name": "Compromise Infrastructure",
"categories": "orgMeasure noEasyMitigation"
},
"T1609": {
"ID": "T1609",
"name": "Container Administration Command"
},
"T1613": {
"ID": "T1613",
"name": "Container and Resource Discovery"
},
"T1136": {
"ID": "T1136",
"name": "Create Account"
},
"T1543": {
"ID": "T1543",
"name": "Create or Modify System Process"
},
"T1555": {
"ID": "T1555",
"name": "Credentials from Password Stores",
"categories": "mailVector"
},
"T1485": {
"ID": "T1485",
"name": "Data Destruction"
},
"T1132": {
"ID": "T1132",
"name": "Data Encoding"
},
"T1486": {
"ID": "T1486",
"name": "Data Encrypted for Impact"
},
"T1565": {
"ID": "T1565",
"name": "Data Manipulation"
},
"T1001": {
"ID": "T1001",
"name": "Data Obfuscation"
},
"T1074": {
"ID": "T1074",
"name": "Data Staged",
"categories": "noEasyMitigation mailVector"
},
"T1030": {
"ID": "T1030",
"name": "Data Transfer Size Limits"
},
"T1530": {
"ID": "T1530",
"name": "Data from Cloud Storage",
"categories": "mailVector"
},
"T1602": {
"ID": "T1602",
"name": "Data from Configuration Repository"
},
"T1213": {
"ID": "T1213",
"name": "Data from Information Repositories"
},
"T1005": {
"ID": "T1005",
"name": "Data from Local System",
"categories": "mailVector"
},
"T1039": {
"ID": "T1039",
"name": "Data from Network Shared Drive",
"categories": "noEasyMitigation mailVector"
},
"T1025": {
"ID": "T1025",
"name": "Data from Removable Media"
},
"T1622": {
"ID": "T1622",
"name": "Debugger Evasion",
"categories": "noEasyMitigation"
},
"T1491": {
"ID": "T1491",
"name": "Defacement"
},
"T1140": {
"ID": "T1140",
"name": "Deobfuscate/Decode Files or Information",
"categories": "noEasyMitigation mailVector"
},
"T1610": {
"ID": "T1610",
"name": "Deploy Container"
},
"T1587": {
"ID": "T1587",
"name": "Develop Capabilities",
"categories": "noEasyMitigation mailVector"
},
"T1652": {
"ID": "T1652",
"name": "Device Driver Discovery",
"categories": "noEasyMitigation"
},
"T1006": {
"ID": "T1006",
"name": "Direct Volume Access",
"categories": "noEasyMitigation"
},
"T1561": {
"ID": "T1561",
"name": "Disk Wipe"
},
"T1484": {
"ID": "T1484",
"name": "Domain Policy Modification"
},
"T1482": {
"ID": "T1482",
"name": "Domain Trust Discovery"
},
"T1189": {
"ID": "T1189",
"name": "Drive-by Compromise"
},
"T1568": {
"ID": "T1568",
"name": "Dynamic Resolution"
},
"T1114": {
"ID": "T1114",
"name": "Email Collection",
"categories": "mailVector"
},
"T1573": {
"ID": "T1573",
"name": "Encrypted Channel"
},
"T1499": {
"ID": "T1499",
"name": "Endpoint Denial of Service",
"categories": "mailVector"
},
"T1611": {
"ID": "T1611",
"name": "Escape to Host"
},
"T1585": {
"ID": "T1585",
"name": "Establish Accounts",
"categories": "orgMeasure noEasyMitigation mailVector"
},
"T1546": {
"ID": "T1546",
"name": "Event Triggered Execution",
"categories": "noEasyMitigation"
},
"T1480": {
"ID": "T1480",
"name": "Execution Guardrails"
},
"T1048": {
"ID": "T1048",
"name": "Exfiltration Over Alternative Protocol",
"categories": "mailVector"
},
"T1041": {
"ID": "T1041",
"name": "Exfiltration Over C2 Channel",
"categories": "mailVector"
},
"T1011": {
"ID": "T1011",
"name": "Exfiltration Over Other Network Medium"
},
"T1052": {
"ID": "T1052",
"name": "Exfiltration Over Physical Medium"
},
"T1567": {
"ID": "T1567",
"name": "Exfiltration Over Web Service"
},
"T1190": {
"ID": "T1190",
"name": "Exploit Public-Facing Application",
"categories": "mailVector"
},
"T1203": {
"ID": "T1203",
"name": "Exploitation for Client Execution",
"categories": "mailVector"
},
"T1212": {
"ID": "T1212",
"name": "Exploitation for Credential Access"
},
"T1211": {
"ID": "T1211",
"name": "Exploitation for Defense Evasion"
},
"T1068": {
"ID": "T1068",
"name": "Exploitation for Privilege Escalation"
},
"T1210": {
"ID": "T1210",
"name": "Exploitation of Remote Services"
},
"T1133": {
"ID": "T1133",
"name": "External Remote Services"
},
"T1008": {
"ID": "T1008",
"name": "Fallback Channels"
},
"T1083": {
"ID": "T1083",
"name": "File and Directory Discovery",
"categories": "noEasyMitigation"
},
"T1222": {
"ID": "T1222",
"name": "File and Directory Permissions Modification"
},
"T1495": {
"ID": "T1495",
"name": "Firmware Corruption"
},
"T1187": {
"ID": "T1187",
"name": "Forced Authentication"
},
"T1606": {
"ID": "T1606",
"name": "Forge Web Credentials"
},
"T1592": {
"ID": "T1592",
"name": "Gather Victim Host Information",
"categories": "noEasyMitigation"
},
"T1589": {
"ID": "T1589",
"name": "Gather Victim Identity Information",
"categories": "noEasyMitigation mailVector"
},
"T1590": {
"ID": "T1590",
"name": "Gather Victim Network Information",
"categories": "orgMeasure noEasyMitigation"
},
"T1591": {
"ID": "T1591",
"name": "Gather Victim Org Information",
"categories": "noEasyMitigation"
},
"T1615": {
"ID": "T1615",
"name": "Group Policy Discovery",
"categories": "noEasyMitigation"
},
"T1200": {
"ID": "T1200",
"name": "Hardware Additions"
},
"T1564": {
"ID": "T1564",
"name": "Hide Artifacts",
"categories": "noEasyMitigation mailVector"
},
"T1574": {
"ID": "T1574",
"name": "Hijack Execution Flow"
},
"T1562": {
"ID": "T1562",
"name": "Impair Defenses"
},
"T1525": {
"ID": "T1525",
"name": "Implant Internal Image"
},
"T1070": {
"ID": "T1070",
"name": "Indicator Removal",
"categories": "mailVector"
},
"T1202": {
"ID": "T1202",
"name": "Indirect Command Execution",
"categories": "noEasyMitigation"
},
"T1105": {
"ID": "T1105",
"name": "Ingress Tool Transfer",
"categories": "mailVector"
},
"T1490": {
"ID": "T1490",
"name": "Inhibit System Recovery"
},
"T1056": {
"ID": "T1056",
"name": "Input Capture",
"categories": "noEasyMitigation"
},
"T1559": {
"ID": "T1559",
"name": "Inter-Process Communication"
},
"T1534": {
"ID": "T1534",
"name": "Internal Spearphishing",
"categories": "orgMeasure noEasyMitigation mailVector"
},
"T1570": {
"ID": "T1570",
"name": "Lateral Tool Transfer"
},
"T1036": {
"ID": "T1036",
"name": "Masquerading",
"categories": "mailVector"
},
"T1556": {
"ID": "T1556",
"name": "Modify Authentication Process"
},
"T1578": {
"ID": "T1578",
"name": "Modify Cloud Compute Infrastructure"
},
"T1112": {
"ID": "T1112",
"name": "Modify Registry"
},
"T1601": {
"ID": "T1601",
"name": "Modify System Image"
},
"T1111": {
"ID": "T1111",
"name": "Multi-Factor Authentication Interception"
},
"T1621": {
"ID": "T1621",
"name": "Multi-Factor Authentication Request Generation"
},
"T1104": {
"ID": "T1104",
"name": "Multi-Stage Channels"
},
"T1106": {
"ID": "T1106",
"name": "Native API"
},
"T1599": {
"ID": "T1599",
"name": "Network Boundary Bridging",
"categories": "orgMeasure"
},
"T1498": {
"ID": "T1498",
"name": "Network Denial of Service",
"categories": "mailVector"
},
"T1046": {
"ID": "T1046",
"name": "Network Service Discovery"
},
"T1135": {
"ID": "T1135",
"name": "Network Share Discovery"
},
"T1040": {
"ID": "T1040",
"name": "Network Sniffing"
},
"T1095": {
"ID": "T1095",
"name": "Non-Application Layer Protocol"
},
"T1571": {
"ID": "T1571",
"name": "Non-Standard Port",
"categories": "mailVector"
},
"T1003": {
"ID": "T1003",
"name": "OS Credential Dumping",
"categories": "mailVector"
},
"T1027": {
"ID": "T1027",
"name": "Obfuscated Files or Information"
},
"T1588": {
"ID": "T1588",
"name": "Obtain Capabilities",
"categories": "noEasyMitigation"
},
"T1137": {
"ID": "T1137",
"name": "Office Application Startup",
"categories": "mailVector"
},
"T1201": {
"ID": "T1201",
"name": "Password Policy Discovery"
},
"T1120": {
"ID": "T1120",
"name": "Peripheral Device Discovery",
"categories": "noEasyMitigation"
},
"T1069": {
"ID": "T1069",
"name": "Permission Groups Discovery",
"categories": "noEasyMitigation"
},
"T1566": {
"ID": "T1566",
"name": "Phishing",
"categories": "mailVector"
},
"T1598": {
"ID": "T1598",
"name": "Phishing for Information",
"categories": "mailVector"
},
"T1647": {
"ID": "T1647",
"name": "Plist File Modification"
},
"T1542": {
"ID": "T1542",
"name": "Pre-OS Boot"
},
"T1057": {
"ID": "T1057",
"name": "Process Discovery",
"categories": "noEasyMitigation"
},
"T1055": {
"ID": "T1055",
"name": "Process Injection"
},
"T1572": {
"ID": "T1572",
"name": "Protocol Tunneling"
},
"T1090": {
"ID": "T1090",
"name": "Proxy"
},
"T1012": {
"ID": "T1012",
"name": "Query Registry",
"categories": "noEasyMitigation"
},
"T1620": {
"ID": "T1620",
"name": "Reflective Code Loading",
"categories": "noEasyMitigation"
},
"T1219": {
"ID": "T1219",
"name": "Remote Access Software"
},
"T1563": {
"ID": "T1563",
"name": "Remote Service Session Hijacking"
},
"T1021": {
"ID": "T1021",
"name": "Remote Services"
},
"T1018": {
"ID": "T1018",
"name": "Remote System Discovery",
"categories": "noEasyMitigation"
},
"T1091": {
"ID": "T1091",
"name": "Replication Through Removable Media"
},
"T1496": {
"ID": "T1496",
"name": "Resource Hijacking",
"categories": "noEasyMitigation"
},
"T1207": {
"ID": "T1207",
"name": "Rogue Domain Controller",
"categories": "noEasyMitigation"
},
"T1014": {
"ID": "T1014",
"name": "Rootkit",
"categories": "noEasyMitigation"
},
"T1053": {
"ID": "T1053",
"name": "Scheduled Task/Job"
},
"T1029": {
"ID": "T1029",
"name": "Scheduled Transfer"
},
"T1113": {
"ID": "T1113",
"name": "Screen Capture",
"categories": "noEasyMitigation mailVector"
},
"T1597": {
"ID": "T1597",
"name": "Search Closed Sources",
"categories": "noEasyMitigation"
},
"T1596": {
"ID": "T1596",
"name": "Search Open Technical Databases",
"categories": "noEasyMitigation"
},
"T1593": {
"ID": "T1593",
"name": "Search Open Websites/Domains"
},
"T1594": {
"ID": "T1594",
"name": "Search Victim-Owned Websites",
"categories": "orgMeasure noEasyMitigation mailVector"
},
"T1505": {
"ID": "T1505",
"name": "Server Software Component"
},
"T1648": {
"ID": "T1648",
"name": "Serverless Execution",
"categories": "mailVector"
},
"T1489": {
"ID": "T1489",
"name": "Service Stop"
},
"T1129": {
"ID": "T1129",
"name": "Shared Modules"
},
"T1072": {
"ID": "T1072",
"name": "Software Deployment Tools"
},
"T1518": {
"ID": "T1518",
"name": "Software Discovery",
"categories": "noEasyMitigation"
},
"T1608": {
"ID": "T1608",
"name": "Stage Capabilities",
"categories": "noEasyMitigation"
},
"T1528": {
"ID": "T1528",
"name": "Steal Application Access Token",
"categories": "mailVector"
},
"T1539": {
"ID": "T1539",
"name": "Steal Web Session Cookie"
},
"T1649": {
"ID": "T1649",
"name": "Steal or Forge Authentication Certificates"
},
"T1558": {
"ID": "T1558",
"name": "Steal or Forge Kerberos Tickets"
},
"T1553": {
"ID": "T1553",
"name": "Subvert Trust Controls"
},
"T1195": {
"ID": "T1195",
"name": "Supply Chain Compromise"
},
"T1218": {
"ID": "T1218",
"name": "System Binary Proxy Execution"
},
"T1082": {
"ID": "T1082",
"name": "System Information Discovery",
"categories": "noEasyMitigation"
},
"T1614": {
"ID": "T1614",
"name": "System Location Discovery",
"categories": "noEasyMitigation"
},
"T1016": {
"ID": "T1016",
"name": "System Network Configuration Discovery",
"categories": "noEasyMitigation mailVector"
},
"T1049": {
"ID": "T1049",
"name": "System Network Connections Discovery",
"categories": "noEasyMitigation"
},
"T1033": {
"ID": "T1033",
"name": "System Owner/User Discovery",
"categories": "noEasyMitigation mailVector"
},
"T1216": {
"ID": "T1216",
"name": "System Script Proxy Execution"
},
"T1007": {
"ID": "T1007",
"name": "System Service Discovery",
"categories": "noEasyMitigation"
},
"T1569": {
"ID": "T1569",
"name": "System Services"
},
"T1529": {
"ID": "T1529",
"name": "System Shutdown/Reboot",
"categories": "noEasyMitigation"
},
"T1124": {
"ID": "T1124",
"name": "System Time Discovery",
"categories": "noEasyMitigation"
},
"T1080": {
"ID": "T1080",
"name": "Taint Shared Content"
},
"T1221": {
"ID": "T1221",
"name": "Template Injection",
"categories": "mailVector"
},
"T1205": {
"ID": "T1205",
"name": "Traffic Signaling"
},
"T1537": {
"ID": "T1537",
"name": "Transfer Data to Cloud Account"
},
"T1127": {
"ID": "T1127",
"name": "Trusted Developer Utilities Proxy Execution"
},
"T1199": {
"ID": "T1199",
"name": "Trusted Relationship"
},
"T1552": {
"ID": "T1552",
"name": "Unsecured Credentials"
},
"T1535": {
"ID": "T1535",
"name": "Unused/Unsupported Cloud Regions"
},
"T1550": {
"ID": "T1550",
"name": "Use Alternate Authentication Material"
},
"T1204": {
"ID": "T1204",
"name": "User Execution"
},
"T1078": {
"ID": "T1078",
"name": "Valid Accounts",
"categories": "mailVector"
},
"T1125": {
"ID": "T1125",
"name": "Video Capture",
"categories": "noEasyMitigation"
},
"T1497": {
"ID": "T1497",
"name": "Virtualization/Sandbox Evasion",
"categories": "noEasyMitigation"
},
"T1600": {
"ID": "T1600",
"name": "Weaken Encryption",
"categories": "noEasyMitigation"
},
"T1102": {
"ID": "T1102",
"name": "Web Service"
},
"T1047": {
"ID": "T1047",
"name": "Windows Management Instrumentation"
},
"T1220": {
"ID": "T1220",
"name": "XSL Script Processing"
}
},
"TechniquesToTactis": {
"T1132": "TA0011",
"T1594": "TA0043",
"T1573": "TA0011",
"T1587": "TA0042",
"T1556": [
"TA0006",
"TA0005",
"TA0003"
],
"T1137": "TA0003",
"T1071": "TA0011",
"T1016": "TA0007",
"T1601": "TA0005",
"T1547": [
"TA0004",
"TA0003"
],
"T1041": "TA0010",
"T1200": "TA0001",
"T1055": [
"TA0004",
"TA0005"
],
"T1176": "TA0003",
"T1593": "TA0043",
"T1072": [
"TA0008",
"TA0002"
],
"T1204": "TA0002",
"T1218": "TA0005",
"T1482": "TA0007",
"T1525": "TA0003",
"T1129": "TA0002",
"T1558": "TA0006",
"T1564": "TA0005",
"T1207": "TA0005",
"T1580": "TA0007",
"T1092": "TA0011",
"T1133": [
"TA0001",
"TA0003"
],
"T1571": "TA0011",
"T1021": "TA0008",
"T1078": [
"TA0004",
"TA0005",
"TA0001",
"TA0003"
],
"T1070": "TA0005",
"T1113": "TA0009",
"T1040": [
"TA0006",
"TA0007"
],
"T1583": "TA0042",
"T1069": "TA0007",
"T1202": "TA0005",
"T1572": "TA0011",
"T1068": "TA0004",
"T1652": "TA0007",
"T1555": "TA0006",
"T1538": "TA0007",
"T1563": "TA0008",
"T1216": "TA0005",
"T1539": "TA0006",
"T1489": "TA0040",
"T1221": "TA0005",
"T1622": [
"TA0005",
"TA0007"
],
"T1495": "TA0040",
"T1535": "TA0005",
"T1219": "TA0011",
"T1197": [
"TA0005",
"TA0003"
],
"T1486": "TA0040",
"T1649": "TA0006",
"T1569": "TA0002",
"T1578": "TA0005",
"T1497": [
"TA0005",
"TA0007"
],
"T1091": [
"TA0008",
"TA0001"
],
"T1083": "TA0007",
"T1087": "TA0007",
"T1201": "TA0007",
"T1537": "TA0010",
"T1190": "TA0001",
"T1007": "TA0007",
"T1112": "TA0005",
"T1608": "TA0042",
"T1650": "TA0042",
"T1110": "TA0006",
"T1530": "TA0009",
"T1090": "TA0011",
"T1039": "TA0009",
"T1553": "TA0005",
"T1599": "TA0005",
"T1619": "TA0007",
"T1185": "TA0009",
"T1585": "TA0042",
"T1588": "TA0042",
"T1485": "TA0040",
"T1534": "TA0008",
"T1098": "TA0003",
"T1499": "TA0040",
"T1614": "TA0007",
"T1602": "TA0009",
"T1213": "TA0009",
"T1114": "TA0009",
"T1052": "TA0010",
"T1648": "TA0002",
"T1135": "TA0007",
"T1621": "TA0006",
"T1095": "TA0011",
"T1542": [
"TA0005",
"TA0003"
],
"T1124": "TA0007",
"T1119": "TA0009",
"T1057": "TA0007",
"T1531": "TA0040",
"T1136": "TA0003",
"T1140": "TA0005",
"T1037": [
"TA0004",
"TA0003"
],
"T1046": "TA0007",
"T1505": "TA0003",
"T1565": "TA0040",
"T1480": "TA0005",
"T1612": "TA0005",
"T1205": [
"TA0005",
"TA0011",
"TA0003"
],
"T1080": "TA0008",
"T1003": "TA0006",
"T1552": "TA0006",
"T1059": "TA0002",
"T1211": "TA0005",
"T1550": [
"TA0008",
"TA0005"
],
"T1543": [
"TA0004",
"TA0003"
],
"T1595": "TA0043",
"T1048": "TA0010",
"T1600": "TA0005",
"T1005": "TA0009",
"T1592": "TA0043",
"T1557": [
"TA0009",
"TA0006"
],
"T1010": "TA0007",
"T1561": "TA0040",
"T1498": "TA0040",
"T1203": "TA0002",
"T1546": [
"TA0004",
"TA0003"
],
"T1125": "TA0009",
"T1056": [
"TA0009",
"TA0006"
],
"T1554": "TA0003",
"T1591": "TA0043",
"T1187": "TA0006",
"T1217": "TA0007",
"T1047": "TA0002",
"T1647": "TA0005",
"T1559": "TA0002",
"T1018": "TA0007",
"T1074": "TA0009",
"T1199": "TA0001",
"T1025": "TA0009",
"T1610": [
"TA0002",
"TA0005"
],
"T1548": [
"TA0004",
"TA0005"
],
"T1210": "TA0008",
"T1584": "TA0042",
"T1567": "TA0010",
"T1120": "TA0007",
"T1491": "TA0040",
"T1606": "TA0006",
"T1001": "TA0011",
"T1562": "TA0005",
"T1049": "TA0007",
"T1105": "TA0011",
"T1613": "TA0007",
"T1220": "TA0005",
"T1082": "TA0007",
"T1222": "TA0005",
"T1609": "TA0002",
"T1651": "TA0002",
"T1111": "TA0006",
"T1212": "TA0006",
"T1611": "TA0004",
"T1030": "TA0010",
"T1528": "TA0006",
"T1102": "TA0011",
"T1574": [
"TA0004",
"TA0005",
"TA0003"
],
"T1598": "TA0043",
"T1127": "TA0005",
"T1570": "TA0008",
"T1006": "TA0005",
"T1008": "TA0011",
"T1589": "TA0043",
"T1012": "TA0007",
"T1620": "TA0005",
"T1496": "TA0040",
"T1615": "TA0007",
"T1518": "TA0007",
"T1566": "TA0001",
"T1484": [
"TA0004",
"TA0005"
],
"T1526": "TA0007",
"T1189": "TA0001",
"T1029": "TA0010",
"T1014": "TA0005",
"T1568": "TA0011",
"T1134": [
"TA0004",
"TA0005"
],
"T1104": "TA0011",
"T1586": "TA0042",
"T1195": "TA0001",
"T1011": "TA0010",
"T1560": "TA0009",
"T1036": "TA0005",
"T1106": "TA0002",
"T1590": "TA0043",
"T1027": "TA0005",
"T1529": "TA0040",
"T1033": "TA0007",
"T1020": "TA0010",
"T1490": "TA0040",
"T1597": "TA0043",
"T1115": "TA0009",
"T1053": [
"TA0004",
"TA0002",
"TA0003"
],
"T1596": "TA0043",
"T1123": "TA0009"
}
}
Reference in New Issue View Git Blame Copy Permalink