ticketsopf.blogg.se - april 2023

NSACyber - Application Whitelisting Using Microsoft AppLocker.Microsoft - Windows Defender Application Control.Microsoft - Recommended driver block rules.

Microsoft Security Compliance Toolkit 1.0Īdditional configurations were considered from:.

Hardware Requirements for Windows Defender Credential GuardĪ list of scripts and tools this collection utilizes:.

Hardware Requirements for Windows Defender Application Guard.

Hardware Requirements for Virtualization-Based Security.

Hardware Requirements for Memory Integrity.

Follow-up runs of this script can be run without disabling bitlocker.

Bitlocker must be suspended or turned off prior to implementing this script, it can be enabled again after rebooting.

Standards for a highly secure windows device.

We now offer a playbook collection for this script.

Minus system documentation, this collection should bring you up to about 95% compliance on all the STIGS/SRGs applied.

This script is not designed to bring a system to 100% compliance, rather it should be used as a stepping stone to complete most, if not all, the configuration changes that can be scripted.

This script is designed for operation in Enterprise environments and assumes you have hardware support for all the requirements.

This script aims to speed up that process significantly.

Totalling over 1000 configuration changes on a typical deployment and an average of 5 minutes per change equaling 3.5 days worth of work. When not automated, they require manual changes of each STIG/SRG. Standalone systems are some of the most difficult and annoying systems to secure. These changes cover a wide range of mitigations including blocking telemetry, macros, removing bloatware, and preventing many physical attacks on a system. Microsoft, Cyber.mil, the Department of Defense, and the National Security Agency have recommended and required configuration changes to lockdown, harden, and secure the operating system and ensure government compliance. Windows Server 2012, 2016, and 2019 are insecure operating systems out of the box and requires many changes to insure FISMA compliance. It is your responsibility to review and test the script before running it. Do not run this script if you don't understand what it does. If something goes wrong, be prepared to submit an issue. While creates, reviews, and tests each repo intensively, we can not test every possible configuration nor does take any responsibility for breaking your system. Note: This script should work for most, if not all, systems without issue. Download all the required files from the GitHub Repository