From eb9057c134bd2de1695563ee2feda3cfc2c1e413 Mon Sep 17 00:00:00 2001 From: Xarristo <115558698+Xarristo@users.noreply.github.com> Date: Fri, 21 Jul 2023 17:51:03 +0200 Subject: [PATCH] Ticket_TPSTFP-85 (#40) * merged json files to one, deleted old json files, changed read in from json files * renamed MappingData.json --- ATAPHtmlReport/ATAPHtmlReport.psm1 | 20 +- ...H1_Benchmark_v1-MITRE ATT&CK Mappings.json | 5102 -------------- ATAPHtmlReport/TechniquesToTactics.json | 279 - .../enterprise-attack-v13-techniques.json | 786 --- .../resources/CISToAttackMappingData.json | 6185 +++++++++++++++++ ATAPHtmlReport/resources/MitreTactics.json | 16 - 6 files changed, 6193 insertions(+), 6195 deletions(-) delete mode 100644 ATAPHtmlReport/CIS_Microsoft_Windows_10_Enterprise_Release_21H1_Benchmark_v1-MITRE ATT&CK Mappings.json delete mode 100644 ATAPHtmlReport/TechniquesToTactics.json delete mode 100644 ATAPHtmlReport/enterprise-attack-v13-techniques.json create mode 100644 ATAPHtmlReport/resources/CISToAttackMappingData.json delete mode 100644 ATAPHtmlReport/resources/MitreTactics.json diff --git a/ATAPHtmlReport/ATAPHtmlReport.psm1 b/ATAPHtmlReport/ATAPHtmlReport.psm1 index d2fb3da6..6ea7ef8f 100644 --- a/ATAPHtmlReport/ATAPHtmlReport.psm1 +++ b/ATAPHtmlReport/ATAPHtmlReport.psm1 @@ -40,11 +40,8 @@ $ModuleVersion = (Import-PowerShellDataFile -Path "$ScriptRoot\ATAPHtmlReport.ps $StatusValues = 'True', 'False', 'Warning', 'None', 'Error' $AuditProperties = @{ Name = 'Id' }, @{ Name = 'Task' }, @{ Name = 'Message' }, @{ Name = 'Status' } -# $MitreTacticsStore = Get-Content -Raw "$PSScriptRoot\resources\MitreTactics.json" | ConvertFrom-Json -AsHashtable <- this is only available from powersehll v 6 onwards -$MitreTacticsStore = Get-Content -Raw "$PSScriptRoot\resources\MitreTactics.json" | ConvertFrom-Json - -$MitreTechniquesToTacticsMap = Get-Content -Raw "$PSScriptRoot\TechniquesToTactics.json" | ConvertFrom-Json - +#read in all information needed for Mitre Attack Mapping from json file +$global:CISToAttackMappingData = Get-Content -Raw "$PSScriptRoot\resources\CISToAttackMappingData.json" | ConvertFrom-Json function Get-MitreTacticName { <# @@ -60,8 +57,8 @@ function Get-MitreTacticName { $TacticId ) - # $MitreTacticsStore[$tacticId] cannot be used because MitreTacticsStore is a customObject and not a map - return $MitreTacticsStore.$tacticId + # $CISToAttackMappingData[AttackTactics][$tacticId] cannot be used because CISToAttackMappingData is a customObject and not a map + return $CISToAttackMappingData.'AttackTactics'.$tacticId } function Get-MitreTactics { @@ -76,7 +73,7 @@ function Get-MitreTactics { [Parameter(Mandatory = $true)] $TechniqueID ) - return $MitreTechniquesToTacticsMap.$TechniqueID + return $CISToAttackMappingData.'TechniquesToTactis'.$TechniqueID } class MitreMap { @@ -86,9 +83,8 @@ class MitreMap { $this.Map = @{} #read in techniques from json-file - $techniques = Get-Content -Raw "$PSScriptRoot\enterprise-attack-v13-techniques.json" | ConvertFrom-Json - #can't access $MitreTacticsStore int this function so read in file again - $tactics = Get-Content -Raw "$PSScriptRoot\resources\MitreTactics.json" | ConvertFrom-Json + $techniques = $global:CISToAttackMappingData.'AttackTechniques' + $tactics = $global:CISToAttackMappingData.'AttackTactics' foreach($tacitc in $tactics.psobject.properties.name) { $this.Map[$tacitc] = @{} @@ -498,7 +494,7 @@ function Merge-CisAuditsToMitreMap { $Audit ) Begin { - $json = Get-Content -Raw "$PSScriptRoot\CIS_Microsoft_Windows_10_Enterprise_Release_21H1_Benchmark_v1-MITRE ATT&CK Mappings.json" | ConvertFrom-Json + $json = $global:CISToAttackMappingData.'CISAttackMapping' $mitreMap = [MitreMap]::new() } diff --git a/ATAPHtmlReport/CIS_Microsoft_Windows_10_Enterprise_Release_21H1_Benchmark_v1-MITRE ATT&CK Mappings.json b/ATAPHtmlReport/CIS_Microsoft_Windows_10_Enterprise_Release_21H1_Benchmark_v1-MITRE ATT&CK Mappings.json deleted file mode 100644 index 3b0b6462..00000000 --- a/ATAPHtmlReport/CIS_Microsoft_Windows_10_Enterprise_Release_21H1_Benchmark_v1-MITRE ATT&CK Mappings.json +++ /dev/null @@ -1,5102 +0,0 @@ -{ - "1.1.1": { - "Section": "1.1", - "Recommendation": "1.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enforce password history\u0027 is set to \u002724 or more password(s)\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "1.1.2": { - "Section": "1.1", - "Recommendation": "1.1.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Maximum password age\u0027 is set to \u002760 or fewer days, but not 0\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "1.1.3": { - "Section": "1.1", - "Recommendation": "1.1.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Minimum password age\u0027 is set to \u00271 or more day(s)\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "1.1.4": { - "Section": "1.1", - "Recommendation": "1.1.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Minimum password length\u0027 is set to \u002714 or more character(s)\u0027", - "Technique1": "T1078", - "Technique2": "T1110", - "Mitigation1": "M1027", - "Mitigation2": "M1018" - }, - "1.1.5": { - "Section": "1.1", - "Recommendation": "1.1.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Password must meet complexity requirements\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1078", - "Technique2": "T1110", - "Mitigation1": "M1027", - "Mitigation2": "M1018" - }, - "1.1.6": { - "Section": "1.1", - "Recommendation": "1.1.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Relax minimum password length limits\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1078", - "Technique2": "T1110", - "Mitigation1": "M1027", - "Mitigation2": "M1018" - }, - "1.1.7": { - "Section": "1.1", - "Recommendation": "1.1.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Store passwords using reversible encryption\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1003", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "1.2.1": { - "Section": "1.2", - "Recommendation": "1.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Account lockout duration\u0027 is set to \u002715 or more minute(s)\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "1.2.2": { - "Section": "1.2", - "Recommendation": "1.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Account lockout threshold\u0027 is set to \u002710 or fewer invalid logon attempt(s), but not 0\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "1.2.3": { - "Section": "1.2", - "Recommendation": "1.2.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Reset account lockout counter after\u0027 is set to \u002715 or more minute(s)\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "2.2.1": { - "Section": "2.2", - "Recommendation": "2.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Access Credential Manager as a trusted caller\u0027 is set to \u0027No One\u0027", - "Technique1": "T1115", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "2.2.2": { - "Section": "2.2", - "Recommendation": "2.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Access this computer from the network\u0027 is set to \u0027Administrators, Remote Desktop Users\u0027", - "Technique1": "T1563", - "Technique2": "T1021", - "Mitigation1": "M1035", - "Mitigation2": "M1018" - }, - "2.2.3": { - "Section": "2.2", - "Recommendation": "2.2.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Act as part of the operating system\u0027 is set to \u0027No One\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "2.2.4": { - "Section": "2.2", - "Recommendation": "2.2.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Adjust memory quotas for a process\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE\u0027", - "Technique1": "T1496", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.5": { - "Section": "2.2", - "Recommendation": "2.2.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow log on locally\u0027 is set to \u0027Administrators, Users\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "2.2.6": { - "Section": "2.2", - "Recommendation": "2.2.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow log on through Remote Desktop Services\u0027 is set to \u0027Administrators, Remote Desktop Users\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "2.2.7": { - "Section": "2.2", - "Recommendation": "2.2.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Back up files and directories\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1222", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": "M1022" - }, - "2.2.8": { - "Section": "2.2", - "Recommendation": "2.2.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Change the system time\u0027 is set to \u0027Administrators, LOCAL SERVICE\u0027", - "Technique1": "T1070", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "2.2.9": { - "Section": "2.2", - "Recommendation": "2.2.9", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Change the time zone\u0027 is set to \u0027Administrators, LOCAL SERVICE, Users\u0027", - "Technique1": "T1070", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "2.2.10": { - "Section": "2.2", - "Recommendation": "2.2.10", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Create a pagefile\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1074", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.11": { - "Section": "2.2", - "Recommendation": "2.2.11", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Create a token object\u0027 is set to \u0027No One\u0027", - "Technique1": "T1134", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.2.12": { - "Section": "2.2", - "Recommendation": "2.2.12", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Create global objects\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE\u0027", - "Technique1": "T1543", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.2.13": { - "Section": "2.2", - "Recommendation": "2.2.13", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Create permanent shared objects\u0027 is set to \u0027No One\u0027", - "Technique1": "T1083", - "Technique2": "T1039", - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.14": { - "Section": "2.2", - "Recommendation": "2.2.14", - "Profile": "L1", - "RecommendationTitle": "Configure \u0027Create symbolic links\u0027", - "Technique1": "T1574", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.2.15": { - "Section": "2.2", - "Recommendation": "2.2.15", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Debug programs\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1127", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "2.2.16": { - "Section": "2.2", - "Recommendation": "2.2.16", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Deny access to this computer from the network\u0027 to include \u0027Guests, Local account\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "2.2.17": { - "Section": "2.2", - "Recommendation": "2.2.17", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Deny log on as a batch job\u0027 to include \u0027Guests\u0027", - "Technique1": "T1053", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "2.2.18": { - "Section": "2.2", - "Recommendation": "2.2.18", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Deny log on as a service\u0027 to include \u0027Guests\u0027", - "Technique1": "T1543", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.2.19": { - "Section": "2.2", - "Recommendation": "2.2.19", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Deny log on locally\u0027 to include \u0027Guests\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "2.2.20": { - "Section": "2.2", - "Recommendation": "2.2.20", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Deny log on through Remote Desktop Services\u0027 to include \u0027Guests, Local account\u0027", - "Technique1": "T1021", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.2.21": { - "Section": "2.2", - "Recommendation": "2.2.21", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enable computer and user accounts to be trusted for delegation\u0027 is set to \u0027No One\u0027", - "Technique1": "T1134", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.2.22": { - "Section": "2.2", - "Recommendation": "2.2.22", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Force shutdown from a remote system\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1529", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.23": { - "Section": "2.2", - "Recommendation": "2.2.23", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Generate security audits\u0027 is set to \u0027LOCAL SERVICE, NETWORK SERVICE\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.2.24": { - "Section": "2.2", - "Recommendation": "2.2.24", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Impersonate a client after authentication\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE\u0027", - "Technique1": "T1134", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.2.25": { - "Section": "2.2", - "Recommendation": "2.2.25", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Increase scheduling priority\u0027 is set to \u0027Administrators, Window Manager\\Window Manager Group\u0027", - "Technique1": "T1496", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.26": { - "Section": "2.2", - "Recommendation": "2.2.26", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Load and unload device drivers\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1547", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.27": { - "Section": "2.2", - "Recommendation": "2.2.27", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Lock pages in memory\u0027 is set to \u0027No One\u0027", - "Technique1": "T1496", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.28": { - "Section": "2.2", - "Recommendation": "2.2.28", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Log on as a batch job\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1053", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "2.2.29": { - "Section": "2.2", - "Recommendation": "2.2.29", - "Profile": "L2", - "RecommendationTitle": "Configure \u0027Log on as a service\u0027", - "Technique1": "T1543", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.2.30": { - "Section": "2.2", - "Recommendation": "2.2.30", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Manage auditing and security log\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.2.31": { - "Section": "2.2", - "Recommendation": "2.2.31", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Modify an object label\u0027 is set to \u0027No One\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.2.32": { - "Section": "2.2", - "Recommendation": "2.2.32", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Modify firmware environment values\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1495", - "Technique2": null, - "Mitigation1": "M1046", - "Mitigation2": null - }, - "2.2.33": { - "Section": "2.2", - "Recommendation": "2.2.33", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Perform volume maintenance tasks\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1561", - "Technique2": null, - "Mitigation1": "M1053", - "Mitigation2": null - }, - "2.2.34": { - "Section": "2.2", - "Recommendation": "2.2.34", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Profile single process\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1057", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.35": { - "Section": "2.2", - "Recommendation": "2.2.35", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Profile system performance\u0027 is set to \u0027Administrators, NT SERVICE\\WdiServiceHost\u0027", - "Technique1": "T1057", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.36": { - "Section": "2.2", - "Recommendation": "2.2.36", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Replace a process level token\u0027 is set to \u0027LOCAL SERVICE, NETWORK SERVICE\u0027", - "Technique1": "T1134", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.2.37": { - "Section": "2.2", - "Recommendation": "2.2.37", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Restore files and directories\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1485", - "Technique2": null, - "Mitigation1": "M1053", - "Mitigation2": null - }, - "2.2.38": { - "Section": "2.2", - "Recommendation": "2.2.38", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Shut down the system\u0027 is set to \u0027Administrators, Users\u0027", - "Technique1": "T1529", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.2.39": { - "Section": "2.2", - "Recommendation": "2.2.39", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Take ownership of files or other objects\u0027 is set to \u0027Administrators\u0027", - "Technique1": "T1222", - "Technique2": "T1112", - "Mitigation1": "M1022", - "Mitigation2": "M1024" - }, - "2.3.1.1": { - "Section": "2.3.1", - "Recommendation": "2.3.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Accounts: Administrator account status\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1110", - "Technique2": "T1078", - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.3.1.2": { - "Section": "2.3.1", - "Recommendation": "2.3.1.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Accounts: Block Microsoft accounts\u0027 is set to \u0027Users can\u0027t add or log on with Microsoft accounts\u0027", - "Technique1": "T1078", - "Technique2": "T1136", - "Mitigation1": "M1026", - "Mitigation2": null - }, - "2.3.1.3": { - "Section": "2.3.1", - "Recommendation": "2.3.1.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Accounts: Guest account status\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1110", - "Technique2": "T1078", - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.3.1.4": { - "Section": "2.3.1", - "Recommendation": "2.3.1.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Accounts: Limit local account use of blank passwords to console logon only\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1021", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.3.1.5": { - "Section": "2.3.1", - "Recommendation": "2.3.1.5", - "Profile": "L1", - "RecommendationTitle": "Configure \u0027Accounts: Rename administrator account\u0027", - "Technique1": "T1110", - "Technique2": "T1078", - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.3.1.6": { - "Section": "2.3.1", - "Recommendation": "2.3.1.6", - "Profile": "L1", - "RecommendationTitle": "Configure \u0027Accounts: Rename guest account\u0027", - "Technique1": "T1110", - "Technique2": "T1078", - "Mitigation1": "M1018", - "Mitigation2": "M1026" - }, - "2.3.2.1": { - "Section": "2.3.2", - "Recommendation": "2.3.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "2.3.2.2": { - "Section": "2.3.2", - "Recommendation": "2.3.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit: Shut down system immediately if unable to log security audits\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "2.3.4.1": { - "Section": "2.3.4", - "Recommendation": "2.3.4.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Devices: Allowed to format and eject removable media\u0027 is set to \u0027Administrators and Interactive Users\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.4.2": { - "Section": "2.3.4", - "Recommendation": "2.3.4.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Devices: Prevent users from installing printer drivers\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1574", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "2.3.6.1": { - "Section": "2.3.6", - "Recommendation": "2.3.6.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Domain member: Digitally encrypt or sign secure channel data (always)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1040", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "2.3.6.2": { - "Section": "2.3.6", - "Recommendation": "2.3.6.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Domain member: Digitally encrypt secure channel data (when possible)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1040", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "2.3.6.3": { - "Section": "2.3.6", - "Recommendation": "2.3.6.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Domain member: Digitally sign secure channel data (when possible)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1040", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "2.3.6.4": { - "Section": "2.3.6", - "Recommendation": "2.3.6.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Domain member: Disable machine account password changes\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1098", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "2.3.6.5": { - "Section": "2.3.6", - "Recommendation": "2.3.6.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Domain member: Maximum machine account password age\u0027 is set to \u002730 or fewer days, but not 0\u0027", - "Technique1": "T1098", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "2.3.6.6": { - "Section": "2.3.6", - "Recommendation": "2.3.6.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Domain member: Require strong (Windows 2000 or later) session key\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1040", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "2.3.7.1": { - "Section": "2.3.7", - "Recommendation": "2.3.7.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Interactive logon: Do not require CTRL+ALT+DEL\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1056", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.3.7.2": { - "Section": "2.3.7", - "Recommendation": "2.3.7.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Interactive logon: Don\u0027t display last signed-in\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "2.3.7.3": { - "Section": "2.3.7", - "Recommendation": "2.3.7.3", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Interactive logon: Machine account lockout threshold\u0027 is set to \u002710 or fewer invalid logon attempts, but not 0\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1036", - "Mitigation2": null - }, - "2.3.7.4": { - "Section": "2.3.7", - "Recommendation": "2.3.7.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Interactive logon: Machine inactivity limit\u0027 is set to \u0027900 or fewer second(s), but not 0\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.7.5": { - "Section": "2.3.7", - "Recommendation": "2.3.7.5", - "Profile": "L1", - "RecommendationTitle": "Configure \u0027Interactive logon: Message text for users attempting to log on\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.7.6": { - "Section": "2.3.7", - "Recommendation": "2.3.7.6", - "Profile": "L1", - "RecommendationTitle": "Configure \u0027Interactive logon: Message title for users attempting to log on\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.7.7": { - "Section": "2.3.7", - "Recommendation": "2.3.7.7", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Interactive logon: Number of previous logons to cache (in case domain controller is not available)\u0027 is set to \u00274 or fewer logon(s)\u0027", - "Technique1": "T1003", - "Technique2": "T1555", - "Mitigation1": "M1027", - "Mitigation2": null - }, - "2.3.7.8": { - "Section": "2.3.7", - "Recommendation": "2.3.7.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Interactive logon: Prompt user to change password before expiration\u0027 is set to \u0027between 5 and 14 days\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.7.9": { - "Section": "2.3.7", - "Recommendation": "2.3.7.9", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Interactive logon: Smart card removal behavior\u0027 is set to \u0027Lock Workstation\u0027 or higher", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.8.1": { - "Section": "2.3.8", - "Recommendation": "2.3.8.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft network client: Digitally sign communications (always)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1563", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.3.8.2": { - "Section": "2.3.8", - "Recommendation": "2.3.8.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft network client: Digitally sign communications (if server agrees)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1563", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.3.8.3": { - "Section": "2.3.8", - "Recommendation": "2.3.8.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft network client: Send unencrypted password to third-party SMB servers\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1563", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.3.9.1": { - "Section": "2.3.9", - "Recommendation": "2.3.9.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft network server: Amount of idle time required before suspending session\u0027 is set to \u002715 or fewer minute(s)\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.9.2": { - "Section": "2.3.9", - "Recommendation": "2.3.9.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft network server: Digitally sign communications (always)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1563", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.3.9.3": { - "Section": "2.3.9", - "Recommendation": "2.3.9.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft network server: Digitally sign communications (if client agrees)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1563", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "2.3.9.4": { - "Section": "2.3.9", - "Recommendation": "2.3.9.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft network server: Disconnect clients when logon hours expire\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.9.5": { - "Section": "2.3.9", - "Recommendation": "2.3.9.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft network server: Server SPN target name validation level\u0027 is set to \u0027Accept if provided by client\u0027 or higher", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1035", - "Mitigation2": null - }, - "2.3.10.1": { - "Section": "2.3.10", - "Recommendation": "2.3.10.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Allow anonymous SID/Name translation\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1036", - "Mitigation2": null - }, - "2.3.10.2": { - "Section": "2.3.10", - "Recommendation": "2.3.10.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Do not allow anonymous enumeration of SAM accounts\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1110", - "Technique2": "T1087", - "Mitigation1": "M1036", - "Mitigation2": "M1028" - }, - "2.3.10.3": { - "Section": "2.3.10", - "Recommendation": "2.3.10.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Do not allow anonymous enumeration of SAM accounts and shares\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1087", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "2.3.10.4": { - "Section": "2.3.10", - "Recommendation": "2.3.10.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Do not allow storage of passwords and credentials for network authentication\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1003", - "Technique2": "T1555", - "Mitigation1": "M1027", - "Mitigation2": null - }, - "2.3.10.5": { - "Section": "2.3.10", - "Recommendation": "2.3.10.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Let Everyone permissions apply to anonymous users\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1083", - "Technique2": "T1087", - "Mitigation1": "M1028", - "Mitigation2": null - }, - "2.3.10.6": { - "Section": "2.3.10", - "Recommendation": "2.3.10.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Named Pipes that can be accessed anonymously\u0027 is set to \u0027None\u0027", - "Technique1": "T1559", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "2.3.10.7": { - "Section": "2.3.10", - "Recommendation": "2.3.10.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Remotely accessible registry paths\u0027", - "Technique1": "T1112", - "Technique2": "T1012", - "Mitigation1": "M1024", - "Mitigation2": null - }, - "2.3.10.8": { - "Section": "2.3.10", - "Recommendation": "2.3.10.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Remotely accessible registry paths and sub-paths\u0027", - "Technique1": "T1112", - "Technique2": "T1012", - "Mitigation1": "M1024", - "Mitigation2": null - }, - "2.3.10.9": { - "Section": "2.3.10", - "Recommendation": "2.3.10.9", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Restrict anonymous access to Named Pipes and Shares\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1083", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.3.10.10": { - "Section": "2.3.10", - "Recommendation": "2.3.10.10", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Restrict clients allowed to make remote calls to SAM\u0027 is set to \u0027Administrators: Remote Access: Allow\u0027", - "Technique1": "T1110", - "Technique2": "T1087", - "Mitigation1": "M1036", - "Mitigation2": "M1028" - }, - "2.3.10.11": { - "Section": "2.3.10", - "Recommendation": "2.3.10.11", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Shares that can be accessed anonymously\u0027 is set to \u0027None\u0027", - "Technique1": "T1039", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "2.3.10.12": { - "Section": "2.3.10", - "Recommendation": "2.3.10.12", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network access: Sharing and security model for local accounts\u0027 is set to \u0027Classic - local users authenticate as themselves\u0027", - "Technique1": "T1485", - "Technique2": null, - "Mitigation1": "M1053", - "Mitigation2": null - }, - "2.3.11.1": { - "Section": "2.3.11", - "Recommendation": "2.3.11.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: Allow Local System to use computer identity for NTLM\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1035", - "Mitigation2": null - }, - "2.3.11.2": { - "Section": "2.3.11", - "Recommendation": "2.3.11.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: Allow LocalSystem NULL session fallback\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1565", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "2.3.11.3": { - "Section": "2.3.11", - "Recommendation": "2.3.11.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network Security: Allow PKU2U authentication requests to this computer to use online identities\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1199", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "2.3.11.4": { - "Section": "2.3.11", - "Recommendation": "2.3.11.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: Configure encryption types allowed for Kerberos\u0027 is set to \u0027AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types\u0027", - "Technique1": "T1558", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "2.3.11.5": { - "Section": "2.3.11", - "Recommendation": "2.3.11.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: Do not store LAN Manager hash value on next password change\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1003", - "Technique2": "T1552", - "Mitigation1": "M1041", - "Mitigation2": null - }, - "2.3.11.6": { - "Section": "2.3.11", - "Recommendation": "2.3.11.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: Force logoff when logon hours expire\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "2.3.11.7": { - "Section": "2.3.11", - "Recommendation": "2.3.11.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: LAN Manager authentication level\u0027 is set to \u0027Send NTLMv2 response only. Refuse LM \u0026 NTLM\u0027", - "Technique1": "T1040", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "2.3.11.8": { - "Section": "2.3.11", - "Recommendation": "2.3.11.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: LDAP client signing requirements\u0027 is set to \u0027Negotiate signing\u0027 or higher", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1037", - "Mitigation2": null - }, - "2.3.11.9": { - "Section": "2.3.11", - "Recommendation": "2.3.11.9", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: Minimum session security for NTLM SSP based (including secure RPC) clients\u0027 is set to \u0027Require NTLMv2 session security, Require 128-bit encryption\u0027", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1035", - "Mitigation2": null - }, - "2.3.11.10": { - "Section": "2.3.11", - "Recommendation": "2.3.11.10", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Network security: Minimum session security for NTLM SSP based (including secure RPC) servers\u0027 is set to \u0027Require NTLMv2 session security, Require 128-bit encryption\u0027", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1035", - "Mitigation2": null - }, - "2.3.14.1": { - "Section": "2.3.14", - "Recommendation": "2.3.14.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027System cryptography: Force strong key protection for user keys stored on the computer\u0027 is set to \u0027User is prompted when the key is first used\u0027 or higher", - "Technique1": "T1550", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "2.3.15.1": { - "Section": "2.3.15", - "Recommendation": "2.3.15.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027System objects: Require case insensitivity for non-Windows subsystems\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1565", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "2.3.15.2": { - "Section": "2.3.15", - "Recommendation": "2.3.15.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1222", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "2.3.17.1": { - "Section": "2.3.17", - "Recommendation": "2.3.17.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027User Account Control: Admin Approval Mode for the Built-in Administrator account\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "2.3.17.2": { - "Section": "2.3.17", - "Recommendation": "2.3.17.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode\u0027 is set to \u0027Prompt for consent on the secure desktop\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "2.3.17.3": { - "Section": "2.3.17", - "Recommendation": "2.3.17.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027User Account Control: Behavior of the elevation prompt for standard users\u0027 is set to \u0027Automatically deny elevation requests\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "2.3.17.4": { - "Section": "2.3.17", - "Recommendation": "2.3.17.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027User Account Control: Detect application installations and prompt for elevation\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "2.3.17.5": { - "Section": "2.3.17", - "Recommendation": "2.3.17.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027User Account Control: Only elevate UIAccess applications that are installed in secure locations\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "2.3.17.6": { - "Section": "2.3.17", - "Recommendation": "2.3.17.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027User Account Control: Run all administrators in Admin Approval Mode\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "2.3.17.7": { - "Section": "2.3.17", - "Recommendation": "2.3.17.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027User Account Control: Switch to the secure desktop when prompting for elevation\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "2.3.17.8": { - "Section": "2.3.17", - "Recommendation": "2.3.17.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027User Account Control: Virtualize file and registry write failures to per-user locations\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "5.1": { - "Section": "5", - "Recommendation": "5.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Bluetooth Audio Gateway Service (BTAGService)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1011", - "Mitigation1": "M1028", - "Mitigation2": "M1022" - }, - "5.2": { - "Section": "5", - "Recommendation": "5.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Bluetooth Support Service (bthserv)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1011", - "Mitigation1": "M1022", - "Mitigation2": "M1028" - }, - "5.3": { - "Section": "5", - "Recommendation": "5.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Computer Browser (Browser)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1018", - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.4": { - "Section": "5", - "Recommendation": "5.4", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Downloaded Maps Manager (MapsBroker)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.5": { - "Section": "5", - "Recommendation": "5.5", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Geolocation Service (lfsvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.6": { - "Section": "5", - "Recommendation": "5.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027IIS Admin Service (IISADMIN)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1505", - "Mitigation1": "M1022", - "Mitigation2": "M1047" - }, - "5.7": { - "Section": "5", - "Recommendation": "5.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Infrared monitor service (irmon)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1011", - "Mitigation1": "M1022", - "Mitigation2": "M1028" - }, - "5.8": { - "Section": "5", - "Recommendation": "5.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Internet Connection Sharing (ICS) (SharedAccess)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1011", - "Mitigation1": "M1022", - "Mitigation2": "M1028" - }, - "5.9": { - "Section": "5", - "Recommendation": "5.9", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Link-Layer Topology Discovery Mapper (lltdsvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1018", - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.10": { - "Section": "5", - "Recommendation": "5.10", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027LxssManager (LxssManager)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.11": { - "Section": "5", - "Recommendation": "5.11", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Microsoft FTP Service (FTPSVC)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1105", - "Mitigation1": "M1022", - "Mitigation2": "M1031" - }, - "5.12": { - "Section": "5", - "Recommendation": "5.12", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Microsoft iSCSI Initiator Service (MSiSCSI)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1048", - "Mitigation1": "M1022", - "Mitigation2": "M1031" - }, - "5.13": { - "Section": "5", - "Recommendation": "5.13", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027OpenSSH SSH Server (sshd)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1563", - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.14": { - "Section": "5", - "Recommendation": "5.14", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Peer Name Resolution Protocol (PNRPsvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": "M1021" - }, - "5.15": { - "Section": "5", - "Recommendation": "5.15", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Peer Networking Grouping (p2psvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.16": { - "Section": "5", - "Recommendation": "5.16", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Peer Networking Identity Manager (p2pimsvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.17": { - "Section": "5", - "Recommendation": "5.17", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027PNRP Machine Name Publication Service (PNRPAutoReg)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.18": { - "Section": "5", - "Recommendation": "5.18", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Print Spooler (Spooler)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "5.19": { - "Section": "5", - "Recommendation": "5.19", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Problem Reports and Solutions Control Panel Support (wercplsupport)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1070", - "Mitigation1": "M1022", - "Mitigation2": "M1041" - }, - "5.20": { - "Section": "5", - "Recommendation": "5.20", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Remote Access Auto Connection Manager (RasAuto)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.21": { - "Section": "5", - "Recommendation": "5.21", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Remote Desktop Configuration (SessionEnv)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1563", - "Mitigation1": "M1022", - "Mitigation2": "M1026" - }, - "5.22": { - "Section": "5", - "Recommendation": "5.22", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Remote Desktop Services (TermService)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1021", - "Mitigation1": "M1022", - "Mitigation2": "M1018" - }, - "5.23": { - "Section": "5", - "Recommendation": "5.23", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Remote Desktop Services UserMode Port Redirector (UmRdpService)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1090", - "Mitigation1": "M1022", - "Mitigation2": "M1037" - }, - "5.24": { - "Section": "5", - "Recommendation": "5.24", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Remote Procedure Call (RPC) Locator (RpcLocator)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1053", - "Mitigation1": "M1022", - "Mitigation2": "M1028" - }, - "5.25": { - "Section": "5", - "Recommendation": "5.25", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Remote Registry (RemoteRegistry)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1112", - "Mitigation1": "M1022", - "Mitigation2": "M1024" - }, - "5.26": { - "Section": "5", - "Recommendation": "5.26", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Routing and Remote Access (RemoteAccess)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1011", - "Mitigation1": "M1022", - "Mitigation2": "M1028" - }, - "5.27": { - "Section": "5", - "Recommendation": "5.27", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Server (LanmanServer)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1011", - "Mitigation1": "M1022", - "Mitigation2": "M1028" - }, - "5.28": { - "Section": "5", - "Recommendation": "5.28", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Simple TCP/IP Services (simptcp)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1011", - "Mitigation1": "M1022", - "Mitigation2": "M1028" - }, - "5.29": { - "Section": "5", - "Recommendation": "5.29", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027SNMP Service (SNMP)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1133", - "Mitigation1": "M1022", - "Mitigation2": "M1042" - }, - "5.30": { - "Section": "5", - "Recommendation": "5.30", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Special Administration Console Helper (sacsvr)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1018", - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.31": { - "Section": "5", - "Recommendation": "5.31", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027SSDP Discovery (SSDPSRV)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1120", - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.32": { - "Section": "5", - "Recommendation": "5.32", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027UPnP Device Host (upnphost)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1120", - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.33": { - "Section": "5", - "Recommendation": "5.33", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Web Management Service (WMSvc)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1505", - "Mitigation1": "M1022", - "Mitigation2": "M1047" - }, - "5.34": { - "Section": "5", - "Recommendation": "5.34", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Windows Error Reporting Service (WerSvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1070", - "Mitigation1": "M1022", - "Mitigation2": "M1041" - }, - "5.35": { - "Section": "5", - "Recommendation": "5.35", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Windows Event Collector (Wecsvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.36": { - "Section": "5", - "Recommendation": "5.36", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Media Player Network Sharing Service (WMPNetworkSvc)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1048", - "Mitigation1": "M1022", - "Mitigation2": "M1037" - }, - "5.37": { - "Section": "5", - "Recommendation": "5.37", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Mobile Hotspot Service (icssvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1048", - "Mitigation1": "M1022", - "Mitigation2": "M1037" - }, - "5.38": { - "Section": "5", - "Recommendation": "5.38", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Windows Push Notifications System Service (WpnService)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1048", - "Mitigation1": "M1022", - "Mitigation2": "M1037" - }, - "5.39": { - "Section": "5", - "Recommendation": "5.39", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Windows PushToInstall Service (PushToInstall)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1072", - "Mitigation1": "M1022", - "Mitigation2": "M1026" - }, - "5.40": { - "Section": "5", - "Recommendation": "5.40", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Windows Remote Management (WS-Management) (WinRM)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1210", - "Mitigation1": "M1022", - "Mitigation2": "M1042" - }, - "5.41": { - "Section": "5", - "Recommendation": "5.41", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027World Wide Web Publishing Service (W3SVC)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", - "Technique1": "T1569", - "Technique2": "T1505", - "Mitigation1": "M1022", - "Mitigation2": "M1047" - }, - "5.42": { - "Section": "5", - "Recommendation": "5.42", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Xbox Accessory Management Service (XboxGipSvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1120", - "Mitigation1": "M1022", - "Mitigation2": null - }, - "5.43": { - "Section": "5", - "Recommendation": "5.43", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Xbox Live Auth Manager (XblAuthManager)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1048", - "Mitigation1": "M1022", - "Mitigation2": "M1037" - }, - "5.44": { - "Section": "5", - "Recommendation": "5.44", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Xbox Live Game Save (XblGameSave)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": "T1048", - "Mitigation1": "M1022", - "Mitigation2": "M1037" - }, - "5.45": { - "Section": "5", - "Recommendation": "5.45", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Xbox Live Networking Service (XboxNetApiSvc)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.1.1": { - "Section": "9.1", - "Recommendation": "9.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Firewall state\u0027 is set to \u0027On (recommended)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.1.2": { - "Section": "9.1", - "Recommendation": "9.1.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Inbound connections\u0027 is set to \u0027Block (default)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.1.3": { - "Section": "9.1", - "Recommendation": "9.1.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.1.4": { - "Section": "9.1", - "Recommendation": "9.1.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Settings: Display a notification\u0027 is set to \u0027No\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.1.5": { - "Section": "9.1", - "Recommendation": "9.1.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\domainfw.log\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.1.6": { - "Section": "9.1", - "Recommendation": "9.1.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.1.7": { - "Section": "9.1", - "Recommendation": "9.1.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.1.8": { - "Section": "9.1", - "Recommendation": "9.1.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.2.1": { - "Section": "9.2", - "Recommendation": "9.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Firewall state\u0027 is set to \u0027On (recommended)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.2.2": { - "Section": "9.2", - "Recommendation": "9.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Inbound connections\u0027 is set to \u0027Block (default)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.2.3": { - "Section": "9.2", - "Recommendation": "9.2.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.2.4": { - "Section": "9.2", - "Recommendation": "9.2.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Settings: Display a notification\u0027 is set to \u0027No\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.2.5": { - "Section": "9.2", - "Recommendation": "9.2.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\privatefw.log\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.2.6": { - "Section": "9.2", - "Recommendation": "9.2.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.2.7": { - "Section": "9.2", - "Recommendation": "9.2.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.2.8": { - "Section": "9.2", - "Recommendation": "9.2.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.1": { - "Section": "9.3", - "Recommendation": "9.3.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Firewall state\u0027 is set to \u0027On (recommended)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.2": { - "Section": "9.3", - "Recommendation": "9.3.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Inbound connections\u0027 is set to \u0027Block (default)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.3": { - "Section": "9.3", - "Recommendation": "9.3.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.4": { - "Section": "9.3", - "Recommendation": "9.3.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Display a notification\u0027 is set to \u0027No\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.5": { - "Section": "9.3", - "Recommendation": "9.3.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Apply local firewall rules\u0027 is set to \u0027No\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.6": { - "Section": "9.3", - "Recommendation": "9.3.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Apply local connection security rules\u0027 is set to \u0027No\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.7": { - "Section": "9.3", - "Recommendation": "9.3.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\publicfw.log\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.8": { - "Section": "9.3", - "Recommendation": "9.3.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.9": { - "Section": "9.3", - "Recommendation": "9.3.9", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "9.3.10": { - "Section": "9.3", - "Recommendation": "9.3.10", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.1.1": { - "Section": "17.1", - "Recommendation": "17.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Credential Validation\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.2.1": { - "Section": "17.2", - "Recommendation": "17.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Application Group Management\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.2.2": { - "Section": "17.2", - "Recommendation": "17.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Security Group Management\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.2.3": { - "Section": "17.2", - "Recommendation": "17.2.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit User Account Management\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.3.1": { - "Section": "17.3", - "Recommendation": "17.3.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit PNP Activity\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.3.2": { - "Section": "17.3", - "Recommendation": "17.3.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Process Creation\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.5.1": { - "Section": "17.5", - "Recommendation": "17.5.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Account Lockout\u0027 is set to include \u0027Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.5.2": { - "Section": "17.5", - "Recommendation": "17.5.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Group Membership\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.5.3": { - "Section": "17.5", - "Recommendation": "17.5.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Logoff\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.5.4": { - "Section": "17.5", - "Recommendation": "17.5.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Logon\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.5.5": { - "Section": "17.5", - "Recommendation": "17.5.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Other Logon/Logoff Events\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.5.6": { - "Section": "17.5", - "Recommendation": "17.5.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Special Logon\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.6.1": { - "Section": "17.6", - "Recommendation": "17.6.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Detailed File Share\u0027 is set to include \u0027Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.6.2": { - "Section": "17.6", - "Recommendation": "17.6.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit File Share\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.6.3": { - "Section": "17.6", - "Recommendation": "17.6.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Other Object Access Events\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.6.4": { - "Section": "17.6", - "Recommendation": "17.6.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Removable Storage\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.7.1": { - "Section": "17.7", - "Recommendation": "17.7.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Audit Policy Change\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.7.2": { - "Section": "17.7", - "Recommendation": "17.7.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Authentication Policy Change\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.7.3": { - "Section": "17.7", - "Recommendation": "17.7.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Authorization Policy Change\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.7.4": { - "Section": "17.7", - "Recommendation": "17.7.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit MPSSVC Rule-Level Policy Change\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.7.5": { - "Section": "17.7", - "Recommendation": "17.7.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Other Policy Change Events\u0027 is set to include \u0027Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.8.1": { - "Section": "17.8", - "Recommendation": "17.8.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Sensitive Privilege Use\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.9.1": { - "Section": "17.9", - "Recommendation": "17.9.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit IPsec Driver\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.9.2": { - "Section": "17.9", - "Recommendation": "17.9.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Other System Events\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.9.3": { - "Section": "17.9", - "Recommendation": "17.9.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Security State Change\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.9.4": { - "Section": "17.9", - "Recommendation": "17.9.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit Security System Extension\u0027 is set to include \u0027Success\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "17.9.5": { - "Section": "17.9", - "Recommendation": "17.9.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Audit System Integrity\u0027 is set to \u0027Success and Failure\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.1.3": { - "Section": "18.1", - "Recommendation": "18.1.3", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow Online Tips\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.1.1.1": { - "Section": "18.1.1", - "Recommendation": "18.1.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent enabling lock screen camera\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1125", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.1.1.2": { - "Section": "18.1.1", - "Recommendation": "18.1.1.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent enabling lock screen slide show\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1125", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.1.2.2": { - "Section": "18.1.2", - "Recommendation": "18.1.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow users to enable online speech recognition services\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.2.1": { - "Section": "18.2", - "Recommendation": "18.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure LAPS AdmPwd GPO Extension / CSE is installed", - "Technique1": "T1552", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.2.2": { - "Section": "18.2", - "Recommendation": "18.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not allow password expiration time longer than required by policy\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.2.3": { - "Section": "18.2", - "Recommendation": "18.2.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enable Local Admin Password Management\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1552", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.2.4": { - "Section": "18.2", - "Recommendation": "18.2.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Password Settings: Password Complexity\u0027 is set to \u0027Enabled: Large letters + small letters + numbers + special characters\u0027", - "Technique1": "T1078", - "Technique2": "T1110", - "Mitigation1": "M1027", - "Mitigation2": "M1018" - }, - "18.2.5": { - "Section": "18.2", - "Recommendation": "18.2.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Password Settings: Password Length\u0027 is set to \u0027Enabled: 15 or more\u0027", - "Technique1": "T1078", - "Technique2": "T1110", - "Mitigation1": "M1027", - "Mitigation2": "M1018" - }, - "18.2.6": { - "Section": "18.2", - "Recommendation": "18.2.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Password Settings: Password Age (Days)\u0027 is set to \u0027Enabled: 30 or fewer\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.3.1": { - "Section": "18.3", - "Recommendation": "18.3.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Apply UAC restrictions to local accounts on network logons\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1210", - "Technique2": "T1134", - "Mitigation1": "M1026", - "Mitigation2": null - }, - "18.3.2": { - "Section": "18.3", - "Recommendation": "18.3.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure SMB v1 client driver\u0027 is set to \u0027Enabled: Disable driver (recommended)\u0027", - "Technique1": "T1021", - "Technique2": "T1570", - "Mitigation1": "M1037", - "Mitigation2": null - }, - "18.3.3": { - "Section": "18.3", - "Recommendation": "18.3.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure SMB v1 server\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": "T1570", - "Mitigation1": "M1037", - "Mitigation2": null - }, - "18.3.4": { - "Section": "18.3", - "Recommendation": "18.3.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enable Structured Exception Handling Overwrite Protection (SEHOP)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1203", - "Technique2": null, - "Mitigation1": "M1050", - "Mitigation2": null - }, - "18.3.5": { - "Section": "18.3", - "Recommendation": "18.3.5", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Limits print driver installation to Administrators? is set to ?Enabled?", - "Technique1": "T1203", - "Technique2": null, - "Mitigation1": "M1050", - "Mitigation2": null - }, - "18.3.6": { - "Section": "18.3", - "Recommendation": "18.3.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027NetBT NodeType configuration\u0027 is set to \u0027Enabled: P-node (recommended)\u0027", - "Technique1": "T1018", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.3.7": { - "Section": "18.3", - "Recommendation": "18.3.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027WDigest Authentication\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1555", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.4.1": { - "Section": "18.4", - "Recommendation": "18.4.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1552", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "18.4.2": { - "Section": "18.4", - "Recommendation": "18.4.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)\u0027 is set to \u0027Enabled: Highest protection, source routing is completely disabled\u0027", - "Technique1": "T1071", - "Technique2": null, - "Mitigation1": "M1031", - "Mitigation2": null - }, - "18.4.3": { - "Section": "18.4", - "Recommendation": "18.4.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)\u0027 is set to \u0027Enabled: Highest protection, source routing is completely disabled\u0027", - "Technique1": "T1071", - "Technique2": null, - "Mitigation1": "M1031", - "Mitigation2": null - }, - "18.4.4": { - "Section": "18.4", - "Recommendation": "18.4.4", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027MSS: (DisableSavePassword) Prevent the dial-up password from being saved\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1552", - "Technique2": "T1555", - "Mitigation1": "M1027", - "Mitigation2": "M1028" - }, - "18.4.5": { - "Section": "18.4", - "Recommendation": "18.4.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.4.6": { - "Section": "18.4", - "Recommendation": "18.4.6", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds\u0027 is set to \u0027Enabled: 300,000 or 5 minutes (recommended)\u0027", - "Technique1": "T1498", - "Technique2": null, - "Mitigation1": "M1037", - "Mitigation2": null - }, - "18.4.7": { - "Section": "18.4", - "Recommendation": "18.4.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1499", - "Technique2": null, - "Mitigation1": "M1037", - "Mitigation2": null - }, - "18.4.8": { - "Section": "18.4", - "Recommendation": "18.4.8", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1498", - "Technique2": null, - "Mitigation1": "M1037", - "Mitigation2": null - }, - "18.4.9": { - "Section": "18.4", - "Recommendation": "18.4.9", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1055", - "Technique2": null, - "Mitigation1": "M1040", - "Mitigation2": null - }, - "18.4.10": { - "Section": "18.4", - "Recommendation": "18.4.10", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)\u0027 is set to \u0027Enabled: 5 or fewer seconds\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.4.11": { - "Section": "18.4", - "Recommendation": "18.4.11", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted\u0027 is set to \u0027Enabled: 3\u0027", - "Technique1": "T1499", - "Technique2": null, - "Mitigation1": "M1037", - "Mitigation2": null - }, - "18.4.12": { - "Section": "18.4", - "Recommendation": "18.4.12", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted\u0027 is set to \u0027Enabled: 3\u0027", - "Technique1": "T1499", - "Technique2": null, - "Mitigation1": "M1037", - "Mitigation2": null - }, - "18.4.13": { - "Section": "18.4", - "Recommendation": "18.4.13", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning\u0027 is set to \u0027Enabled: 90% or less\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.5.4.1": { - "Section": "18.5.4", - "Recommendation": "18.5.4.1", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Configure DNS over HTTPS (DoH) name resolution? is set to ?Enabled: Allow DoH? or higher", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.5.4.2": { - "Section": "18.5.4", - "Recommendation": "18.5.4.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off multicast name resolution\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1037", - "Mitigation2": null - }, - "18.5.5.1": { - "Section": "18.5.5", - "Recommendation": "18.5.5.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Enable Font Providers\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1195", - "Technique2": null, - "Mitigation1": "M1016", - "Mitigation2": null - }, - "18.5.8.1": { - "Section": "18.5.8", - "Recommendation": "18.5.8.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enable insecure guest logons\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "18.5.9.1": { - "Section": "18.5.9", - "Recommendation": "18.5.9.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn on Mapper I/O (LLTDIO) driver\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1016", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.5.9.2": { - "Section": "18.5.9", - "Recommendation": "18.5.9.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn on Responder (RSPNDR) driver\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1016", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.5.10.2": { - "Section": "18.5.10", - "Recommendation": "18.5.10.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off Microsoft Peer-to-Peer Networking Services\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1048", - "Technique2": null, - "Mitigation1": "M1030", - "Mitigation2": null - }, - "18.5.11.2": { - "Section": "18.5.11", - "Recommendation": "18.5.11.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prohibit installation and configuration of Network Bridge on your DNS domain network\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1048", - "Technique2": null, - "Mitigation1": "M1030", - "Mitigation2": null - }, - "18.5.11.3": { - "Section": "18.5.11", - "Recommendation": "18.5.11.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prohibit use of Internet Connection Sharing on your DNS domain network\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1048", - "Technique2": null, - "Mitigation1": "M1030", - "Mitigation2": null - }, - "18.5.11.4": { - "Section": "18.5.11", - "Recommendation": "18.5.11.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Require domain users to elevate when setting a network\u0027s location\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.5.14.1": { - "Section": "18.5.14", - "Recommendation": "18.5.14.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Hardened UNC Paths\u0027 is set to \u0027Enabled, with \"Require Mutual Authentication\" and \"Require Integrity\" set for all NETLOGON and SYSVOL shares\u0027", - "Technique1": "T1135", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.5.19.2.1": { - "Section": "18.5.19.2", - "Recommendation": "18.5.19.2.1", - "Profile": "L2", - "RecommendationTitle": "Disable IPv6 (Ensure TCPIP6 Parameter \u0027DisabledComponents\u0027 is set to \u00270xff (255)\u0027)", - "Technique1": "T1046", - "Technique2": "T1016", - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.5.20.1": { - "Section": "18.5.20", - "Recommendation": "18.5.20.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Configuration of wireless settings using Windows Connect Now\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1120", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.5.20.2": { - "Section": "18.5.20", - "Recommendation": "18.5.20.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Prohibit access of the Windows Connect Now wizards\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1120", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.5.21.1": { - "Section": "18.5.21", - "Recommendation": "18.5.21.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Minimize the number of simultaneous connections to the Internet or a Windows Domain\u0027 is set to \u0027Enabled: 3 = Prevent Wi-Fi when on Ethernet\u0027", - "Technique1": "T1011", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.5.21.2": { - "Section": "18.5.21", - "Recommendation": "18.5.21.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prohibit connection to non-domain networks when connected to domain authenticated network\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1011", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.5.23.2.1": { - "Section": "18.5.23.2", - "Recommendation": "18.5.23.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1011", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.6.1": { - "Section": "18.6", - "Recommendation": "18.6.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Print Spooler to accept client connections\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.6.2": { - "Section": "18.6", - "Recommendation": "18.6.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Point and Print Restrictions: When installing drivers for a new connection\u0027 is set to \u0027Enabled: Show warning and elevation prompt\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.6.3": { - "Section": "18.6", - "Recommendation": "18.6.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Point and Print Restrictions: When updating drivers for an existing connection\u0027 is set to \u0027Enabled: Show warning and elevation prompt\u0027", - "Technique1": null, - "Technique2": null, - "Mitigation1": null, - "Mitigation2": null - }, - "18.7.1.1": { - "Section": "18.7.1", - "Recommendation": "18.7.1.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off notifications network usage\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.3.1": { - "Section": "18.8.3", - "Recommendation": "18.8.3.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Include command line in process creation events\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1552", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "18.8.4.1": { - "Section": "18.8.4", - "Recommendation": "18.8.4.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Encryption Oracle Remediation\u0027 is set to \u0027Enabled: Force Updated Clients\u0027", - "Technique1": "T1212", - "Technique2": null, - "Mitigation1": "M1051", - "Mitigation2": null - }, - "18.8.4.2": { - "Section": "18.8.4", - "Recommendation": "18.8.4.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Remote host allows delegation of non-exportable credentials\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1003", - "Technique2": null, - "Mitigation1": "M1043", - "Mitigation2": null - }, - "18.8.5.1": { - "Section": "18.8.5", - "Recommendation": "18.8.5.1", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1003", - "Technique2": null, - "Mitigation1": "M1043", - "Mitigation2": null - }, - "18.8.5.2": { - "Section": "18.8.5", - "Recommendation": "18.8.5.2", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Select Platform Security Level\u0027 is set to \u0027Secure Boot and DMA Protection\u0027", - "Technique1": "T1547", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.8.5.3": { - "Section": "18.8.5", - "Recommendation": "18.8.5.3", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity\u0027 is set to \u0027Enabled with UEFI lock\u0027", - "Technique1": "T1489", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "18.8.5.4": { - "Section": "18.8.5", - "Recommendation": "18.8.5.4", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Require UEFI Memory Attributes Table\u0027 is set to \u0027True (checked)\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.5.5": { - "Section": "18.8.5", - "Recommendation": "18.8.5.5", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Credential Guard Configuration\u0027 is set to \u0027Enabled with UEFI lock\u0027", - "Technique1": "T1489", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "18.8.5.6": { - "Section": "18.8.5", - "Recommendation": "18.8.5.6", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Secure Launch Configuration\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1495", - "Technique2": null, - "Mitigation1": "M1046", - "Mitigation2": null - }, - "18.8.7.1.1": { - "Section": "18.8.7.1", - "Recommendation": "18.8.7.1.1", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1200", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.8.7.1.2": { - "Section": "18.8.7.1", - "Recommendation": "18.8.7.1.2", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs\u0027 is set to \u0027PCI\\CC_0C0A\u0027", - "Technique1": "T1200", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.8.7.1.3": { - "Section": "18.8.7.1", - "Recommendation": "18.8.7.1.3", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.\u0027 is set to \u0027True\u0027 (checked)", - "Technique1": "T1200", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.8.7.1.4": { - "Section": "18.8.7.1", - "Recommendation": "18.8.7.1.4", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1200", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.8.7.1.5": { - "Section": "18.8.7.1", - "Recommendation": "18.8.7.1.5", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup\u0027 is set to \u0027IEEE 1394 device setup classes\u0027", - "Technique1": "T1200", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.8.7.1.6": { - "Section": "18.8.7.1", - "Recommendation": "18.8.7.1.6", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.\u0027 is set to \u0027True\u0027 (checked)", - "Technique1": "T1200", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.8.7.2": { - "Section": "18.8.7.2", - "Recommendation": "18.8.7.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent device metadata retrieval from the Internet\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.14.1": { - "Section": "18.8.14", - "Recommendation": "18.8.14.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Boot-Start Driver Initialization Policy\u0027 is set to \u0027Enabled: Good, unknown and bad but critical\u0027", - "Technique1": "T1542", - "Technique2": null, - "Mitigation1": "M1046", - "Mitigation2": null - }, - "18.8.21.2": { - "Section": "18.8.21", - "Recommendation": "18.8.21.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure registry policy processing: Do not apply during periodic background processing\u0027 is set to \u0027Enabled: FALSE\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.21.3": { - "Section": "18.8.21", - "Recommendation": "18.8.21.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure registry policy processing: Process even if the Group Policy objects have not changed\u0027 is set to \u0027Enabled: TRUE\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.21.4": { - "Section": "18.8.21", - "Recommendation": "18.8.21.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Continue experiences on this device\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1018", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.8.21.5": { - "Section": "18.8.21", - "Recommendation": "18.8.21.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off background refresh of Group Policy\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.1": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off access to the Store\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.2": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off downloading of print drivers over HTTP\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1574", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.8.22.1.3": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.3", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off handwriting personalization data sharing\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.4": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.4", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off handwriting recognition error reporting\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.5": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.5", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.6": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off Internet download for Web publishing and online ordering wizards\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.7": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.7", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off printing over HTTP\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1031", - "Mitigation2": null - }, - "18.8.22.1.8": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.8", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off Registration if URL connection is referring to Microsoft.com\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.9": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.9", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off Search Companion content file updates\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.10": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.10", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off the \"Order Prints\" picture task\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.11": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.11", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off the \"Publish to Web\" task for files and folders\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.12": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.12", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off the Windows Messenger Customer Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.13": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.13", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off Windows Customer Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.22.1.14": { - "Section": "18.8.22.1", - "Recommendation": "18.8.22.1.14", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off Windows Error Reporting\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.25.1": { - "Section": "18.8.25", - "Recommendation": "18.8.25.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Support device authentication using certificate\u0027 is set to \u0027Enabled: Automatic\u0027", - "Technique1": "T1558", - "Technique2": null, - "Mitigation1": "M1041", - "Mitigation2": null - }, - "18.8.26.1": { - "Section": "18.8.26", - "Recommendation": "18.8.26.1", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Enumeration policy for external devices incompatible with Kernel DMA Protection\u0027 is set to \u0027Enabled: Block All\u0027", - "Technique1": "T1200", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.8.27.1": { - "Section": "18.8.27", - "Recommendation": "18.8.27.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Disallow copying of user input methods to the system account for sign-in\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.28.1": { - "Section": "18.8.28", - "Recommendation": "18.8.28.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Block user from showing account details on sign-in\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.8.28.2": { - "Section": "18.8.28", - "Recommendation": "18.8.28.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not display network selection UI\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1557", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.8.28.3": { - "Section": "18.8.28", - "Recommendation": "18.8.28.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not enumerate connected users on domain-joined computers\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1087", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.8.28.4": { - "Section": "18.8.28", - "Recommendation": "18.8.28.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enumerate local users on domain-joined computers\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1087", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.8.28.5": { - "Section": "18.8.28", - "Recommendation": "18.8.28.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off app notifications on the lock screen\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.28.6": { - "Section": "18.8.28", - "Recommendation": "18.8.28.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off picture password sign-in\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1003", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.8.28.7": { - "Section": "18.8.28", - "Recommendation": "18.8.28.7", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn on convenience PIN sign-in\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.8.31.1": { - "Section": "18.8.31", - "Recommendation": "18.8.31.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow Clipboard synchronization across devices\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1115", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.8.31.2": { - "Section": "18.8.31", - "Recommendation": "18.8.31.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow upload of User Activities\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.34.6.1": { - "Section": "18.8.34.6", - "Recommendation": "18.8.34.6.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow network connectivity during connected-standby (on battery)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1018", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.8.34.6.2": { - "Section": "18.8.34.6", - "Recommendation": "18.8.34.6.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow network connectivity during connected-standby (plugged in)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1018", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.8.34.6.3": { - "Section": "18.8.34.6", - "Recommendation": "18.8.34.6.3", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Allow standby states (S1-S3) when sleeping (on battery)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1003", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.8.34.6.4": { - "Section": "18.8.34.6", - "Recommendation": "18.8.34.6.4", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Allow standby states (S1-S3) when sleeping (plugged in)\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1003", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.8.34.6.5": { - "Section": "18.8.34.6", - "Recommendation": "18.8.34.6.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Require a password when a computer wakes (on battery)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.34.6.6": { - "Section": "18.8.34.6", - "Recommendation": "18.8.34.6.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Require a password when a computer wakes (plugged in)\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.36.1": { - "Section": "18.8.36", - "Recommendation": "18.8.36.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Offer Remote Assistance\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "18.8.36.2": { - "Section": "18.8.36", - "Recommendation": "18.8.36.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Solicited Remote Assistance\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "18.8.37.1": { - "Section": "18.8.37", - "Recommendation": "18.8.37.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enable RPC Endpoint Mapper Client Authentication\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "18.8.37.2": { - "Section": "18.8.37", - "Recommendation": "18.8.37.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Restrict Unauthenticated RPC clients\u0027 is set to \u0027Enabled: Authenticated\u0027", - "Technique1": "T1569", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "18.8.48.5.1": { - "Section": "18.8.48.5", - "Recommendation": "18.8.48.5.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.48.11.1": { - "Section": "18.8.48.11", - "Recommendation": "18.8.48.11.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Enable/Disable PerfTrack\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.49.1": { - "Section": "18.8.50", - "Recommendation": "18.8.49.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off the advertising ID\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.8.53.1.1": { - "Section": "18.8.53.1", - "Recommendation": "18.8.53.1.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Enable Windows NTP Client\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1124", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.8.53.1.2": { - "Section": "18.8.53.1", - "Recommendation": "18.8.53.1.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Enable Windows NTP Server\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1124", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.9.4.1": { - "Section": "18.9.4", - "Recommendation": "18.9.4.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow a Windows app to share application data between users\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1135", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.9.4.2": { - "Section": "18.9.4", - "Recommendation": "18.9.4.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent non-admin users from installing packaged Windows apps\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.9.5.1": { - "Section": "18.9.5", - "Recommendation": "18.9.5.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Let Windows apps activate with voice while the system is locked\u0027 is set to \u0027Enabled: Force Deny\u0027", - "Technique1": "T1123", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.9.6.1": { - "Section": "18.9.6", - "Recommendation": "18.9.6.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Microsoft accounts to be optional\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.6.2": { - "Section": "18.9.6", - "Recommendation": "18.9.6.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Block launching Universal Windows apps with Windows Runtime API access from hosted content.\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1106", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.8.1": { - "Section": "18.9.8", - "Recommendation": "18.9.8.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Disallow Autoplay for non-volume devices\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1091", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.8.2": { - "Section": "18.9.8", - "Recommendation": "18.9.8.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Set the default behavior for AutoRun\u0027 is set to \u0027Enabled: Do not execute any autorun commands\u0027", - "Technique1": "T1091", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.8.3": { - "Section": "18.9.8", - "Recommendation": "18.9.8.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off Autoplay\u0027 is set to \u0027Enabled: All drives\u0027", - "Technique1": "T1091", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.10.1.1": { - "Section": "18.9.10.1", - "Recommendation": "18.9.10.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure enhanced anti-spoofing\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.4": { - "Section": "18.9.11", - "Recommendation": "18.9.11.4", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Disable new DMA devices when this computer is locked\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1200", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.9.11.1.1": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.1", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Allow access to BitLocker-protected fixed data drives from earlier versions of Windows\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1140", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.9.11.1.2": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.2", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.3": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.3", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.4": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.4", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Allow 48-digit recovery password\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.5": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.5", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Allow 256-bit recovery key\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.6": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.6", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.7": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.7", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives\u0027 is set to \u0027Enabled: False\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.8": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.8", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS\u0027 is set to \u0027Enabled: Backup recovery passwords and key packages\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.9": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.9", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives\u0027 is set to \u0027Enabled: False\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.10": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.10", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for fixed data drives\u0027 is set to Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.1.11": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.11", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of passwords for fixed data drives\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.9.11.1.12": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.12", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of smart cards on fixed data drives\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1111", - "Technique2": null, - "Mitigation1": "M1017", - "Mitigation2": null - }, - "18.9.11.1.13": { - "Section": "18.9.11.1", - "Recommendation": "18.9.11.1.13", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "T1111", - "Technique2": null, - "Mitigation1": "M1017", - "Mitigation2": null - }, - "18.9.11.2.1": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.1", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Allow enhanced PINs for startup\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.2": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.2", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Allow Secure Boot for integrity validation\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1495", - "Technique2": null, - "Mitigation1": "M1046", - "Mitigation2": null - }, - "18.9.11.2.3": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.3", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.4": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.4", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: False\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.5": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.5", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Require 48-digit recovery password\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.6": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.6", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Do not allow 256-bit recovery key\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.7": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.7", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.8": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.8", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.9": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.9", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:\u0027 is set to \u0027Enabled: Store recovery passwords and key packages\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.10": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.10", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.11": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.11", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for operating system drives\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.12": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.12", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of passwords for operating system drives\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.9.11.2.13": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.13", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Require additional authentication at startup\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.2.14": { - "Section": "18.9.11.2", - "Recommendation": "18.9.11.2.14", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Require additional authentication at startup: Allow BitLocker without a compatible TPM\u0027 is set to \u0027Enabled: False\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.1": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.1", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Allow access to BitLocker-protected removable data drives from earlier versions of Windows\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1140", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.9.11.3.2": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.2", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.3": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.3", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.4": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.4", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Do not allow 48-digit recovery password\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.5": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.5", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Do not allow 256-bit recovery key\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.6": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.6", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.7": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.7", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives\u0027 is set to \u0027Enabled: False\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.8": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.8", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:\u0027 is set to \u0027Enabled: Backup recovery passwords and key packages\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.9": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.9", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives\u0027 is set to \u0027Enabled: False\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.10": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.10", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for removable data drives\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.11.3.11": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.11", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of passwords for removable data drives\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1110", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.9.11.3.12": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.12", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of smart cards on removable data drives\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1111", - "Technique2": null, - "Mitigation1": "M1017", - "Mitigation2": null - }, - "18.9.11.3.13": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.13", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives\u0027 is set to \u0027Enabled: True\u0027", - "Technique1": "T1111", - "Technique2": null, - "Mitigation1": "M1017", - "Mitigation2": null - }, - "18.9.11.3.14": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.14", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Deny write access to removable drives not protected by BitLocker\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1052", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.11.3.15": { - "Section": "18.9.11.3", - "Recommendation": "18.9.11.3.15", - "Profile": "BL", - "RecommendationTitle": "Ensure \u0027Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization\u0027 is set to \u0027Enabled: False\u0027", - "Technique1": "T1052", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.12.1": { - "Section": "18.9.12", - "Recommendation": "18.9.12.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow Use of Camera\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1125", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.19.14.1": { - "Section": "18.9.14", - "Recommendation": "18.19.14.1", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Turn off cloud consumer account state content? is set to ?Enabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.19.14.2": { - "Section": "18.9.14", - "Recommendation": "18.19.14.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off cloud optimized content\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.19.14.3": { - "Section": "18.9.14", - "Recommendation": "18.19.14.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off Microsoft consumer experiences\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.15.1": { - "Section": "18.9.15", - "Recommendation": "18.9.15.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Require pin for pairing\u0027 is set to \u0027Enabled: First Time\u0027 OR \u0027Enabled: Always\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.16.1": { - "Section": "18.9.16", - "Recommendation": "18.9.16.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not display the password reveal button\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.16.2": { - "Section": "18.9.16", - "Recommendation": "18.9.16.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enumerate administrator accounts on elevation\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1087", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.9.16.3": { - "Section": "18.9.16", - "Recommendation": "18.9.16.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent the use of security questions for local accounts\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1589", - "Technique2": null, - "Mitigation1": "M1056", - "Mitigation2": null - }, - "18.9.17.1": { - "Section": "18.9.17", - "Recommendation": "18.9.17.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Diagnostic Data\u0027 is set to \u0027Enabled: Diagnostic data off (not recommended)\u0027 or \u0027Enabled: Send required\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.17.2": { - "Section": "18.9.17", - "Recommendation": "18.9.17.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service\u0027 is set to \u0027Enabled: Disable Authenticated Proxy usage\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.17.3": { - "Section": "18.9.17", - "Recommendation": "18.9.17.3", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Disable OneSettings Downloads? is set to ?Enabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.17.4": { - "Section": "18.9.17", - "Recommendation": "18.9.17.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not show feedback notifications\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.17.5": { - "Section": "18.9.17", - "Recommendation": "18.9.17.5", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Enable OneSettings Auditing? is set to ?Enabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.17.6": { - "Section": "18.9.17", - "Recommendation": "18.9.17.6", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Limit Diagnostic Log Collection? is set to ?Enabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.17.7": { - "Section": "18.9.17", - "Recommendation": "18.9.17.7", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Limit Dump Collection? is set to ?Enabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.17.8": { - "Section": "18.9.17", - "Recommendation": "18.9.17.8", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Toggle user control over Insider builds\u0027 is set to \u0027Disabled\u0027 (Automated)", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.18.1": { - "Section": "18.9.18", - "Recommendation": "18.9.18.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Download Mode\u0027 is NOT set to \u0027Enabled: Internet\u0027", - "Technique1": "T1601", - "Technique2": null, - "Mitigation1": "M1045", - "Mitigation2": null - }, - "18.9.27.1.1": { - "Section": "18.9.27.1", - "Recommendation": "18.9.27.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Application: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.9.27.1.2": { - "Section": "18.9.27.1", - "Recommendation": "18.9.27.1.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Application: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.9.27.2.1": { - "Section": "18.9.27.2", - "Recommendation": "18.9.27.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Security: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.9.27.2.2": { - "Section": "18.9.27.2", - "Recommendation": "18.9.27.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Security: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 196,608 or greater\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.9.27.3.1": { - "Section": "18.9.27.3", - "Recommendation": "18.9.27.3.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Setup: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.9.27.3.2": { - "Section": "18.9.27.3", - "Recommendation": "18.9.27.3.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Setup: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.9.27.4.1": { - "Section": "18.9.27.4", - "Recommendation": "18.9.27.4.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027System: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.9.27.4.2": { - "Section": "18.9.27.4", - "Recommendation": "18.9.27.4.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027System: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1022", - "Mitigation2": null - }, - "18.9.31.2": { - "Section": "18.9.31", - "Recommendation": "18.9.31.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off Data Execution Prevention for Explorer\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1553", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.31.3": { - "Section": "18.9.31", - "Recommendation": "18.9.31.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off heap termination on corruption\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.31.4": { - "Section": "18.9.31", - "Recommendation": "18.9.31.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off shell protocol protected mode\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1059", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.36.1": { - "Section": "18.9.36", - "Recommendation": "18.9.36.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent the computer from joining a homegroup\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.41.1": { - "Section": "18.9.41", - "Recommendation": "18.9.41.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off location\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1591", - "Technique2": null, - "Mitigation1": "M1056", - "Mitigation2": null - }, - "18.9.45.1": { - "Section": "18.9.45", - "Recommendation": "18.9.45.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow Message Service Cloud Sync\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.46.1": { - "Section": "18.9.46", - "Recommendation": "18.9.46.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Block all consumer Microsoft account user authentication\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1078", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.9.47.14": { - "Section": "18.9.47", - "Recommendation": "18.9.47.14", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure detection for potentially unwanted applications\u0027 is set to \u0027Enabled: Block\u0027", - "Technique1": "T1204", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.47.15": { - "Section": "18.9.47", - "Recommendation": "18.9.47.15", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off Microsoft Defender AntiVirus\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1553", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.9.47.4.1": { - "Section": "18.9.47.4", - "Recommendation": "18.9.47.4.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure local setting override for reporting to Microsoft MAPS\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.47.4.2": { - "Section": "18.9.47.4", - "Recommendation": "18.9.47.4.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Join Microsoft MAPS\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.47.5.1.1": { - "Section": "18.9.47.5.1", - "Recommendation": "18.9.47.5.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Attack Surface Reduction rules\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1559", - "Technique2": "T1218", - "Mitigation1": "M1040", - "Mitigation2": "M1038" - }, - "18.9.47.5.1.2": { - "Section": "18.9.47.5.1", - "Recommendation": "18.9.47.5.1.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Attack Surface Reduction rules: Set the state for each ASR rule\u0027 is \u0027configured\u0027", - "Technique1": "T1559", - "Technique2": "T1218", - "Mitigation1": "M1040", - "Mitigation2": "M1038" - }, - "18.9.47.5.3.1": { - "Section": "18.9.47.5.3", - "Recommendation": "18.9.47.5.3.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent users and apps from accessing dangerous websites\u0027 is set to \u0027Enabled: Block\u0027", - "Technique1": "T1189", - "Technique2": "T1566", - "Mitigation1": "M1050", - "Mitigation2": "M1049" - }, - "18.9.47.6.1": { - "Section": "18.9.47.6", - "Recommendation": "18.9.47.6.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Enable file hash computation feature\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1553", - "Technique2": null, - "Mitigation1": "M1054", - "Mitigation2": null - }, - "18.9.47.9.1": { - "Section": "18.9.47.9", - "Recommendation": "18.9.47.9.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Scan all downloaded files and attachments\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1059", - "Technique2": null, - "Mitigation1": "M1049", - "Mitigation2": null - }, - "18.9.47.9.2": { - "Section": "18.9.47.9", - "Recommendation": "18.9.47.9.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off real-time protection\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1553", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.9.47.9.3": { - "Section": "18.9.47.9", - "Recommendation": "18.9.47.9.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn on behavior monitoring\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1553", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.9.47.9.4": { - "Section": "18.9.47.9", - "Recommendation": "18.9.47.9.4", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Turn on script scanning? is set to ?Enabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.47.11.1": { - "Section": "18.9.47.12", - "Recommendation": "18.9.47.11.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Scan removable drives\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1091", - "Technique2": null, - "Mitigation1": "M1034", - "Mitigation2": null - }, - "18.9.47.11.2": { - "Section": "18.9.47.12", - "Recommendation": "18.9.47.11.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn on e-mail scanning\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1556", - "Technique2": null, - "Mitigation1": "M1049", - "Mitigation2": null - }, - "18.9.48.1": { - "Section": "18.9.50", - "Recommendation": "18.9.48.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow Address bar drop-down list suggestions\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.48.2": { - "Section": "18.9.50", - "Recommendation": "18.9.48.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow Adobe Flash\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1176", - "Technique2": null, - "Mitigation1": "M1033", - "Mitigation2": null - }, - "18.9.48.3": { - "Section": "18.9.50", - "Recommendation": "18.9.48.3", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow InPrivate Browsing\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.48.4": { - "Section": "18.9.48", - "Recommendation": "18.9.48.4", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Allow files to download and save to the host operating system from Microsoft Defender Application Guard\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1211", - "Technique2": null, - "Mitigation1": "M1048", - "Mitigation2": null - }, - "18.9.48.5": { - "Section": "18.9.48", - "Recommendation": "18.9.48.5", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting\u0027 is set to \u0027Enabled: Enable clipboard operation from an isolated session to the host\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.48.6": { - "Section": "18.9.48", - "Recommendation": "18.9.48.6", - "Profile": "NG", - "RecommendationTitle": "Ensure \u0027Turn on Microsoft Defender Application Guard in Managed Mode\u0027 is set to \u0027Enabled: 1\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.48.7": { - "Section": "18.9.50", - "Recommendation": "18.9.48.7", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Configure Pop-up Blocker\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1189", - "Technique2": null, - "Mitigation1": "M1021", - "Mitigation2": null - }, - "18.9.48.8": { - "Section": "18.9.50", - "Recommendation": "18.9.48.8", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Configure search suggestions in Address bar\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.48.10": { - "Section": "18.9.50", - "Recommendation": "18.9.48.10", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Prevent access to the about:flags page in Microsoft Edge\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1505", - "Technique2": null, - "Mitigation1": "M1026", - "Mitigation2": null - }, - "18.9.48.13": { - "Section": "18.9.50", - "Recommendation": "18.9.48.13", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Prevent using Localhost IP address for WebRTC\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1592", - "Technique2": null, - "Mitigation1": "M1056", - "Mitigation2": null - }, - "18.9.58.1": { - "Section": "18.9.58", - "Recommendation": "18.9.58.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent the usage of OneDrive for file storage\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1567", - "Technique2": null, - "Mitigation1": "M1021", - "Mitigation2": null - }, - "18.9.64.1": { - "Section": "18.9.64", - "Recommendation": "18.9.64.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off Push To Install service\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1570", - "Technique2": null, - "Mitigation1": "M1031", - "Mitigation2": null - }, - "18.9.65.2.2": { - "Section": "18.9.65.2", - "Recommendation": "18.9.65.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not allow passwords to be saved\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1555", - "Technique2": null, - "Mitigation1": "M1027", - "Mitigation2": null - }, - "18.9.65.3.2.1": { - "Section": "18.9.65.3.2", - "Recommendation": "18.9.65.3.2.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow users to connect remotely by using Remote Desktop Services\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.3.1": { - "Section": "18.9.65.3.3", - "Recommendation": "18.9.65.3.3.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow UI Automation redirection\u0027 is set to \u0027Disabled\u0027", - "Technique1": null, - "Technique2": null, - "Mitigation1": null, - "Mitigation2": null - }, - "18.9.65.3.3.2": { - "Section": "18.9.65.3.3", - "Recommendation": "18.9.65.3.3.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Do not allow COM port redirection\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.3.3": { - "Section": "18.9.65.3.3", - "Recommendation": "18.9.65.3.3.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not allow drive redirection\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.3.4": { - "Section": "18.9.65.3.3", - "Recommendation": "18.9.65.3.3.4", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Do not allow location redirection\u0027 is set to \u0027Enabled\u0027", - "Technique1": null, - "Technique2": null, - "Mitigation1": null, - "Mitigation2": null - }, - "18.9.65.3.3.5": { - "Section": "18.9.65.3.3", - "Recommendation": "18.9.65.3.3.5", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Do not allow LPT port redirection\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.3.6": { - "Section": "18.9.65.3.3", - "Recommendation": "18.9.65.3.3.6", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Do not allow supported Plug and Play device redirection\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.9.1": { - "Section": "18.9.65.3.9", - "Recommendation": "18.9.65.3.9.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Always prompt for password upon connection\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.9.2": { - "Section": "18.9.65.3.9", - "Recommendation": "18.9.65.3.9.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Require secure RPC communication\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1210", - "Technique2": "T1557", - "Mitigation1": "M1042", - "Mitigation2": "M1041" - }, - "18.9.65.3.9.3": { - "Section": "18.9.65.3.9", - "Recommendation": "18.9.65.3.9.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Require use of specific security layer for remote (RDP) connections\u0027 is set to \u0027Enabled: SSL\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.9.4": { - "Section": "18.9.65.3.9", - "Recommendation": "18.9.65.3.9.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Require user authentication for remote connections by using Network Level Authentication\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.9.5": { - "Section": "18.9.65.3.9", - "Recommendation": "18.9.65.3.9.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Set client connection encryption level\u0027 is set to \u0027Enabled: High Level\u0027", - "Technique1": "T1210", - "Technique2": "T1557", - "Mitigation1": "M1042", - "Mitigation2": "M1041" - }, - "18.9.65.3.10.1": { - "Section": "18.9.65.3.10", - "Recommendation": "18.9.65.3.10.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Set time limit for active but idle Remote Desktop Services sessions\u0027 is set to \u0027Enabled: 15 minutes or less, but not Never (0)\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.10.2": { - "Section": "18.9.65.3.10", - "Recommendation": "18.9.65.3.10.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Set time limit for disconnected sessions\u0027 is set to \u0027Enabled: 1 minute\u0027", - "Technique1": "T1210", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.65.3.11.1": { - "Section": "18.9.65.3.11", - "Recommendation": "18.9.65.3.11.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not delete temp folders upon exit\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1210", - "Technique2": "T1564", - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.66.1": { - "Section": "18.9.66", - "Recommendation": "18.9.66.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent downloading of enclosures\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1204", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.67.2": { - "Section": "18.9.67", - "Recommendation": "18.9.67.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow Cloud Search\u0027 is set to \u0027Enabled: Disable Cloud Search\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.67.3": { - "Section": "18.9.67", - "Recommendation": "18.9.67.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Cortana\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.67.4": { - "Section": "18.9.67", - "Recommendation": "18.9.67.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Cortana above lock screen\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.67.5": { - "Section": "18.9.67", - "Recommendation": "18.9.67.5", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow indexing of encrypted files\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1005", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "18.9.67.6": { - "Section": "18.9.67", - "Recommendation": "18.9.67.6", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow search and Cortana to use location\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1591", - "Technique2": null, - "Mitigation1": "M1056", - "Mitigation2": null - }, - "18.9.72.1": { - "Section": "18.9.72", - "Recommendation": "18.9.72.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off KMS Client Online AVS Validation\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.75.1": { - "Section": "18.9.75", - "Recommendation": "18.9.75.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Disable all apps from Microsoft Store\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.75.2": { - "Section": "18.9.75", - "Recommendation": "18.9.75.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Only display the private store within the Microsoft Store\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.75.3": { - "Section": "18.9.75", - "Recommendation": "18.9.75.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off Automatic Download and Install of updates\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.75.4": { - "Section": "18.9.75", - "Recommendation": "18.9.75.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off the offer to update to the latest version of Windows\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.75.5": { - "Section": "18.9.75", - "Recommendation": "18.9.75.5", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off the Store application\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.81.1": { - "Section": "18.9.81", - "Recommendation": "18.9.81.1", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Allow widgets? is set to ?Disabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.85.1.1": { - "Section": "18.9.85.1", - "Recommendation": "18.9.85.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Windows Defender SmartScreen\u0027 is set to \u0027Enabled: Warn and prevent bypass\u0027", - "Technique1": "T1204", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.85.2.1": { - "Section": "18.9.85.2", - "Recommendation": "18.9.85.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Windows Defender SmartScreen\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1204", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.85.2.2": { - "Section": "18.9.85.2", - "Recommendation": "18.9.85.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent bypassing Windows Defender SmartScreen prompts for sites\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1553", - "Technique2": null, - "Mitigation1": "M1054", - "Mitigation2": null - }, - "18.9.87.1": { - "Section": "18.9.87", - "Recommendation": "18.9.87.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enables or disables Windows Game Recording and Broadcasting\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1592", - "Technique2": null, - "Mitigation1": "M1056", - "Mitigation2": null - }, - "18.9.89.1": { - "Section": "18.9.89", - "Recommendation": "18.9.89.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow suggested apps in Windows Ink Workspace\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.89.2": { - "Section": "18.9.89", - "Recommendation": "18.9.89.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Windows Ink Workspace\u0027 is set to \u0027Enabled: On, but disallow access above lock\u0027 OR \u0027Disabled\u0027 but not \u0027Enabled: On\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.90.1": { - "Section": "18.9.90", - "Recommendation": "18.9.90.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow user control over installs\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1204", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.90.2": { - "Section": "18.9.90", - "Recommendation": "18.9.90.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Always install with elevated privileges\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "18.9.90.3": { - "Section": "18.9.90", - "Recommendation": "18.9.90.3", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Prevent Internet Explorer security prompt for Windows Installer scripts\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1204", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "18.9.91.1": { - "Section": "18.9.91", - "Recommendation": "18.9.91.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Sign-in and lock last interactive user automatically after a restart\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.100.1": { - "Section": "18.9.100", - "Recommendation": "18.9.100.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn on PowerShell Script Block Logging\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1552", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.9.100.2": { - "Section": "18.9.100", - "Recommendation": "18.9.100.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn on PowerShell Transcription\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1552", - "Technique2": null, - "Mitigation1": "M1028", - "Mitigation2": null - }, - "18.9.102.1.1": { - "Section": "18.9.102.1", - "Recommendation": "18.9.102.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Basic authentication\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": "T1557", - "Mitigation1": "M1018", - "Mitigation2": "M1041" - }, - "18.9.102.1.2": { - "Section": "18.9.102.1", - "Recommendation": "18.9.102.1.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow unencrypted traffic\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": "T1557", - "Mitigation1": "M1018", - "Mitigation2": "M1041" - }, - "18.9.102.1.3": { - "Section": "18.9.102.1", - "Recommendation": "18.9.102.1.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Disallow Digest authentication\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1021", - "Technique2": "T1557", - "Mitigation1": "M1018", - "Mitigation2": "M1041" - }, - "18.9.102.2.1": { - "Section": "18.9.102.2", - "Recommendation": "18.9.102.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow Basic authentication\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": "T1557", - "Mitigation1": "M1018", - "Mitigation2": "M1041" - }, - "18.9.102.2.2": { - "Section": "18.9.102.2", - "Recommendation": "18.9.102.2.2", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow remote server management through WinRM\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "18.9.102.2.3": { - "Section": "18.9.102.2", - "Recommendation": "18.9.102.2.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Allow unencrypted traffic\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1021", - "Technique2": "T1557", - "Mitigation1": "M1018", - "Mitigation2": "M1041" - }, - "18.9.102.2.4": { - "Section": "18.9.102.2", - "Recommendation": "18.9.102.2.4", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Disallow WinRM from storing RunAs credentials\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1021", - "Technique2": "T1555", - "Mitigation1": "M1018", - "Mitigation2": "M1027" - }, - "18.9.103.1": { - "Section": "18.9.103", - "Recommendation": "18.9.103.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Allow Remote Shell Access\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1059", - "Technique2": null, - "Mitigation1": "M1042", - "Mitigation2": null - }, - "18.9.104.1": { - "Section": "18.9.104", - "Recommendation": "18.9.104.1", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Allow clipboard sharing with Windows Sandbox? is set to ?Disabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.104.2": { - "Section": "18.9.104", - "Recommendation": "18.9.104.2", - "Profile": "L1", - "RecommendationTitle": "Ensure ?Allow networking in Windows Sandbox? is set to ?Disabled?", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.105.2.1": { - "Section": "18.9.105.2", - "Recommendation": "18.9.105.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent users from modifying settings\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1562", - "Technique2": null, - "Mitigation1": "M1018", - "Mitigation2": null - }, - "18.9.108.1.1": { - "Section": "18.9.108.1", - "Recommendation": "18.9.108.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027No auto-restart with logged on users for scheduled automatic updates installations\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.108.2.1": { - "Section": "18.9.108.2", - "Recommendation": "18.9.108.2.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Automatic Updates\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.108.2.2": { - "Section": "18.9.108.2", - "Recommendation": "18.9.108.2.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Automatic Updates: Scheduled install day\u0027 is set to \u00270 - Every day\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.108.2.3": { - "Section": "18.9.108.2", - "Recommendation": "18.9.108.2.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Remove access to ?Pause updates? feature\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.108.4.1": { - "Section": "18.9.108.4", - "Recommendation": "18.9.108.4.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Manage preview builds\u0027 is set to \u0027Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.103.4.2": { - "Section": "18.9.108.4", - "Recommendation": "18.9.103.4.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Select when Preview Builds and Feature Updates are received\u0027 is set to \u0027Enabled: 180 or more days\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "18.9.103.4.3": { - "Section": "18.9.108.4", - "Recommendation": "18.9.103.4.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Select when Quality Updates are received\u0027 is set to \u0027Enabled: 0 days\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.1.3.1": { - "Section": "19.1.3", - "Recommendation": "19.1.3.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Enable screen saver\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.1.3.2": { - "Section": "19.1.3", - "Recommendation": "19.1.3.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Password protect the screen saver\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.1.3.3": { - "Section": "19.1.3", - "Recommendation": "19.1.3.3", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Screen saver timeout\u0027 is set to \u0027Enabled: 900 seconds or fewer, but not 0\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.5.1.1": { - "Section": "19.5.1", - "Recommendation": "19.5.1.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Turn off toast notifications on the lock screen\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.6.6.1.1": { - "Section": "19.6.6.1", - "Recommendation": "19.6.6.1.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off Help Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.7.4.1": { - "Section": "19.7.4", - "Recommendation": "19.7.4.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not preserve zone information in file attachments\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1204", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - }, - "19.7.4.2": { - "Section": "19.7.4", - "Recommendation": "19.7.4.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Notify antivirus programs when opening attachments\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1027", - "Technique2": null, - "Mitigation1": "M1049", - "Mitigation2": null - }, - "19.7.8.1": { - "Section": "19.7.8", - "Recommendation": "19.7.8.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Configure Windows spotlight on lock screen\u0027 is set to Disabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.7.8.2": { - "Section": "19.7.8", - "Recommendation": "19.7.8.2", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Do not suggest third-party content in Windows spotlight\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.7.8.3": { - "Section": "19.7.8", - "Recommendation": "19.7.8.3", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Do not use diagnostic data for tailored experiences\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.7.8.4": { - "Section": "19.7.8", - "Recommendation": "19.7.8.4", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Turn off all Windows spotlight features\u0027 is set to \u0027Enabled\u0027", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.7.8.5": { - "Section": "19.7.8", - "Recommendation": "19.7.8.5", - "Profile": "L2", - "RecommendationTitle": "Ensure ?Turn off Spotlight collection on Desktop? is set to ?Enabled", - "Technique1": "No MITRE ATT\u0026CK mapping", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK mapping", - "Mitigation2": null - }, - "19.7.28.1": { - "Section": "19.7.28", - "Recommendation": "19.7.28.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Prevent users from sharing files within their profile.\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1083", - "Technique2": null, - "Mitigation1": "No MITRE ATT\u0026CK Mitigation", - "Mitigation2": null - }, - "19.7.43.1": { - "Section": "19.7.43", - "Recommendation": "19.7.43.1", - "Profile": "L1", - "RecommendationTitle": "Ensure \u0027Always install with elevated privileges\u0027 is set to \u0027Disabled\u0027", - "Technique1": "T1548", - "Technique2": null, - "Mitigation1": "M1052", - "Mitigation2": null - }, - "19.7.47.2.1": { - "Section": "19.7.47.2", - "Recommendation": "19.7.47.2.1", - "Profile": "L2", - "RecommendationTitle": "Ensure \u0027Prevent Codec Download\u0027 is set to \u0027Enabled\u0027", - "Technique1": "T1204", - "Technique2": null, - "Mitigation1": "M1038", - "Mitigation2": null - } -} diff --git a/ATAPHtmlReport/TechniquesToTactics.json b/ATAPHtmlReport/TechniquesToTactics.json deleted file mode 100644 index 748a92c9..00000000 --- a/ATAPHtmlReport/TechniquesToTactics.json +++ /dev/null @@ -1,279 +0,0 @@ -{ - "T1132": "TA0011", - "T1594": "TA0043", - "T1573": "TA0011", - "T1587": "TA0042", - "T1556": [ - "TA0006", - "TA0005", - "TA0003" - ], - "T1137": "TA0003", - "T1071": "TA0011", - "T1016": "TA0007", - "T1601": "TA0005", - "T1547": [ - "TA0004", - "TA0003" - ], - "T1041": "TA0010", - "T1200": "TA0001", - "T1055": [ - "TA0004", - "TA0005" - ], - "T1176": "TA0003", - "T1593": "TA0043", - "T1072": [ - "TA0008", - "TA0002" - ], - "T1204": "TA0002", - "T1218": "TA0005", - "T1482": "TA0007", - "T1525": "TA0003", - "T1129": "TA0002", - "T1558": "TA0006", - "T1564": "TA0005", - "T1207": "TA0005", - "T1580": "TA0007", - "T1092": "TA0011", - "T1133": [ - "TA0001", - "TA0003" - ], - "T1571": "TA0011", - "T1021": "TA0008", - "T1078": [ - "TA0004", - "TA0005", - "TA0001", - "TA0003" - ], - "T1070": "TA0005", - "T1113": "TA0009", - "T1040": [ - "TA0006", - "TA0007" - ], - "T1583": "TA0042", - "T1069": "TA0007", - "T1202": "TA0005", - "T1572": "TA0011", - "T1068": "TA0004", - "T1652": "TA0007", - "T1555": "TA0006", - "T1538": "TA0007", - "T1563": "TA0008", - "T1216": "TA0005", - "T1539": "TA0006", - "T1489": "TA0040", - "T1221": "TA0005", - "T1622": [ - "TA0005", - "TA0007" - ], - "T1495": "TA0040", - "T1535": "TA0005", - "T1219": "TA0011", - "T1197": [ - "TA0005", - "TA0003" - ], - "T1486": "TA0040", - "T1649": "TA0006", - "T1569": "TA0002", - "T1578": "TA0005", - "T1497": [ - "TA0005", - "TA0007" - ], - "T1091": [ - "TA0008", - "TA0001" - ], - "T1083": "TA0007", - "T1087": "TA0007", - "T1201": "TA0007", - "T1537": "TA0010", - "T1190": "TA0001", - "T1007": "TA0007", - "T1112": "TA0005", - "T1608": "TA0042", - "T1650": "TA0042", - "T1110": "TA0006", - "T1530": "TA0009", - "T1090": "TA0011", - "T1039": "TA0009", - "T1553": "TA0005", - "T1599": "TA0005", - "T1619": "TA0007", - "T1185": "TA0009", - "T1585": "TA0042", - "T1588": "TA0042", - "T1485": "TA0040", - "T1534": "TA0008", - "T1098": "TA0003", - "T1499": "TA0040", - "T1614": "TA0007", - "T1602": "TA0009", - "T1213": "TA0009", - "T1114": "TA0009", - "T1052": "TA0010", - "T1648": "TA0002", - "T1135": "TA0007", - "T1621": "TA0006", - "T1095": "TA0011", - "T1542": [ - "TA0005", - "TA0003" - ], - "T1124": "TA0007", - "T1119": "TA0009", - "T1057": "TA0007", - "T1531": "TA0040", - "T1136": "TA0003", - "T1140": "TA0005", - "T1037": [ - "TA0004", - "TA0003" - ], - "T1046": "TA0007", - "T1505": "TA0003", - "T1565": "TA0040", - "T1480": "TA0005", - "T1612": "TA0005", - "T1205": [ - "TA0005", - "TA0011", - "TA0003" - ], - "T1080": "TA0008", - "T1003": "TA0006", - "T1552": "TA0006", - "T1059": "TA0002", - "T1211": "TA0005", - "T1550": [ - "TA0008", - "TA0005" - ], - "T1543": [ - "TA0004", - "TA0003" - ], - "T1595": "TA0043", - "T1048": "TA0010", - "T1600": "TA0005", - "T1005": "TA0009", - "T1592": "TA0043", - "T1557": [ - "TA0009", - "TA0006" - ], - "T1010": "TA0007", - "T1561": "TA0040", - "T1498": "TA0040", - "T1203": "TA0002", - "T1546": [ - "TA0004", - "TA0003" - ], - "T1125": "TA0009", - "T1056": [ - "TA0009", - "TA0006" - ], - "T1554": "TA0003", - "T1591": "TA0043", - "T1187": "TA0006", - "T1217": "TA0007", - "T1047": "TA0002", - "T1647": "TA0005", - "T1559": "TA0002", - "T1018": "TA0007", - "T1074": "TA0009", - "T1199": "TA0001", - "T1025": "TA0009", - "T1610": [ - "TA0002", - "TA0005" - ], - "T1548": [ - "TA0004", - "TA0005" - ], - "T1210": "TA0008", - "T1584": "TA0042", - "T1567": "TA0010", - "T1120": "TA0007", - "T1491": "TA0040", - "T1606": "TA0006", - "T1001": "TA0011", - "T1562": "TA0005", - "T1049": "TA0007", - "T1105": "TA0011", - "T1613": "TA0007", - "T1220": "TA0005", - "T1082": "TA0007", - "T1222": "TA0005", - "T1609": "TA0002", - "T1651": "TA0002", - "T1111": "TA0006", - "T1212": "TA0006", - "T1611": "TA0004", - "T1030": "TA0010", - "T1528": "TA0006", - "T1102": "TA0011", - "T1574": [ - "TA0004", - "TA0005", - "TA0003" - ], - "T1598": "TA0043", - "T1127": "TA0005", - "T1570": "TA0008", - "T1006": "TA0005", - "T1008": "TA0011", - "T1589": "TA0043", - "T1012": "TA0007", - "T1620": "TA0005", - "T1496": "TA0040", - "T1615": "TA0007", - "T1518": "TA0007", - "T1566": "TA0001", - "T1484": [ - "TA0004", - "TA0005" - ], - "T1526": "TA0007", - "T1189": "TA0001", - "T1029": "TA0010", - "T1014": "TA0005", - "T1568": "TA0011", - "T1134": [ - "TA0004", - "TA0005" - ], - "T1104": "TA0011", - "T1586": "TA0042", - "T1195": "TA0001", - "T1011": "TA0010", - "T1560": "TA0009", - "T1036": "TA0005", - "T1106": "TA0002", - "T1590": "TA0043", - "T1027": "TA0005", - "T1529": "TA0040", - "T1033": "TA0007", - "T1020": "TA0010", - "T1490": "TA0040", - "T1597": "TA0043", - "T1115": "TA0009", - "T1053": [ - "TA0004", - "TA0002", - "TA0003" - ], - "T1596": "TA0043", - "T1123": "TA0009" -} diff --git a/ATAPHtmlReport/enterprise-attack-v13-techniques.json b/ATAPHtmlReport/enterprise-attack-v13-techniques.json deleted file mode 100644 index 4fae739c..00000000 --- a/ATAPHtmlReport/enterprise-attack-v13-techniques.json +++ /dev/null @@ -1,786 +0,0 @@ -{ - "T1548": { - "ID": "T1548", - "name": "Abuse Elevation Control Mechanism" - }, - "T1134": { - "ID": "T1134", - "name": "Access Token Manipulation" - }, - "T1531": { - "ID": "T1531", - "name": "Account Access Removal" - }, - "T1087": { - "ID": "T1087", - "name": "Account Discovery" - }, - "T1098": { - "ID": "T1098", - "name": "Account Manipulation" - }, - "T1650": { - "ID": "T1650", - "name": "Acquire Access" - }, - "T1583": { - "ID": "T1583", - "name": "Acquire Infrastructure" - }, - "T1595": { - "ID": "T1595", - "name": "Active Scanning" - }, - "T1557": { - "ID": "T1557", - "name": "Adversary-in-the-Middle" - }, - "T1071": { - "ID": "T1071", - "name": "Application Layer Protocol" - }, - "T1010": { - "ID": "T1010", - "name": "Application Window Discovery" - }, - "T1560": { - "ID": "T1560", - "name": "Archive Collected Data" - }, - "T1123": { - "ID": "T1123", - "name": "Audio Capture" - }, - "T1119": { - "ID": "T1119", - "name": "Automated Collection" - }, - "T1020": { - "ID": "T1020", - "name": "Automated Exfiltration" - }, - "T1197": { - "ID": "T1197", - "name": "BITS Jobs" - }, - "T1547": { - "ID": "T1547", - "name": "Boot or Logon Autostart Execution" - }, - "T1037": { - "ID": "T1037", - "name": "Boot or Logon Initialization Scripts" - }, - "T1176": { - "ID": "T1176", - "name": "Browser Extensions" - }, - "T1217": { - "ID": "T1217", - "name": "Browser Information Discovery" - }, - "T1185": { - "ID": "T1185", - "name": "Browser Session Hijacking" - }, - "T1110": { - "ID": "T1110", - "name": "Brute Force" - }, - "T1612": { - "ID": "T1612", - "name": "Build Image on Host" - }, - "T1115": { - "ID": "T1115", - "name": "Clipboard Data" - }, - "T1651": { - "ID": "T1651", - "name": "Cloud Administration Command" - }, - "T1580": { - "ID": "T1580", - "name": "Cloud Infrastructure Discovery" - }, - "T1538": { - "ID": "T1538", - "name": "Cloud Service Dashboard" - }, - "T1526": { - "ID": "T1526", - "name": "Cloud Service Discovery" - }, - "T1619": { - "ID": "T1619", - "name": "Cloud Storage Object Discovery" - }, - "T1059": { - "ID": "T1059", - "name": "Command and Scripting Interpreter" - }, - "T1092": { - "ID": "T1092", - "name": "Communication Through Removable Media" - }, - "T1586": { - "ID": "T1586", - "name": "Compromise Accounts" - }, - "T1554": { - "ID": "T1554", - "name": "Compromise Client Software Binary" - }, - "T1584": { - "ID": "T1584", - "name": "Compromise Infrastructure" - }, - "T1609": { - "ID": "T1609", - "name": "Container Administration Command" - }, - "T1613": { - "ID": "T1613", - "name": "Container and Resource Discovery" - }, - "T1136": { - "ID": "T1136", - "name": "Create Account" - }, - "T1543": { - "ID": "T1543", - "name": "Create or Modify System Process" - }, - "T1555": { - "ID": "T1555", - "name": "Credentials from Password Stores" - }, - "T1485": { - "ID": "T1485", - "name": "Data Destruction" - }, - "T1132": { - "ID": "T1132", - "name": "Data Encoding" - }, - "T1486": { - "ID": "T1486", - "name": "Data Encrypted for Impact" - }, - "T1565": { - "ID": "T1565", - "name": "Data Manipulation" - }, - "T1001": { - "ID": "T1001", - "name": "Data Obfuscation" - }, - "T1074": { - "ID": "T1074", - "name": "Data Staged" - }, - "T1030": { - "ID": "T1030", - "name": "Data Transfer Size Limits" - }, - "T1530": { - "ID": "T1530", - "name": "Data from Cloud Storage" - }, - "T1602": { - "ID": "T1602", - "name": "Data from Configuration Repository" - }, - "T1213": { - "ID": "T1213", - "name": "Data from Information Repositories" - }, - "T1005": { - "ID": "T1005", - "name": "Data from Local System" - }, - "T1039": { - "ID": "T1039", - "name": "Data from Network Shared Drive" - }, - "T1025": { - "ID": "T1025", - "name": "Data from Removable Media" - }, - "T1622": { - "ID": "T1622", - "name": "Debugger Evasion" - }, - "T1491": { - "ID": "T1491", - "name": "Defacement" - }, - "T1140": { - "ID": "T1140", - "name": "Deobfuscate/Decode Files or Information" - }, - "T1610": { - "ID": "T1610", - "name": "Deploy Container" - }, - "T1587": { - "ID": "T1587", - "name": "Develop Capabilities" - }, - "T1652": { - "ID": "T1652", - "name": "Device Driver Discovery" - }, - "T1006": { - "ID": "T1006", - "name": "Direct Volume Access" - }, - "T1561": { - "ID": "T1561", - "name": "Disk Wipe" - }, - "T1484": { - "ID": "T1484", - "name": "Domain Policy Modification" - }, - "T1482": { - "ID": "T1482", - "name": "Domain Trust Discovery" - }, - "T1189": { - "ID": "T1189", - "name": "Drive-by Compromise" - }, - "T1568": { - "ID": "T1568", - "name": "Dynamic Resolution" - }, - "T1114": { - "ID": "T1114", - "name": "Email Collection" - }, - "T1573": { - "ID": "T1573", - "name": "Encrypted Channel" - }, - "T1499": { - "ID": "T1499", - "name": "Endpoint Denial of Service" - }, - "T1611": { - "ID": "T1611", - "name": "Escape to Host" - }, - "T1585": { - "ID": "T1585", - "name": "Establish Accounts" - }, - "T1546": { - "ID": "T1546", - "name": "Event Triggered Execution" - }, - "T1480": { - "ID": "T1480", - "name": "Execution Guardrails" - }, - "T1048": { - "ID": "T1048", - "name": "Exfiltration Over Alternative Protocol" - }, - "T1041": { - "ID": "T1041", - "name": "Exfiltration Over C2 Channel" - }, - "T1011": { - "ID": "T1011", - "name": "Exfiltration Over Other Network Medium" - }, - "T1052": { - "ID": "T1052", - "name": "Exfiltration Over Physical Medium" - }, - "T1567": { - "ID": "T1567", - "name": "Exfiltration Over Web Service" - }, - "T1190": { - "ID": "T1190", - "name": "Exploit Public-Facing Application" - }, - "T1203": { - "ID": "T1203", - "name": "Exploitation for Client Execution" - }, - "T1212": { - "ID": "T1212", - "name": "Exploitation for Credential Access" - }, - "T1211": { - "ID": "T1211", - "name": "Exploitation for Defense Evasion" - }, - "T1068": { - "ID": "T1068", - "name": "Exploitation for Privilege Escalation" - }, - "T1210": { - "ID": "T1210", - "name": "Exploitation of Remote Services" - }, - "T1133": { - "ID": "T1133", - "name": "External Remote Services" - }, - "T1008": { - "ID": "T1008", - "name": "Fallback Channels" - }, - "T1083": { - "ID": "T1083", - "name": "File and Directory Discovery" - }, - "T1222": { - "ID": "T1222", - "name": "File and Directory Permissions Modification" - }, - "T1495": { - "ID": "T1495", - "name": "Firmware Corruption" - }, - "T1187": { - "ID": "T1187", - "name": "Forced Authentication" - }, - "T1606": { - "ID": "T1606", - "name": "Forge Web Credentials" - }, - "T1592": { - "ID": "T1592", - "name": "Gather Victim Host Information" - }, - "T1589": { - "ID": "T1589", - "name": "Gather Victim Identity Information" - }, - "T1590": { - "ID": "T1590", - "name": "Gather Victim Network Information" - }, - "T1591": { - "ID": "T1591", - "name": "Gather Victim Org Information" - }, - "T1615": { - "ID": "T1615", - "name": "Group Policy Discovery" - }, - "T1200": { - "ID": "T1200", - "name": "Hardware Additions" - }, - "T1564": { - "ID": "T1564", - "name": "Hide Artifacts" - }, - "T1574": { - "ID": "T1574", - "name": "Hijack Execution Flow" - }, - "T1562": { - "ID": "T1562", - "name": "Impair Defenses" - }, - "T1525": { - "ID": "T1525", - "name": "Implant Internal Image" - }, - "T1070": { - "ID": "T1070", - "name": "Indicator Removal" - }, - "T1202": { - "ID": "T1202", - "name": "Indirect Command Execution" - }, - "T1105": { - "ID": "T1105", - "name": "Ingress Tool Transfer" - }, - "T1490": { - "ID": "T1490", - "name": "Inhibit System Recovery" - }, - "T1056": { - "ID": "T1056", - "name": "Input Capture" - }, - "T1559": { - "ID": "T1559", - "name": "Inter-Process Communication" - }, - "T1534": { - "ID": "T1534", - "name": "Internal Spearphishing" - }, - "T1570": { - "ID": "T1570", - "name": "Lateral Tool Transfer" - }, - "T1036": { - "ID": "T1036", - "name": "Masquerading" - }, - "T1556": { - "ID": "T1556", - "name": "Modify Authentication Process" - }, - "T1578": { - "ID": "T1578", - "name": "Modify Cloud Compute Infrastructure" - }, - "T1112": { - "ID": "T1112", - "name": "Modify Registry" - }, - "T1601": { - "ID": "T1601", - "name": "Modify System Image" - }, - "T1111": { - "ID": "T1111", - "name": "Multi-Factor Authentication Interception" - }, - "T1621": { - "ID": "T1621", - "name": "Multi-Factor Authentication Request Generation" - }, - "T1104": { - "ID": "T1104", - "name": "Multi-Stage Channels" - }, - "T1106": { - "ID": "T1106", - "name": "Native API" - }, - "T1599": { - "ID": "T1599", - "name": "Network Boundary Bridging" - }, - "T1498": { - "ID": "T1498", - "name": "Network Denial of Service" - }, - "T1046": { - "ID": "T1046", - "name": "Network Service Discovery" - }, - "T1135": { - "ID": "T1135", - "name": "Network Share Discovery" - }, - "T1040": { - "ID": "T1040", - "name": "Network Sniffing" - }, - "T1095": { - "ID": "T1095", - "name": "Non-Application Layer Protocol" - }, - "T1571": { - "ID": "T1571", - "name": "Non-Standard Port" - }, - "T1003": { - "ID": "T1003", - "name": "OS Credential Dumping" - }, - "T1027": { - "ID": "T1027", - "name": "Obfuscated Files or Information" - }, - "T1588": { - "ID": "T1588", - "name": "Obtain Capabilities" - }, - "T1137": { - "ID": "T1137", - "name": "Office Application Startup" - }, - "T1201": { - "ID": "T1201", - "name": "Password Policy Discovery" - }, - "T1120": { - "ID": "T1120", - "name": "Peripheral Device Discovery" - }, - "T1069": { - "ID": "T1069", - "name": "Permission Groups Discovery" - }, - "T1566": { - "ID": "T1566", - "name": "Phishing" - }, - "T1598": { - "ID": "T1598", - "name": "Phishing for Information" - }, - "T1647": { - "ID": "T1647", - "name": "Plist File Modification" - }, - "T1542": { - "ID": "T1542", - "name": "Pre-OS Boot" - }, - "T1057": { - "ID": "T1057", - "name": "Process Discovery" - }, - "T1055": { - "ID": "T1055", - "name": "Process Injection" - }, - "T1572": { - "ID": "T1572", - "name": "Protocol Tunneling" - }, - "T1090": { - "ID": "T1090", - "name": "Proxy" - }, - "T1012": { - "ID": "T1012", - "name": "Query Registry" - }, - "T1620": { - "ID": "T1620", - "name": "Reflective Code Loading" - }, - "T1219": { - "ID": "T1219", - "name": "Remote Access Software" - }, - "T1563": { - "ID": "T1563", - "name": "Remote Service Session Hijacking" - }, - "T1021": { - "ID": "T1021", - "name": "Remote Services" - }, - "T1018": { - "ID": "T1018", - "name": "Remote System Discovery" - }, - "T1091": { - "ID": "T1091", - "name": "Replication Through Removable Media" - }, - "T1496": { - "ID": "T1496", - "name": "Resource Hijacking" - }, - "T1207": { - "ID": "T1207", - "name": "Rogue Domain Controller" - }, - "T1014": { - "ID": "T1014", - "name": "Rootkit" - }, - "T1053": { - "ID": "T1053", - "name": "Scheduled Task/Job" - }, - "T1029": { - "ID": "T1029", - "name": "Scheduled Transfer" - }, - "T1113": { - "ID": "T1113", - "name": "Screen Capture" - }, - "T1597": { - "ID": "T1597", - "name": "Search Closed Sources" - }, - "T1596": { - "ID": "T1596", - "name": "Search Open Technical Databases" - }, - "T1593": { - "ID": "T1593", - "name": "Search Open Websites/Domains" - }, - "T1594": { - "ID": "T1594", - "name": "Search Victim-Owned Websites" - }, - "T1505": { - "ID": "T1505", - "name": "Server Software Component" - }, - "T1648": { - "ID": "T1648", - "name": "Serverless Execution" - }, - "T1489": { - "ID": "T1489", - "name": "Service Stop" - }, - "T1129": { - "ID": "T1129", - "name": "Shared Modules" - }, - "T1072": { - "ID": "T1072", - "name": "Software Deployment Tools" - }, - "T1518": { - "ID": "T1518", - "name": "Software Discovery" - }, - "T1608": { - "ID": "T1608", - "name": "Stage Capabilities" - }, - "T1528": { - "ID": "T1528", - "name": "Steal Application Access Token" - }, - "T1539": { - "ID": "T1539", - "name": "Steal Web Session Cookie" - }, - "T1649": { - "ID": "T1649", - "name": "Steal or Forge Authentication Certificates" - }, - "T1558": { - "ID": "T1558", - "name": "Steal or Forge Kerberos Tickets" - }, - "T1553": { - "ID": "T1553", - "name": "Subvert Trust Controls" - }, - "T1195": { - "ID": "T1195", - "name": "Supply Chain Compromise" - }, - "T1218": { - "ID": "T1218", - "name": "System Binary Proxy Execution" - }, - "T1082": { - "ID": "T1082", - "name": "System Information Discovery" - }, - "T1614": { - "ID": "T1614", - "name": "System Location Discovery" - }, - "T1016": { - "ID": "T1016", - "name": "System Network Configuration Discovery" - }, - "T1049": { - "ID": "T1049", - "name": "System Network Connections Discovery" - }, - "T1033": { - "ID": "T1033", - "name": "System Owner/User Discovery" - }, - "T1216": { - "ID": "T1216", - "name": "System Script Proxy Execution" - }, - "T1007": { - "ID": "T1007", - "name": "System Service Discovery" - }, - "T1569": { - "ID": "T1569", - "name": "System Services" - }, - "T1529": { - "ID": "T1529", - "name": "System Shutdown/Reboot" - }, - "T1124": { - "ID": "T1124", - "name": "System Time Discovery" - }, - "T1080": { - "ID": "T1080", - "name": "Taint Shared Content" - }, - "T1221": { - "ID": "T1221", - "name": "Template Injection" - }, - "T1205": { - "ID": "T1205", - "name": "Traffic Signaling" - }, - "T1537": { - "ID": "T1537", - "name": "Transfer Data to Cloud Account" - }, - "T1127": { - "ID": "T1127", - "name": "Trusted Developer Utilities Proxy Execution" - }, - "T1199": { - "ID": "T1199", - "name": "Trusted Relationship" - }, - "T1552": { - "ID": "T1552", - "name": "Unsecured Credentials" - }, - "T1535": { - "ID": "T1535", - "name": "Unused/Unsupported Cloud Regions" - }, - "T1550": { - "ID": "T1550", - "name": "Use Alternate Authentication Material" - }, - "T1204": { - "ID": "T1204", - "name": "User Execution" - }, - "T1078": { - "ID": "T1078", - "name": "Valid Accounts" - }, - "T1125": { - "ID": "T1125", - "name": "Video Capture" - }, - "T1497": { - "ID": "T1497", - "name": "Virtualization/Sandbox Evasion" - }, - "T1600": { - "ID": "T1600", - "name": "Weaken Encryption" - }, - "T1102": { - "ID": "T1102", - "name": "Web Service" - }, - "T1047": { - "ID": "T1047", - "name": "Windows Management Instrumentation" - }, - "T1220": { - "ID": "T1220", - "name": "XSL Script Processing" - } -} diff --git a/ATAPHtmlReport/resources/CISToAttackMappingData.json b/ATAPHtmlReport/resources/CISToAttackMappingData.json new file mode 100644 index 00000000..0007c484 --- /dev/null +++ b/ATAPHtmlReport/resources/CISToAttackMappingData.json @@ -0,0 +1,6185 @@ +{ + "CISAttackMapping": { + "1.1.1": { + "Section": "1.1", + "Recommendation": "1.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enforce password history\u0027 is set to \u002724 or more password(s)\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "1.1.2": { + "Section": "1.1", + "Recommendation": "1.1.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Maximum password age\u0027 is set to \u002760 or fewer days, but not 0\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "1.1.3": { + "Section": "1.1", + "Recommendation": "1.1.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Minimum password age\u0027 is set to \u00271 or more day(s)\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "1.1.4": { + "Section": "1.1", + "Recommendation": "1.1.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Minimum password length\u0027 is set to \u002714 or more character(s)\u0027", + "Technique1": "T1078", + "Technique2": "T1110", + "Mitigation1": "M1027", + "Mitigation2": "M1018" + }, + "1.1.5": { + "Section": "1.1", + "Recommendation": "1.1.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Password must meet complexity requirements\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1078", + "Technique2": "T1110", + "Mitigation1": "M1027", + "Mitigation2": "M1018" + }, + "1.1.6": { + "Section": "1.1", + "Recommendation": "1.1.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Relax minimum password length limits\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1078", + "Technique2": "T1110", + "Mitigation1": "M1027", + "Mitigation2": "M1018" + }, + "1.1.7": { + "Section": "1.1", + "Recommendation": "1.1.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Store passwords using reversible encryption\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1003", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "1.2.1": { + "Section": "1.2", + "Recommendation": "1.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Account lockout duration\u0027 is set to \u002715 or more minute(s)\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "1.2.2": { + "Section": "1.2", + "Recommendation": "1.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Account lockout threshold\u0027 is set to \u002710 or fewer invalid logon attempt(s), but not 0\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "1.2.3": { + "Section": "1.2", + "Recommendation": "1.2.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Reset account lockout counter after\u0027 is set to \u002715 or more minute(s)\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "2.2.1": { + "Section": "2.2", + "Recommendation": "2.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Access Credential Manager as a trusted caller\u0027 is set to \u0027No One\u0027", + "Technique1": "T1115", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "2.2.2": { + "Section": "2.2", + "Recommendation": "2.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Access this computer from the network\u0027 is set to \u0027Administrators, Remote Desktop Users\u0027", + "Technique1": "T1563", + "Technique2": "T1021", + "Mitigation1": "M1035", + "Mitigation2": "M1018" + }, + "2.2.3": { + "Section": "2.2", + "Recommendation": "2.2.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Act as part of the operating system\u0027 is set to \u0027No One\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "2.2.4": { + "Section": "2.2", + "Recommendation": "2.2.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Adjust memory quotas for a process\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE\u0027", + "Technique1": "T1496", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.5": { + "Section": "2.2", + "Recommendation": "2.2.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow log on locally\u0027 is set to \u0027Administrators, Users\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "2.2.6": { + "Section": "2.2", + "Recommendation": "2.2.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow log on through Remote Desktop Services\u0027 is set to \u0027Administrators, Remote Desktop Users\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "2.2.7": { + "Section": "2.2", + "Recommendation": "2.2.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Back up files and directories\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1222", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": "M1022" + }, + "2.2.8": { + "Section": "2.2", + "Recommendation": "2.2.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Change the system time\u0027 is set to \u0027Administrators, LOCAL SERVICE\u0027", + "Technique1": "T1070", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "2.2.9": { + "Section": "2.2", + "Recommendation": "2.2.9", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Change the time zone\u0027 is set to \u0027Administrators, LOCAL SERVICE, Users\u0027", + "Technique1": "T1070", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "2.2.10": { + "Section": "2.2", + "Recommendation": "2.2.10", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Create a pagefile\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1074", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.11": { + "Section": "2.2", + "Recommendation": "2.2.11", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Create a token object\u0027 is set to \u0027No One\u0027", + "Technique1": "T1134", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.2.12": { + "Section": "2.2", + "Recommendation": "2.2.12", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Create global objects\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE\u0027", + "Technique1": "T1543", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.2.13": { + "Section": "2.2", + "Recommendation": "2.2.13", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Create permanent shared objects\u0027 is set to \u0027No One\u0027", + "Technique1": "T1083", + "Technique2": "T1039", + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.14": { + "Section": "2.2", + "Recommendation": "2.2.14", + "Profile": "L1", + "RecommendationTitle": "Configure \u0027Create symbolic links\u0027", + "Technique1": "T1574", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.2.15": { + "Section": "2.2", + "Recommendation": "2.2.15", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Debug programs\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1127", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "2.2.16": { + "Section": "2.2", + "Recommendation": "2.2.16", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Deny access to this computer from the network\u0027 to include \u0027Guests, Local account\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "2.2.17": { + "Section": "2.2", + "Recommendation": "2.2.17", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Deny log on as a batch job\u0027 to include \u0027Guests\u0027", + "Technique1": "T1053", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "2.2.18": { + "Section": "2.2", + "Recommendation": "2.2.18", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Deny log on as a service\u0027 to include \u0027Guests\u0027", + "Technique1": "T1543", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.2.19": { + "Section": "2.2", + "Recommendation": "2.2.19", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Deny log on locally\u0027 to include \u0027Guests\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "2.2.20": { + "Section": "2.2", + "Recommendation": "2.2.20", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Deny log on through Remote Desktop Services\u0027 to include \u0027Guests, Local account\u0027", + "Technique1": "T1021", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.2.21": { + "Section": "2.2", + "Recommendation": "2.2.21", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enable computer and user accounts to be trusted for delegation\u0027 is set to \u0027No One\u0027", + "Technique1": "T1134", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.2.22": { + "Section": "2.2", + "Recommendation": "2.2.22", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Force shutdown from a remote system\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1529", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.23": { + "Section": "2.2", + "Recommendation": "2.2.23", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Generate security audits\u0027 is set to \u0027LOCAL SERVICE, NETWORK SERVICE\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.2.24": { + "Section": "2.2", + "Recommendation": "2.2.24", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Impersonate a client after authentication\u0027 is set to \u0027Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE\u0027", + "Technique1": "T1134", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.2.25": { + "Section": "2.2", + "Recommendation": "2.2.25", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Increase scheduling priority\u0027 is set to \u0027Administrators, Window Manager\\Window Manager Group\u0027", + "Technique1": "T1496", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.26": { + "Section": "2.2", + "Recommendation": "2.2.26", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Load and unload device drivers\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1547", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.27": { + "Section": "2.2", + "Recommendation": "2.2.27", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Lock pages in memory\u0027 is set to \u0027No One\u0027", + "Technique1": "T1496", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.28": { + "Section": "2.2", + "Recommendation": "2.2.28", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Log on as a batch job\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1053", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "2.2.29": { + "Section": "2.2", + "Recommendation": "2.2.29", + "Profile": "L2", + "RecommendationTitle": "Configure \u0027Log on as a service\u0027", + "Technique1": "T1543", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.2.30": { + "Section": "2.2", + "Recommendation": "2.2.30", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Manage auditing and security log\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.2.31": { + "Section": "2.2", + "Recommendation": "2.2.31", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Modify an object label\u0027 is set to \u0027No One\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.2.32": { + "Section": "2.2", + "Recommendation": "2.2.32", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Modify firmware environment values\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1495", + "Technique2": null, + "Mitigation1": "M1046", + "Mitigation2": null + }, + "2.2.33": { + "Section": "2.2", + "Recommendation": "2.2.33", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Perform volume maintenance tasks\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1561", + "Technique2": null, + "Mitigation1": "M1053", + "Mitigation2": null + }, + "2.2.34": { + "Section": "2.2", + "Recommendation": "2.2.34", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Profile single process\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1057", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.35": { + "Section": "2.2", + "Recommendation": "2.2.35", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Profile system performance\u0027 is set to \u0027Administrators, NT SERVICE\\WdiServiceHost\u0027", + "Technique1": "T1057", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.36": { + "Section": "2.2", + "Recommendation": "2.2.36", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Replace a process level token\u0027 is set to \u0027LOCAL SERVICE, NETWORK SERVICE\u0027", + "Technique1": "T1134", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.2.37": { + "Section": "2.2", + "Recommendation": "2.2.37", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Restore files and directories\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1485", + "Technique2": null, + "Mitigation1": "M1053", + "Mitigation2": null + }, + "2.2.38": { + "Section": "2.2", + "Recommendation": "2.2.38", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Shut down the system\u0027 is set to \u0027Administrators, Users\u0027", + "Technique1": "T1529", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.2.39": { + "Section": "2.2", + "Recommendation": "2.2.39", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Take ownership of files or other objects\u0027 is set to \u0027Administrators\u0027", + "Technique1": "T1222", + "Technique2": "T1112", + "Mitigation1": "M1022", + "Mitigation2": "M1024" + }, + "2.3.1.1": { + "Section": "2.3.1", + "Recommendation": "2.3.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Accounts: Administrator account status\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1110", + "Technique2": "T1078", + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.3.1.2": { + "Section": "2.3.1", + "Recommendation": "2.3.1.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Accounts: Block Microsoft accounts\u0027 is set to \u0027Users can\u0027t add or log on with Microsoft accounts\u0027", + "Technique1": "T1078", + "Technique2": "T1136", + "Mitigation1": "M1026", + "Mitigation2": null + }, + "2.3.1.3": { + "Section": "2.3.1", + "Recommendation": "2.3.1.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Accounts: Guest account status\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1110", + "Technique2": "T1078", + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.3.1.4": { + "Section": "2.3.1", + "Recommendation": "2.3.1.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Accounts: Limit local account use of blank passwords to console logon only\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1021", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.3.1.5": { + "Section": "2.3.1", + "Recommendation": "2.3.1.5", + "Profile": "L1", + "RecommendationTitle": "Configure \u0027Accounts: Rename administrator account\u0027", + "Technique1": "T1110", + "Technique2": "T1078", + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.3.1.6": { + "Section": "2.3.1", + "Recommendation": "2.3.1.6", + "Profile": "L1", + "RecommendationTitle": "Configure \u0027Accounts: Rename guest account\u0027", + "Technique1": "T1110", + "Technique2": "T1078", + "Mitigation1": "M1018", + "Mitigation2": "M1026" + }, + "2.3.2.1": { + "Section": "2.3.2", + "Recommendation": "2.3.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "2.3.2.2": { + "Section": "2.3.2", + "Recommendation": "2.3.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit: Shut down system immediately if unable to log security audits\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "2.3.4.1": { + "Section": "2.3.4", + "Recommendation": "2.3.4.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Devices: Allowed to format and eject removable media\u0027 is set to \u0027Administrators and Interactive Users\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.4.2": { + "Section": "2.3.4", + "Recommendation": "2.3.4.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Devices: Prevent users from installing printer drivers\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1574", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "2.3.6.1": { + "Section": "2.3.6", + "Recommendation": "2.3.6.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Domain member: Digitally encrypt or sign secure channel data (always)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1040", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "2.3.6.2": { + "Section": "2.3.6", + "Recommendation": "2.3.6.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Domain member: Digitally encrypt secure channel data (when possible)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1040", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "2.3.6.3": { + "Section": "2.3.6", + "Recommendation": "2.3.6.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Domain member: Digitally sign secure channel data (when possible)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1040", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "2.3.6.4": { + "Section": "2.3.6", + "Recommendation": "2.3.6.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Domain member: Disable machine account password changes\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1098", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "2.3.6.5": { + "Section": "2.3.6", + "Recommendation": "2.3.6.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Domain member: Maximum machine account password age\u0027 is set to \u002730 or fewer days, but not 0\u0027", + "Technique1": "T1098", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "2.3.6.6": { + "Section": "2.3.6", + "Recommendation": "2.3.6.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Domain member: Require strong (Windows 2000 or later) session key\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1040", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "2.3.7.1": { + "Section": "2.3.7", + "Recommendation": "2.3.7.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Interactive logon: Do not require CTRL+ALT+DEL\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1056", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.3.7.2": { + "Section": "2.3.7", + "Recommendation": "2.3.7.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Interactive logon: Don\u0027t display last signed-in\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "2.3.7.3": { + "Section": "2.3.7", + "Recommendation": "2.3.7.3", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Interactive logon: Machine account lockout threshold\u0027 is set to \u002710 or fewer invalid logon attempts, but not 0\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1036", + "Mitigation2": null + }, + "2.3.7.4": { + "Section": "2.3.7", + "Recommendation": "2.3.7.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Interactive logon: Machine inactivity limit\u0027 is set to \u0027900 or fewer second(s), but not 0\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.7.5": { + "Section": "2.3.7", + "Recommendation": "2.3.7.5", + "Profile": "L1", + "RecommendationTitle": "Configure \u0027Interactive logon: Message text for users attempting to log on\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.7.6": { + "Section": "2.3.7", + "Recommendation": "2.3.7.6", + "Profile": "L1", + "RecommendationTitle": "Configure \u0027Interactive logon: Message title for users attempting to log on\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.7.7": { + "Section": "2.3.7", + "Recommendation": "2.3.7.7", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Interactive logon: Number of previous logons to cache (in case domain controller is not available)\u0027 is set to \u00274 or fewer logon(s)\u0027", + "Technique1": "T1003", + "Technique2": "T1555", + "Mitigation1": "M1027", + "Mitigation2": null + }, + "2.3.7.8": { + "Section": "2.3.7", + "Recommendation": "2.3.7.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Interactive logon: Prompt user to change password before expiration\u0027 is set to \u0027between 5 and 14 days\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.7.9": { + "Section": "2.3.7", + "Recommendation": "2.3.7.9", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Interactive logon: Smart card removal behavior\u0027 is set to \u0027Lock Workstation\u0027 or higher", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.8.1": { + "Section": "2.3.8", + "Recommendation": "2.3.8.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft network client: Digitally sign communications (always)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1563", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.3.8.2": { + "Section": "2.3.8", + "Recommendation": "2.3.8.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft network client: Digitally sign communications (if server agrees)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1563", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.3.8.3": { + "Section": "2.3.8", + "Recommendation": "2.3.8.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft network client: Send unencrypted password to third-party SMB servers\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1563", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.3.9.1": { + "Section": "2.3.9", + "Recommendation": "2.3.9.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft network server: Amount of idle time required before suspending session\u0027 is set to \u002715 or fewer minute(s)\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.9.2": { + "Section": "2.3.9", + "Recommendation": "2.3.9.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft network server: Digitally sign communications (always)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1563", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.3.9.3": { + "Section": "2.3.9", + "Recommendation": "2.3.9.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft network server: Digitally sign communications (if client agrees)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1563", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "2.3.9.4": { + "Section": "2.3.9", + "Recommendation": "2.3.9.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft network server: Disconnect clients when logon hours expire\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.9.5": { + "Section": "2.3.9", + "Recommendation": "2.3.9.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft network server: Server SPN target name validation level\u0027 is set to \u0027Accept if provided by client\u0027 or higher", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1035", + "Mitigation2": null + }, + "2.3.10.1": { + "Section": "2.3.10", + "Recommendation": "2.3.10.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Allow anonymous SID/Name translation\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1036", + "Mitigation2": null + }, + "2.3.10.2": { + "Section": "2.3.10", + "Recommendation": "2.3.10.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Do not allow anonymous enumeration of SAM accounts\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1110", + "Technique2": "T1087", + "Mitigation1": "M1036", + "Mitigation2": "M1028" + }, + "2.3.10.3": { + "Section": "2.3.10", + "Recommendation": "2.3.10.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Do not allow anonymous enumeration of SAM accounts and shares\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1087", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "2.3.10.4": { + "Section": "2.3.10", + "Recommendation": "2.3.10.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Do not allow storage of passwords and credentials for network authentication\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1003", + "Technique2": "T1555", + "Mitigation1": "M1027", + "Mitigation2": null + }, + "2.3.10.5": { + "Section": "2.3.10", + "Recommendation": "2.3.10.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Let Everyone permissions apply to anonymous users\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1083", + "Technique2": "T1087", + "Mitigation1": "M1028", + "Mitigation2": null + }, + "2.3.10.6": { + "Section": "2.3.10", + "Recommendation": "2.3.10.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Named Pipes that can be accessed anonymously\u0027 is set to \u0027None\u0027", + "Technique1": "T1559", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "2.3.10.7": { + "Section": "2.3.10", + "Recommendation": "2.3.10.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Remotely accessible registry paths\u0027", + "Technique1": "T1112", + "Technique2": "T1012", + "Mitigation1": "M1024", + "Mitigation2": null + }, + "2.3.10.8": { + "Section": "2.3.10", + "Recommendation": "2.3.10.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Remotely accessible registry paths and sub-paths\u0027", + "Technique1": "T1112", + "Technique2": "T1012", + "Mitigation1": "M1024", + "Mitigation2": null + }, + "2.3.10.9": { + "Section": "2.3.10", + "Recommendation": "2.3.10.9", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Restrict anonymous access to Named Pipes and Shares\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1083", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.3.10.10": { + "Section": "2.3.10", + "Recommendation": "2.3.10.10", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Restrict clients allowed to make remote calls to SAM\u0027 is set to \u0027Administrators: Remote Access: Allow\u0027", + "Technique1": "T1110", + "Technique2": "T1087", + "Mitigation1": "M1036", + "Mitigation2": "M1028" + }, + "2.3.10.11": { + "Section": "2.3.10", + "Recommendation": "2.3.10.11", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Shares that can be accessed anonymously\u0027 is set to \u0027None\u0027", + "Technique1": "T1039", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "2.3.10.12": { + "Section": "2.3.10", + "Recommendation": "2.3.10.12", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network access: Sharing and security model for local accounts\u0027 is set to \u0027Classic - local users authenticate as themselves\u0027", + "Technique1": "T1485", + "Technique2": null, + "Mitigation1": "M1053", + "Mitigation2": null + }, + "2.3.11.1": { + "Section": "2.3.11", + "Recommendation": "2.3.11.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: Allow Local System to use computer identity for NTLM\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1035", + "Mitigation2": null + }, + "2.3.11.2": { + "Section": "2.3.11", + "Recommendation": "2.3.11.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: Allow LocalSystem NULL session fallback\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1565", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "2.3.11.3": { + "Section": "2.3.11", + "Recommendation": "2.3.11.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network Security: Allow PKU2U authentication requests to this computer to use online identities\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1199", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "2.3.11.4": { + "Section": "2.3.11", + "Recommendation": "2.3.11.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: Configure encryption types allowed for Kerberos\u0027 is set to \u0027AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types\u0027", + "Technique1": "T1558", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "2.3.11.5": { + "Section": "2.3.11", + "Recommendation": "2.3.11.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: Do not store LAN Manager hash value on next password change\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1003", + "Technique2": "T1552", + "Mitigation1": "M1041", + "Mitigation2": null + }, + "2.3.11.6": { + "Section": "2.3.11", + "Recommendation": "2.3.11.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: Force logoff when logon hours expire\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "2.3.11.7": { + "Section": "2.3.11", + "Recommendation": "2.3.11.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: LAN Manager authentication level\u0027 is set to \u0027Send NTLMv2 response only. Refuse LM \u0026 NTLM\u0027", + "Technique1": "T1040", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "2.3.11.8": { + "Section": "2.3.11", + "Recommendation": "2.3.11.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: LDAP client signing requirements\u0027 is set to \u0027Negotiate signing\u0027 or higher", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1037", + "Mitigation2": null + }, + "2.3.11.9": { + "Section": "2.3.11", + "Recommendation": "2.3.11.9", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: Minimum session security for NTLM SSP based (including secure RPC) clients\u0027 is set to \u0027Require NTLMv2 session security, Require 128-bit encryption\u0027", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1035", + "Mitigation2": null + }, + "2.3.11.10": { + "Section": "2.3.11", + "Recommendation": "2.3.11.10", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Network security: Minimum session security for NTLM SSP based (including secure RPC) servers\u0027 is set to \u0027Require NTLMv2 session security, Require 128-bit encryption\u0027", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1035", + "Mitigation2": null + }, + "2.3.14.1": { + "Section": "2.3.14", + "Recommendation": "2.3.14.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027System cryptography: Force strong key protection for user keys stored on the computer\u0027 is set to \u0027User is prompted when the key is first used\u0027 or higher", + "Technique1": "T1550", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "2.3.15.1": { + "Section": "2.3.15", + "Recommendation": "2.3.15.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027System objects: Require case insensitivity for non-Windows subsystems\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1565", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "2.3.15.2": { + "Section": "2.3.15", + "Recommendation": "2.3.15.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1222", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "2.3.17.1": { + "Section": "2.3.17", + "Recommendation": "2.3.17.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027User Account Control: Admin Approval Mode for the Built-in Administrator account\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "2.3.17.2": { + "Section": "2.3.17", + "Recommendation": "2.3.17.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode\u0027 is set to \u0027Prompt for consent on the secure desktop\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "2.3.17.3": { + "Section": "2.3.17", + "Recommendation": "2.3.17.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027User Account Control: Behavior of the elevation prompt for standard users\u0027 is set to \u0027Automatically deny elevation requests\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "2.3.17.4": { + "Section": "2.3.17", + "Recommendation": "2.3.17.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027User Account Control: Detect application installations and prompt for elevation\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "2.3.17.5": { + "Section": "2.3.17", + "Recommendation": "2.3.17.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027User Account Control: Only elevate UIAccess applications that are installed in secure locations\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "2.3.17.6": { + "Section": "2.3.17", + "Recommendation": "2.3.17.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027User Account Control: Run all administrators in Admin Approval Mode\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "2.3.17.7": { + "Section": "2.3.17", + "Recommendation": "2.3.17.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027User Account Control: Switch to the secure desktop when prompting for elevation\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "2.3.17.8": { + "Section": "2.3.17", + "Recommendation": "2.3.17.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027User Account Control: Virtualize file and registry write failures to per-user locations\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "5.1": { + "Section": "5", + "Recommendation": "5.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Bluetooth Audio Gateway Service (BTAGService)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1011", + "Mitigation1": "M1028", + "Mitigation2": "M1022" + }, + "5.2": { + "Section": "5", + "Recommendation": "5.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Bluetooth Support Service (bthserv)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1011", + "Mitigation1": "M1022", + "Mitigation2": "M1028" + }, + "5.3": { + "Section": "5", + "Recommendation": "5.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Computer Browser (Browser)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1018", + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.4": { + "Section": "5", + "Recommendation": "5.4", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Downloaded Maps Manager (MapsBroker)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.5": { + "Section": "5", + "Recommendation": "5.5", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Geolocation Service (lfsvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.6": { + "Section": "5", + "Recommendation": "5.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027IIS Admin Service (IISADMIN)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1505", + "Mitigation1": "M1022", + "Mitigation2": "M1047" + }, + "5.7": { + "Section": "5", + "Recommendation": "5.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Infrared monitor service (irmon)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1011", + "Mitigation1": "M1022", + "Mitigation2": "M1028" + }, + "5.8": { + "Section": "5", + "Recommendation": "5.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Internet Connection Sharing (ICS) (SharedAccess)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1011", + "Mitigation1": "M1022", + "Mitigation2": "M1028" + }, + "5.9": { + "Section": "5", + "Recommendation": "5.9", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Link-Layer Topology Discovery Mapper (lltdsvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1018", + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.10": { + "Section": "5", + "Recommendation": "5.10", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027LxssManager (LxssManager)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.11": { + "Section": "5", + "Recommendation": "5.11", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Microsoft FTP Service (FTPSVC)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1105", + "Mitigation1": "M1022", + "Mitigation2": "M1031" + }, + "5.12": { + "Section": "5", + "Recommendation": "5.12", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Microsoft iSCSI Initiator Service (MSiSCSI)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1048", + "Mitigation1": "M1022", + "Mitigation2": "M1031" + }, + "5.13": { + "Section": "5", + "Recommendation": "5.13", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027OpenSSH SSH Server (sshd)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1563", + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.14": { + "Section": "5", + "Recommendation": "5.14", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Peer Name Resolution Protocol (PNRPsvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": "M1021" + }, + "5.15": { + "Section": "5", + "Recommendation": "5.15", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Peer Networking Grouping (p2psvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.16": { + "Section": "5", + "Recommendation": "5.16", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Peer Networking Identity Manager (p2pimsvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.17": { + "Section": "5", + "Recommendation": "5.17", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027PNRP Machine Name Publication Service (PNRPAutoReg)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.18": { + "Section": "5", + "Recommendation": "5.18", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Print Spooler (Spooler)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "5.19": { + "Section": "5", + "Recommendation": "5.19", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Problem Reports and Solutions Control Panel Support (wercplsupport)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1070", + "Mitigation1": "M1022", + "Mitigation2": "M1041" + }, + "5.20": { + "Section": "5", + "Recommendation": "5.20", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Remote Access Auto Connection Manager (RasAuto)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.21": { + "Section": "5", + "Recommendation": "5.21", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Remote Desktop Configuration (SessionEnv)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1563", + "Mitigation1": "M1022", + "Mitigation2": "M1026" + }, + "5.22": { + "Section": "5", + "Recommendation": "5.22", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Remote Desktop Services (TermService)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1021", + "Mitigation1": "M1022", + "Mitigation2": "M1018" + }, + "5.23": { + "Section": "5", + "Recommendation": "5.23", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Remote Desktop Services UserMode Port Redirector (UmRdpService)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1090", + "Mitigation1": "M1022", + "Mitigation2": "M1037" + }, + "5.24": { + "Section": "5", + "Recommendation": "5.24", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Remote Procedure Call (RPC) Locator (RpcLocator)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1053", + "Mitigation1": "M1022", + "Mitigation2": "M1028" + }, + "5.25": { + "Section": "5", + "Recommendation": "5.25", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Remote Registry (RemoteRegistry)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1112", + "Mitigation1": "M1022", + "Mitigation2": "M1024" + }, + "5.26": { + "Section": "5", + "Recommendation": "5.26", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Routing and Remote Access (RemoteAccess)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1011", + "Mitigation1": "M1022", + "Mitigation2": "M1028" + }, + "5.27": { + "Section": "5", + "Recommendation": "5.27", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Server (LanmanServer)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1011", + "Mitigation1": "M1022", + "Mitigation2": "M1028" + }, + "5.28": { + "Section": "5", + "Recommendation": "5.28", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Simple TCP/IP Services (simptcp)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1011", + "Mitigation1": "M1022", + "Mitigation2": "M1028" + }, + "5.29": { + "Section": "5", + "Recommendation": "5.29", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027SNMP Service (SNMP)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1133", + "Mitigation1": "M1022", + "Mitigation2": "M1042" + }, + "5.30": { + "Section": "5", + "Recommendation": "5.30", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Special Administration Console Helper (sacsvr)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1018", + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.31": { + "Section": "5", + "Recommendation": "5.31", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027SSDP Discovery (SSDPSRV)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1120", + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.32": { + "Section": "5", + "Recommendation": "5.32", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027UPnP Device Host (upnphost)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1120", + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.33": { + "Section": "5", + "Recommendation": "5.33", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Web Management Service (WMSvc)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1505", + "Mitigation1": "M1022", + "Mitigation2": "M1047" + }, + "5.34": { + "Section": "5", + "Recommendation": "5.34", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Windows Error Reporting Service (WerSvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1070", + "Mitigation1": "M1022", + "Mitigation2": "M1041" + }, + "5.35": { + "Section": "5", + "Recommendation": "5.35", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Windows Event Collector (Wecsvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.36": { + "Section": "5", + "Recommendation": "5.36", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Media Player Network Sharing Service (WMPNetworkSvc)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1048", + "Mitigation1": "M1022", + "Mitigation2": "M1037" + }, + "5.37": { + "Section": "5", + "Recommendation": "5.37", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Mobile Hotspot Service (icssvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1048", + "Mitigation1": "M1022", + "Mitigation2": "M1037" + }, + "5.38": { + "Section": "5", + "Recommendation": "5.38", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Windows Push Notifications System Service (WpnService)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1048", + "Mitigation1": "M1022", + "Mitigation2": "M1037" + }, + "5.39": { + "Section": "5", + "Recommendation": "5.39", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Windows PushToInstall Service (PushToInstall)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1072", + "Mitigation1": "M1022", + "Mitigation2": "M1026" + }, + "5.40": { + "Section": "5", + "Recommendation": "5.40", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Windows Remote Management (WS-Management) (WinRM)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1210", + "Mitigation1": "M1022", + "Mitigation2": "M1042" + }, + "5.41": { + "Section": "5", + "Recommendation": "5.41", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027World Wide Web Publishing Service (W3SVC)\u0027 is set to \u0027Disabled\u0027 or \u0027Not Installed\u0027", + "Technique1": "T1569", + "Technique2": "T1505", + "Mitigation1": "M1022", + "Mitigation2": "M1047" + }, + "5.42": { + "Section": "5", + "Recommendation": "5.42", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Xbox Accessory Management Service (XboxGipSvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1120", + "Mitigation1": "M1022", + "Mitigation2": null + }, + "5.43": { + "Section": "5", + "Recommendation": "5.43", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Xbox Live Auth Manager (XblAuthManager)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1048", + "Mitigation1": "M1022", + "Mitigation2": "M1037" + }, + "5.44": { + "Section": "5", + "Recommendation": "5.44", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Xbox Live Game Save (XblGameSave)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": "T1048", + "Mitigation1": "M1022", + "Mitigation2": "M1037" + }, + "5.45": { + "Section": "5", + "Recommendation": "5.45", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Xbox Live Networking Service (XboxNetApiSvc)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.1.1": { + "Section": "9.1", + "Recommendation": "9.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Firewall state\u0027 is set to \u0027On (recommended)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.1.2": { + "Section": "9.1", + "Recommendation": "9.1.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Inbound connections\u0027 is set to \u0027Block (default)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.1.3": { + "Section": "9.1", + "Recommendation": "9.1.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.1.4": { + "Section": "9.1", + "Recommendation": "9.1.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Settings: Display a notification\u0027 is set to \u0027No\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.1.5": { + "Section": "9.1", + "Recommendation": "9.1.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\domainfw.log\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.1.6": { + "Section": "9.1", + "Recommendation": "9.1.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.1.7": { + "Section": "9.1", + "Recommendation": "9.1.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.1.8": { + "Section": "9.1", + "Recommendation": "9.1.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Domain: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.2.1": { + "Section": "9.2", + "Recommendation": "9.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Firewall state\u0027 is set to \u0027On (recommended)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.2.2": { + "Section": "9.2", + "Recommendation": "9.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Inbound connections\u0027 is set to \u0027Block (default)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.2.3": { + "Section": "9.2", + "Recommendation": "9.2.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.2.4": { + "Section": "9.2", + "Recommendation": "9.2.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Settings: Display a notification\u0027 is set to \u0027No\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.2.5": { + "Section": "9.2", + "Recommendation": "9.2.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\privatefw.log\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.2.6": { + "Section": "9.2", + "Recommendation": "9.2.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.2.7": { + "Section": "9.2", + "Recommendation": "9.2.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.2.8": { + "Section": "9.2", + "Recommendation": "9.2.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Private: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.1": { + "Section": "9.3", + "Recommendation": "9.3.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Firewall state\u0027 is set to \u0027On (recommended)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.2": { + "Section": "9.3", + "Recommendation": "9.3.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Inbound connections\u0027 is set to \u0027Block (default)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.3": { + "Section": "9.3", + "Recommendation": "9.3.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Outbound connections\u0027 is set to \u0027Allow (default)\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.4": { + "Section": "9.3", + "Recommendation": "9.3.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Display a notification\u0027 is set to \u0027No\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.5": { + "Section": "9.3", + "Recommendation": "9.3.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Apply local firewall rules\u0027 is set to \u0027No\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.6": { + "Section": "9.3", + "Recommendation": "9.3.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Settings: Apply local connection security rules\u0027 is set to \u0027No\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.7": { + "Section": "9.3", + "Recommendation": "9.3.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Name\u0027 is set to \u0027%SystemRoot%\\System32\\logfiles\\firewall\\publicfw.log\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.8": { + "Section": "9.3", + "Recommendation": "9.3.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Size limit (KB)\u0027 is set to \u002716,384 KB or greater\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.9": { + "Section": "9.3", + "Recommendation": "9.3.9", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Log dropped packets\u0027 is set to \u0027Yes\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "9.3.10": { + "Section": "9.3", + "Recommendation": "9.3.10", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Windows Firewall: Public: Logging: Log successful connections\u0027 is set to \u0027Yes\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.1.1": { + "Section": "17.1", + "Recommendation": "17.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Credential Validation\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.2.1": { + "Section": "17.2", + "Recommendation": "17.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Application Group Management\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.2.2": { + "Section": "17.2", + "Recommendation": "17.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Security Group Management\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.2.3": { + "Section": "17.2", + "Recommendation": "17.2.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit User Account Management\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.3.1": { + "Section": "17.3", + "Recommendation": "17.3.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit PNP Activity\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.3.2": { + "Section": "17.3", + "Recommendation": "17.3.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Process Creation\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.5.1": { + "Section": "17.5", + "Recommendation": "17.5.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Account Lockout\u0027 is set to include \u0027Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.5.2": { + "Section": "17.5", + "Recommendation": "17.5.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Group Membership\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.5.3": { + "Section": "17.5", + "Recommendation": "17.5.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Logoff\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.5.4": { + "Section": "17.5", + "Recommendation": "17.5.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Logon\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.5.5": { + "Section": "17.5", + "Recommendation": "17.5.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Other Logon/Logoff Events\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.5.6": { + "Section": "17.5", + "Recommendation": "17.5.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Special Logon\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.6.1": { + "Section": "17.6", + "Recommendation": "17.6.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Detailed File Share\u0027 is set to include \u0027Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.6.2": { + "Section": "17.6", + "Recommendation": "17.6.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit File Share\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.6.3": { + "Section": "17.6", + "Recommendation": "17.6.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Other Object Access Events\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.6.4": { + "Section": "17.6", + "Recommendation": "17.6.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Removable Storage\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.7.1": { + "Section": "17.7", + "Recommendation": "17.7.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Audit Policy Change\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.7.2": { + "Section": "17.7", + "Recommendation": "17.7.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Authentication Policy Change\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.7.3": { + "Section": "17.7", + "Recommendation": "17.7.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Authorization Policy Change\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.7.4": { + "Section": "17.7", + "Recommendation": "17.7.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit MPSSVC Rule-Level Policy Change\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.7.5": { + "Section": "17.7", + "Recommendation": "17.7.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Other Policy Change Events\u0027 is set to include \u0027Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.8.1": { + "Section": "17.8", + "Recommendation": "17.8.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Sensitive Privilege Use\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.9.1": { + "Section": "17.9", + "Recommendation": "17.9.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit IPsec Driver\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.9.2": { + "Section": "17.9", + "Recommendation": "17.9.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Other System Events\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.9.3": { + "Section": "17.9", + "Recommendation": "17.9.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Security State Change\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.9.4": { + "Section": "17.9", + "Recommendation": "17.9.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit Security System Extension\u0027 is set to include \u0027Success\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "17.9.5": { + "Section": "17.9", + "Recommendation": "17.9.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Audit System Integrity\u0027 is set to \u0027Success and Failure\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.1.3": { + "Section": "18.1", + "Recommendation": "18.1.3", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow Online Tips\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.1.1.1": { + "Section": "18.1.1", + "Recommendation": "18.1.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent enabling lock screen camera\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1125", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.1.1.2": { + "Section": "18.1.1", + "Recommendation": "18.1.1.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent enabling lock screen slide show\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1125", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.1.2.2": { + "Section": "18.1.2", + "Recommendation": "18.1.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow users to enable online speech recognition services\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.2.1": { + "Section": "18.2", + "Recommendation": "18.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure LAPS AdmPwd GPO Extension / CSE is installed", + "Technique1": "T1552", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.2.2": { + "Section": "18.2", + "Recommendation": "18.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not allow password expiration time longer than required by policy\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.2.3": { + "Section": "18.2", + "Recommendation": "18.2.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enable Local Admin Password Management\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1552", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.2.4": { + "Section": "18.2", + "Recommendation": "18.2.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Password Settings: Password Complexity\u0027 is set to \u0027Enabled: Large letters + small letters + numbers + special characters\u0027", + "Technique1": "T1078", + "Technique2": "T1110", + "Mitigation1": "M1027", + "Mitigation2": "M1018" + }, + "18.2.5": { + "Section": "18.2", + "Recommendation": "18.2.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Password Settings: Password Length\u0027 is set to \u0027Enabled: 15 or more\u0027", + "Technique1": "T1078", + "Technique2": "T1110", + "Mitigation1": "M1027", + "Mitigation2": "M1018" + }, + "18.2.6": { + "Section": "18.2", + "Recommendation": "18.2.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Password Settings: Password Age (Days)\u0027 is set to \u0027Enabled: 30 or fewer\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.3.1": { + "Section": "18.3", + "Recommendation": "18.3.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Apply UAC restrictions to local accounts on network logons\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1210", + "Technique2": "T1134", + "Mitigation1": "M1026", + "Mitigation2": null + }, + "18.3.2": { + "Section": "18.3", + "Recommendation": "18.3.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure SMB v1 client driver\u0027 is set to \u0027Enabled: Disable driver (recommended)\u0027", + "Technique1": "T1021", + "Technique2": "T1570", + "Mitigation1": "M1037", + "Mitigation2": null + }, + "18.3.3": { + "Section": "18.3", + "Recommendation": "18.3.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure SMB v1 server\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": "T1570", + "Mitigation1": "M1037", + "Mitigation2": null + }, + "18.3.4": { + "Section": "18.3", + "Recommendation": "18.3.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enable Structured Exception Handling Overwrite Protection (SEHOP)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1203", + "Technique2": null, + "Mitigation1": "M1050", + "Mitigation2": null + }, + "18.3.5": { + "Section": "18.3", + "Recommendation": "18.3.5", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Limits print driver installation to Administrators? is set to ?Enabled?", + "Technique1": "T1203", + "Technique2": null, + "Mitigation1": "M1050", + "Mitigation2": null + }, + "18.3.6": { + "Section": "18.3", + "Recommendation": "18.3.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027NetBT NodeType configuration\u0027 is set to \u0027Enabled: P-node (recommended)\u0027", + "Technique1": "T1018", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.3.7": { + "Section": "18.3", + "Recommendation": "18.3.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027WDigest Authentication\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1555", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.4.1": { + "Section": "18.4", + "Recommendation": "18.4.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1552", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "18.4.2": { + "Section": "18.4", + "Recommendation": "18.4.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)\u0027 is set to \u0027Enabled: Highest protection, source routing is completely disabled\u0027", + "Technique1": "T1071", + "Technique2": null, + "Mitigation1": "M1031", + "Mitigation2": null + }, + "18.4.3": { + "Section": "18.4", + "Recommendation": "18.4.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)\u0027 is set to \u0027Enabled: Highest protection, source routing is completely disabled\u0027", + "Technique1": "T1071", + "Technique2": null, + "Mitigation1": "M1031", + "Mitigation2": null + }, + "18.4.4": { + "Section": "18.4", + "Recommendation": "18.4.4", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027MSS: (DisableSavePassword) Prevent the dial-up password from being saved\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1552", + "Technique2": "T1555", + "Mitigation1": "M1027", + "Mitigation2": "M1028" + }, + "18.4.5": { + "Section": "18.4", + "Recommendation": "18.4.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.4.6": { + "Section": "18.4", + "Recommendation": "18.4.6", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds\u0027 is set to \u0027Enabled: 300,000 or 5 minutes (recommended)\u0027", + "Technique1": "T1498", + "Technique2": null, + "Mitigation1": "M1037", + "Mitigation2": null + }, + "18.4.7": { + "Section": "18.4", + "Recommendation": "18.4.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1499", + "Technique2": null, + "Mitigation1": "M1037", + "Mitigation2": null + }, + "18.4.8": { + "Section": "18.4", + "Recommendation": "18.4.8", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1498", + "Technique2": null, + "Mitigation1": "M1037", + "Mitigation2": null + }, + "18.4.9": { + "Section": "18.4", + "Recommendation": "18.4.9", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1055", + "Technique2": null, + "Mitigation1": "M1040", + "Mitigation2": null + }, + "18.4.10": { + "Section": "18.4", + "Recommendation": "18.4.10", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)\u0027 is set to \u0027Enabled: 5 or fewer seconds\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.4.11": { + "Section": "18.4", + "Recommendation": "18.4.11", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted\u0027 is set to \u0027Enabled: 3\u0027", + "Technique1": "T1499", + "Technique2": null, + "Mitigation1": "M1037", + "Mitigation2": null + }, + "18.4.12": { + "Section": "18.4", + "Recommendation": "18.4.12", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted\u0027 is set to \u0027Enabled: 3\u0027", + "Technique1": "T1499", + "Technique2": null, + "Mitigation1": "M1037", + "Mitigation2": null + }, + "18.4.13": { + "Section": "18.4", + "Recommendation": "18.4.13", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning\u0027 is set to \u0027Enabled: 90% or less\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.5.4.1": { + "Section": "18.5.4", + "Recommendation": "18.5.4.1", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Configure DNS over HTTPS (DoH) name resolution? is set to ?Enabled: Allow DoH? or higher", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.5.4.2": { + "Section": "18.5.4", + "Recommendation": "18.5.4.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off multicast name resolution\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1037", + "Mitigation2": null + }, + "18.5.5.1": { + "Section": "18.5.5", + "Recommendation": "18.5.5.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Enable Font Providers\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1195", + "Technique2": null, + "Mitigation1": "M1016", + "Mitigation2": null + }, + "18.5.8.1": { + "Section": "18.5.8", + "Recommendation": "18.5.8.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enable insecure guest logons\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "18.5.9.1": { + "Section": "18.5.9", + "Recommendation": "18.5.9.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn on Mapper I/O (LLTDIO) driver\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1016", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.5.9.2": { + "Section": "18.5.9", + "Recommendation": "18.5.9.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn on Responder (RSPNDR) driver\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1016", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.5.10.2": { + "Section": "18.5.10", + "Recommendation": "18.5.10.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off Microsoft Peer-to-Peer Networking Services\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1048", + "Technique2": null, + "Mitigation1": "M1030", + "Mitigation2": null + }, + "18.5.11.2": { + "Section": "18.5.11", + "Recommendation": "18.5.11.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prohibit installation and configuration of Network Bridge on your DNS domain network\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1048", + "Technique2": null, + "Mitigation1": "M1030", + "Mitigation2": null + }, + "18.5.11.3": { + "Section": "18.5.11", + "Recommendation": "18.5.11.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prohibit use of Internet Connection Sharing on your DNS domain network\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1048", + "Technique2": null, + "Mitigation1": "M1030", + "Mitigation2": null + }, + "18.5.11.4": { + "Section": "18.5.11", + "Recommendation": "18.5.11.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Require domain users to elevate when setting a network\u0027s location\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.5.14.1": { + "Section": "18.5.14", + "Recommendation": "18.5.14.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Hardened UNC Paths\u0027 is set to \u0027Enabled, with \"Require Mutual Authentication\" and \"Require Integrity\" set for all NETLOGON and SYSVOL shares\u0027", + "Technique1": "T1135", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.5.19.2.1": { + "Section": "18.5.19.2", + "Recommendation": "18.5.19.2.1", + "Profile": "L2", + "RecommendationTitle": "Disable IPv6 (Ensure TCPIP6 Parameter \u0027DisabledComponents\u0027 is set to \u00270xff (255)\u0027)", + "Technique1": "T1046", + "Technique2": "T1016", + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.5.20.1": { + "Section": "18.5.20", + "Recommendation": "18.5.20.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Configuration of wireless settings using Windows Connect Now\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1120", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.5.20.2": { + "Section": "18.5.20", + "Recommendation": "18.5.20.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Prohibit access of the Windows Connect Now wizards\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1120", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.5.21.1": { + "Section": "18.5.21", + "Recommendation": "18.5.21.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Minimize the number of simultaneous connections to the Internet or a Windows Domain\u0027 is set to \u0027Enabled: 3 = Prevent Wi-Fi when on Ethernet\u0027", + "Technique1": "T1011", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.5.21.2": { + "Section": "18.5.21", + "Recommendation": "18.5.21.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prohibit connection to non-domain networks when connected to domain authenticated network\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1011", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.5.23.2.1": { + "Section": "18.5.23.2", + "Recommendation": "18.5.23.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1011", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.6.1": { + "Section": "18.6", + "Recommendation": "18.6.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Print Spooler to accept client connections\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.6.2": { + "Section": "18.6", + "Recommendation": "18.6.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Point and Print Restrictions: When installing drivers for a new connection\u0027 is set to \u0027Enabled: Show warning and elevation prompt\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.6.3": { + "Section": "18.6", + "Recommendation": "18.6.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Point and Print Restrictions: When updating drivers for an existing connection\u0027 is set to \u0027Enabled: Show warning and elevation prompt\u0027", + "Technique1": null, + "Technique2": null, + "Mitigation1": null, + "Mitigation2": null + }, + "18.7.1.1": { + "Section": "18.7.1", + "Recommendation": "18.7.1.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off notifications network usage\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.3.1": { + "Section": "18.8.3", + "Recommendation": "18.8.3.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Include command line in process creation events\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1552", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "18.8.4.1": { + "Section": "18.8.4", + "Recommendation": "18.8.4.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Encryption Oracle Remediation\u0027 is set to \u0027Enabled: Force Updated Clients\u0027", + "Technique1": "T1212", + "Technique2": null, + "Mitigation1": "M1051", + "Mitigation2": null + }, + "18.8.4.2": { + "Section": "18.8.4", + "Recommendation": "18.8.4.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Remote host allows delegation of non-exportable credentials\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1003", + "Technique2": null, + "Mitigation1": "M1043", + "Mitigation2": null + }, + "18.8.5.1": { + "Section": "18.8.5", + "Recommendation": "18.8.5.1", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1003", + "Technique2": null, + "Mitigation1": "M1043", + "Mitigation2": null + }, + "18.8.5.2": { + "Section": "18.8.5", + "Recommendation": "18.8.5.2", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Select Platform Security Level\u0027 is set to \u0027Secure Boot and DMA Protection\u0027", + "Technique1": "T1547", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.8.5.3": { + "Section": "18.8.5", + "Recommendation": "18.8.5.3", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity\u0027 is set to \u0027Enabled with UEFI lock\u0027", + "Technique1": "T1489", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "18.8.5.4": { + "Section": "18.8.5", + "Recommendation": "18.8.5.4", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Require UEFI Memory Attributes Table\u0027 is set to \u0027True (checked)\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.5.5": { + "Section": "18.8.5", + "Recommendation": "18.8.5.5", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Credential Guard Configuration\u0027 is set to \u0027Enabled with UEFI lock\u0027", + "Technique1": "T1489", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "18.8.5.6": { + "Section": "18.8.5", + "Recommendation": "18.8.5.6", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Turn On Virtualization Based Security: Secure Launch Configuration\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1495", + "Technique2": null, + "Mitigation1": "M1046", + "Mitigation2": null + }, + "18.8.7.1.1": { + "Section": "18.8.7.1", + "Recommendation": "18.8.7.1.1", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1200", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.8.7.1.2": { + "Section": "18.8.7.1", + "Recommendation": "18.8.7.1.2", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs\u0027 is set to \u0027PCI\\CC_0C0A\u0027", + "Technique1": "T1200", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.8.7.1.3": { + "Section": "18.8.7.1", + "Recommendation": "18.8.7.1.3", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Prevent installation of devices that match any of these device IDs: Also apply to matching devices that are already installed.\u0027 is set to \u0027True\u0027 (checked)", + "Technique1": "T1200", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.8.7.1.4": { + "Section": "18.8.7.1", + "Recommendation": "18.8.7.1.4", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1200", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.8.7.1.5": { + "Section": "18.8.7.1", + "Recommendation": "18.8.7.1.5", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes: Prevent installation of devices using drivers for these device setup\u0027 is set to \u0027IEEE 1394 device setup classes\u0027", + "Technique1": "T1200", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.8.7.1.6": { + "Section": "18.8.7.1", + "Recommendation": "18.8.7.1.6", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.\u0027 is set to \u0027True\u0027 (checked)", + "Technique1": "T1200", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.8.7.2": { + "Section": "18.8.7.2", + "Recommendation": "18.8.7.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent device metadata retrieval from the Internet\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.14.1": { + "Section": "18.8.14", + "Recommendation": "18.8.14.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Boot-Start Driver Initialization Policy\u0027 is set to \u0027Enabled: Good, unknown and bad but critical\u0027", + "Technique1": "T1542", + "Technique2": null, + "Mitigation1": "M1046", + "Mitigation2": null + }, + "18.8.21.2": { + "Section": "18.8.21", + "Recommendation": "18.8.21.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure registry policy processing: Do not apply during periodic background processing\u0027 is set to \u0027Enabled: FALSE\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.21.3": { + "Section": "18.8.21", + "Recommendation": "18.8.21.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure registry policy processing: Process even if the Group Policy objects have not changed\u0027 is set to \u0027Enabled: TRUE\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.21.4": { + "Section": "18.8.21", + "Recommendation": "18.8.21.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Continue experiences on this device\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1018", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.8.21.5": { + "Section": "18.8.21", + "Recommendation": "18.8.21.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off background refresh of Group Policy\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.1": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off access to the Store\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.2": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off downloading of print drivers over HTTP\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1574", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.8.22.1.3": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.3", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off handwriting personalization data sharing\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.4": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.4", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off handwriting recognition error reporting\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.5": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.5", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.6": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off Internet download for Web publishing and online ordering wizards\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.7": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.7", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off printing over HTTP\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1031", + "Mitigation2": null + }, + "18.8.22.1.8": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.8", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off Registration if URL connection is referring to Microsoft.com\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.9": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.9", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off Search Companion content file updates\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.10": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.10", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off the \"Order Prints\" picture task\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.11": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.11", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off the \"Publish to Web\" task for files and folders\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.12": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.12", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off the Windows Messenger Customer Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.13": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.13", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off Windows Customer Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.22.1.14": { + "Section": "18.8.22.1", + "Recommendation": "18.8.22.1.14", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off Windows Error Reporting\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.25.1": { + "Section": "18.8.25", + "Recommendation": "18.8.25.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Support device authentication using certificate\u0027 is set to \u0027Enabled: Automatic\u0027", + "Technique1": "T1558", + "Technique2": null, + "Mitigation1": "M1041", + "Mitigation2": null + }, + "18.8.26.1": { + "Section": "18.8.26", + "Recommendation": "18.8.26.1", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Enumeration policy for external devices incompatible with Kernel DMA Protection\u0027 is set to \u0027Enabled: Block All\u0027", + "Technique1": "T1200", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.8.27.1": { + "Section": "18.8.27", + "Recommendation": "18.8.27.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Disallow copying of user input methods to the system account for sign-in\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.28.1": { + "Section": "18.8.28", + "Recommendation": "18.8.28.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Block user from showing account details on sign-in\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.8.28.2": { + "Section": "18.8.28", + "Recommendation": "18.8.28.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not display network selection UI\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1557", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.8.28.3": { + "Section": "18.8.28", + "Recommendation": "18.8.28.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not enumerate connected users on domain-joined computers\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1087", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.8.28.4": { + "Section": "18.8.28", + "Recommendation": "18.8.28.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enumerate local users on domain-joined computers\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1087", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.8.28.5": { + "Section": "18.8.28", + "Recommendation": "18.8.28.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off app notifications on the lock screen\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.28.6": { + "Section": "18.8.28", + "Recommendation": "18.8.28.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off picture password sign-in\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1003", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.8.28.7": { + "Section": "18.8.28", + "Recommendation": "18.8.28.7", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn on convenience PIN sign-in\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.8.31.1": { + "Section": "18.8.31", + "Recommendation": "18.8.31.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow Clipboard synchronization across devices\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1115", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.8.31.2": { + "Section": "18.8.31", + "Recommendation": "18.8.31.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow upload of User Activities\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.34.6.1": { + "Section": "18.8.34.6", + "Recommendation": "18.8.34.6.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow network connectivity during connected-standby (on battery)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1018", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.8.34.6.2": { + "Section": "18.8.34.6", + "Recommendation": "18.8.34.6.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow network connectivity during connected-standby (plugged in)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1018", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.8.34.6.3": { + "Section": "18.8.34.6", + "Recommendation": "18.8.34.6.3", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Allow standby states (S1-S3) when sleeping (on battery)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1003", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.8.34.6.4": { + "Section": "18.8.34.6", + "Recommendation": "18.8.34.6.4", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Allow standby states (S1-S3) when sleeping (plugged in)\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1003", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.8.34.6.5": { + "Section": "18.8.34.6", + "Recommendation": "18.8.34.6.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Require a password when a computer wakes (on battery)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.34.6.6": { + "Section": "18.8.34.6", + "Recommendation": "18.8.34.6.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Require a password when a computer wakes (plugged in)\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.36.1": { + "Section": "18.8.36", + "Recommendation": "18.8.36.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Offer Remote Assistance\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "18.8.36.2": { + "Section": "18.8.36", + "Recommendation": "18.8.36.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Solicited Remote Assistance\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "18.8.37.1": { + "Section": "18.8.37", + "Recommendation": "18.8.37.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enable RPC Endpoint Mapper Client Authentication\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "18.8.37.2": { + "Section": "18.8.37", + "Recommendation": "18.8.37.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Restrict Unauthenticated RPC clients\u0027 is set to \u0027Enabled: Authenticated\u0027", + "Technique1": "T1569", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "18.8.48.5.1": { + "Section": "18.8.48.5", + "Recommendation": "18.8.48.5.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.48.11.1": { + "Section": "18.8.48.11", + "Recommendation": "18.8.48.11.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Enable/Disable PerfTrack\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.49.1": { + "Section": "18.8.50", + "Recommendation": "18.8.49.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off the advertising ID\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.8.53.1.1": { + "Section": "18.8.53.1", + "Recommendation": "18.8.53.1.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Enable Windows NTP Client\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1124", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.8.53.1.2": { + "Section": "18.8.53.1", + "Recommendation": "18.8.53.1.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Enable Windows NTP Server\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1124", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.9.4.1": { + "Section": "18.9.4", + "Recommendation": "18.9.4.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow a Windows app to share application data between users\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1135", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.9.4.2": { + "Section": "18.9.4", + "Recommendation": "18.9.4.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent non-admin users from installing packaged Windows apps\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.9.5.1": { + "Section": "18.9.5", + "Recommendation": "18.9.5.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Let Windows apps activate with voice while the system is locked\u0027 is set to \u0027Enabled: Force Deny\u0027", + "Technique1": "T1123", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.9.6.1": { + "Section": "18.9.6", + "Recommendation": "18.9.6.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Microsoft accounts to be optional\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.6.2": { + "Section": "18.9.6", + "Recommendation": "18.9.6.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Block launching Universal Windows apps with Windows Runtime API access from hosted content.\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1106", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.8.1": { + "Section": "18.9.8", + "Recommendation": "18.9.8.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Disallow Autoplay for non-volume devices\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1091", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.8.2": { + "Section": "18.9.8", + "Recommendation": "18.9.8.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Set the default behavior for AutoRun\u0027 is set to \u0027Enabled: Do not execute any autorun commands\u0027", + "Technique1": "T1091", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.8.3": { + "Section": "18.9.8", + "Recommendation": "18.9.8.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off Autoplay\u0027 is set to \u0027Enabled: All drives\u0027", + "Technique1": "T1091", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.10.1.1": { + "Section": "18.9.10.1", + "Recommendation": "18.9.10.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure enhanced anti-spoofing\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.4": { + "Section": "18.9.11", + "Recommendation": "18.9.11.4", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Disable new DMA devices when this computer is locked\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1200", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.9.11.1.1": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.1", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Allow access to BitLocker-protected fixed data drives from earlier versions of Windows\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1140", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.9.11.1.2": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.2", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.3": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.3", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.4": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.4", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Allow 48-digit recovery password\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.5": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.5", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Allow 256-bit recovery key\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.6": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.6", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.7": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.7", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives\u0027 is set to \u0027Enabled: False\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.8": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.8", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS\u0027 is set to \u0027Enabled: Backup recovery passwords and key packages\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.9": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.9", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives\u0027 is set to \u0027Enabled: False\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.10": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.10", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for fixed data drives\u0027 is set to Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.1.11": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.11", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of passwords for fixed data drives\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.9.11.1.12": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.12", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of smart cards on fixed data drives\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1111", + "Technique2": null, + "Mitigation1": "M1017", + "Mitigation2": null + }, + "18.9.11.1.13": { + "Section": "18.9.11.1", + "Recommendation": "18.9.11.1.13", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "T1111", + "Technique2": null, + "Mitigation1": "M1017", + "Mitigation2": null + }, + "18.9.11.2.1": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.1", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Allow enhanced PINs for startup\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.2": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.2", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Allow Secure Boot for integrity validation\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1495", + "Technique2": null, + "Mitigation1": "M1046", + "Mitigation2": null + }, + "18.9.11.2.3": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.3", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.4": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.4", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: False\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.5": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.5", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Require 48-digit recovery password\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.6": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.6", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Do not allow 256-bit recovery key\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.7": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.7", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.8": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.8", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.9": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.9", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Configure storage of BitLocker recovery information to AD DS:\u0027 is set to \u0027Enabled: Store recovery passwords and key packages\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.10": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.10", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.11": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.11", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for operating system drives\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.12": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.12", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of passwords for operating system drives\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.9.11.2.13": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.13", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Require additional authentication at startup\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.2.14": { + "Section": "18.9.11.2", + "Recommendation": "18.9.11.2.14", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Require additional authentication at startup: Allow BitLocker without a compatible TPM\u0027 is set to \u0027Enabled: False\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.1": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.1", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Allow access to BitLocker-protected removable data drives from earlier versions of Windows\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1140", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.9.11.3.2": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.2", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.3": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.3", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.4": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.4", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Recovery Password\u0027 is set to \u0027Enabled: Do not allow 48-digit recovery password\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.5": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.5", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Recovery Key\u0027 is set to \u0027Enabled: Do not allow 256-bit recovery key\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.6": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.6", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.7": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.7", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives\u0027 is set to \u0027Enabled: False\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.8": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.8", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:\u0027 is set to \u0027Enabled: Backup recovery passwords and key packages\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.9": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.9", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives\u0027 is set to \u0027Enabled: False\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.10": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.10", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of hardware-based encryption for removable data drives\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.11.3.11": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.11", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of passwords for removable data drives\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1110", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.9.11.3.12": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.12", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of smart cards on removable data drives\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1111", + "Technique2": null, + "Mitigation1": "M1017", + "Mitigation2": null + }, + "18.9.11.3.13": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.13", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives\u0027 is set to \u0027Enabled: True\u0027", + "Technique1": "T1111", + "Technique2": null, + "Mitigation1": "M1017", + "Mitigation2": null + }, + "18.9.11.3.14": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.14", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Deny write access to removable drives not protected by BitLocker\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1052", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.11.3.15": { + "Section": "18.9.11.3", + "Recommendation": "18.9.11.3.15", + "Profile": "BL", + "RecommendationTitle": "Ensure \u0027Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization\u0027 is set to \u0027Enabled: False\u0027", + "Technique1": "T1052", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.12.1": { + "Section": "18.9.12", + "Recommendation": "18.9.12.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow Use of Camera\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1125", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.19.14.1": { + "Section": "18.9.14", + "Recommendation": "18.19.14.1", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Turn off cloud consumer account state content? is set to ?Enabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.19.14.2": { + "Section": "18.9.14", + "Recommendation": "18.19.14.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off cloud optimized content\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.19.14.3": { + "Section": "18.9.14", + "Recommendation": "18.19.14.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off Microsoft consumer experiences\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.15.1": { + "Section": "18.9.15", + "Recommendation": "18.9.15.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Require pin for pairing\u0027 is set to \u0027Enabled: First Time\u0027 OR \u0027Enabled: Always\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.16.1": { + "Section": "18.9.16", + "Recommendation": "18.9.16.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not display the password reveal button\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.16.2": { + "Section": "18.9.16", + "Recommendation": "18.9.16.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enumerate administrator accounts on elevation\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1087", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.9.16.3": { + "Section": "18.9.16", + "Recommendation": "18.9.16.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent the use of security questions for local accounts\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1589", + "Technique2": null, + "Mitigation1": "M1056", + "Mitigation2": null + }, + "18.9.17.1": { + "Section": "18.9.17", + "Recommendation": "18.9.17.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Diagnostic Data\u0027 is set to \u0027Enabled: Diagnostic data off (not recommended)\u0027 or \u0027Enabled: Send required\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.17.2": { + "Section": "18.9.17", + "Recommendation": "18.9.17.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service\u0027 is set to \u0027Enabled: Disable Authenticated Proxy usage\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.17.3": { + "Section": "18.9.17", + "Recommendation": "18.9.17.3", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Disable OneSettings Downloads? is set to ?Enabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.17.4": { + "Section": "18.9.17", + "Recommendation": "18.9.17.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not show feedback notifications\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.17.5": { + "Section": "18.9.17", + "Recommendation": "18.9.17.5", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Enable OneSettings Auditing? is set to ?Enabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.17.6": { + "Section": "18.9.17", + "Recommendation": "18.9.17.6", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Limit Diagnostic Log Collection? is set to ?Enabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.17.7": { + "Section": "18.9.17", + "Recommendation": "18.9.17.7", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Limit Dump Collection? is set to ?Enabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.17.8": { + "Section": "18.9.17", + "Recommendation": "18.9.17.8", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Toggle user control over Insider builds\u0027 is set to \u0027Disabled\u0027 (Automated)", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.18.1": { + "Section": "18.9.18", + "Recommendation": "18.9.18.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Download Mode\u0027 is NOT set to \u0027Enabled: Internet\u0027", + "Technique1": "T1601", + "Technique2": null, + "Mitigation1": "M1045", + "Mitigation2": null + }, + "18.9.27.1.1": { + "Section": "18.9.27.1", + "Recommendation": "18.9.27.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Application: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.9.27.1.2": { + "Section": "18.9.27.1", + "Recommendation": "18.9.27.1.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Application: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.9.27.2.1": { + "Section": "18.9.27.2", + "Recommendation": "18.9.27.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Security: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.9.27.2.2": { + "Section": "18.9.27.2", + "Recommendation": "18.9.27.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Security: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 196,608 or greater\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.9.27.3.1": { + "Section": "18.9.27.3", + "Recommendation": "18.9.27.3.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Setup: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.9.27.3.2": { + "Section": "18.9.27.3", + "Recommendation": "18.9.27.3.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Setup: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.9.27.4.1": { + "Section": "18.9.27.4", + "Recommendation": "18.9.27.4.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027System: Control Event Log behavior when the log file reaches its maximum size\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.9.27.4.2": { + "Section": "18.9.27.4", + "Recommendation": "18.9.27.4.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027System: Specify the maximum log file size (KB)\u0027 is set to \u0027Enabled: 32,768 or greater\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1022", + "Mitigation2": null + }, + "18.9.31.2": { + "Section": "18.9.31", + "Recommendation": "18.9.31.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off Data Execution Prevention for Explorer\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1553", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.31.3": { + "Section": "18.9.31", + "Recommendation": "18.9.31.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off heap termination on corruption\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.31.4": { + "Section": "18.9.31", + "Recommendation": "18.9.31.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off shell protocol protected mode\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1059", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.36.1": { + "Section": "18.9.36", + "Recommendation": "18.9.36.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent the computer from joining a homegroup\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.41.1": { + "Section": "18.9.41", + "Recommendation": "18.9.41.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off location\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1591", + "Technique2": null, + "Mitigation1": "M1056", + "Mitigation2": null + }, + "18.9.45.1": { + "Section": "18.9.45", + "Recommendation": "18.9.45.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow Message Service Cloud Sync\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.46.1": { + "Section": "18.9.46", + "Recommendation": "18.9.46.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Block all consumer Microsoft account user authentication\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1078", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.9.47.14": { + "Section": "18.9.47", + "Recommendation": "18.9.47.14", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure detection for potentially unwanted applications\u0027 is set to \u0027Enabled: Block\u0027", + "Technique1": "T1204", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.47.15": { + "Section": "18.9.47", + "Recommendation": "18.9.47.15", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off Microsoft Defender AntiVirus\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1553", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.9.47.4.1": { + "Section": "18.9.47.4", + "Recommendation": "18.9.47.4.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure local setting override for reporting to Microsoft MAPS\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.47.4.2": { + "Section": "18.9.47.4", + "Recommendation": "18.9.47.4.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Join Microsoft MAPS\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.47.5.1.1": { + "Section": "18.9.47.5.1", + "Recommendation": "18.9.47.5.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Attack Surface Reduction rules\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1559", + "Technique2": "T1218", + "Mitigation1": "M1040", + "Mitigation2": "M1038" + }, + "18.9.47.5.1.2": { + "Section": "18.9.47.5.1", + "Recommendation": "18.9.47.5.1.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Attack Surface Reduction rules: Set the state for each ASR rule\u0027 is \u0027configured\u0027", + "Technique1": "T1559", + "Technique2": "T1218", + "Mitigation1": "M1040", + "Mitigation2": "M1038" + }, + "18.9.47.5.3.1": { + "Section": "18.9.47.5.3", + "Recommendation": "18.9.47.5.3.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent users and apps from accessing dangerous websites\u0027 is set to \u0027Enabled: Block\u0027", + "Technique1": "T1189", + "Technique2": "T1566", + "Mitigation1": "M1050", + "Mitigation2": "M1049" + }, + "18.9.47.6.1": { + "Section": "18.9.47.6", + "Recommendation": "18.9.47.6.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Enable file hash computation feature\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1553", + "Technique2": null, + "Mitigation1": "M1054", + "Mitigation2": null + }, + "18.9.47.9.1": { + "Section": "18.9.47.9", + "Recommendation": "18.9.47.9.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Scan all downloaded files and attachments\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1059", + "Technique2": null, + "Mitigation1": "M1049", + "Mitigation2": null + }, + "18.9.47.9.2": { + "Section": "18.9.47.9", + "Recommendation": "18.9.47.9.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off real-time protection\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1553", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.9.47.9.3": { + "Section": "18.9.47.9", + "Recommendation": "18.9.47.9.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn on behavior monitoring\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1553", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.9.47.9.4": { + "Section": "18.9.47.9", + "Recommendation": "18.9.47.9.4", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Turn on script scanning? is set to ?Enabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.47.11.1": { + "Section": "18.9.47.12", + "Recommendation": "18.9.47.11.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Scan removable drives\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1091", + "Technique2": null, + "Mitigation1": "M1034", + "Mitigation2": null + }, + "18.9.47.11.2": { + "Section": "18.9.47.12", + "Recommendation": "18.9.47.11.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn on e-mail scanning\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1556", + "Technique2": null, + "Mitigation1": "M1049", + "Mitigation2": null + }, + "18.9.48.1": { + "Section": "18.9.50", + "Recommendation": "18.9.48.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow Address bar drop-down list suggestions\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.48.2": { + "Section": "18.9.50", + "Recommendation": "18.9.48.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow Adobe Flash\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1176", + "Technique2": null, + "Mitigation1": "M1033", + "Mitigation2": null + }, + "18.9.48.3": { + "Section": "18.9.50", + "Recommendation": "18.9.48.3", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow InPrivate Browsing\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.48.4": { + "Section": "18.9.48", + "Recommendation": "18.9.48.4", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Allow files to download and save to the host operating system from Microsoft Defender Application Guard\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1211", + "Technique2": null, + "Mitigation1": "M1048", + "Mitigation2": null + }, + "18.9.48.5": { + "Section": "18.9.48", + "Recommendation": "18.9.48.5", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Configure Microsoft Defender Application Guard clipboard settings: Clipboard behavior setting\u0027 is set to \u0027Enabled: Enable clipboard operation from an isolated session to the host\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.48.6": { + "Section": "18.9.48", + "Recommendation": "18.9.48.6", + "Profile": "NG", + "RecommendationTitle": "Ensure \u0027Turn on Microsoft Defender Application Guard in Managed Mode\u0027 is set to \u0027Enabled: 1\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.48.7": { + "Section": "18.9.50", + "Recommendation": "18.9.48.7", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Configure Pop-up Blocker\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1189", + "Technique2": null, + "Mitigation1": "M1021", + "Mitigation2": null + }, + "18.9.48.8": { + "Section": "18.9.50", + "Recommendation": "18.9.48.8", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Configure search suggestions in Address bar\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.48.10": { + "Section": "18.9.50", + "Recommendation": "18.9.48.10", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Prevent access to the about:flags page in Microsoft Edge\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1505", + "Technique2": null, + "Mitigation1": "M1026", + "Mitigation2": null + }, + "18.9.48.13": { + "Section": "18.9.50", + "Recommendation": "18.9.48.13", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Prevent using Localhost IP address for WebRTC\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1592", + "Technique2": null, + "Mitigation1": "M1056", + "Mitigation2": null + }, + "18.9.58.1": { + "Section": "18.9.58", + "Recommendation": "18.9.58.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent the usage of OneDrive for file storage\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1567", + "Technique2": null, + "Mitigation1": "M1021", + "Mitigation2": null + }, + "18.9.64.1": { + "Section": "18.9.64", + "Recommendation": "18.9.64.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off Push To Install service\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1570", + "Technique2": null, + "Mitigation1": "M1031", + "Mitigation2": null + }, + "18.9.65.2.2": { + "Section": "18.9.65.2", + "Recommendation": "18.9.65.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not allow passwords to be saved\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1555", + "Technique2": null, + "Mitigation1": "M1027", + "Mitigation2": null + }, + "18.9.65.3.2.1": { + "Section": "18.9.65.3.2", + "Recommendation": "18.9.65.3.2.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow users to connect remotely by using Remote Desktop Services\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.3.1": { + "Section": "18.9.65.3.3", + "Recommendation": "18.9.65.3.3.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow UI Automation redirection\u0027 is set to \u0027Disabled\u0027", + "Technique1": null, + "Technique2": null, + "Mitigation1": null, + "Mitigation2": null + }, + "18.9.65.3.3.2": { + "Section": "18.9.65.3.3", + "Recommendation": "18.9.65.3.3.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Do not allow COM port redirection\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.3.3": { + "Section": "18.9.65.3.3", + "Recommendation": "18.9.65.3.3.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not allow drive redirection\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.3.4": { + "Section": "18.9.65.3.3", + "Recommendation": "18.9.65.3.3.4", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Do not allow location redirection\u0027 is set to \u0027Enabled\u0027", + "Technique1": null, + "Technique2": null, + "Mitigation1": null, + "Mitigation2": null + }, + "18.9.65.3.3.5": { + "Section": "18.9.65.3.3", + "Recommendation": "18.9.65.3.3.5", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Do not allow LPT port redirection\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.3.6": { + "Section": "18.9.65.3.3", + "Recommendation": "18.9.65.3.3.6", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Do not allow supported Plug and Play device redirection\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.9.1": { + "Section": "18.9.65.3.9", + "Recommendation": "18.9.65.3.9.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Always prompt for password upon connection\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.9.2": { + "Section": "18.9.65.3.9", + "Recommendation": "18.9.65.3.9.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Require secure RPC communication\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1210", + "Technique2": "T1557", + "Mitigation1": "M1042", + "Mitigation2": "M1041" + }, + "18.9.65.3.9.3": { + "Section": "18.9.65.3.9", + "Recommendation": "18.9.65.3.9.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Require use of specific security layer for remote (RDP) connections\u0027 is set to \u0027Enabled: SSL\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.9.4": { + "Section": "18.9.65.3.9", + "Recommendation": "18.9.65.3.9.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Require user authentication for remote connections by using Network Level Authentication\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.9.5": { + "Section": "18.9.65.3.9", + "Recommendation": "18.9.65.3.9.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Set client connection encryption level\u0027 is set to \u0027Enabled: High Level\u0027", + "Technique1": "T1210", + "Technique2": "T1557", + "Mitigation1": "M1042", + "Mitigation2": "M1041" + }, + "18.9.65.3.10.1": { + "Section": "18.9.65.3.10", + "Recommendation": "18.9.65.3.10.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Set time limit for active but idle Remote Desktop Services sessions\u0027 is set to \u0027Enabled: 15 minutes or less, but not Never (0)\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.10.2": { + "Section": "18.9.65.3.10", + "Recommendation": "18.9.65.3.10.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Set time limit for disconnected sessions\u0027 is set to \u0027Enabled: 1 minute\u0027", + "Technique1": "T1210", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.65.3.11.1": { + "Section": "18.9.65.3.11", + "Recommendation": "18.9.65.3.11.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not delete temp folders upon exit\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1210", + "Technique2": "T1564", + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.66.1": { + "Section": "18.9.66", + "Recommendation": "18.9.66.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent downloading of enclosures\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1204", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.67.2": { + "Section": "18.9.67", + "Recommendation": "18.9.67.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow Cloud Search\u0027 is set to \u0027Enabled: Disable Cloud Search\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.67.3": { + "Section": "18.9.67", + "Recommendation": "18.9.67.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Cortana\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.67.4": { + "Section": "18.9.67", + "Recommendation": "18.9.67.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Cortana above lock screen\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.67.5": { + "Section": "18.9.67", + "Recommendation": "18.9.67.5", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow indexing of encrypted files\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1005", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "18.9.67.6": { + "Section": "18.9.67", + "Recommendation": "18.9.67.6", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow search and Cortana to use location\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1591", + "Technique2": null, + "Mitigation1": "M1056", + "Mitigation2": null + }, + "18.9.72.1": { + "Section": "18.9.72", + "Recommendation": "18.9.72.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off KMS Client Online AVS Validation\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.75.1": { + "Section": "18.9.75", + "Recommendation": "18.9.75.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Disable all apps from Microsoft Store\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.75.2": { + "Section": "18.9.75", + "Recommendation": "18.9.75.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Only display the private store within the Microsoft Store\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.75.3": { + "Section": "18.9.75", + "Recommendation": "18.9.75.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off Automatic Download and Install of updates\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.75.4": { + "Section": "18.9.75", + "Recommendation": "18.9.75.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off the offer to update to the latest version of Windows\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.75.5": { + "Section": "18.9.75", + "Recommendation": "18.9.75.5", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off the Store application\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.81.1": { + "Section": "18.9.81", + "Recommendation": "18.9.81.1", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Allow widgets? is set to ?Disabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.85.1.1": { + "Section": "18.9.85.1", + "Recommendation": "18.9.85.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Windows Defender SmartScreen\u0027 is set to \u0027Enabled: Warn and prevent bypass\u0027", + "Technique1": "T1204", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.85.2.1": { + "Section": "18.9.85.2", + "Recommendation": "18.9.85.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Windows Defender SmartScreen\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1204", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.85.2.2": { + "Section": "18.9.85.2", + "Recommendation": "18.9.85.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent bypassing Windows Defender SmartScreen prompts for sites\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1553", + "Technique2": null, + "Mitigation1": "M1054", + "Mitigation2": null + }, + "18.9.87.1": { + "Section": "18.9.87", + "Recommendation": "18.9.87.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enables or disables Windows Game Recording and Broadcasting\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1592", + "Technique2": null, + "Mitigation1": "M1056", + "Mitigation2": null + }, + "18.9.89.1": { + "Section": "18.9.89", + "Recommendation": "18.9.89.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow suggested apps in Windows Ink Workspace\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.89.2": { + "Section": "18.9.89", + "Recommendation": "18.9.89.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Windows Ink Workspace\u0027 is set to \u0027Enabled: On, but disallow access above lock\u0027 OR \u0027Disabled\u0027 but not \u0027Enabled: On\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.90.1": { + "Section": "18.9.90", + "Recommendation": "18.9.90.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow user control over installs\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1204", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.90.2": { + "Section": "18.9.90", + "Recommendation": "18.9.90.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Always install with elevated privileges\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "18.9.90.3": { + "Section": "18.9.90", + "Recommendation": "18.9.90.3", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Prevent Internet Explorer security prompt for Windows Installer scripts\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1204", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "18.9.91.1": { + "Section": "18.9.91", + "Recommendation": "18.9.91.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Sign-in and lock last interactive user automatically after a restart\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.100.1": { + "Section": "18.9.100", + "Recommendation": "18.9.100.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn on PowerShell Script Block Logging\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1552", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.9.100.2": { + "Section": "18.9.100", + "Recommendation": "18.9.100.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn on PowerShell Transcription\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1552", + "Technique2": null, + "Mitigation1": "M1028", + "Mitigation2": null + }, + "18.9.102.1.1": { + "Section": "18.9.102.1", + "Recommendation": "18.9.102.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Basic authentication\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": "T1557", + "Mitigation1": "M1018", + "Mitigation2": "M1041" + }, + "18.9.102.1.2": { + "Section": "18.9.102.1", + "Recommendation": "18.9.102.1.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow unencrypted traffic\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": "T1557", + "Mitigation1": "M1018", + "Mitigation2": "M1041" + }, + "18.9.102.1.3": { + "Section": "18.9.102.1", + "Recommendation": "18.9.102.1.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Disallow Digest authentication\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1021", + "Technique2": "T1557", + "Mitigation1": "M1018", + "Mitigation2": "M1041" + }, + "18.9.102.2.1": { + "Section": "18.9.102.2", + "Recommendation": "18.9.102.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow Basic authentication\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": "T1557", + "Mitigation1": "M1018", + "Mitigation2": "M1041" + }, + "18.9.102.2.2": { + "Section": "18.9.102.2", + "Recommendation": "18.9.102.2.2", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow remote server management through WinRM\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "18.9.102.2.3": { + "Section": "18.9.102.2", + "Recommendation": "18.9.102.2.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Allow unencrypted traffic\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1021", + "Technique2": "T1557", + "Mitigation1": "M1018", + "Mitigation2": "M1041" + }, + "18.9.102.2.4": { + "Section": "18.9.102.2", + "Recommendation": "18.9.102.2.4", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Disallow WinRM from storing RunAs credentials\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1021", + "Technique2": "T1555", + "Mitigation1": "M1018", + "Mitigation2": "M1027" + }, + "18.9.103.1": { + "Section": "18.9.103", + "Recommendation": "18.9.103.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Allow Remote Shell Access\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1059", + "Technique2": null, + "Mitigation1": "M1042", + "Mitigation2": null + }, + "18.9.104.1": { + "Section": "18.9.104", + "Recommendation": "18.9.104.1", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Allow clipboard sharing with Windows Sandbox? is set to ?Disabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.104.2": { + "Section": "18.9.104", + "Recommendation": "18.9.104.2", + "Profile": "L1", + "RecommendationTitle": "Ensure ?Allow networking in Windows Sandbox? is set to ?Disabled?", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.105.2.1": { + "Section": "18.9.105.2", + "Recommendation": "18.9.105.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent users from modifying settings\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1562", + "Technique2": null, + "Mitigation1": "M1018", + "Mitigation2": null + }, + "18.9.108.1.1": { + "Section": "18.9.108.1", + "Recommendation": "18.9.108.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027No auto-restart with logged on users for scheduled automatic updates installations\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.108.2.1": { + "Section": "18.9.108.2", + "Recommendation": "18.9.108.2.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Automatic Updates\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.108.2.2": { + "Section": "18.9.108.2", + "Recommendation": "18.9.108.2.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Automatic Updates: Scheduled install day\u0027 is set to \u00270 - Every day\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.108.2.3": { + "Section": "18.9.108.2", + "Recommendation": "18.9.108.2.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Remove access to ?Pause updates? feature\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.108.4.1": { + "Section": "18.9.108.4", + "Recommendation": "18.9.108.4.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Manage preview builds\u0027 is set to \u0027Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.103.4.2": { + "Section": "18.9.108.4", + "Recommendation": "18.9.103.4.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Select when Preview Builds and Feature Updates are received\u0027 is set to \u0027Enabled: 180 or more days\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "18.9.103.4.3": { + "Section": "18.9.108.4", + "Recommendation": "18.9.103.4.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Select when Quality Updates are received\u0027 is set to \u0027Enabled: 0 days\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.1.3.1": { + "Section": "19.1.3", + "Recommendation": "19.1.3.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Enable screen saver\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.1.3.2": { + "Section": "19.1.3", + "Recommendation": "19.1.3.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Password protect the screen saver\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.1.3.3": { + "Section": "19.1.3", + "Recommendation": "19.1.3.3", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Screen saver timeout\u0027 is set to \u0027Enabled: 900 seconds or fewer, but not 0\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.5.1.1": { + "Section": "19.5.1", + "Recommendation": "19.5.1.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Turn off toast notifications on the lock screen\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.6.6.1.1": { + "Section": "19.6.6.1", + "Recommendation": "19.6.6.1.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off Help Experience Improvement Program\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.7.4.1": { + "Section": "19.7.4", + "Recommendation": "19.7.4.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not preserve zone information in file attachments\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1204", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + }, + "19.7.4.2": { + "Section": "19.7.4", + "Recommendation": "19.7.4.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Notify antivirus programs when opening attachments\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1027", + "Technique2": null, + "Mitigation1": "M1049", + "Mitigation2": null + }, + "19.7.8.1": { + "Section": "19.7.8", + "Recommendation": "19.7.8.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Configure Windows spotlight on lock screen\u0027 is set to Disabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.7.8.2": { + "Section": "19.7.8", + "Recommendation": "19.7.8.2", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Do not suggest third-party content in Windows spotlight\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.7.8.3": { + "Section": "19.7.8", + "Recommendation": "19.7.8.3", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Do not use diagnostic data for tailored experiences\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.7.8.4": { + "Section": "19.7.8", + "Recommendation": "19.7.8.4", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Turn off all Windows spotlight features\u0027 is set to \u0027Enabled\u0027", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.7.8.5": { + "Section": "19.7.8", + "Recommendation": "19.7.8.5", + "Profile": "L2", + "RecommendationTitle": "Ensure ?Turn off Spotlight collection on Desktop? is set to ?Enabled", + "Technique1": "No MITRE ATT\u0026CK mapping", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK mapping", + "Mitigation2": null + }, + "19.7.28.1": { + "Section": "19.7.28", + "Recommendation": "19.7.28.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Prevent users from sharing files within their profile.\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1083", + "Technique2": null, + "Mitigation1": "No MITRE ATT\u0026CK Mitigation", + "Mitigation2": null + }, + "19.7.43.1": { + "Section": "19.7.43", + "Recommendation": "19.7.43.1", + "Profile": "L1", + "RecommendationTitle": "Ensure \u0027Always install with elevated privileges\u0027 is set to \u0027Disabled\u0027", + "Technique1": "T1548", + "Technique2": null, + "Mitigation1": "M1052", + "Mitigation2": null + }, + "19.7.47.2.1": { + "Section": "19.7.47.2", + "Recommendation": "19.7.47.2.1", + "Profile": "L2", + "RecommendationTitle": "Ensure \u0027Prevent Codec Download\u0027 is set to \u0027Enabled\u0027", + "Technique1": "T1204", + "Technique2": null, + "Mitigation1": "M1038", + "Mitigation2": null + } + }, + "AttackTactics": { + "TA0043": "Reconnaissance", + "TA0042": "Resource Development", + "TA0001": "Initial Access", + "TA0002": "Execution", + "TA0003": "Persistence", + "TA0004": "Privilege Escalation", + "TA0005": "Defense Evasion", + "TA0006": "Credential Access", + "TA0007": "Discovery", + "TA0008": "Lateral Movement", + "TA0009": "Collection", + "TA0011": "Command and Control", + "TA0010": "Exfiltration", + "TA0040": "Impact" + }, + "AttackTechniques": { + "T1548": { + "ID": "T1548", + "name": "Abuse Elevation Control Mechanism" + }, + "T1134": { + "ID": "T1134", + "name": "Access Token Manipulation" + }, + "T1531": { + "ID": "T1531", + "name": "Account Access Removal" + }, + "T1087": { + "ID": "T1087", + "name": "Account Discovery" + }, + "T1098": { + "ID": "T1098", + "name": "Account Manipulation" + }, + "T1650": { + "ID": "T1650", + "name": "Acquire Access" + }, + "T1583": { + "ID": "T1583", + "name": "Acquire Infrastructure" + }, + "T1595": { + "ID": "T1595", + "name": "Active Scanning" + }, + "T1557": { + "ID": "T1557", + "name": "Adversary-in-the-Middle" + }, + "T1071": { + "ID": "T1071", + "name": "Application Layer Protocol" + }, + "T1010": { + "ID": "T1010", + "name": "Application Window Discovery" + }, + "T1560": { + "ID": "T1560", + "name": "Archive Collected Data" + }, + "T1123": { + "ID": "T1123", + "name": "Audio Capture" + }, + "T1119": { + "ID": "T1119", + "name": "Automated Collection" + }, + "T1020": { + "ID": "T1020", + "name": "Automated Exfiltration" + }, + "T1197": { + "ID": "T1197", + "name": "BITS Jobs" + }, + "T1547": { + "ID": "T1547", + "name": "Boot or Logon Autostart Execution" + }, + "T1037": { + "ID": "T1037", + "name": "Boot or Logon Initialization Scripts" + }, + "T1176": { + "ID": "T1176", + "name": "Browser Extensions" + }, + "T1217": { + "ID": "T1217", + "name": "Browser Information Discovery" + }, + "T1185": { + "ID": "T1185", + "name": "Browser Session Hijacking" + }, + "T1110": { + "ID": "T1110", + "name": "Brute Force" + }, + "T1612": { + "ID": "T1612", + "name": "Build Image on Host" + }, + "T1115": { + "ID": "T1115", + "name": "Clipboard Data" + }, + "T1651": { + "ID": "T1651", + "name": "Cloud Administration Command" + }, + "T1580": { + "ID": "T1580", + "name": "Cloud Infrastructure Discovery" + }, + "T1538": { + "ID": "T1538", + "name": "Cloud Service Dashboard" + }, + "T1526": { + "ID": "T1526", + "name": "Cloud Service Discovery" + }, + "T1619": { + "ID": "T1619", + "name": "Cloud Storage Object Discovery" + }, + "T1059": { + "ID": "T1059", + "name": "Command and Scripting Interpreter" + }, + "T1092": { + "ID": "T1092", + "name": "Communication Through Removable Media" + }, + "T1586": { + "ID": "T1586", + "name": "Compromise Accounts" + }, + "T1554": { + "ID": "T1554", + "name": "Compromise Client Software Binary" + }, + "T1584": { + "ID": "T1584", + "name": "Compromise Infrastructure" + }, + "T1609": { + "ID": "T1609", + "name": "Container Administration Command" + }, + "T1613": { + "ID": "T1613", + "name": "Container and Resource Discovery" + }, + "T1136": { + "ID": "T1136", + "name": "Create Account" + }, + "T1543": { + "ID": "T1543", + "name": "Create or Modify System Process" + }, + "T1555": { + "ID": "T1555", + "name": "Credentials from Password Stores" + }, + "T1485": { + "ID": "T1485", + "name": "Data Destruction" + }, + "T1132": { + "ID": "T1132", + "name": "Data Encoding" + }, + "T1486": { + "ID": "T1486", + "name": "Data Encrypted for Impact" + }, + "T1565": { + "ID": "T1565", + "name": "Data Manipulation" + }, + "T1001": { + "ID": "T1001", + "name": "Data Obfuscation" + }, + "T1074": { + "ID": "T1074", + "name": "Data Staged" + }, + "T1030": { + "ID": "T1030", + "name": "Data Transfer Size Limits" + }, + "T1530": { + "ID": "T1530", + "name": "Data from Cloud Storage" + }, + "T1602": { + "ID": "T1602", + "name": "Data from Configuration Repository" + }, + "T1213": { + "ID": "T1213", + "name": "Data from Information Repositories" + }, + "T1005": { + "ID": "T1005", + "name": "Data from Local System" + }, + "T1039": { + "ID": "T1039", + "name": "Data from Network Shared Drive" + }, + "T1025": { + "ID": "T1025", + "name": "Data from Removable Media" + }, + "T1622": { + "ID": "T1622", + "name": "Debugger Evasion" + }, + "T1491": { + "ID": "T1491", + "name": "Defacement" + }, + "T1140": { + "ID": "T1140", + "name": "Deobfuscate/Decode Files or Information" + }, + "T1610": { + "ID": "T1610", + "name": "Deploy Container" + }, + "T1587": { + "ID": "T1587", + "name": "Develop Capabilities" + }, + "T1652": { + "ID": "T1652", + "name": "Device Driver Discovery" + }, + "T1006": { + "ID": "T1006", + "name": "Direct Volume Access" + }, + "T1561": { + "ID": "T1561", + "name": "Disk Wipe" + }, + "T1484": { + "ID": "T1484", + "name": "Domain Policy Modification" + }, + "T1482": { + "ID": "T1482", + "name": "Domain Trust Discovery" + }, + "T1189": { + "ID": "T1189", + "name": "Drive-by Compromise" + }, + "T1568": { + "ID": "T1568", + "name": "Dynamic Resolution" + }, + "T1114": { + "ID": "T1114", + "name": "Email Collection" + }, + "T1573": { + "ID": "T1573", + "name": "Encrypted Channel" + }, + "T1499": { + "ID": "T1499", + "name": "Endpoint Denial of Service" + }, + "T1611": { + "ID": "T1611", + "name": "Escape to Host" + }, + "T1585": { + "ID": "T1585", + "name": "Establish Accounts" + }, + "T1546": { + "ID": "T1546", + "name": "Event Triggered Execution" + }, + "T1480": { + "ID": "T1480", + "name": "Execution Guardrails" + }, + "T1048": { + "ID": "T1048", + "name": "Exfiltration Over Alternative Protocol" + }, + "T1041": { + "ID": "T1041", + "name": "Exfiltration Over C2 Channel" + }, + "T1011": { + "ID": "T1011", + "name": "Exfiltration Over Other Network Medium" + }, + "T1052": { + "ID": "T1052", + "name": "Exfiltration Over Physical Medium" + }, + "T1567": { + "ID": "T1567", + "name": "Exfiltration Over Web Service" + }, + "T1190": { + "ID": "T1190", + "name": "Exploit Public-Facing Application" + }, + "T1203": { + "ID": "T1203", + "name": "Exploitation for Client Execution" + }, + "T1212": { + "ID": "T1212", + "name": "Exploitation for Credential Access" + }, + "T1211": { + "ID": "T1211", + "name": "Exploitation for Defense Evasion" + }, + "T1068": { + "ID": "T1068", + "name": "Exploitation for Privilege Escalation" + }, + "T1210": { + "ID": "T1210", + "name": "Exploitation of Remote Services" + }, + "T1133": { + "ID": "T1133", + "name": "External Remote Services" + }, + "T1008": { + "ID": "T1008", + "name": "Fallback Channels" + }, + "T1083": { + "ID": "T1083", + "name": "File and Directory Discovery" + }, + "T1222": { + "ID": "T1222", + "name": "File and Directory Permissions Modification" + }, + "T1495": { + "ID": "T1495", + "name": "Firmware Corruption" + }, + "T1187": { + "ID": "T1187", + "name": "Forced Authentication" + }, + "T1606": { + "ID": "T1606", + "name": "Forge Web Credentials" + }, + "T1592": { + "ID": "T1592", + "name": "Gather Victim Host Information" + }, + "T1589": { + "ID": "T1589", + "name": "Gather Victim Identity Information" + }, + "T1590": { + "ID": "T1590", + "name": "Gather Victim Network Information" + }, + "T1591": { + "ID": "T1591", + "name": "Gather Victim Org Information" + }, + "T1615": { + "ID": "T1615", + "name": "Group Policy Discovery" + }, + "T1200": { + "ID": "T1200", + "name": "Hardware Additions" + }, + "T1564": { + "ID": "T1564", + "name": "Hide Artifacts" + }, + "T1574": { + "ID": "T1574", + "name": "Hijack Execution Flow" + }, + "T1562": { + "ID": "T1562", + "name": "Impair Defenses" + }, + "T1525": { + "ID": "T1525", + "name": "Implant Internal Image" + }, + "T1070": { + "ID": "T1070", + "name": "Indicator Removal" + }, + "T1202": { + "ID": "T1202", + "name": "Indirect Command Execution" + }, + "T1105": { + "ID": "T1105", + "name": "Ingress Tool Transfer" + }, + "T1490": { + "ID": "T1490", + "name": "Inhibit System Recovery" + }, + "T1056": { + "ID": "T1056", + "name": "Input Capture" + }, + "T1559": { + "ID": "T1559", + "name": "Inter-Process Communication" + }, + "T1534": { + "ID": "T1534", + "name": "Internal Spearphishing" + }, + "T1570": { + "ID": "T1570", + "name": "Lateral Tool Transfer" + }, + "T1036": { + "ID": "T1036", + "name": "Masquerading" + }, + "T1556": { + "ID": "T1556", + "name": "Modify Authentication Process" + }, + "T1578": { + "ID": "T1578", + "name": "Modify Cloud Compute Infrastructure" + }, + "T1112": { + "ID": "T1112", + "name": "Modify Registry" + }, + "T1601": { + "ID": "T1601", + "name": "Modify System Image" + }, + "T1111": { + "ID": "T1111", + "name": "Multi-Factor Authentication Interception" + }, + "T1621": { + "ID": "T1621", + "name": "Multi-Factor Authentication Request Generation" + }, + "T1104": { + "ID": "T1104", + "name": "Multi-Stage Channels" + }, + "T1106": { + "ID": "T1106", + "name": "Native API" + }, + "T1599": { + "ID": "T1599", + "name": "Network Boundary Bridging" + }, + "T1498": { + "ID": "T1498", + "name": "Network Denial of Service" + }, + "T1046": { + "ID": "T1046", + "name": "Network Service Discovery" + }, + "T1135": { + "ID": "T1135", + "name": "Network Share Discovery" + }, + "T1040": { + "ID": "T1040", + "name": "Network Sniffing" + }, + "T1095": { + "ID": "T1095", + "name": "Non-Application Layer Protocol" + }, + "T1571": { + "ID": "T1571", + "name": "Non-Standard Port" + }, + "T1003": { + "ID": "T1003", + "name": "OS Credential Dumping" + }, + "T1027": { + "ID": "T1027", + "name": "Obfuscated Files or Information" + }, + "T1588": { + "ID": "T1588", + "name": "Obtain Capabilities" + }, + "T1137": { + "ID": "T1137", + "name": "Office Application Startup" + }, + "T1201": { + "ID": "T1201", + "name": "Password Policy Discovery" + }, + "T1120": { + "ID": "T1120", + "name": "Peripheral Device Discovery" + }, + "T1069": { + "ID": "T1069", + "name": "Permission Groups Discovery" + }, + "T1566": { + "ID": "T1566", + "name": "Phishing" + }, + "T1598": { + "ID": "T1598", + "name": "Phishing for Information" + }, + "T1647": { + "ID": "T1647", + "name": "Plist File Modification" + }, + "T1542": { + "ID": "T1542", + "name": "Pre-OS Boot" + }, + "T1057": { + "ID": "T1057", + "name": "Process Discovery" + }, + "T1055": { + "ID": "T1055", + "name": "Process Injection" + }, + "T1572": { + "ID": "T1572", + "name": "Protocol Tunneling" + }, + "T1090": { + "ID": "T1090", + "name": "Proxy" + }, + "T1012": { + "ID": "T1012", + "name": "Query Registry" + }, + "T1620": { + "ID": "T1620", + "name": "Reflective Code Loading" + }, + "T1219": { + "ID": "T1219", + "name": "Remote Access Software" + }, + "T1563": { + "ID": "T1563", + "name": "Remote Service Session Hijacking" + }, + "T1021": { + "ID": "T1021", + "name": "Remote Services" + }, + "T1018": { + "ID": "T1018", + "name": "Remote System Discovery" + }, + "T1091": { + "ID": "T1091", + "name": "Replication Through Removable Media" + }, + "T1496": { + "ID": "T1496", + "name": "Resource Hijacking" + }, + "T1207": { + "ID": "T1207", + "name": "Rogue Domain Controller" + }, + "T1014": { + "ID": "T1014", + "name": "Rootkit" + }, + "T1053": { + "ID": "T1053", + "name": "Scheduled Task/Job" + }, + "T1029": { + "ID": "T1029", + "name": "Scheduled Transfer" + }, + "T1113": { + "ID": "T1113", + "name": "Screen Capture" + }, + "T1597": { + "ID": "T1597", + "name": "Search Closed Sources" + }, + "T1596": { + "ID": "T1596", + "name": "Search Open Technical Databases" + }, + "T1593": { + "ID": "T1593", + "name": "Search Open Websites/Domains" + }, + "T1594": { + "ID": "T1594", + "name": "Search Victim-Owned Websites" + }, + "T1505": { + "ID": "T1505", + "name": "Server Software Component" + }, + "T1648": { + "ID": "T1648", + "name": "Serverless Execution" + }, + "T1489": { + "ID": "T1489", + "name": "Service Stop" + }, + "T1129": { + "ID": "T1129", + "name": "Shared Modules" + }, + "T1072": { + "ID": "T1072", + "name": "Software Deployment Tools" + }, + "T1518": { + "ID": "T1518", + "name": "Software Discovery" + }, + "T1608": { + "ID": "T1608", + "name": "Stage Capabilities" + }, + "T1528": { + "ID": "T1528", + "name": "Steal Application Access Token" + }, + "T1539": { + "ID": "T1539", + "name": "Steal Web Session Cookie" + }, + "T1649": { + "ID": "T1649", + "name": "Steal or Forge Authentication Certificates" + }, + "T1558": { + "ID": "T1558", + "name": "Steal or Forge Kerberos Tickets" + }, + "T1553": { + "ID": "T1553", + "name": "Subvert Trust Controls" + }, + "T1195": { + "ID": "T1195", + "name": "Supply Chain Compromise" + }, + "T1218": { + "ID": "T1218", + "name": "System Binary Proxy Execution" + }, + "T1082": { + "ID": "T1082", + "name": "System Information Discovery" + }, + "T1614": { + "ID": "T1614", + "name": "System Location Discovery" + }, + "T1016": { + "ID": "T1016", + "name": "System Network Configuration Discovery" + }, + "T1049": { + "ID": "T1049", + "name": "System Network Connections Discovery" + }, + "T1033": { + "ID": "T1033", + "name": "System Owner/User Discovery" + }, + "T1216": { + "ID": "T1216", + "name": "System Script Proxy Execution" + }, + "T1007": { + "ID": "T1007", + "name": "System Service Discovery" + }, + "T1569": { + "ID": "T1569", + "name": "System Services" + }, + "T1529": { + "ID": "T1529", + "name": "System Shutdown/Reboot" + }, + "T1124": { + "ID": "T1124", + "name": "System Time Discovery" + }, + "T1080": { + "ID": "T1080", + "name": "Taint Shared Content" + }, + "T1221": { + "ID": "T1221", + "name": "Template Injection" + }, + "T1205": { + "ID": "T1205", + "name": "Traffic Signaling" + }, + "T1537": { + "ID": "T1537", + "name": "Transfer Data to Cloud Account" + }, + "T1127": { + "ID": "T1127", + "name": "Trusted Developer Utilities Proxy Execution" + }, + "T1199": { + "ID": "T1199", + "name": "Trusted Relationship" + }, + "T1552": { + "ID": "T1552", + "name": "Unsecured Credentials" + }, + "T1535": { + "ID": "T1535", + "name": "Unused/Unsupported Cloud Regions" + }, + "T1550": { + "ID": "T1550", + "name": "Use Alternate Authentication Material" + }, + "T1204": { + "ID": "T1204", + "name": "User Execution" + }, + "T1078": { + "ID": "T1078", + "name": "Valid Accounts" + }, + "T1125": { + "ID": "T1125", + "name": "Video Capture" + }, + "T1497": { + "ID": "T1497", + "name": "Virtualization/Sandbox Evasion" + }, + "T1600": { + "ID": "T1600", + "name": "Weaken Encryption" + }, + "T1102": { + "ID": "T1102", + "name": "Web Service" + }, + "T1047": { + "ID": "T1047", + "name": "Windows Management Instrumentation" + }, + "T1220": { + "ID": "T1220", + "name": "XSL Script Processing" + } + }, + "TechniquesToTactis": { + "T1132": "TA0011", + "T1594": "TA0043", + "T1573": "TA0011", + "T1587": "TA0042", + "T1556": [ + "TA0006", + "TA0005", + "TA0003" + ], + "T1137": "TA0003", + "T1071": "TA0011", + "T1016": "TA0007", + "T1601": "TA0005", + "T1547": [ + "TA0004", + "TA0003" + ], + "T1041": "TA0010", + "T1200": "TA0001", + "T1055": [ + "TA0004", + "TA0005" + ], + "T1176": "TA0003", + "T1593": "TA0043", + "T1072": [ + "TA0008", + "TA0002" + ], + "T1204": "TA0002", + "T1218": "TA0005", + "T1482": "TA0007", + "T1525": "TA0003", + "T1129": "TA0002", + "T1558": "TA0006", + "T1564": "TA0005", + "T1207": "TA0005", + "T1580": "TA0007", + "T1092": "TA0011", + "T1133": [ + "TA0001", + "TA0003" + ], + "T1571": "TA0011", + "T1021": "TA0008", + "T1078": [ + "TA0004", + "TA0005", + "TA0001", + "TA0003" + ], + "T1070": "TA0005", + "T1113": "TA0009", + "T1040": [ + "TA0006", + "TA0007" + ], + "T1583": "TA0042", + "T1069": "TA0007", + "T1202": "TA0005", + "T1572": "TA0011", + "T1068": "TA0004", + "T1652": "TA0007", + "T1555": "TA0006", + "T1538": "TA0007", + "T1563": "TA0008", + "T1216": "TA0005", + "T1539": "TA0006", + "T1489": "TA0040", + "T1221": "TA0005", + "T1622": [ + "TA0005", + "TA0007" + ], + "T1495": "TA0040", + "T1535": "TA0005", + "T1219": "TA0011", + "T1197": [ + "TA0005", + "TA0003" + ], + "T1486": "TA0040", + "T1649": "TA0006", + "T1569": "TA0002", + "T1578": "TA0005", + "T1497": [ + "TA0005", + "TA0007" + ], + "T1091": [ + "TA0008", + "TA0001" + ], + "T1083": "TA0007", + "T1087": "TA0007", + "T1201": "TA0007", + "T1537": "TA0010", + "T1190": "TA0001", + "T1007": "TA0007", + "T1112": "TA0005", + "T1608": "TA0042", + "T1650": "TA0042", + "T1110": "TA0006", + "T1530": "TA0009", + "T1090": "TA0011", + "T1039": "TA0009", + "T1553": "TA0005", + "T1599": "TA0005", + "T1619": "TA0007", + "T1185": "TA0009", + "T1585": "TA0042", + "T1588": "TA0042", + "T1485": "TA0040", + "T1534": "TA0008", + "T1098": "TA0003", + "T1499": "TA0040", + "T1614": "TA0007", + "T1602": "TA0009", + "T1213": "TA0009", + "T1114": "TA0009", + "T1052": "TA0010", + "T1648": "TA0002", + "T1135": "TA0007", + "T1621": "TA0006", + "T1095": "TA0011", + "T1542": [ + "TA0005", + "TA0003" + ], + "T1124": "TA0007", + "T1119": "TA0009", + "T1057": "TA0007", + "T1531": "TA0040", + "T1136": "TA0003", + "T1140": "TA0005", + "T1037": [ + "TA0004", + "TA0003" + ], + "T1046": "TA0007", + "T1505": "TA0003", + "T1565": "TA0040", + "T1480": "TA0005", + "T1612": "TA0005", + "T1205": [ + "TA0005", + "TA0011", + "TA0003" + ], + "T1080": "TA0008", + "T1003": "TA0006", + "T1552": "TA0006", + "T1059": "TA0002", + "T1211": "TA0005", + "T1550": [ + "TA0008", + "TA0005" + ], + "T1543": [ + "TA0004", + "TA0003" + ], + "T1595": "TA0043", + "T1048": "TA0010", + "T1600": "TA0005", + "T1005": "TA0009", + "T1592": "TA0043", + "T1557": [ + "TA0009", + "TA0006" + ], + "T1010": "TA0007", + "T1561": "TA0040", + "T1498": "TA0040", + "T1203": "TA0002", + "T1546": [ + "TA0004", + "TA0003" + ], + "T1125": "TA0009", + "T1056": [ + "TA0009", + "TA0006" + ], + "T1554": "TA0003", + "T1591": "TA0043", + "T1187": "TA0006", + "T1217": "TA0007", + "T1047": "TA0002", + "T1647": "TA0005", + "T1559": "TA0002", + "T1018": "TA0007", + "T1074": "TA0009", + "T1199": "TA0001", + "T1025": "TA0009", + "T1610": [ + "TA0002", + "TA0005" + ], + "T1548": [ + "TA0004", + "TA0005" + ], + "T1210": "TA0008", + "T1584": "TA0042", + "T1567": "TA0010", + "T1120": "TA0007", + "T1491": "TA0040", + "T1606": "TA0006", + "T1001": "TA0011", + "T1562": "TA0005", + "T1049": "TA0007", + "T1105": "TA0011", + "T1613": "TA0007", + "T1220": "TA0005", + "T1082": "TA0007", + "T1222": "TA0005", + "T1609": "TA0002", + "T1651": "TA0002", + "T1111": "TA0006", + "T1212": "TA0006", + "T1611": "TA0004", + "T1030": "TA0010", + "T1528": "TA0006", + "T1102": "TA0011", + "T1574": [ + "TA0004", + "TA0005", + "TA0003" + ], + "T1598": "TA0043", + "T1127": "TA0005", + "T1570": "TA0008", + "T1006": "TA0005", + "T1008": "TA0011", + "T1589": "TA0043", + "T1012": "TA0007", + "T1620": "TA0005", + "T1496": "TA0040", + "T1615": "TA0007", + "T1518": "TA0007", + "T1566": "TA0001", + "T1484": [ + "TA0004", + "TA0005" + ], + "T1526": "TA0007", + "T1189": "TA0001", + "T1029": "TA0010", + "T1014": "TA0005", + "T1568": "TA0011", + "T1134": [ + "TA0004", + "TA0005" + ], + "T1104": "TA0011", + "T1586": "TA0042", + "T1195": "TA0001", + "T1011": "TA0010", + "T1560": "TA0009", + "T1036": "TA0005", + "T1106": "TA0002", + "T1590": "TA0043", + "T1027": "TA0005", + "T1529": "TA0040", + "T1033": "TA0007", + "T1020": "TA0010", + "T1490": "TA0040", + "T1597": "TA0043", + "T1115": "TA0009", + "T1053": [ + "TA0004", + "TA0002", + "TA0003" + ], + "T1596": "TA0043", + "T1123": "TA0009" + } +} \ No newline at end of file diff --git a/ATAPHtmlReport/resources/MitreTactics.json b/ATAPHtmlReport/resources/MitreTactics.json deleted file mode 100644 index bc936405..00000000 --- a/ATAPHtmlReport/resources/MitreTactics.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "TA0043": "Reconnaissance", - "TA0042": "Resource Development", - "TA0001": "Initial Access", - "TA0002": "Execution", - "TA0003": "Persistence", - "TA0004": "Privilege Escalation", - "TA0005": "Defense Evasion", - "TA0006": "Credential Access", - "TA0007": "Discovery", - "TA0008": "Lateral Movement", - "TA0009": "Collection", - "TA0011": "Command and Control", - "TA0010": "Exfiltration", - "TA0040": "Impact" -} \ No newline at end of file