{ "data": { "collected_at": "2026-06-12T13:03:13.0307044+02:00", "score": 28, "checks": [ { "id": "firewall_enabled", "category": "firewall", "name": "Windows Firewall Enabled", "status": "fail", "severity": "critical", "details": "Windows Firewall is disabled for: Domain, Private, Public", "remediation": "Enable Windows Firewall: Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True", "compliance": [ { "framework": "CIS", "control_id": "9.1.1", "title": "Ensure Windows Defender Firewall is enabled for Domain profile" }, { "framework": "CIS", "control_id": "9.2.1", "title": "Ensure Windows Defender Firewall is enabled for Private profile" }, { "framework": "CIS", "control_id": "9.3.1", "title": "Ensure Windows Defender Firewall is enabled for Public profile" }, { "framework": "ANSSI", "control_id": "R7", "title": "Enable and configure Windows Firewall" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A6", "title": "Harden Windows Firewall" } ] }, { "id": "antivirus_installed", "category": "antivirus", "name": "Antivirus Software Installed", "status": "fail", "severity": "critical", "details": "No antivirus software detected", "remediation": "Install an antivirus solution. For Windows Server, enable Microsoft Defender or deploy an enterprise AV product", "compliance": [ { "framework": "CIS", "control_id": "8.1", "title": "Ensure antivirus software is installed and running" }, { "framework": "ANSSI", "control_id": "R22", "title": "Deploy and maintain antivirus protection" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A16", "title": "Configure antivirus protection" } ] }, { "id": "antivirus_realtime", "category": "antivirus", "name": "Antivirus Real-Time Protection Enabled", "status": "fail", "severity": "critical", "details": "No antivirus detected to provide real-time protection", "remediation": "Install and enable an antivirus solution with real-time protection", "compliance": [ { "framework": "CIS", "control_id": "18.9.47.4.1", "title": "Ensure Turn on real-time protection is set to Enabled" }, { "framework": "ANSSI", "control_id": "R22", "title": "Deploy and maintain antivirus protection" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A16", "title": "Configure antivirus protection" } ] }, { "id": "antivirus_definitions", "category": "antivirus", "name": "Antivirus Definitions Up-to-Date", "status": "fail", "severity": "high", "details": "No antivirus installed to check definitions", "remediation": "Install an antivirus solution", "compliance": [ { "framework": "CIS", "control_id": "18.9.47.9", "title": "Ensure definition updates are configured" }, { "framework": "ANSSI", "control_id": "R22", "title": "Deploy and maintain antivirus protection" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A16", "title": "Configure antivirus protection" } ] }, { "id": "bitlocker_enabled", "category": "encryption", "name": "BitLocker Drive Encryption", "status": "warning", "severity": "medium", "details": "Unable to query BitLocker status (may require elevated privileges)", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "18.9.11.1", "title": "Ensure BitLocker is configured for fixed data drives" }, { "framework": "ANSSI", "control_id": "R14", "title": "Enable BitLocker drive encryption" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A12", "title": "Configure disk encryption" } ] }, { "id": "uac_enabled", "category": "access_control", "name": "User Account Control (UAC) Enabled", "status": "pass", "severity": "critical", "details": "User Account Control (UAC) is enabled", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "2.3.17.1", "title": "Ensure User Account Control: Admin Approval Mode is enabled" }, { "framework": "ANSSI", "control_id": "R15", "title": "Enable and configure User Account Control" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "smb1_disabled", "category": "network", "name": "SMBv1 Protocol Disabled", "status": "fail", "severity": "high", "details": "SMBv1 protocol is enabled", "remediation": "Disable SMBv1: Disable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol -NoRestart", "compliance": [ { "framework": "CIS", "control_id": "18.3.3", "title": "Ensure Configure SMB v1 server is set to Disabled" }, { "framework": "ANSSI", "control_id": "R8", "title": "Disable SMBv1 protocol" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A7", "title": "Harden SMB configuration" } ] }, { "id": "rdp_nla_required", "category": "network", "name": "RDP Network Level Authentication Required", "status": "pass", "severity": "high", "details": "Network Level Authentication (NLA) is required for RDP", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "18.9.65.3.9.2", "title": "Ensure Require user authentication for remote connections by using NLA is enabled" }, { "framework": "ANSSI", "control_id": "R16", "title": "Harden Remote Desktop configuration" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A9", "title": "Harden Remote Desktop Services" } ] }, { "id": "rdp_encryption_level", "category": "encryption", "name": "RDP Encryption Level High", "status": "warning", "severity": "high", "details": "RDP encryption level is Client Compatible (should be High)", "remediation": "Set encryption to High: reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp\" /v MinEncryptionLevel /t REG_DWORD /d 3 /f", "compliance": [ { "framework": "CIS", "control_id": "18.9.65.3.9.1", "title": "Ensure Set client connection encryption level is set to High Level" }, { "framework": "ANSSI", "control_id": "R16", "title": "Harden Remote Desktop configuration" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A9", "title": "Harden Remote Desktop Services" } ] }, { "id": "auto_updates", "category": "updates", "name": "Windows Automatic Updates", "status": "pass", "severity": "high", "details": "Automatic updates are enabled via Group Policy", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "18.9.108.1.1", "title": "Ensure Configure Automatic Updates is set to Enabled" }, { "framework": "ANSSI", "control_id": "R23", "title": "Configure automatic security updates" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A4", "title": "Manage security updates" } ] }, { "id": "password_min_length", "category": "password_policy", "name": "Password Minimum Length", "status": "fail", "severity": "medium", "details": "Minimum password length is only 0 characters", "remediation": "Set minimum password length to 14: net accounts /minpwlen:14", "compliance": [ { "framework": "CIS", "control_id": "1.1.4", "title": "Ensure Minimum password length is set to 14 or more characters" }, { "framework": "ANSSI", "control_id": "R20", "title": "Configure password policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "password_complexity", "category": "password_policy", "name": "Password Complexity Requirements", "status": "pass", "severity": "medium", "details": "Password complexity requirements are enabled", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "1.1.5", "title": "Ensure Password must meet complexity requirements is set to Enabled" }, { "framework": "ANSSI", "control_id": "R20", "title": "Configure password policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "password_max_age", "category": "password_policy", "name": "Password Maximum Age", "status": "pass", "severity": "medium", "details": "Password maximum age is 42 days", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "1.1.2", "title": "Ensure Maximum password age is set to 365 or fewer days but not 0" }, { "framework": "ANSSI", "control_id": "R20", "title": "Configure password policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "account_lockout", "category": "password_policy", "name": "Account Lockout Policy", "status": "fail", "severity": "high", "details": "Account lockout is disabled (no limit on failed login attempts)", "remediation": "Set lockout policy: net accounts /lockoutthreshold:5 /lockoutduration:15 /lockoutwindow:15", "compliance": [ { "framework": "CIS", "control_id": "1.2.1", "title": "Ensure Account lockout duration is set to 15 or more minutes" }, { "framework": "CIS", "control_id": "1.2.2", "title": "Ensure Account lockout threshold is set to 5 or fewer invalid logon attempts" }, { "framework": "ANSSI", "control_id": "R19", "title": "Configure account lockout policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "listening_ports", "category": "network", "name": "No Risky Listening Ports", "status": "warning", "severity": "high", "details": "Risky services listening on all interfaces: SMTP(25)", "remediation": "Review and disable unnecessary services, or configure Windows Firewall to block these ports", "compliance": [ { "framework": "CIS", "control_id": "2.1", "title": "Ensure unnecessary services are removed" }, { "framework": "ANSSI", "control_id": "R24", "title": "Disable unnecessary services" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A14", "title": "Harden system services" } ] }, { "id": "guest_account_disabled", "category": "access_control", "name": "Guest Account Disabled", "status": "warning", "severity": "critical", "details": "Unable to query Guest account status", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "1.1.1", "title": "Ensure Accounts: Guest account status is set to Disabled" }, { "framework": "ANSSI", "control_id": "R20", "title": "Configure password policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "remote_registry_disabled", "category": "network", "name": "Remote Registry Service Disabled", "status": "warning", "severity": "high", "details": "Remote Registry service is stopped but start type is 'Automatic'", "remediation": "Disable Remote Registry: Set-Service -Name 'RemoteRegistry' -StartupType Disabled -Status Stopped", "compliance": [ { "framework": "CIS", "control_id": "5.27", "title": "Ensure Remote Registry (RemoteRegistry) is set to Disabled" }, { "framework": "ANSSI", "control_id": "R24", "title": "Disable unnecessary services" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A14", "title": "Harden system services" } ] }, { "id": "powershell_execution_policy", "category": "access_control", "name": "PowerShell Execution Policy Restricted", "status": "warning", "severity": "medium", "details": "PowerShell execution policy is RemoteSigned (local unsigned scripts can run)", "remediation": "Restrict PowerShell: Set-ExecutionPolicy AllSigned -Scope LocalMachine -Force", "compliance": [ { "framework": "CIS", "control_id": "18.9.100.1", "title": "Ensure Turn on PowerShell Script Block Logging is set to Enabled" }, { "framework": "ANSSI", "control_id": "R17", "title": "Configure PowerShell security" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A15", "title": "Harden PowerShell configuration" } ] }, { "id": "winrm_encrypted", "category": "encryption", "name": "WinRM Encrypted Traffic Only", "status": "pass", "severity": "high", "details": "WinRM requires encrypted traffic", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "18.9.102.1.1", "title": "Ensure Allow unencrypted traffic is set to Disabled" }, { "framework": "ANSSI", "control_id": "R35", "title": "Harden WinRM configuration" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A19", "title": "Secure WinRM configuration" } ] }, { "id": "lsa_anonymous_restricted", "category": "access_control", "name": "Anonymous Access to LSA Restricted", "status": "fail", "severity": "high", "details": "Anonymous access to LSA is not restricted (enumeration risk)", "remediation": "Restrict anonymous access: reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\" /v RestrictAnonymous /t REG_DWORD /d 1 /f", "compliance": [ { "framework": "CIS", "control_id": "2.3.10.5", "title": "Ensure Network access: Let Everyone permissions apply to anonymous users is set to Disabled" }, { "framework": "ANSSI", "control_id": "R37", "title": "Restrict anonymous enumeration" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A11", "title": "Harden authentication mechanisms" } ] }, { "id": "audit_logon_events", "category": "access_control", "name": "Audit Logon Events Enabled", "status": "pass", "severity": "high", "details": "Logon events auditing is configured for Success and Failure", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "17.5.1", "title": "Ensure Audit Logon is set to Success and Failure" }, { "framework": "ANSSI", "control_id": "R18", "title": "Configure comprehensive audit policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A10", "title": "Configure audit and logging" } ] }, { "id": "smb_signing_required", "category": "network", "name": "SMB Signing Required", "status": "fail", "severity": "high", "details": "SMB signing is not required (vulnerable to relay attacks)", "remediation": "Enable SMB signing: reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer\\Parameters\" /v RequireSecuritySignature /t REG_DWORD /d 1 /f \u0026\u0026 reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters\" /v RequireSecuritySignature /t REG_DWORD /d 1 /f", "compliance": [ { "framework": "CIS", "control_id": "2.3.8.1", "title": "Ensure Microsoft network client: Digitally sign communications (always) is set to Enabled" }, { "framework": "CIS", "control_id": "2.3.9.2", "title": "Ensure Microsoft network server: Digitally sign communications (always) is set to Enabled" }, { "framework": "ANSSI", "control_id": "R9", "title": "Require SMB signing" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A7", "title": "Harden SMB configuration" } ] }, { "id": "powershell_script_block_logging", "category": "access_control", "name": "PowerShell Script Block Logging Enabled", "status": "fail", "severity": "high", "details": "PowerShell Script Block Logging is not configured", "remediation": "Enable via GPO or registry: reg add \"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\PowerShell\\ScriptBlockLogging\" /v EnableScriptBlockLogging /t REG_DWORD /d 1 /f", "compliance": [ { "framework": "CIS", "control_id": "18.9.100.1", "title": "Ensure Turn on PowerShell Script Block Logging is set to Enabled" }, { "framework": "ANSSI", "control_id": "R17", "title": "Configure PowerShell security" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A15", "title": "Harden PowerShell configuration" } ] }, { "id": "credential_guard", "category": "encryption", "name": "Credential Guard Enabled", "status": "warning", "severity": "high", "details": "Virtualization Based Security registry key not found (may not be supported)", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "18.3.6", "title": "Ensure Turn On Virtualization Based Security is set to Enabled" }, { "framework": "ANSSI", "control_id": "R12", "title": "Enable Credential Guard" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A8", "title": "Protect credentials in memory" } ] }, { "id": "autorun_disabled", "category": "access_control", "name": "AutoRun Disabled", "status": "fail", "severity": "high", "details": "AutoRun policy is not configured", "remediation": "Disable AutoRun: reg add \"HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\" /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f", "compliance": [ { "framework": "CIS", "control_id": "18.9.16.2", "title": "Ensure Turn off Autoplay is set to Enabled: All drives" }, { "framework": "ANSSI", "control_id": "R21", "title": "Disable AutoRun and AutoPlay" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A13", "title": "Restrict AutoRun functionality" } ] }, { "id": "screensaver_lock", "category": "access_control", "name": "Screen Saver Password Protection", "status": "warning", "severity": "medium", "details": "Unable to query screen saver lock policy", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "19.1.3.3", "title": "Ensure Screen saver timeout is set to Enabled: 900 seconds or fewer" }, { "framework": "ANSSI", "control_id": "R29", "title": "Configure automatic screen lock" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A17", "title": "Configure screen lock policy" } ] }, { "id": "llmnr_disabled", "category": "network", "name": "LLMNR Disabled", "status": "fail", "severity": "high", "details": "LLMNR is not explicitly disabled (vulnerable to credential relay attacks)", "remediation": "Disable LLMNR: reg add \"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\DNSClient\" /v EnableMulticast /t REG_DWORD /d 0 /f", "compliance": [ { "framework": "CIS", "control_id": "18.4.1", "title": "Ensure Turn off multicast name resolution is set to Enabled" }, { "framework": "ANSSI", "control_id": "R10", "title": "Disable LLMNR and NetBIOS name resolution" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A11", "title": "Harden authentication mechanisms" } ] }, { "id": "wdigest_disabled", "category": "encryption", "name": "WDigest Authentication Disabled", "status": "pass", "severity": "critical", "details": "WDigest UseLogonCredential key not set (disabled by default on Server 2012 R2+)", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "18.3.7", "title": "Ensure WDigest Authentication is set to Disabled" }, { "framework": "ANSSI", "control_id": "R11", "title": "Disable WDigest authentication" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A8", "title": "Protect credentials in memory" } ] }, { "id": "null_session_pipes", "category": "network", "name": "Null Session Pipes Restricted", "status": "pass", "severity": "medium", "details": "Anonymous access to named pipes and shares is restricted", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "2.3.10.8", "title": "Ensure Network access: Restrict anonymous access to Named Pipes and Shares is set to Enabled" }, { "framework": "ANSSI", "control_id": "R30", "title": "Restrict null session access" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A11", "title": "Harden authentication mechanisms" } ] }, { "id": "security_event_log_size", "category": "access_control", "name": "Security Event Log Size Adequate", "status": "fail", "severity": "medium", "details": "Security event log max size is only 20480 KB (events overwritten too quickly)", "remediation": "Increase Security log size: wevtutil sl Security /ms:201326592", "compliance": [ { "framework": "CIS", "control_id": "18.9.26.4.1", "title": "Ensure Security: Specify the maximum log file size (KB) is set to Enabled: 196,608 or greater" }, { "framework": "ANSSI", "control_id": "R31", "title": "Configure adequate event log retention" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A10", "title": "Configure audit and logging" } ] }, { "id": "rdp_idle_timeout", "category": "access_control", "name": "RDP Idle Session Timeout Configured", "status": "fail", "severity": "medium", "details": "RDP idle session timeout is not configured (sessions persist indefinitely)", "remediation": "Set idle timeout to 15 min: reg add \"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services\" /v MaxIdleTime /t REG_DWORD /d 900000 /f", "compliance": [ { "framework": "CIS", "control_id": "18.9.65.3.10.1", "title": "Ensure Set time limit for active but idle Remote Desktop Services sessions" }, { "framework": "ANSSI", "control_id": "R16", "title": "Harden Remote Desktop configuration" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A9", "title": "Harden Remote Desktop Services" } ] }, { "id": "print_spooler_disabled", "category": "network", "name": "Print Spooler Service Disabled", "status": "fail", "severity": "critical", "details": "Print Spooler service is running (PrintNightmare vulnerability risk on servers)", "remediation": "Disable Print Spooler on servers: Stop-Service -Name 'Spooler' -Force; Set-Service -Name 'Spooler' -StartupType Disabled", "compliance": [ { "framework": "CIS", "control_id": "5.36", "title": "Ensure Print Spooler (Spooler) is set to Disabled" }, { "framework": "STIG", "control_id": "V-253370", "title": "PrintNightmare - Print Spooler must be disabled unless required" }, { "framework": "ANSSI", "control_id": "R24", "title": "Disable unnecessary services" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A14", "title": "Harden system services" } ] }, { "id": "sehop_enabled", "category": "access_control", "name": "SEHOP (Structured Exception Handler Overwrite Protection)", "status": "pass", "severity": "high", "details": "SEHOP is enabled (exception handler chain validation active)", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "18.3.4", "title": "Ensure SEHOP is enabled" }, { "framework": "ANSSI", "control_id": "R34", "title": "Enable exploit protection features" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A18", "title": "Configure network and exploit protection" } ] }, { "id": "ipv6_disabled_if_unused", "category": "network", "name": "IPv6 Disabled If Not Required", "status": "warning", "severity": "low", "details": "IPv6 configuration not explicitly managed via registry (enabled by default)", "remediation": "If IPv6 is not needed, disable it: reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip6\\Parameters\" /v DisabledComponents /t REG_DWORD /d 0xFF /f", "compliance": [ { "framework": "STIG", "control_id": "V-220697", "title": "IPv6 must be disabled if not in use" }, { "framework": "ANSSI", "control_id": "R32", "title": "Disable IPv6 if not required" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A18", "title": "Configure network and exploit protection" } ] }, { "id": "lsa_protection_enabled", "category": "access_control", "name": "LSA Protection (RunAsPPL) Enabled", "status": "fail", "severity": "critical", "details": "LSA Protection (RunAsPPL) is not configured (credentials vulnerable to Mimikatz)", "remediation": "Enable LSA Protection: reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Lsa\" /v RunAsPPL /t REG_DWORD /d 1 /f (reboot required)", "compliance": [ { "framework": "CIS", "control_id": "18.3.5", "title": "Ensure LSA protection is enabled" }, { "framework": "ANSSI", "control_id": "R36", "title": "Enable LSA protection to prevent credential theft" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A8", "title": "Protect credentials in memory" } ] }, { "id": "w32time_configured", "category": "network", "name": "Windows Time Synchronization Configured", "status": "fail", "severity": "medium", "details": "Windows Time service is not running (audit logs and certificates may be unreliable)", "remediation": "Enable W32Time: Set-Service -Name 'W32Time' -StartupType Automatic -Status Running; w32tm /config /manualpeerlist:\"pool.ntp.org\" /syncfromflags:manual /update", "compliance": [ { "framework": "CIS", "control_id": "2.3.1.2", "title": "Ensure Windows Time service is configured" }, { "framework": "ANSSI", "control_id": "R33", "title": "Configure NTP time synchronization" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A20", "title": "Configure time synchronization" } ] }, { "id": "laps_configured", "category": "access_control", "name": "LAPS (Local Admin Password Solution) Configured", "status": "fail", "severity": "high", "details": "LAPS is not configured (local admin passwords may be identical across servers)", "remediation": "Deploy Windows LAPS via Group Policy or install legacy LAPS from Microsoft Download Center", "compliance": [ { "framework": "CIS", "control_id": "18.2.1", "title": "Ensure LAPS is installed and configured" }, { "framework": "ANSSI", "control_id": "R13", "title": "Deploy LAPS for local admin password management" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "netbios_disabled", "category": "network", "name": "NetBIOS over TCP/IP Disabled", "status": "fail", "severity": "high", "details": "NetBIOS over TCP/IP is enabled on: vmxnet3 Ethernet Adapter (credential relay risk)", "remediation": "Disable NetBIOS on each adapter: Network adapter properties \u003e IPv4 \u003e Advanced \u003e WINS \u003e Disable NetBIOS over TCP/IP", "compliance": [ { "framework": "CIS", "control_id": "18.4.2", "title": "Ensure NetBIOS over TCP/IP is disabled on all interfaces" }, { "framework": "ANSSI", "control_id": "R10", "title": "Disable LLMNR and NetBIOS name resolution" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A11", "title": "Harden authentication mechanisms" } ] }, { "id": "telemetry_restricted", "category": "access_control", "name": "Windows Telemetry Restricted", "status": "warning", "severity": "medium", "details": "Telemetry level is not configured via Group Policy (using system defaults)", "remediation": "Restrict telemetry: reg add \"HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\\DataCollection\" /v AllowTelemetry /t REG_DWORD /d 0 /f", "compliance": [ { "framework": "CIS", "control_id": "18.9.17.1", "title": "Ensure Allow Diagnostic Data is set to Diagnostic data off or Send required diagnostic data" }, { "framework": "ANSSI", "control_id": "R25", "title": "Restrict Windows telemetry and data collection" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A3", "title": "Restrict telemetry and data collection" } ] }, { "id": "no_empty_passwords", "category": "credentials", "name": "No Empty Passwords", "status": "warning", "severity": "critical", "details": "Unable to query local user password requirements", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "1.1.5", "title": "Ensure accounts require passwords" }, { "framework": "ANSSI", "control_id": "R20", "title": "Set strong passwords for user accounts" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "builtin_admin_secured", "category": "credentials", "name": "Built-in Administrator Account Disabled", "status": "warning", "severity": "high", "details": "Unable to query built-in Administrator account", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "1.1.1", "title": "Ensure the built-in administrator account is disabled" }, { "framework": "ANSSI", "control_id": "R20", "title": "Configure password policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "cached_credentials_limited", "category": "credentials", "name": "Cached Credentials Limited", "status": "warning", "severity": "medium", "details": "Cached logon count is 10 (recommended: 4 or fewer)", "remediation": "Reduce cached logons: reg add \"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\" /v CachedLogonsCount /t REG_SZ /d 4 /f", "compliance": [ { "framework": "CIS", "control_id": "2.3.7.6", "title": "Interactive logon: Number of previous logons to cache" }, { "framework": "ANSSI", "control_id": "R11", "title": "Limit credential caching" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A8", "title": "Protect credentials in memory" } ] }, { "id": "auto_admin_logon_disabled", "category": "credentials", "name": "Auto Admin Logon Disabled", "status": "pass", "severity": "critical", "details": "AutoAdminLogon is disabled", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "18.9.16.1", "title": "Ensure AutoAdminLogon is set to Disabled" }, { "framework": "ANSSI", "control_id": "R11", "title": "Protect stored credentials" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A8", "title": "Protect credentials in memory" } ] }, { "id": "reversible_encryption_disabled", "category": "credentials", "name": "Reversible Password Encryption Disabled", "status": "pass", "severity": "critical", "details": "Reversible password encryption is disabled", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "1.1.7", "title": "Ensure Store passwords using reversible encryption is set to Disabled" }, { "framework": "ANSSI", "control_id": "R20", "title": "Configure password policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] }, { "id": "no_password_never_expires", "category": "credentials", "name": "No Accounts With Non-Expiring Passwords", "status": "warning", "severity": "medium", "details": "Unable to query local user password expiration", "remediation": "", "compliance": [ { "framework": "CIS", "control_id": "1.1.6", "title": "Ensure password expiration policies are applied" }, { "framework": "ANSSI", "control_id": "R20", "title": "Configure password policy" }, { "framework": "BSI", "control_id": "SYS.1.2.3.A5", "title": "Protect access mechanisms" } ] } ] }, "timestamp": 1781262193313972100 }