Windows 10 Security Checklist: CIS Benchmark Simplified

Ensuring the security of your Windows 10 system is a complex task, but an essential one to protect your data and maintain system integrity. The Center for Internet Security (CIS) offers comprehensive benchmarks to help you improve your cybersecurity posture. We’ve provided a simplified version of the Windows 10 CIS benchmark in this article, although we strongly advise that it be used alongside the official CIS benchmark documentation for a more complete understanding.

Remember, modifying your system configuration should always be done under the guidance of an IT professional and should be rigorously tested before deployment.

1. Administrative Policies and Procedures: Stay updated with regular system updates, perform vulnerability assessments, and use unique, secure passwords for all administrative accounts.
2. Account and Privilege Management: Limit user privileges, only grant administrative privileges to necessary users, rename the default administrator account, disable the guest account, and enable secure sign-in.
3. Password Policies: Implement password complexity requirements, set the minimum password length to at least 14 characters, remember at least 24 previous passwords, and enforce password expiration.
4. Control Panel and System Settings: Configure User Account Control (UAC) to the highest setting, enable secure boot (if applicable), disable booting from external devices (if applicable), and activate Windows Firewall.
5. BitLocker and Encryption Policies: Enable BitLocker drive encryption, if applicable, and ensure all data on digital media is encrypted.
6. Windows Defender and Firewall: Activate Windows Defender Antivirus, Windows Defender Firewall, and configure the antivirus to update regularly.
7. Audit and Event Policies: Enable auditing for successful and failed logon events, account management events, system events, process tracking, and object access auditing. The system should be set to ‘Audit the use of Backup and Restore privilege’.
8. Windows Features: Deactivate SMBv1 and SMBv2, disable Remote Desktop if not required, disable unnecessary Windows services, and enable Windows Network Access Protection (NAP).
9. System Services: Set unnecessary or potentially insecure services to ‘Disabled’ or ‘Manual’. Ensure the Wireless AutoConfig Service (for wireless connections) is set to ‘Auto’. Configure Windows Service settings according to the principle of least privilege.
10. Network Settings: Harden network settings, disable IPv6 if not required, set named pipes and shares that can be accessed anonymously to ‘Null’, and enable Windows Firewall domain profile.
11. File and Share Permissions: Ensure ‘Everyone’ group does not have full control over any files or folders. Set correct permissions on file shares.
12. Browser Settings (Edge): Set pop-up blocker to ‘High’, internet zone security level to ‘High’, local intranet zone security level to ‘Medium-Low’, and trusted sites zone security level to ‘Low’.

This checklist is a basic guide, so always refer to the latest CIS Benchmark document for a comprehensive set of recommendations. Be aware that system configuration can impact functionality and performance. Therefore, always consult with an IT professional when implementing these changes. Secure your Windows 10 environment, and stay safe in the digital world!

Interested in ensuring your business’s cybersecurity? Info System Consultants can help. Our experienced team can guide you through the intricacies of system configuration and cybersecurity best practices, leaving you confident in your system’s security. Contact us today to schedule a consultation.