ࡱ>  f2ɀ\pMatthew N. Wojcik Ba== B>8X@"1BCalibri1BCalibri1BCalibri1BCalibri1BArial1BArial1BArial1 BArial1BArial1BArial1BArial1BArial1BCalibri1 BCalibri1 BArial1BCalibri1BArial14BCalibri1 BCalibri1BCalibri1BCalibri1BCalibri1BCalibri1,8BCalibri18BCalibri18BCalibri1 BCalibri1>BCalibri14BCalibri1<BCalibri1<BArial1BArial1BCalibri1?BCalibri1h8BCambria1BCalibri1 BCalibri1BArial1BArial1BArial"$"#,##0_);\("$"#,##0\)!"$"#,##0_);[Red]\("$"#,##0\)""$"#,##0.00_);\("$"#,##0.00\)'""$"#,##0.00_);[Red]\("$"#,##0.00\)7*2_("$"* #,##0_);_("$"* \(#,##0\);_("$"* "-"_);_(@_).))_(* #,##0_);_(* \(#,##0\);_(* "-"_);_(@_)?,:_("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_)6+1_(* #,##0.00_);_(* \(#,##0.00\);_(* "-"??_);_(@_)[$-409]General                                                                       ( (     ff  +  )  ,  *       P  P          `  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  1(d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d  (d (                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              (   (                   !               "    # $ a> % &(8@ @  '8@ @  'x@ @  'x@ @  'x@ @  x@ @ >  8@ @    (@ @   (8@ @   (x@ @   (x@ @   (x@ @    h@ @ > ((8@ @   (x@ @ >  (<@ @  (x@ @   (|@ @  1! (|@ @  ! (|@ @ ! (|@ @ >  (|@ @  (|@ @   (|@ @  (|@ @  (<@ @ 1 (|@ @ 1(|@ @ ||W}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-} 00\);_(*}-}  00\);_(*}-}  00\);_(*}-}  00\);_(*}-}  00\);_(*}-}  00\);_(*}-} 00\);_(*}-} 00\);_(*}A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef;_(@_) }A} 00\);_(*ef ;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L;_(@_) }A} 00\);_(*L ;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A} 00\);_(*23;_(@_) }A}  00\);_(*23;_(@_) }A}! 00\);_(*23 ;_(@_) }A}" 00\);_(*;_(@_) }A}# 00\);_(*;_(@_) }A}$ 00\);_(*;_(@_) }A}% 00\);_(*;_(@_) }A}& 00\);_(*;_(@_) }A}' 00\);_(* ;_(@_) }<}( 00\);_(* ;_(}A}) 00\);_(*;_(@_) }<}* 00\);_(*;_(}(}+00\);_(*}}- }00\);_(*;_(@_)    }}. 00\);_(*;_(@_) ??? ??? ??? ???}-}/ 00\);_(*}-}0 00\);_(*}-}1 00\);_(*}-}2 00\);_(*}(}3 00\);_(*}-}4 00\);_(*}-}5  00\);_(*}A}6 a00\);_(*;_(@_) }A}7 00\);_(*;_(@_) }A}8 00\);_(*?;_(@_) }A}9 00\);_(*23;_(@_) }-}: 00\);_(*}-};  00\);_(*}}= ??v00\);_(*̙;_(@_)    }A}> }00\);_(*;_(@_) }A} e00\);_(*;_(@_) }<} e00\);_(*;_(}(}J 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(}- 00\);_(*}(}/ 00\);_(*}(}0 00\);_(*}(}1 00\);_(*}(}2 00\);_(*}(}3 00\);_(*}(}4 00\);_(*}(}5 00\);_(*}(}6 00\);_(*}(}7 00\);_(*}(}8 00\);_(*}(}: 00\);_(*}(}; 00\);_(*}(}< 00\);_(*}(}= 00\);_(*}(}> 00\);_(*}(}? 00\);_(*}(}@ 00\);_(*}(}A 00\);_(*}(}B 00\);_(*}(}C 00\);_(*}(}E 00\);_(*}(}F 00\);_(*}(}G 00\);_(*}(}H 00\);_(*}(}I 00\);_(*}(}J 00\);_(*}(}K 00\);_(*}(}L 00\);_(*}(}M 00\);_(*}(}N 00\);_(*}(}P 00\);_(*}(}Q 00\);_(*}(}R 00\);_(*}(}S 00\);_(*}(}T 00\);_(*}(}U 00\);_(*}(}V 00\);_(*}(}W 00\);_(*}(}X 00\);_(*}(}Y 00\);_(*}(}[ 00\);_(*}(}\ 00\);_(*}(}] 00\);_(*}(}^ 00\);_(*}(}_ 00\);_(*}(}` 00\);_(*}(}a 00\);_(*}(}b 00\);_(*}(}c 00\);_(*}(}d 00\);_(*}(}f 00\);_(*}(}g 00\);_(*}(}h 00\);_(*}(}  00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}(} 00\);_(*}-}  00\);_(*}(}  00\);_(*}(}  00\);_(*}(}  00\);_(*}(} 00\);_(*}(} 00\);_(*}},}}3 00\);_(*;_(@_)    }}4 00\);_(*;_(   }}5 ???00\);_(*;_(??? ???  ???  ???}-}6 00\);_(*}-}8 00\);_(*}U}9 00\);_(*;_( }-}: 00\);_(*}(}; 00\);_(*}(}< 00\);_(*}<}= 00\);_(*;_(}<}> 00\);_(*;_(}<}? 00\);_(*;_(}(}@O00\);_(*}(}A 00\);_(*}(}B 00\);_(*}(}C 00\);_(*}<}D 00\);_(*;_(}<}E 00\);_(*;_(}<}F 00\);_(*;_(}<}G 00\);_(*O;_(}(}H 00\);_(*}<}I 00\);_(*O;_(}(}J 00\);_(*}t}K`V@?}}L V@`V@?}t}M`V@?}<}NOV@ef}(}OOV@}(}Q V@}<}SefV@ef 20% - Accent1M 20% - Accent1 ef % 20% - Accent2M" 20% - Accent2 ef % 20% - Accent3M& 20% - Accent3 ef % 20% - Accent4M* 20% - Accent4 ef % 20% - Accent5M. 20% - Accent5 ef % 20% - Accent6M2 20% - Accent6  ef % 40% - Accent1M 40% - Accent1 L % 40% - Accent2M# 40% - Accent2 L渷 % 40% - Accent3M' 40% - Accent3 L % 40% - Accent4M+ 40% - Accent4 L % 40% - Accent5M/ 40% - Accent5 L % 40% - Accent6M3 40% - Accent6  Lմ % 60% - Accent1M 60% - Accent1 23 % 60% - Accent2M$ 60% - Accent2 23ږ % 60% - Accent3M( 60% - Accent3 23כ % 60% - Accent4M, 60% - Accent4 23 % 60% - Accent5M0 60% - Accent5 23 %! 60% - Accent6M4 60% - Accent6  23 % "Accent1AAccent1 O % #Accent2A!Accent2 PM % $Accent3A%Accent3 Y % %Accent4A)Accent4 d % &Accent5A-Accent5 K % 'Accent6A1Accent6  F %( Accent6 2@ Accent6 2  F )Bad9Bad  % *Bad 28Bad 2  +Blue Background@Blue Background  ,Bold- Calculation Calculation  }% . Check Cell Check Cell  %????????? ???/ Comma0( Comma [0]1&Currency2. Currency [0]3Excel Built-in Normal 1PExcel Built-in Normal 1 4Explanatory TextG5Explanatory Text %5 K Followed Hyperlink  % 6Good;Good  a%7 Heading 1G Heading 1 I}%O8 Heading 2G Heading 2 I}%?9 Heading 3G Heading 3 I}%23: Heading 49 Heading 4 I}%;9 Hyperlink  %< Hyperlink 2 =InputuInput ̙ ??v% > Linked CellK Linked Cell }% ?Mine @Mine 10 AMine 11 BMine 12 CMine 13 DMine 14 EMine 15 FMine 16 GMine 17 HMine 18 IMine 19 JMine 2K Mine 2 10L Mine 2 11M Mine 2 12N Mine 2 13O Mine 2 14P Mine 2 15Q Mine 2 16R Mine 2 17S Mine 2 18T Mine 2 19 UMine 2 2V Mine 2 20W Mine 2 21X Mine 2 22Y Mine 2 23Z Mine 2 24[ Mine 2 25\ Mine 2 26] Mine 2 27^ Mine 2 28_ Mine 2 29 `Mine 2 3a Mine 2 30b Mine 2 31c Mine 2 32d Mine 2 33e Mine 2 34f Mine 2 35g Mine 2 36h Mine 2 37i Mine 2 38j Mine 2 39 kMine 2 4l Mine 2 40m Mine 2 41n Mine 2 42o Mine 2 43p Mine 2 44q Mine 2 45r Mine 2 46s Mine 2 47t Mine 2 48u Mine 2 49 vMine 2 5w Mine 2 50x Mine 2 51y Mine 2 52z Mine 2 53{ Mine 2 54 |Mine 2 6 }Mine 2 7 ~Mine 2 8 Mine 2 9 Mine 20 Mine 21 Mine 22 Mine 23 Mine 24 Mine 25 Mine 26 Mine 27 Mine 28 Mine 29 Mine 3 Mine 30 Mine 31 Mine 32 Mine 33 Mine 34 Mine 35 Mine 36 Mine 37 Mine 38 Mine 39 Mine 4 Mine 40 Mine 41 Mine 42 Mine 43 Mine 44 Mine 45 Mine 46 Mine 47 Mine 48 Mine 49 Mine 5 Mine 50 Mine 51 Mine 52 Mine 53 Mine 54 Mine 6 Mine 7 Mine 8 Mine 9 My Normal NeutralANeutral  e% Neutral 2@ Neutral 2  e3Normal % Normal 10 Normal 10 2 Normal 109 Normal 109 2 Normal 109 3 Normal 11 Normal 110 Normal 110 2 Normal 110 3 Normal 12 Normal 127 Normal 127 2 Normal 13 Normal 135 Normal 135 2 Normal 136 Normal 136 2 Normal 137 Normal 137 2 Normal 138 Normal 138 2 Normal 139 Normal 139 2 Normal 14 Normal 140 Normal 140 2 Normal 143 Normal 143 2 Normal 144 Normal 144 2 Normal 15 Normal 16 Normal 17 Normal 18 Normal 19 Normal 2 Normal 2 10 Normal 2 10 2 Normal 2 11 Normal 2 12 Normal 2 13 Normal 2 14 Normal 2 15 Normal 2 16 Normal 2 17 Normal 2 18Normal 2 18 10Normal 2 18 10 2Normal 2 18 10 3Normal 2 18 11Normal 2 18 11 2Normal 2 18 12Normal 2 18 12 2Normal 2 18 13Normal 2 18 13 2Normal 2 18 14Normal 2 18 14 2Normal 2 18 15Normal 2 18 15 2Normal 2 18 16Normal 2 18 16 2Normal 2 18 17Normal 2 18 17 2Normal 2 18 18Normal 2 18 18 2Normal 2 18 19Normal 2 18 19 2 Normal 2 18 2Normal 2 18 20Normal 2 18 20 2Normal 2 18 21Normal 2 18 21 2Normal 2 18 22Normal 2 18 22 2Normal 2 18 23Normal 2 18 23 2Normal 2 18 24Normal 2 18 25Normal 2 18 26Normal 2 18 27 Normal 2 18 3Normal 2 18 3 2Normal 2 18 3 3 Normal 2 18 4Normal 2 18 4 2Normal 2 18 4 3 Normal 2 18 5Normal 2 18 5 2Normal 2 18 5 3 Normal 2 18 6Normal 2 18 6 2Normal 2 18 6 3  Normal 2 18 7 Normal 2 18 7 2 Normal 2 18 7 3  Normal 2 18 8 Normal 2 18 8 2Normal 2 18 8 3 Normal 2 18 9Normal 2 18 9 2Normal 2 18 9 3 Normal 2 19Normal 2 19 10Normal 2 19 10 2Normal 2 19 10 3Normal 2 19 11Normal 2 19 11 2Normal 2 19 12Normal 2 19 12 2Normal 2 19 13Normal 2 19 13 2Normal 2 19 14Normal 2 19 14 2Normal 2 19 15Normal 2 19 15 2 Normal 2 19 16!Normal 2 19 16 2"Normal 2 19 17#Normal 2 19 17 2$Normal 2 19 18%Normal 2 19 18 2&Normal 2 19 19'Normal 2 19 19 2( Normal 2 19 2)Normal 2 19 20*Normal 2 19 20 2+Normal 2 19 21,Normal 2 19 21 2-Normal 2 19 22.Normal 2 19 22 2/Normal 2 19 230Normal 2 19 23 21Normal 2 19 242Normal 2 19 253Normal 2 19 264Normal 2 19 275 Normal 2 19 36Normal 2 19 3 27Normal 2 19 3 38 Normal 2 19 49Normal 2 19 4 2:Normal 2 19 4 3; Normal 2 19 5<Normal 2 19 5 2=Normal 2 19 5 3> Normal 2 19 6?Normal 2 19 6 2@Normal 2 19 6 3A Normal 2 19 7BNormal 2 19 7 2CNormal 2 19 7 3D Normal 2 19 8ENormal 2 19 8 2FNormal 2 19 8 3G Normal 2 19 9HNormal 2 19 9 2INormal 2 19 9 3J Normal 2 26 Normal 2 2 K Normal 2 2 10L Normal 2 2 11M Normal 2 2 12N Normal 2 2 13O Normal 2 2 14P Normal 2 2 15Q Normal 2 2 16R Normal 2 2 17S Normal 2 2 18T Normal 2 2 19U Normal 2 2 2VNormal 2 2 2 10WNormal 2 2 2 10 2XNormal 2 2 2 10 3YNormal 2 2 2 11ZNormal 2 2 2 11 2[Normal 2 2 2 11 3\Normal 2 2 2 12]Normal 2 2 2 12 2^Normal 2 2 2 12 3_Normal 2 2 2 13`Normal 2 2 2 13 2aNormal 2 2 2 13 3bNormal 2 2 2 14cNormal 2 2 2 14 2dNormal 2 2 2 14 3eNormal 2 2 2 15fNormal 2 2 2 15 2gNormal 2 2 2 16hNormal 2 2 2 16 2iNormal 2 2 2 17jNormal 2 2 2 17 2kNormal 2 2 2 18lNormal 2 2 2 18 2mNormal 2 2 2 19nNormal 2 2 2 2oNormal 2 2 2 20pNormal 2 2 2 21qNormal 2 2 2 22rNormal 2 2 2 23sNormal 2 2 2 24tNormal 2 2 2 25uNormal 2 2 2 26vNormal 2 2 2 27wNormal 2 2 2 28xNormal 2 2 2 29yNormal 2 2 2 3zNormal 2 2 2 3 2{Normal 2 2 2 3 3|Normal 2 2 2 3 4}Normal 2 2 2 3 5~Normal 2 2 2 3 6Normal 2 2 2 30Normal 2 2 2 30 2Normal 2 2 2 31Normal 2 2 2 31 2Normal 2 2 2 32Normal 2 2 2 32 2Normal 2 2 2 33Normal 2 2 2 33 2Normal 2 2 2 34Normal 2 2 2 34 2Normal 2 2 2 35Normal 2 2 2 35 2Normal 2 2 2 36Normal 2 2 2 36 2Normal 2 2 2 37Normal 2 2 2 37 2Normal 2 2 2 38Normal 2 2 2 39Normal 2 2 2 4Normal 2 2 2 40Normal 2 2 2 41Normal 2 2 2 42Normal 2 2 2 43Normal 2 2 2 44Normal 2 2 2 45Normal 2 2 2 46Normal 2 2 2 47Normal 2 2 2 48Normal 2 2 2 48 2Normal 2 2 2 49Normal 2 2 2 5Normal 2 2 2 5 2Normal 2 2 2 5 3Normal 2 2 2 5 4Normal 2 2 2 50@Normal 2 2 2 50 Normal 2 2 2 50 2DNormal 2 2 2 50 2 Normal 2 2 2 50 3DNormal 2 2 2 50 3 Normal 2 2 2 50 4DNormal 2 2 2 50 4 Normal 2 2 2 50 5DNormal 2 2 2 50 5 Normal 2 2 2 50 6DNormal 2 2 2 50 6 Normal 2 2 2 50 7DNormal 2 2 2 50 7 Normal 2 2 2 50 8DNormal 2 2 2 50 8 Normal 2 2 2 51@Normal 2 2 2 51 Normal 2 2 2 52@Normal 2 2 2 52 Normal 2 2 2 53@Normal 2 2 2 53 Normal 2 2 2 54Normal 2 2 2 55Normal 2 2 2 56Normal 2 2 2 57Normal 2 2 2 58Normal 2 2 2 59Normal 2 2 2 6Normal 2 2 2 60Normal 2 2 2 7Normal 2 2 2 7 2Normal 2 2 2 7 3Normal 2 2 2 8Normal 2 2 2 8 2Normal 2 2 2 8 3Normal 2 2 2 9Normal 2 2 2 9 2Normal 2 2 2 9 3 Normal 2 2 20 Normal 2 2 21 Normal 2 2 22 Normal 2 2 23 Normal 2 2 24 Normal 2 2 25Normal 2 2 25 10Normal 2 2 25 10 2Normal 2 2 25 10 3Normal 2 2 25 11Normal 2 2 25 11 2Normal 2 2 25 12Normal 2 2 25 12 2Normal 2 2 25 13Normal 2 2 25 13 2Normal 2 2 25 14Normal 2 2 25 14 2Normal 2 2 25 15Normal 2 2 25 15 2Normal 2 2 25 16Normal 2 2 25 16 2Normal 2 2 25 17Normal 2 2 25 17 2Normal 2 2 25 18Normal 2 2 25 18 2Normal 2 2 25 19Normal 2 2 25 19 2Normal 2 2 25 2Normal 2 2 25 20Normal 2 2 25 20 2Normal 2 2 25 21Normal 2 2 25 21 2Normal 2 2 25 22Normal 2 2 25 22 2Normal 2 2 25 23Normal 2 2 25 23 2Normal 2 2 25 24Normal 2 2 25 25Normal 2 2 25 3Normal 2 2 25 3 2Normal 2 2 25 3 3Normal 2 2 25 4Normal 2 2 25 4 2Normal 2 2 25 4 3Normal 2 2 25 5Normal 2 2 25 5 2Normal 2 2 25 5 3Normal 2 2 25 6Normal 2 2 25 6 2Normal 2 2 25 6 3Normal 2 2 25 7Normal 2 2 25 7 2Normal 2 2 25 7 3Normal 2 2 25 8Normal 2 2 25 8 2Normal 2 2 25 8 3Normal 2 2 25 9Normal 2 2 25 9 2Normal 2 2 25 9 3 Normal 2 2 26 Normal 2 2 27 Normal 2 2 28Normal 2 2 28 10Normal 2 2 28 10 2Normal 2 2 28 11Normal 2 2 28 11 2Normal 2 2 28 12Normal 2 2 28 12 2Normal 2 2 28 13Normal 2 2 28 13 2Normal 2 2 28 14Normal 2 2 28 14 2Normal 2 2 28 15Normal 2 2 28 15 2Normal 2 2 28 16Normal 2 2 28 16 2 Normal 2 2 28 17 Normal 2 2 28 17 2 Normal 2 2 28 18 Normal 2 2 28 18 2 Normal 2 2 28 19Normal 2 2 28 19 2Normal 2 2 28 2Normal 2 2 28 2 2Normal 2 2 28 2 3Normal 2 2 28 20Normal 2 2 28 20 2Normal 2 2 28 21Normal 2 2 28 21 2Normal 2 2 28 22Normal 2 2 28 22 2Normal 2 2 28 3Normal 2 2 28 3 2Normal 2 2 28 3 3Normal 2 2 28 4Normal 2 2 28 4 2Normal 2 2 28 4 3Normal 2 2 28 5Normal 2 2 28 5 2 Normal 2 2 28 5 3!Normal 2 2 28 6"Normal 2 2 28 6 2#Normal 2 2 28 6 3$Normal 2 2 28 7%Normal 2 2 28 7 2&Normal 2 2 28 7 3'Normal 2 2 28 8(Normal 2 2 28 8 2)Normal 2 2 28 8 3*Normal 2 2 28 9+Normal 2 2 28 9 2,Normal 2 2 28 9 3- Normal 2 2 29< Normal 2 2 29 . Normal 2 2 3/ Normal 2 2 30< Normal 2 2 30 0 Normal 2 2 31< Normal 2 2 31 1 Normal 2 2 32< Normal 2 2 32 2 Normal 2 2 33< Normal 2 2 33 3 Normal 2 2 34< Normal 2 2 34 4 Normal 2 2 35< Normal 2 2 35 5 Normal 2 2 36< Normal 2 2 36 6 Normal 2 2 37< Normal 2 2 37 7 Normal 2 2 38< Normal 2 2 38 8 Normal 2 2 39< Normal 2 2 39 9 Normal 2 2 4: Normal 2 2 40< Normal 2 2 40 ; Normal 2 2 41< Normal 2 2 41 < Normal 2 2 42< Normal 2 2 42 = Normal 2 2 43< Normal 2 2 43 > Normal 2 2 44< Normal 2 2 44 ? Normal 2 2 45< Normal 2 2 45 @ Normal 2 2 46< Normal 2 2 46 A Normal 2 2 47< Normal 2 2 47 B Normal 2 2 48< Normal 2 2 48 C Normal 2 2 49< Normal 2 2 49 D Normal 2 2 5E Normal 2 2 50< Normal 2 2 50 F Normal 2 2 51< Normal 2 2 51 G Normal 2 2 52< Normal 2 2 52 H Normal 2 2 53< Normal 2 2 53 I Normal 2 2 54< Normal 2 2 54 J Normal 2 2 55< Normal 2 2 55 K Normal 2 2 56< Normal 2 2 56 L Normal 2 2 57< Normal 2 2 57 M Normal 2 2 58< Normal 2 2 58 N Normal 2 2 59< Normal 2 2 59 O Normal 2 2 6P Normal 2 2 60< Normal 2 2 60 Q Normal 2 2 61< Normal 2 2 61 R Normal 2 2 62< Normal 2 2 62 S Normal 2 2 63< Normal 2 2 63 T Normal 2 2 64< Normal 2 2 64 U Normal 2 2 65< Normal 2 2 65 V Normal 2 2 66< Normal 2 2 66 W Normal 2 2 67< Normal 2 2 67 X Normal 2 2 68< Normal 2 2 68 Y Normal 2 2 69< Normal 2 2 69 Z Normal 2 2 7[ Normal 2 2 70< Normal 2 2 70 \ Normal 2 2 71< Normal 2 2 71 ] Normal 2 2 72< Normal 2 2 72 ^ Normal 2 2 73< Normal 2 2 73 _ Normal 2 2 74< Normal 2 2 74 ` Normal 2 2 75< Normal 2 2 75 a Normal 2 2 76< Normal 2 2 76 b Normal 2 2 77< Normal 2 2 77 c Normal 2 2 78< Normal 2 2 78 d Normal 2 2 79< Normal 2 2 79 e Normal 2 2 8f Normal 2 2 80< Normal 2 2 80 g Normal 2 2 85< Normal 2 2 85 h Normal 2 2 86< Normal 2 2 86 i Normal 2 2 9j Normal 2 20kNormal 2 20 10lNormal 2 20 10 2mNormal 2 20 10 3nNormal 2 20 11oNormal 2 20 11 2pNormal 2 20 12qNormal 2 20 12 2rNormal 2 20 13sNormal 2 20 13 2tNormal 2 20 14uNormal 2 20 14 2vNormal 2 20 15wNormal 2 20 15 2xNormal 2 20 16yNormal 2 20 16 2zNormal 2 20 17{Normal 2 20 17 2|Normal 2 20 18}Normal 2 20 18 2~Normal 2 20 19Normal 2 20 19 2 Normal 2 20 2Normal 2 20 20Normal 2 20 20 2Normal 2 20 21Normal 2 20 21 2Normal 2 20 22Normal 2 20 22 2Normal 2 20 23Normal 2 20 23 2Normal 2 20 24Normal 2 20 25Normal 2 20 26Normal 2 20 27 Normal 2 20 3Normal 2 20 3 2Normal 2 20 3 3 Normal 2 20 4Normal 2 20 4 2Normal 2 20 4 3 Normal 2 20 5Normal 2 20 5 2Normal 2 20 5 3 Normal 2 20 6Normal 2 20 6 2Normal 2 20 6 3 Normal 2 20 7Normal 2 20 7 2Normal 2 20 7 3 Normal 2 20 8Normal 2 20 8 2Normal 2 20 8 3 Normal 2 20 9Normal 2 20 9 2Normal 2 20 9 3 Normal 2 21Normal 2 21 10Normal 2 21 10 2Normal 2 21 10 3Normal 2 21 11Normal 2 21 11 2Normal 2 21 12Normal 2 21 12 2Normal 2 21 13Normal 2 21 13 2Normal 2 21 14Normal 2 21 14 2Normal 2 21 15Normal 2 21 15 2Normal 2 21 16Normal 2 21 16 2Normal 2 21 17Normal 2 21 17 2Normal 2 21 18Normal 2 21 18 2Normal 2 21 19Normal 2 21 19 2 Normal 2 21 2Normal 2 21 20Normal 2 21 20 2Normal 2 21 21Normal 2 21 21 2Normal 2 21 22Normal 2 21 22 2Normal 2 21 23Normal 2 21 23 2Normal 2 21 24Normal 2 21 25Normal 2 21 26Normal 2 21 27 Normal 2 21 3Normal 2 21 3 2Normal 2 21 3 3 Normal 2 21 4Normal 2 21 4 2Normal 2 21 4 3 Normal 2 21 5Normal 2 21 5 2Normal 2 21 5 3 Normal 2 21 6Normal 2 21 6 2Normal 2 21 6 3 Normal 2 21 7Normal 2 21 7 2Normal 2 21 7 3 Normal 2 21 8Normal 2 21 8 2Normal 2 21 8 3 Normal 2 21 9Normal 2 21 9 2Normal 2 21 9 3 Normal 2 22Normal 2 22 10Normal 2 22 10 2Normal 2 22 10 3Normal 2 22 11Normal 2 22 11 2Normal 2 22 12Normal 2 22 12 2Normal 2 22 13Normal 2 22 13 2Normal 2 22 14Normal 2 22 14 2Normal 2 22 15Normal 2 22 15 2Normal 2 22 16Normal 2 22 16 2Normal 2 22 17Normal 2 22 17 2Normal 2 22 18Normal 2 22 18 2Normal 2 22 19Normal 2 22 19 2 Normal 2 22 2Normal 2 22 20Normal 2 22 20 2Normal 2 22 21Normal 2 22 21 2Normal 2 22 22Normal 2 22 22 2Normal 2 22 23Normal 2 22 23 2Normal 2 22 24Normal 2 22 25Normal 2 22 26Normal 2 22 27 Normal 2 22 3Normal 2 22 3 2Normal 2 22 3 3 Normal 2 22 4Normal 2 22 4 2Normal 2 22 4 3 Normal 2 22 5Normal 2 22 5 2Normal 2 22 5 3 Normal 2 22 6Normal 2 22 6 2Normal 2 22 6 3  Normal 2 22 7 Normal 2 22 7 2 Normal 2 22 7 3  Normal 2 22 8 Normal 2 22 8 2Normal 2 22 8 3 Normal 2 22 9Normal 2 22 9 2Normal 2 22 9 3 Normal 2 23Normal 2 23 10Normal 2 23 10 2Normal 2 23 10 3Normal 2 23 11Normal 2 23 11 2Normal 2 23 12Normal 2 23 12 2Normal 2 23 13Normal 2 23 13 2Normal 2 23 14Normal 2 23 14 2Normal 2 23 15Normal 2 23 15 2 Normal 2 23 16!Normal 2 23 16 2"Normal 2 23 17#Normal 2 23 17 2$Normal 2 23 18%Normal 2 23 18 2&Normal 2 23 19'Normal 2 23 19 2( Normal 2 23 2)Normal 2 23 20*Normal 2 23 20 2+Normal 2 23 21,Normal 2 23 21 2-Normal 2 23 22.Normal 2 23 22 2/Normal 2 23 230Normal 2 23 23 21Normal 2 23 242Normal 2 23 253Normal 2 23 264Normal 2 23 275 Normal 2 23 36Normal 2 23 3 27Normal 2 23 3 38 Normal 2 23 49Normal 2 23 4 2:Normal 2 23 4 3; Normal 2 23 5<Normal 2 23 5 2=Normal 2 23 5 3> Normal 2 23 6?Normal 2 23 6 2@Normal 2 23 6 3A Normal 2 23 7BNormal 2 23 7 2CNormal 2 23 7 3D Normal 2 23 8ENormal 2 23 8 2FNormal 2 23 8 3G Normal 2 23 9HNormal 2 23 9 2INormal 2 23 9 3J Normal 2 24KNormal 2 24 10LNormal 2 24 10 2MNormal 2 24 10 3NNormal 2 24 11ONormal 2 24 11 2PNormal 2 24 12QNormal 2 24 12 2RNormal 2 24 13SNormal 2 24 13 2TNormal 2 24 14UNormal 2 24 14 2VNormal 2 24 15WNormal 2 24 15 2XNormal 2 24 16YNormal 2 24 16 2ZNormal 2 24 17[Normal 2 24 17 2\Normal 2 24 18]Normal 2 24 18 2^Normal 2 24 19_Normal 2 24 19 2` Normal 2 24 2aNormal 2 24 20bNormal 2 24 20 2cNormal 2 24 21dNormal 2 24 21 2eNormal 2 24 22fNormal 2 24 22 2gNormal 2 24 23hNormal 2 24 23 2iNormal 2 24 24jNormal 2 24 25kNormal 2 24 26lNormal 2 24 27m Normal 2 24 3nNormal 2 24 3 2oNormal 2 24 3 3p Normal 2 24 4qNormal 2 24 4 2rNormal 2 24 4 3s Normal 2 24 5tNormal 2 24 5 2uNormal 2 24 5 3v Normal 2 24 6wNormal 2 24 6 2xNormal 2 24 6 3y Normal 2 24 7zNormal 2 24 7 2{Normal 2 24 7 3| Normal 2 24 8}Normal 2 24 8 2~Normal 2 24 8 3 Normal 2 24 9Normal 2 24 9 2Normal 2 24 9 3 Normal 2 25Normal 2 25 10Normal 2 25 10 2Normal 2 25 10 3Normal 2 25 11Normal 2 25 11 2Normal 2 25 12Normal 2 25 12 2Normal 2 25 13Normal 2 25 13 2Normal 2 25 14Normal 2 25 14 2Normal 2 25 15Normal 2 25 15 2Normal 2 25 16Normal 2 25 16 2Normal 2 25 17Normal 2 25 17 2Normal 2 25 18Normal 2 25 18 2Normal 2 25 19Normal 2 25 19 2 Normal 2 25 2Normal 2 25 20Normal 2 25 20 2Normal 2 25 21Normal 2 25 21 2Normal 2 25 22Normal 2 25 22 2Normal 2 25 23Normal 2 25 23 2Normal 2 25 24Normal 2 25 25Normal 2 25 26Normal 2 25 27 Normal 2 25 3Normal 2 25 3 2Normal 2 25 3 3 Normal 2 25 4Normal 2 25 4 2Normal 2 25 4 3 Normal 2 25 5Normal 2 25 5 2Normal 2 25 5 3 Normal 2 25 6Normal 2 25 6 2Normal 2 25 6 3 Normal 2 25 7Normal 2 25 7 2Normal 2 25 7 3 Normal 2 25 8Normal 2 25 8 2Normal 2 25 8 3 Normal 2 25 9Normal 2 25 9 2Normal 2 25 9 3 Normal 2 26Normal 2 26 10Normal 2 26 10 2Normal 2 26 10 3Normal 2 26 11Normal 2 26 11 2Normal 2 26 12Normal 2 26 12 2Normal 2 26 13Normal 2 26 13 2Normal 2 26 14Normal 2 26 14 2Normal 2 26 15Normal 2 26 15 2Normal 2 26 16Normal 2 26 16 2Normal 2 26 17Normal 2 26 17 2Normal 2 26 18Normal 2 26 18 2Normal 2 26 19Normal 2 26 19 2 Normal 2 26 2Normal 2 26 20Normal 2 26 20 2Normal 2 26 21Normal 2 26 21 2Normal 2 26 22Normal 2 26 22 2Normal 2 26 23Normal 2 26 23 2Normal 2 26 24Normal 2 26 25Normal 2 26 26Normal 2 26 27 Normal 2 26 3Normal 2 26 3 2Normal 2 26 3 3 Normal 2 26 4Normal 2 26 4 2Normal 2 26 4 3 Normal 2 26 5Normal 2 26 5 2Normal 2 26 5 3 Normal 2 26 6Normal 2 26 6 2Normal 2 26 6 3 Normal 2 26 7Normal 2 26 7 2Normal 2 26 7 3 Normal 2 26 8Normal 2 26 8 2Normal 2 26 8 3 Normal 2 26 9Normal 2 26 9 2Normal 2 26 9 3 Normal 2 27Normal 2 27 10Normal 2 27 10 2Normal 2 27 10 3Normal 2 27 11Normal 2 27 11 2Normal 2 27 12Normal 2 27 12 2Normal 2 27 13Normal 2 27 13 2Normal 2 27 14Normal 2 27 14 2Normal 2 27 15Normal 2 27 15 2Normal 2 27 16Normal 2 27 16 2Normal 2 27 17Normal 2 27 17 2Normal 2 27 18Normal 2 27 18 2Normal 2 27 19Normal 2 27 19 2 Normal 2 27 2 Normal 2 27 20 Normal 2 27 20 2 Normal 2 27 21 Normal 2 27 21 2 Normal 2 27 22Normal 2 27 22 2Normal 2 27 23Normal 2 27 23 2Normal 2 27 24Normal 2 27 25Normal 2 27 26Normal 2 27 27 Normal 2 27 3Normal 2 27 3 2Normal 2 27 3 3 Normal 2 27 4Normal 2 27 4 2Normal 2 27 4 3 Normal 2 27 5Normal 2 27 5 2Normal 2 27 5 3 Normal 2 27 6Normal 2 27 6 2 Normal 2 27 6 3! Normal 2 27 7"Normal 2 27 7 2#Normal 2 27 7 3$ Normal 2 27 8%Normal 2 27 8 2&Normal 2 27 8 3' Normal 2 27 9(Normal 2 27 9 2)Normal 2 27 9 3* Normal 2 28+Normal 2 28 10,Normal 2 28 10 2-Normal 2 28 10 3.Normal 2 28 11/Normal 2 28 11 20Normal 2 28 121Normal 2 28 12 22Normal 2 28 133Normal 2 28 13 24Normal 2 28 145Normal 2 28 14 26Normal 2 28 157Normal 2 28 15 28Normal 2 28 169Normal 2 28 16 2:Normal 2 28 17;Normal 2 28 17 2<Normal 2 28 18=Normal 2 28 18 2>Normal 2 28 19?Normal 2 28 19 2@ Normal 2 28 2ANormal 2 28 20BNormal 2 28 20 2CNormal 2 28 21DNormal 2 28 21 2ENormal 2 28 22FNormal 2 28 22 2GNormal 2 28 23HNormal 2 28 23 2INormal 2 28 24JNormal 2 28 25KNormal 2 28 26LNormal 2 28 27M Normal 2 28 3NNormal 2 28 3 2ONormal 2 28 3 3P Normal 2 28 4QNormal 2 28 4 2RNormal 2 28 4 3S Normal 2 28 5TNormal 2 28 5 2UNormal 2 28 5 3V Normal 2 28 6WNormal 2 28 6 2XNormal 2 28 6 3Y Normal 2 28 7ZNormal 2 28 7 2[Normal 2 28 7 3\ Normal 2 28 8]Normal 2 28 8 2^Normal 2 28 8 3_ Normal 2 28 9`Normal 2 28 9 2aNormal 2 28 9 3b Normal 2 29c Normal 2 3d Normal 2 30eNormal 2 30 10fNormal 2 30 10 2gNormal 2 30 10 3hNormal 2 30 11iNormal 2 30 11 2jNormal 2 30 12kNormal 2 30 12 2lNormal 2 30 13mNormal 2 30 13 2nNormal 2 30 14oNormal 2 30 14 2pNormal 2 30 15qNormal 2 30 15 2rNormal 2 30 16sNormal 2 30 16 2tNormal 2 30 17uNormal 2 30 17 2vNormal 2 30 18wNormal 2 30 18 2xNormal 2 30 19yNormal 2 30 19 2z Normal 2 30 2{Normal 2 30 20|Normal 2 30 20 2}Normal 2 30 21~Normal 2 30 21 2Normal 2 30 22Normal 2 30 22 2Normal 2 30 23Normal 2 30 23 2Normal 2 30 24Normal 2 30 25Normal 2 30 26Normal 2 30 27 Normal 2 30 3Normal 2 30 3 2Normal 2 30 3 3 Normal 2 30 4Normal 2 30 4 2Normal 2 30 4 3 Normal 2 30 5Normal 2 30 5 2Normal 2 30 5 3 Normal 2 30 6Normal 2 30 6 2Normal 2 30 6 3 Normal 2 30 7Normal 2 30 7 2Normal 2 30 7 3 Normal 2 30 8Normal 2 30 8 2Normal 2 30 8 3 Normal 2 30 9Normal 2 30 9 2Normal 2 30 9 3 Normal 2 31Normal 2 31 10Normal 2 31 10 2Normal 2 31 10 3Normal 2 31 11Normal 2 31 11 2Normal 2 31 12Normal 2 31 12 2Normal 2 31 13Normal 2 31 13 2Normal 2 31 14Normal 2 31 14 2Normal 2 31 15Normal 2 31 15 2Normal 2 31 16Normal 2 31 16 2Normal 2 31 17Normal 2 31 17 2Normal 2 31 18Normal 2 31 18 2Normal 2 31 19Normal 2 31 19 2 Normal 2 31 2Normal 2 31 20Normal 2 31 20 2Normal 2 31 21Normal 2 31 21 2Normal 2 31 22Normal 2 31 22 2Normal 2 31 23Normal 2 31 23 2Normal 2 31 24Normal 2 31 25Normal 2 31 26Normal 2 31 27 Normal 2 31 3Normal 2 31 3 2Normal 2 31 3 3 Normal 2 31 4Normal 2 31 4 2Normal 2 31 4 3 Normal 2 31 5Normal 2 31 5 2Normal 2 31 5 3 Normal 2 31 6Normal 2 31 6 2Normal 2 31 6 3 Normal 2 31 7Normal 2 31 7 2Normal 2 31 7 3 Normal 2 31 8Normal 2 31 8 2Normal 2 31 8 3 Normal 2 31 9Normal 2 31 9 2Normal 2 31 9 3 Normal 2 32Normal 2 32 10Normal 2 32 10 2Normal 2 32 10 3Normal 2 32 11Normal 2 32 11 2Normal 2 32 12Normal 2 32 12 2Normal 2 32 13Normal 2 32 13 2Normal 2 32 14Normal 2 32 14 2Normal 2 32 15Normal 2 32 15 2Normal 2 32 16Normal 2 32 16 2Normal 2 32 17Normal 2 32 17 2Normal 2 32 18Normal 2 32 18 2Normal 2 32 19Normal 2 32 19 2 Normal 2 32 2Normal 2 32 20Normal 2 32 20 2Normal 2 32 21Normal 2 32 21 2Normal 2 32 22Normal 2 32 22 2Normal 2 32 23Normal 2 32 23 2Normal 2 32 24Normal 2 32 25Normal 2 32 26Normal 2 32 27 Normal 2 32 3Normal 2 32 3 2Normal 2 32 3 3 Normal 2 32 4Normal 2 32 4 2Normal 2 32 4 3 Normal 2 32 5Normal 2 32 5 2Normal 2 32 5 3 Normal 2 32 6Normal 2 32 6 2Normal 2 32 6 3 Normal 2 32 7Normal 2 32 7 2Normal 2 32 7 3 Normal 2 32 8Normal 2 32 8 2Normal 2 32 8 3  Normal 2 32 9 Normal 2 32 9 2 Normal 2 32 9 3  Normal 2 33 Normal 2 33 10Normal 2 33 10 2Normal 2 33 10 3Normal 2 33 11Normal 2 33 11 2Normal 2 33 12Normal 2 33 12 2Normal 2 33 13Normal 2 33 13 2Normal 2 33 14Normal 2 33 14 2Normal 2 33 15Normal 2 33 15 2Normal 2 33 16Normal 2 33 16 2Normal 2 33 17Normal 2 33 17 2Normal 2 33 18Normal 2 33 18 2 Normal 2 33 19!Normal 2 33 19 2" Normal 2 33 2#Normal 2 33 20$Normal 2 33 20 2%Normal 2 33 21&Normal 2 33 21 2'Normal 2 33 22(Normal 2 33 22 2)Normal 2 33 23*Normal 2 33 23 2+Normal 2 33 24,Normal 2 33 25-Normal 2 33 26.Normal 2 33 27/ Normal 2 33 30Normal 2 33 3 21Normal 2 33 3 32 Normal 2 33 43Normal 2 33 4 24Normal 2 33 4 35 Normal 2 33 56Normal 2 33 5 27Normal 2 33 5 38 Normal 2 33 69Normal 2 33 6 2:Normal 2 33 6 3; Normal 2 33 7<Normal 2 33 7 2=Normal 2 33 7 3> Normal 2 33 8?Normal 2 33 8 2@Normal 2 33 8 3A Normal 2 33 9BNormal 2 33 9 2CNormal 2 33 9 3D Normal 2 34ENormal 2 34 10FNormal 2 34 10 2GNormal 2 34 10 3HNormal 2 34 11INormal 2 34 11 2JNormal 2 34 12KNormal 2 34 12 2LNormal 2 34 13MNormal 2 34 13 2NNormal 2 34 14ONormal 2 34 14 2PNormal 2 34 15QNormal 2 34 15 2RNormal 2 34 16SNormal 2 34 16 2TNormal 2 34 17UNormal 2 34 17 2VNormal 2 34 18WNormal 2 34 18 2XNormal 2 34 19YNormal 2 34 19 2Z Normal 2 34 2[Normal 2 34 20\Normal 2 34 20 2]Normal 2 34 21^Normal 2 34 21 2_Normal 2 34 22`Normal 2 34 22 2aNormal 2 34 23bNormal 2 34 23 2cNormal 2 34 24dNormal 2 34 25eNormal 2 34 26fNormal 2 34 27g Normal 2 34 3hNormal 2 34 3 2iNormal 2 34 3 3j Normal 2 34 4kNormal 2 34 4 2lNormal 2 34 4 3m Normal 2 34 5nNormal 2 34 5 2oNormal 2 34 5 3p Normal 2 34 6qNormal 2 34 6 2rNormal 2 34 6 3s Normal 2 34 7tNormal 2 34 7 2uNormal 2 34 7 3v Normal 2 34 8wNormal 2 34 8 2xNormal 2 34 8 3y Normal 2 34 9zNormal 2 34 9 2{Normal 2 34 9 3| Normal 2 35}Normal 2 35 10~Normal 2 35 10 2Normal 2 35 10 3Normal 2 35 11Normal 2 35 11 2Normal 2 35 12Normal 2 35 12 2Normal 2 35 13Normal 2 35 13 2Normal 2 35 14Normal 2 35 14 2Normal 2 35 15Normal 2 35 15 2Normal 2 35 16Normal 2 35 16 2Normal 2 35 17Normal 2 35 17 2Normal 2 35 18Normal 2 35 18 2Normal 2 35 19Normal 2 35 19 2 Normal 2 35 2Normal 2 35 20Normal 2 35 20 2Normal 2 35 21Normal 2 35 21 2Normal 2 35 22Normal 2 35 22 2Normal 2 35 23Normal 2 35 23 2Normal 2 35 24Normal 2 35 25Normal 2 35 26Normal 2 35 27 Normal 2 35 3Normal 2 35 3 2Normal 2 35 3 3 Normal 2 35 4Normal 2 35 4 2Normal 2 35 4 3 Normal 2 35 5Normal 2 35 5 2Normal 2 35 5 3 Normal 2 35 6Normal 2 35 6 2Normal 2 35 6 3 Normal 2 35 7Normal 2 35 7 2Normal 2 35 7 3 Normal 2 35 8Normal 2 35 8 2Normal 2 35 8 3 Normal 2 35 9Normal 2 35 9 2Normal 2 35 9 3 Normal 2 36 Normal 2 36 2Normal 2 36 2 10Normal 2 36 2 10 2Normal 2 36 2 11Normal 2 36 2 11 2Normal 2 36 2 12Normal 2 36 2 12 2Normal 2 36 2 13Normal 2 36 2 13 2Normal 2 36 2 14Normal 2 36 2 14 2Normal 2 36 2 15Normal 2 36 2 15 2Normal 2 36 2 16Normal 2 36 2 16 2Normal 2 36 2 17Normal 2 36 2 17 2Normal 2 36 2 18Normal 2 36 2 18 2Normal 2 36 2 19Normal 2 36 2 19 2Normal 2 36 2 2Normal 2 36 2 2 2Normal 2 36 2 2 3Normal 2 36 2 20Normal 2 36 2 20 2Normal 2 36 2 21Normal 2 36 2 21 2Normal 2 36 2 22Normal 2 36 2 22 2Normal 2 36 2 23Normal 2 36 2 24Normal 2 36 2 3Normal 2 36 2 3 2Normal 2 36 2 3 3Normal 2 36 2 4Normal 2 36 2 4 2Normal 2 36 2 4 3Normal 2 36 2 5Normal 2 36 2 5 2Normal 2 36 2 5 3Normal 2 36 2 6Normal 2 36 2 6 2Normal 2 36 2 6 3Normal 2 36 2 7Normal 2 36 2 7 2Normal 2 36 2 7 3Normal 2 36 2 8Normal 2 36 2 8 2Normal 2 36 2 8 3Normal 2 36 2 9Normal 2 36 2 9 2Normal 2 36 2 9 3 Normal 2 36 3 Normal 2 36 4 Normal 2 36 5 Normal 2 36 6 Normal 2 37 Normal 2 37 2Normal 2 37 2 10Normal 2 37 2 10 2Normal 2 37 2 11Normal 2 37 2 11 2Normal 2 37 2 12Normal 2 37 2 12 2Normal 2 37 2 13Normal 2 37 2 13 2Normal 2 37 2 14Normal 2 37 2 14 2Normal 2 37 2 15Normal 2 37 2 15 2Normal 2 37 2 16Normal 2 37 2 16 2Normal 2 37 2 17Normal 2 37 2 17 2Normal 2 37 2 18Normal 2 37 2 18 2Normal 2 37 2 19Normal 2 37 2 19 2Normal 2 37 2 2Normal 2 37 2 2 2Normal 2 37 2 2 3Normal 2 37 2 20Normal 2 37 2 20 2 Normal 2 37 2 21 Normal 2 37 2 21 2 Normal 2 37 2 22 Normal 2 37 2 22 2 Normal 2 37 2 23Normal 2 37 2 24Normal 2 37 2 3Normal 2 37 2 3 2Normal 2 37 2 3 3Normal 2 37 2 4Normal 2 37 2 4 2Normal 2 37 2 4 3Normal 2 37 2 5Normal 2 37 2 5 2Normal 2 37 2 5 3Normal 2 37 2 6Normal 2 37 2 6 2Normal 2 37 2 6 3Normal 2 37 2 7Normal 2 37 2 7 2Normal 2 37 2 7 3Normal 2 37 2 8Normal 2 37 2 8 2 Normal 2 37 2 8 3!Normal 2 37 2 9"Normal 2 37 2 9 2#Normal 2 37 2 9 3$ Normal 2 37 3% Normal 2 37 4& Normal 2 37 5' Normal 2 37 6( Normal 2 38) Normal 2 38 2*Normal 2 38 2 10+Normal 2 38 2 10 2,Normal 2 38 2 11-Normal 2 38 2 11 2.Normal 2 38 2 12/Normal 2 38 2 12 20Normal 2 38 2 131Normal 2 38 2 13 22Normal 2 38 2 143Normal 2 38 2 14 24Normal 2 38 2 155Normal 2 38 2 15 26Normal 2 38 2 167Normal 2 38 2 16 28Normal 2 38 2 179Normal 2 38 2 17 2:Normal 2 38 2 18;Normal 2 38 2 18 2<Normal 2 38 2 19=Normal 2 38 2 19 2>Normal 2 38 2 2?Normal 2 38 2 2 2@Normal 2 38 2 2 3ANormal 2 38 2 20BNormal 2 38 2 20 2CNormal 2 38 2 21DNormal 2 38 2 21 2ENormal 2 38 2 22FNormal 2 38 2 22 2GNormal 2 38 2 23HNormal 2 38 2 24INormal 2 38 2 3JNormal 2 38 2 3 2KNormal 2 38 2 3 3LNormal 2 38 2 4MNormal 2 38 2 4 2NNormal 2 38 2 4 3ONormal 2 38 2 5PNormal 2 38 2 5 2QNormal 2 38 2 5 3RNormal 2 38 2 6SNormal 2 38 2 6 2TNormal 2 38 2 6 3UNormal 2 38 2 7VNormal 2 38 2 7 2WNormal 2 38 2 7 3XNormal 2 38 2 8YNormal 2 38 2 8 2ZNormal 2 38 2 8 3[Normal 2 38 2 9\Normal 2 38 2 9 2]Normal 2 38 2 9 3^ Normal 2 39_ Normal 2 39 2`Normal 2 39 2 10aNormal 2 39 2 10 2bNormal 2 39 2 11cNormal 2 39 2 11 2dNormal 2 39 2 12eNormal 2 39 2 12 2fNormal 2 39 2 13gNormal 2 39 2 13 2hNormal 2 39 2 14iNormal 2 39 2 14 2jNormal 2 39 2 15kNormal 2 39 2 15 2lNormal 2 39 2 16mNormal 2 39 2 16 2nNormal 2 39 2 17oNormal 2 39 2 17 2pNormal 2 39 2 18qNormal 2 39 2 18 2rNormal 2 39 2 19sNormal 2 39 2 19 2tNormal 2 39 2 2uNormal 2 39 2 2 2vNormal 2 39 2 2 3wNormal 2 39 2 20xNormal 2 39 2 20 2yNormal 2 39 2 21zNormal 2 39 2 21 2{Normal 2 39 2 22|Normal 2 39 2 22 2}Normal 2 39 2 23~Normal 2 39 2 24Normal 2 39 2 3Normal 2 39 2 3 2Normal 2 39 2 3 3Normal 2 39 2 4Normal 2 39 2 4 2Normal 2 39 2 4 3Normal 2 39 2 5Normal 2 39 2 5 2Normal 2 39 2 5 3Normal 2 39 2 6Normal 2 39 2 6 2Normal 2 39 2 6 3Normal 2 39 2 7Normal 2 39 2 7 2Normal 2 39 2 7 3Normal 2 39 2 8Normal 2 39 2 8 2Normal 2 39 2 8 3Normal 2 39 2 9Normal 2 39 2 9 2Normal 2 39 2 9 3 Normal 2 4 Normal 2 40Normal 2 40 10Normal 2 40 10 2Normal 2 40 11Normal 2 40 11 2Normal 2 40 12Normal 2 40 12 2Normal 2 40 13Normal 2 40 13 2Normal 2 40 14Normal 2 40 14 2Normal 2 40 15Normal 2 40 15 2Normal 2 40 16Normal 2 40 16 2Normal 2 40 17Normal 2 40 17 2Normal 2 40 18Normal 2 40 18 2Normal 2 40 19Normal 2 40 19 2 Normal 2 40 2Normal 2 40 2 2Normal 2 40 2 3Normal 2 40 20Normal 2 40 20 2Normal 2 40 21Normal 2 40 21 2Normal 2 40 22Normal 2 40 22 2Normal 2 40 23Normal 2 40 24 Normal 2 40 3Normal 2 40 3 2Normal 2 40 3 3 Normal 2 40 4Normal 2 40 4 2Normal 2 40 4 3 Normal 2 40 5Normal 2 40 5 2Normal 2 40 5 3 Normal 2 40 6Normal 2 40 6 2Normal 2 40 6 3 Normal 2 40 7Normal 2 40 7 2Normal 2 40 7 3 Normal 2 40 8Normal 2 40 8 2Normal 2 40 8 3 Normal 2 40 9Normal 2 40 9 2Normal 2 40 9 3 Normal 2 41Normal 2 41 10Normal 2 41 10 2Normal 2 41 11Normal 2 41 11 2Normal 2 41 12Normal 2 41 12 2Normal 2 41 13Normal 2 41 13 2Normal 2 41 14Normal 2 41 14 2Normal 2 41 15Normal 2 41 15 2Normal 2 41 16Normal 2 41 16 2Normal 2 41 17Normal 2 41 17 2Normal 2 41 18Normal 2 41 18 2Normal 2 41 19Normal 2 41 19 2 Normal 2 41 2Normal 2 41 2 2Normal 2 41 2 3Normal 2 41 20Normal 2 41 20 2Normal 2 41 21Normal 2 41 21 2Normal 2 41 22Normal 2 41 22 2 Normal 2 41 3Normal 2 41 3 2Normal 2 41 3 3 Normal 2 41 4Normal 2 41 4 2Normal 2 41 4 3 Normal 2 41 5Normal 2 41 5 2Normal 2 41 5 3 Normal 2 41 6Normal 2 41 6 2Normal 2 41 6 3 Normal 2 41 7Normal 2 41 7 2Normal 2 41 7 3 Normal 2 41 8Normal 2 41 8 2Normal 2 41 8 3 Normal 2 41 9Normal 2 41 9 2Normal 2 41 9 3 Normal 2 42 Normal 2 43 Normal 2 44 Normal 2 45 Normal 2 46 Normal 2 47 Normal 2 48 Normal 2 49 Normal 2 5 Normal 2 50 Normal 2 51 Normal 2 52  Normal 2 6  Normal 2 7  Normal 2 8  Normal 2 808 Normal 2 80   Normal 2 9 Normal 20 Normal 21 Normal 22 Normal 23 Normal 24 Normal 25 Normal 26 Normal 27 Normal 28 Normal 29 Normal 3 Normal 3 10 Normal 3 11 Normal 3 12 Normal 3 13 Normal 3 14 Normal 3 15 Normal 3 16  Normal 3 17! Normal 3 18" Normal 3 19# Normal 3 2$ Normal 3 20% Normal 3 21& Normal 3 22' Normal 3 23( Normal 3 24) Normal 3 25* Normal 3 26+ Normal 3 27, Normal 3 28- Normal 3 29. Normal 3 3/ Normal 3 300 Normal 3 41 Normal 3 52 Normal 3 63 Normal 3 74 Normal 3 85 Normal 3 96 Normal 307 Normal 318 Normal 329 Normal 33: Normal 34; Normal 35< Normal 36= Normal 37> Normal 38? Normal 39 @Normal 4A Normal 40B Normal 41C Normal 42D Normal 43E Normal 44F Normal 45G Normal 46H Normal 47I Normal 48J Normal 49 KNormal 5L Normal 50M Normal 51N Normal 52O Normal 53P Normal 54Q Normal 55R Normal 56S Normal 57T Normal 58U Normal 59 VNormal 6W Normal 6 2X Normal 6 2 10YNormal 6 2 10 2ZNormal 6 2 10 3[ Normal 6 2 11\Normal 6 2 11 2] Normal 6 2 12^Normal 6 2 12 2_ Normal 6 2 13`Normal 6 2 13 2a Normal 6 2 14bNormal 6 2 14 2c Normal 6 2 15dNormal 6 2 15 2e Normal 6 2 16fNormal 6 2 16 2g Normal 6 2 17hNormal 6 2 17 2i Normal 6 2 18jNormal 6 2 18 2k Normal 6 2 19lNormal 6 2 19 2m Normal 6 2 2n Normal 6 2 20oNormal 6 2 20 2p Normal 6 2 21qNormal 6 2 21 2r Normal 6 2 22sNormal 6 2 22 2t Normal 6 2 23uNormal 6 2 23 2v Normal 6 2 24w Normal 6 2 25x Normal 6 2 26y Normal 6 2 27z Normal 6 2 3{Normal 6 2 3 2|Normal 6 2 3 3} Normal 6 2 4~Normal 6 2 4 2Normal 6 2 4 3 Normal 6 2 5Normal 6 2 5 2Normal 6 2 5 3 Normal 6 2 6Normal 6 2 6 2Normal 6 2 6 3 Normal 6 2 7Normal 6 2 7 2Normal 6 2 7 3 Normal 6 2 8Normal 6 2 8 2Normal 6 2 8 3 Normal 6 2 9Normal 6 2 9 2Normal 6 2 9 3 Normal 6 3 Normal 60 Normal 61 Normal 62 Normal 63 Normal 64 Normal 65 Normal 66 Normal 67 Normal 68 Normal 69 Normal 7 108 Normal 7 10  Normal 7 118 Normal 7 11  Normal 7 128 Normal 7 12  Normal 7 138 Normal 7 13  Normal 7 148 Normal 7 14  Normal 7 158 Normal 7 15  Normal 7 168 Normal 7 16  Normal 7 178 Normal 7 17  Normal 7 188 Normal 7 18  Normal 7 198 Normal 7 19  Normal 7 2 Normal 7 2 10 Normal 7 2 11 Normal 7 2 12 Normal 7 2 13 Normal 7 2 14 Normal 7 2 15 Normal 7 2 16 Normal 7 2 17 Normal 7 2 18 Normal 7 2 19 Normal 7 2 2Normal 7 2 2 2Normal 7 2 2 3Normal 7 2 2 4Normal 7 2 2 5Normal 7 2 2 6 Normal 7 2 20 Normal 7 2 21 Normal 7 2 22 Normal 7 2 23 Normal 7 2 24 Normal 7 2 25 Normal 7 2 26 Normal 7 2 27 Normal 7 2 28 Normal 7 2 29 Normal 7 2 3 Normal 7 2 30 Normal 7 2 31 Normal 7 2 32 Normal 7 2 33 Normal 7 2 34 Normal 7 2 35 Normal 7 2 36 Normal 7 2 37 Normal 7 2 38 Normal 7 2 39 Normal 7 2 4 Normal 7 2 40 Normal 7 2 41 Normal 7 2 42 Normal 7 2 43 Normal 7 2 44 Normal 7 2 45 Normal 7 2 46 Normal 7 2 47 Normal 7 2 48< Normal 7 2 48 Normal 7 2 48 2@Normal 7 2 48 2 Normal 7 2 48 3@Normal 7 2 48 3 Normal 7 2 48 4@Normal 7 2 48 4 Normal 7 2 48 5@Normal 7 2 48 5 Normal 7 2 48 6@Normal 7 2 48 6 Normal 7 2 48 7@Normal 7 2 48 7 Normal 7 2 48 8@Normal 7 2 48 8  Normal 7 2 49< Normal 7 2 49  Normal 7 2 5 Normal 7 2 50< Normal 7 2 50  Normal 7 2 51< Normal 7 2 51  Normal 7 2 52 Normal 7 2 53 Normal 7 2 54 Normal 7 2 55 Normal 7 2 56 Normal 7 2 57 Normal 7 2 6 Normal 7 2 7 Normal 7 2 8 Normal 7 2 9 Normal 7 208 Normal 7 20  Normal 7 218 Normal 7 21  Normal 7 228 Normal 7 22  Normal 7 238 Normal 7 23  Normal 7 248 Normal 7 24  Normal 7 258 Normal 7 25  Normal 7 268 Normal 7 26  Normal 7 278 Normal 7 27  Normal 7 288 Normal 7 28  Normal 7 298 Normal 7 29  Normal 7 3 Normal 7 308 Normal 7 30  Normal 7 318 Normal 7 31  Normal 7 328 Normal 7 32  Normal 7 338 Normal 7 33  Normal 7 348 Normal 7 34  Normal 7 358 Normal 7 35  Normal 7 368 Normal 7 36  Normal 7 378 Normal 7 37  Normal 7 388 Normal 7 38  Normal 7 398 Normal 7 39  Normal 7 4 Normal 7 408 Normal 7 40  Normal 7 418 Normal 7 41  Normal 7 428 Normal 7 42  Normal 7 438 Normal 7 43  Normal 7 448 Normal 7 44  Normal 7 458 Normal 7 45  Normal 7 468 Normal 7 46  Normal 7 478 Normal 7 47  Normal 7 488 Normal 7 48  Normal 7 498 Normal 7 49   Normal 7 5; Normal 7 5 %  Normal 7 508 Normal 7 50   Normal 7 51  Normal 7 66 Normal 7 6   Normal 7 76 Normal 7 7  Normal 7 86 Normal 7 8  Normal 7 96 Normal 7 9  Normal 70 Normal 71 Normal 72 Normal 73 Normal 74 Normal 75 Normal 76 Normal 76 2 Normal 77 Normal 78 Normal 78 2 Normal 79 Normal 8 Normal 80 Normal 81 Normal 82  Normal 83! Normal 84" Normal 85# Normal 86$ Normal 87% Normal 88& Normal 89 'Normal 9( Normal 9 2) Normal 9 3* Normal 9 4+ Normal 90, Normal 91- Normal 92. Normal 93/ Normal 940 Normal 951 Normal 962 Normal 97 3Noteb Note   4Note 2fNote 2   5OutputwOutput  ???%????????? ???6$Percent 7Style 1 8Title1Title I}% 9TotalMTotal %OO: Warning Text? Warning Text %XTableStyleMedium2PivotStyleLight16` Qvista8 <O CCE IDCCE DescriptionCCE ParametersCCE Technical Mechanisms Old v4 CCE IDFNIST SCAP Windows Vista XCCDF (SCAP-WinVista-XCCDF.xml rev 2007-02-06)DNIST SCAP Windows Vista OVAL (SCAP-WinVista-OVAL.xml rev 2007-02-06)QFDCC Windows Vista XCCDF (fdcc-accepted-content-20080110\fdcc-winvista-xccdf.xml)OFDCC Windows Vista OVAL (fdcc-accepted-content-20080110\fdcc-winvista-oval.xml)_FDCC Windows Vista Firewall XCCDF (fdcc-accepted-content-20080110\fdcc-vistafirewall-xccdf.xml)]FDCC Windows Vista Firewall OVAL (fdcc-accepted-content-20080110\fdcc-vistafirewall-oval.xml)'USGCB XCCDF (USGCB-Windows-Vista-xccdf)%USGCB OVAL (USGCB-Windows-Vista-oval) CCE-2715-1TThe "reset account lockout counter after" policy should meet minimum requirements. (1) number of minutes&(1) defined by Local or Group Policy CCE-733reset-account-lockout-counter&oval:com.secure-elements.oval:def:6009account_lockout_reset_counter!oval:gov.nist.fdcc.vista:def:6009 CCE-2363-0IThe "account lockout duration" policy should meet minimum requirements. CCE-980account-lockout-duration&oval:com.secure-elements.oval:def:6007account_lockout_duration!oval:gov.nist.fdcc.vista:def:6007 CCE-3177-3JThe "account lockout threshold" policy should meet minimum requirements. (1) number of attemptsCCE-658account-lockout-threshold&oval:com.secure-elements.oval:def:6008account_lockout_threshold!oval:gov.nist.fdcc.vista:def:6008 CCE-2820-9\Auditing of "account logon" events on success should be enabled or disabled as appropriate..(1) enabled/disabledCCE-2628audit-account-logon-events&oval:com.secure-elements.oval:def:6010audit_account_logon_eventsoval:gov.nist.fdcc.vista:def:27 CCE-3089-0\Auditing of "account logon" events on failure should be enabled or disabled as appropriate..CCE-2543 CCE-3234-2aAuditing of "account management" events on success should be enabled or disabled as appropriate..CCE-2000audit-account-management&oval:com.secure-elements.oval:def:6011audit_account_managementoval:gov.nist.fdcc.vista:def:29 CCE-3287-0aAuditing of "account management" events on failure should be enabled or disabled as appropriate..CCE-1646 CCE-3041-1gAuditing of "directory service access" events on success should be enabled or disabled as appropriate..CCE-2118audit-directory-services-access&oval:com.secure-elements.oval:def:6012audit_directory_service_accessoval:gov.nist.fdcc.vista:def:30 CCE-3309-2gAuditing of "directory service access" events on failure should be enabled or disabled as appropriate..CCE-2390 CCE-3076-7TAuditing of "logon" events on success should be enabled or disabled as appropriate..%(1) defined by Local or Group Policy CCE-1686audit-logon-events&oval:com.secure-elements.oval:def:6013audit_logon_eventsoval:gov.nist.fdcc.vista:def:32 CCE-2970-2TAuditing of "logon" events on failure should be enabled or disabled as appropriate..CCE-1744 CCE-2724-3\Auditing of "object access" events on success should be enabled or disabled as appropriate..CCE-2640audit-object-access&oval:com.secure-elements.oval:def:6014audit_object_accessoval:gov.nist.fdcc.vista:def:34 CCE-3243-3\Auditing of "object access" events on failure should be enabled or disabled as appropriate..CCE-1991 CCE-2746-6\Auditing of "policy change" events on success should be enabled or disabled as appropriate..CCE-2412audit-policy-change&oval:com.secure-elements.oval:def:6015audit_policy_changeoval:gov.nist.fdcc.vista:def:35 CCE-2653-4\Auditing of "policy change" events on failure should be enabled or disabled as appropriate..CCE-2347 CCE-2322-6\Auditing of "privilege use" events on success should be enabled or disabled as appropriate..CCE-2431audit-privilege-use&oval:com.secure-elements.oval:def:6016audit_privilege_useoval:gov.nist.fdcc.vista:def:36 CCE-3257-3\Auditing of "privilege use" events on failure should be enabled or disabled as appropriate..CCE-2584 CCE-3024-7_Auditing of "process tracking" events on success should be enabled or disabled as appropriate..CCE-2529audit-process-tracking&oval:com.secure-elements.oval:def:6017audit_process_trackingoval:gov.nist.fdcc.vista:def:40 CCE-2927-2_Auditing of "process tracking" events on failure should be enabled or disabled as appropriate..CCE-2617 CCE-2953-8UAuditing of "system" events on success should be enabled or disabled as appropriate..CCE-2420audit-system-events&oval:com.secure-elements.oval:def:6018audit_system_eventsoval:gov.nist.fdcc.vista:def:37 CCE-3222-7UAuditing of "system" events on failure should be enabled or disabled as appropriate..CCE-1680 CCE-3121-1PThe "restrict guest access to application log" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RestrictGuestAccess (2) defined by Group Policy CCE-299$Prevent-Guest-Application-Log-Access&oval:com.secure-elements.oval:def:6509 CCE-3015-5CThe application log maximum size should be configured correctly.. (1) size of file(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Application!MaxSizeCCE-185Maximum-Application-Log-Size&oval:com.secure-elements.oval:def:6506maximum_application_log_size oval:gov.nist.fdcc.vista:def:197 CCE-2905-8bThe "when maximum log size is reached" property should be set correctly for the Application log. (1) type of retention(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Application\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Application\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RetentionCCE-285$Retention-Method-For-Application-Log&oval:com.secure-elements.oval:def:6512 CCE-2659-1MThe "restrict guest access to security log" policy should be set correctly. }(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\RestrictGuestAccess (2) defined by Group Policy CCE-462!Prevent-Guest-Security-Log-Access&oval:com.secure-elements.oval:def:6511 CCE-3302-7@The security log maximum size should be configured correctly.. (1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Security!MaxSizeCCE-757Maximum-Security-Log-Size&oval:com.secure-elements.oval:def:6507maximum_security_log_size oval:gov.nist.fdcc.vista:def:198 CCE-3196-3_The "when maximum log size is reached" property should be set correctly for the Security log. (1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Security\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\Security\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RetentionCCE-523!Retention-Method-For-Security-Log&oval:com.secure-elements.oval:def:6513 CCE-2839-9KThe "restrict guest access to system log" policy should be set correctly. {(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\RestrictGuestAccess (2) defined by Group Policy CCE-726Prevent-Guest-System-Log-Access&oval:com.secure-elements.oval:def:6510 CCE-3165-8;The system log maximum size should be configured correctly.(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Service\System\Maximum Log Size (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\System!MaxSizeCCE-735Maximum-System-Log-Size&oval:com.secure-elements.oval:def:6508maximum_system_log_size oval:gov.nist.fdcc.vista:def:199 CCE-2931-4]The "when maximum log size is reached" property should be set correctly for the System log. (1) type of retention(1) Computer Configuration\Administrative Templates\Windows Components\Event Log Se< rvice\System\Retain old events (2) HKLM\Software\Policies\Microsoft\Windows\EventLog\System\Retention (3) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\RetentionCCE-664Retention-Method-For-System-Log&oval:com.secure-elements.oval:def:6514 CCE-2967-8EThe "maximum password age" policy should meet minimum requirements. (1) number of daysCCE-871maximum-password-age&oval:com.secure-elements.oval:def:6002password-maximum_age!oval:gov.nist.fdcc.vista:def:6002 CCE-3240-9EThe "minimum password age" policy should meet minimum requirements. CCE-324minimum-password-age&oval:com.secure-elements.oval:def:6003password-minimum-age!oval:gov.nist.fdcc.vista:def:6003 CCE-2883-7HThe "minimum password length" policy should meet minimum requirements. CCE-100minimum-password-length&oval:com.secure-elements.oval:def:6006password-minimum-length!oval:gov.nist.fdcc.vista:def:6006 CCE-3033-8QThe "password must meet complexity requirments" policy should be set correctly. CCE-633password-complexity&oval:com.secure-elements.oval:def:6004password_complexity!oval:gov.nist.fdcc.vista:def:6004 CCE-2323-4IThe "enforce password history" policy should meet minimum requirements. "(1) number of passwords rememberedCCE-60enforce-password-history&oval:com.secure-elements.oval:def:6001password_enforce_history!oval:gov.nist.fdcc.vista:def:6001 CCE-3311-8nThe "store password using reversible encryption for all users in the domain" policy should be set correctly. CCE-479reversible-password-encryption&oval:com.secure-elements.oval:def:6005password_reversible_encryption!oval:gov.nist.fdcc.vista:def:6005 CCE-3316-7>The startup type of the Messenger service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-729(Do-not-allow-Windows-Messenger-to-be-run&oval:com.secure-elements.oval:def:6601(do_not_allow_windows_messenger_to_be_run!oval:gov.nist.fdcc.vista:def:6601 CCE-3082-5VThe startup type of the NetMeeting Remote Desktop Sharing service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-232Disable-remote-Desktop-Sharing&oval:com.secure-elements.oval:def:6595!oval:gov.nist.fdcc.vista:def:6595 CCE-3232-6sThe behavior surrounding Anonymous users' abiliity to display lists of SAM accounts and shares should be correct. (1) restricted/unrestrictedv(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous (2) defined by Local or Group Policy CCE-1956do-not-allow-anonymous-enumeration-sam-accounts-shares&oval:com.secure-elements.oval:def:6071!oval:gov.nist.fdcc.vista:def:6071 CCE-3272-2fThe behavior surrounding Anonymous users' abiliity to display lists of SAM accounts should be correct.y(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM (2) defined by Local or Group Policy CCE-318&do-not-allow-anonymous-enumeration-sam&oval:com.secure-elements.oval:def:6070!oval:gov.nist.fdcc.vista:def:6070 CCE-2339-0LThe behavior surrounding Anonymous SID/Name translation should be correct. p(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AnonymousNameLookup (2) defined by Local or Group CCE-953Anonymous-SID-Name-Translationanonymous_sid_name_translation!oval:gov.nist.fdcc.vista:def:6106 CCE-3248-2OUse of the built-in Guest account should be enabled or disabled as appropriate. (1) Local Users and Groups MMC CCE-332guest-account-status&oval:com.secure-elements.oval:def:6020!oval:gov.nist.fdcc.vista:def:6020 CCE-3032-0YUse of the built-in Administrator account should be enabled or disabled as appropriate. CCE-499administrator-account-status&oval:com.secure-elements.oval:def:6019 CCE-3314-2TThe "Message title for users attempting to log on" policy should be set correctly. (1) text caption(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaption (2) defined by Local or Group Policy CCE-23$message-title-users-attempting-logon&oval:com.secure-elements.oval:def:6042!oval:gov.nist.fdcc.vista:def:6042 CCE-3336-5SThe "Message text for users attempting to log on" policy should be set correctly. (1) text statement(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText (2) defined by Local or Group Policy CCE-829#message-text-users-attempting-logon&oval:com.secure-elements.oval:def:6041!oval:gov.nist.fdcc.vista:def:6041 CCE-3072-60Automatic Logon should be properly configured. ](1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon CCE-283enable-automatic-logon&oval:com.secure-elements.oval:def:6054!oval:gov.nist.fdcc.vista:def:6054 CCE-2719-3<Autoplay on all Drive Types should be properly configured. g(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun CCE-44)Turn-off-Autoplay, no-drive-type-auto-runNoval:com.secure-elements.oval:def:6574, oval:com.secure-elements.oval:def:6060turn_off_autoplay!oval:gov.nist.fdcc.vista:def:6574 CCE-3239-1/ICMP Redirects should be properly configured. (1) enabled/ignored](1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ServicesTcpip\Parameters\EnableICMPRedirect CCE-150enable-icmp-redirect&oval:com.secure-elements.oval:def:6057!oval:gov.nist.fdcc.vista:def:6057 CCE-3261-52IP Source Routing should be properly configured. (1) 0 = No additional protection, source routed packets are allowed | 1 = Medium, source routed packets ignored when IP forwarding is enabled | 2 = Highest protection, source routing is completely disabledb(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting CCE-564disable-ip-source-routing&oval:com.secure-elements.oval:def:6055!oval:gov.nist.fdcc.vista:def:6055 CCE-3279-7%IRDP should be properly configured. b(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery CCE-952perform-router-discovery&oval:com.secure-elements.oval:def:6063!oval:gov.nist.fdcc.vista:def:6063 CCE-3173-2GDisplay Last User Name in Logon Screen should be properly configured. f(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DontDisplayLastUserName CCE-65do-not-display-last-user-name&oval:com.secure-elements.oval:def:6039!oval:gov.nist.fdcc.vista:def:6039 CCE-3067-6FSystem availability to Master Browser should be properly configured. (1) available/hiddenY(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters\Hidden CCE-139hide-system-from-browse-list&oval:com.secure-elements.oval:def:6058!oval:gov.nist.fdcc.vista:def:6058 CCE-3120-3>TCP/IP Dead Gateway Detection should be properly configured. ^(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect CCE-897enable-dead-gw-detect&oval:com.secure-elements.oval:def:6056!oval:gov.nist.fdcc.vista:def:6056 CCE-3142-75The TCP/IP KeepAlive Time should be set correctly . (1) number of millisecondsY(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime CCE-188keep-alive-time&oval:com.secure-elements.oval:def:6059!oval:gov.nist.fdcc.vista:def:6059 CCE-2785-4QTCP/IP NetBIOS Name Release on Request Prevented should be properly configured. a(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netbt\Parameters\NoNameReleaseOnDemand CCE-817no-name-release-on-demand&oval:com.secure-elements.oval:def:6061!oval:gov.nist.fdcc.vista:def:6061 CCE-2679-9CTCP/IP SYN Flood Attack Protection should be properly configured. \(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SynAttackProtect < CCE-284syn-attack-protect&oval:com.secure-elements.oval:def:6066!oval:gov.nist.fdcc.vista:def:6066 CCE-3181-5ASecurity Audit log warning level should be properly configured. (1) warning levelY(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security\WarningLevel CCE-125 warning-level&oval:com.secure-elements.oval:def:6069!oval:gov.nist.fdcc.vista:def:6069 CCE-3199-75Safe DLL Search Mode should be properly configured. S(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Session Manager\SafeDllSearchMode CCE-271safe-dll-search-mode&oval:com.secure-elements.oval:def:6064!oval:gov.nist.fdcc.vista:def:6064 CCE-2714-4?The built-in Administrator account should be correctly named. (1) valid namesCCE-438rename-administrator&oval:com.secure-elements.oval:def:6022!oval:gov.nist.fdcc.vista:def:6022 CCE-2359-87The built-in Guest account should be correctly named. CCE-834 rename-guest&oval:com.secure-elements.oval:def:6023!oval:gov.nist.fdcc.vista:def:6023 CCE-2519-7ZThe amount of idle time required before disconnecting a session should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect (2) defined by Local or Group Policy CCE-2226amount-of-idle-time-required-before-suspending-session&oval:com.secure-elements.oval:def:6050!oval:gov.nist.fdcc.vista:def:6050 CCE-3285-4QThe "Audit the access of global system objects" policy should be set correctly. t(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\AuditBaseObjects (2) defined by Local or Group Policy CCE-2"audit-access-global-system-objects&oval:com.secure-elements.oval:def:6024!oval:gov.nist.fdcc.vista:def:6024 CCE-3303-5UThe "Audit the use of backup and restore privilege" policy should be set correctly. z(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing (2) defined by Local or Group Policy CCE-905"audit-use-backup-restore-privilege&oval:com.secure-elements.oval:def:6025!oval:gov.nist.fdcc.vista:def:6025 CCE-3307-6UThe "Disable CTRL+ALT+Delete Requirement for Logon" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD (2) defined by Local or Group Policy CCE-133do-not-require-ctrlaltdel&oval:com.secure-elements.oval:def:6040!oval:gov.nist.fdcc.vista:def:6040 CCE-3325-8UThe "Prevent Users from Installing Printer Drivers" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers\AddPrinterDrivers (2) defined by Local or Group Policy CCE-402!prevent-users-installing-printers&oval:com.secure-elements.oval:def:6030!oval:gov.nist.fdcc.vista:def:6030 CCE-2858-9]The "Restrict CD-ROM Access to Locally Logged-On User Only" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms (2) defined by Local or Group Policy CCE-565&restrict-cdrom-access-local-users-only&oval:com.secure-elements.oval:def:6031!oval:gov.nist.fdcc.vista:def:6031 CCE-3168-2]The "Restrict Floppy Access to Locally Logged-On User Only" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies (2) defined by Local or Group Policy CCE-463'restrict-floppy-access-local-users-only&oval:com.secure-elements.oval:def:6032!oval:gov.nist.fdcc.vista:def:6032 CCE-3212-8jThe "Secure Channel: Require Strong (Windows 2000 or later) Session Key" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireStrongKey (2) defined by Local or Group Policy CCE-417require-strong-session-key&oval:com.secure-elements.oval:def:6038!oval:gov.nist.fdcc.vista:def:6038 CCE-2838-1gThe "Send Unencrypted Password to Connect to Third-Party SMB Servers" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnablePlainTextPassword (2) defined by Local or Group Policy CCE-2284send-unencrypted-password-to-third-party-smb-servers&oval:com.secure-elements.oval:def:6049!oval:gov.nist.fdcc.vista:def:6049 CCE-3230-0ZThe "Users Prompted to Change Password Before Expiration" policy should be set correctly. &(1) number of days prior to expiration(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning (2) defined by Local or Group Policy CCE-8140prompt-user-to-change-password-before-expiration&oval:com.secure-elements.oval:def:6044!oval:gov.nist.fdcc.vista:def:6044 CCE-3001-5eThe "Shut Down system immediately if unable to log security audits" policy should be set correctly. t(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail (2) defined by Local or Group Policy CCE-92!shutdown-system-unable-log-audits&oval:com.secure-elements.oval:def:6027!oval:gov.nist.fdcc.vista:def:6027 CCE-3252-4TThe "Digitally Sign Client Communication (Always)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy CCE-576+digitally-sign-communications-client-always&oval:com.secure-elements.oval:def:6047!oval:gov.nist.fdcc.vista:def:6047 CCE-2380-4[The "Digitally Sign Client Communication (When Possible)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy CCE-5192digitally-sign-communications-client-server-agrees&oval:com.secure-elements.oval:def:6048!oval:gov.nist.fdcc.vista:def:6048 CCE-3023-9TThe "Digitally Sign Server Communication (Always)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature (2) defined by Local or Group Policy CCE-171+digitally-sign-communications-server-always&oval:com.secure-elements.oval:def:6051!oval:gov.nist.fdcc.vista:def:6051 CCE-3164-1[The "Digitally Sign Server Communication (When Possible)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature (2) defined by Local or Group Policy CCE-1042digitally-sign-communications-server-client-agrees&oval:com.secure-elements.oval:def:6052!oval:gov.nist.fdcc.vista:def:6052 CCE-2376-2JThe "Number of Previous Logons to Cache" policy should be set correctly. (1) number of logons(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount (2) defined by Local or Group Policy CCE-773"number-of-previous-logons-to-cache&oval:com.secure-elements.oval:def:6043!oval:gov.nist.fdcc.vista:def:6043 CCE-3225-0XThe "Allowed to Format and Eject Removable NTFS Media" policy should be set correctly. (1) Group(s)(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASD (2) defined by Local or Group Policy CCE-919"allow-format-eject-removable-media&oval:com.secure-elements.oval:def:6029!oval:gov.nist.fdcc.vista:def:6029 CCE-3330-8nThe "Secure Channel: Digitally Encrypt or Sign Secure Channel Data (Always)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal (2) defined by Local or Group Policy CCE-5494digitally-encrypt-or-sign-secure-channel-data-always&oval:com.secure-elements.oval:def:6034!oval:gov.nist.fdcc.vista:def:6034 CCE-2467-9mThe "Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel (2) defined by Local or Group Policy CCE-1613digitally-encrypt-secure-channel-data-when-possible< &oval:com.secure-elements.oval:def:6033!oval:gov.nist.fdcc.vista:def:6033 CCE-3233-4jThe "Secure Channel: Digitally Sign Secure Channel Data (When Possible)" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel (2) defined by Local or Group Policy CCE-9180digitally-sign-secure-channel-data-when-possible&oval:com.secure-elements.oval:def:6035!oval:gov.nist.fdcc.vista:def:6035 CCE-3251-6CThe "Smart Card Removal Behavior" policy should be set correctly. (1) behavior(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption (2) defined by Local or Group Policy CCE-443smart-card-removal-behaviour&oval:com.secure-elements.oval:def:6046!oval:gov.nist.fdcc.vista:def:6046 CCE-3255-7_The "Prevent System Maintenance of Computer Account Password" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange (2) defined by Local or Group Policy CCE-831(disable-machine-account-password-changes&oval:com.secure-elements.oval:def:6036!oval:gov.nist.fdcc.vista:def:6036 CCE-2398-6iThe "Limit local account user of blank passwords to console logon only" policy should be set correctly. y(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LimitBlankPasswordUse (2) defined by Local or Group Policy CCE-533limit-blank-password-use&oval:com.secure-elements.oval:def:6021!oval:gov.nist.fdcc.vista:def:6021 CCE-3326-6LThe "Allow undock without having to logon" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UndockWithoutLogon (2) defined by Local or Group Policy CCE-186allow-undock-no-logon&oval:com.secure-elements.oval:def:6028!oval:gov.nist.fdcc.vista:def:6028 CCE-3075-9LThe "Maximum machine account password age" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\MaximumPasswordAge (2) defined by Local or Group Policy CCE-194$maximum-machine-account-password-age&oval:com.secure-elements.oval:def:6037$maximum_machine-account-password-age!oval:gov.nist.fdcc.vista:def:6037 CCE-3220-1fThe "Require Domain Controller authentication to unlock workstation" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ForceUnlockLogon (2) defined by Local or Group Policy CCE-3742require-domain-controller-authentication-to-unlock&oval:com.secure-elements.oval:def:6045!oval:gov.nist.fdcc.vista:def:6045 CCE-3361-3RThe "Disconnect clients when logon hours expire" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableForcedLogoff (2) defined by Local or Group Policy CCE-278)disconnect-client-when-logon-hours-expire&oval:com.secure-elements.oval:def:6053!oval:gov.nist.fdcc.vista:def:6053 CCE-3379-5]The "Do not allow storage of credentials or .NET Passports" policy should be set correctly. v(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds (2) defined by Local or Group Policy CCE-542<do-not-allow-storage-credentials-net-passports-network-authn&oval:com.secure-elements.oval:def:6072!oval:gov.nist.fdcc.vista:def:6072 CCE-2457-0YThe "Let Everyone permissions apply to anonymous users" policy should be set correctly. }(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous (2) defined by Local or Group Policy CCE-181let-everyone-permissions-apply-to-anonymous-users&oval:com.secure-elements.oval:def:6073!oval:gov.nist.fdcc.vista:def:6073 CCE-3380-3TThe "Named Pipes that can be accessed anonymously" policy should be set correctly. (1) list of named pipes(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionPipes (2) defined by Local or Group Policy CCE-136 named-pipes-accessed-anonymously&oval:com.secure-elements.oval:def:6074!oval:gov.nist.fdcc.vista:def:6074 CCE-2825-8JThe "Remotely accessible registry paths" policy should be set correctly. (1) set of paths(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPathsHKLM (2) defined by Local or Group Policy CCE-189TRemotely-accessible-registry-paths, Remotely-accessible-registry-paths-and-sub-pathsLoval:com.secure-elements.oval:def:6075oval:com.secure-elements.oval:def:6076"Remotely-accessible-registry-paths!oval:gov.nist.fdcc.vista:def:6075 CCE-3349-8OThe "Shares that can be accessed anonymously" policy should be set correctly. (1) set of shares(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\NullSessionShares (2) defined by Local or Group Policy CCE-942>Shares-that-can-be-accessed-anonymously -- NOTE: COMMENTED OUT'Shares-that-can-be-accessed-anonymously"oval:gov.nist.fdcc.vista:def:60771 CCE-3367-0UThe "Sharing and security model for local accounts" policy should be set correctly. (1) Classic/Guest onlyn(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\ForceGuest (2) defined by Local or Group Policy CCE-343-Sharing-and-security-model-for-local-accounts&oval:com.secure-elements.oval:def:6079!oval:gov.nist.fdcc.vista:def:6079 CCE-3138-5cThe "Do not store LAN Manager hash value on next password change" policy should be set correctly. l(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash (2) defined by Local or Group Policy CCE-233;Do-not-store-LAN-Manager-hash-value-on-next-password-change&oval:com.secure-elements.oval:def:6080!oval:gov.nist.fdcc.vista:def:6080 CCE-3283-9LThe "Force logoff when logon hours expire" policy should be set correctly. CCE-775$Force-logoff-when-logon-hours-expire&oval:com.secure-elements.oval:def:6081!oval:gov.nist.fdcc.vista:def:6081 CCE-3050-2WThe "Screen Saver Timeout" setting should be configured correctly for the current user.(1) time in seconds(1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Timeout (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveTimeOut CCE-830screen_save_timeout!oval:gov.nist.fdcc.vista:def:6708 CCE-3429-8mThe "Always Prompt Client for Password upon Connection" policy should be set correctly for Terminal Services.e(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fPromptForPassword CCE-8551Always-prompt-client-for-password-upon-connection&oval:com.secure-elements.oval:def:6599!oval:gov.nist.fdcc.vista:def:6599 CCE-3323-3]The "Allow Solicited Remote Assistance" policy should be set correctly for Terminal Services.b(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowToGetHelp CCE-859Solicited-Remote-Assistance&oval:com.secure-elements.oval:def:6564solicited_remote_assistance!oval:gov.nist.fdcc.vista:def:6564 CCE-3217-7_The "Allow Unsolicited Remote Assistance" policy should be set correctly for Terminal Services.c(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\fAllowUnsolicited CCE-434Offer-Remote-Assistance&oval:com.secure-elements.oval:def:6563offer_remote_assistance!oval:gov.nist.fdcc.vista:def:6563 CCE-3358-99The "Configure Automatic Updates" should be set correctlyCCE-306Configure-Automatic-Updates&oval:com.secure-elements.oval:def:6604 CCE-3345-6}The "Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box" should be set correctlyCCE-989=Do-not-adjust-default-option-to-Install-Updates-and-Shut-Down&oval:com.secure-elements.oval:def:6603 CCE-3363-9sThe "Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box" should be set correctlyCCE-1,Do-not-display-Install-Updates-and-Shut-Down&oval:com.secure-elements.ov< al:def:6602 CCE-2462-0BThe "No auto-restart for scheduled Automatic Updates installationsCCE-641=No-auto-restart-for-scheduled-Automatic-Updates-installations&oval:com.secure-elements.oval:def:6605 CCE-2852-2RThe "Reschedule Automatic Updates scheduled installations" should be set correctlyCCE-8044Reschedule-Automatic-Updates-scheduled-installations&oval:com.secure-elements.oval:def:6606 CCE-3371-2The "DCOM: Machine access Restrictions in Security Descriptor Definition Language (SDDL) syntax" setting should be configured correctly.CCE-458MachineAccessRestrictions#oval:gov.nist.fdcc.vista:def:608243 CCE-3266-4The "DCOM: Machine Launch Restrictions in the Security Descriptor Definition Language (SDDL) syntax" security option should be set correctly.CCE-740MachineLaunchRestrictions#oval:gov.nist.fdcc.vista:def:608244 CCE-3411-6aThe "Display user information when the session is locked" setting should be configured correctly.CCE-22 CCE-2772-2RThe "Interactive logon: Requre smart card" setting should be configured correctly.P(1) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\SCForceOptionCCE-828Require-Smart-Card&oval:com.secure-elements.oval:def:6082 CCE-3292-0qThe "Network access: Restrict anonymous access to named pipes and shares" setting should be configured correctly.CCE-6383Restrict-anonymous-access-to-Named-Pipes-and-Shares&oval:com.secure-elements.oval:def:6077!oval:gov.nist.fdcc.vista:def:6077 CCE-3459-5nMSS:(TCPMaxConnectResponseRetransmission) SYN-ACK retansmissions when a connection request is not acknowledged(1) number of secondsn(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxConnectResponseRetransmissionsCCE-577(tcp-max-connect-response-retransmissions&oval:com.secure-elements.oval:def:6067!oval:gov.nist.fdcc.vista:def:6067 CCE-3460-3SMSS:(TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted(1) number of retransmissionsc(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissionsCCE-872tcp-max-data-retransmissions&oval:com.secure-elements.oval:def:6068!oval:gov.nist.fdcc.vista:def:6068 CCE-3244-1aThe automatic generation of 8.3 file names for NTFS should be enabled or disabled as appropriate._(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreationCCE-511 ntfs-disable-8dot3-name-creation&oval:com.secure-elements.oval:def:6062!oval:gov.nist.fdcc.vista:def:6062 CCE-3394-44RPC Endpiont Mapper Client Authentication (SP2 only)X(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\EnableAuthEpResolutionCCE-145)RPC-Endpoint-Mapper-Client-Authentication&oval:com.secure-elements.oval:def:6566)rpc_endpoint_mapper_client_authentication!oval:gov.nist.fdcc.vista:def:6566 CCE-3160-97Restrictions for Unauthenticated RPC clients (SP2 only)W(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\RPC\RestrictRemoteClientsCCE-423,Restrictions-for-Unauthenticated-RPC-clients&oval:com.secure-elements.oval:def:6565,restrictions_for_unauthenticated_rpc_clients!oval:gov.nist.fdcc.vista:def:6565 CCE-3054-4:Domain Profile: Protect all network connections (SP2 only)|(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewallCCE-806VDomain-Profile-Firewall-Protect-All-Network-Connections, Domain-Profile-Firewall-StateNoval:com.secure-elements.oval:def:6547, oval:com.secure-elements.oval:def:6515domain_profile_firewall_state)oval:gov.nist.fdcc.vistafirewall:def:6515 CCE-3187-22Domain Profile: Do not allow exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptionsCCE-969/Domain-Profile-Firewall-Do-Not-Allow-Exceptions&oval:com.secure-elements.oval:def:6544 CCE-3405-8.Domain Profile: Allow local program exceptions(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\AllowUserPrefMergeCCE-5026Domain-Profile-Firewall-Allow-Local-Program-Exceptions&oval:com.secure-elements.oval:def:6541 CCE-3158-3+Domain Profile: Allow remote administration:(1) enabled/disabled (2) subnets for internal support onlyu(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnabledCCE-771EDomain-Profile-Firewall-Allow-Inbound-Remote-Administration-Exception&oval:com.secure-elements.oval:def:6537 CCE-3431-4CDomain Profile: Allow file and printer sharing exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\FileAndPrint\EnabledCCE-555HDomain-Profile-Firewall-Allow-Inbound-File-And-Printer-Sharing-Exception&oval:com.secure-elements.oval:def:6536 CCE-3458-79Domain Profile: Allow Remote Desktop exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\RemoteDesktop\EnabledCCE-832?Domain-Profile-Firewall-Allow-Inbound-Remote-Desktop-Exceptions&oval:com.secure-elements.oval:def:6538 CCE-2964-59Domain Profile: Allow UPnP framework exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Services\UPnPFramework\EnabledCCE-590?Domain-Profile-Firewall-Allow-Inbound-UPnP-Framework-Exceptions&oval:com.secure-elements.oval:def:6539 CCE-3365-4mThe "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Domain Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotificationsCCE-762SDomain-Profile-Firewall-Prohibit-Notifications, Domain-Profile-Display-NotificationNoval:com.secure-elements.oval:def:6545, oval:com.secure-elements.oval:def:6518 CCE-3260-7pThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Domain Profile..(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log Dropped PacketsCCE-251"domain_profile_log_dropped_packets)oval:gov.nist.fdcc.vistafirewall:def:6401 CCE-2533-8jThe log file path and name for the Windows Firewall should be configured correctly for the Domain Profile. (1) File path(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Logging\NameCCE-793domain_profile_name)oval:gov.nist.fdcc.vistafirewall:def:6403 CCE-3299-5gThe log file size limit for the Windows Firewall should be configured correctly for the Domain Profile.(1) Size limit (KB)$(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogFileSize (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Size limit (KB)CCE-57domain_profile_size_limit)oval:gov.nist.fdcc.vistafirewall:def:6404 CCE-3414-0wThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Domain Profile.<(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\LogSuccessfulConnections (2) Computer C< onfiguration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Logging - Log successful connectionsCCE-617,domain_profile_logged_successful_connections)oval:gov.nist.fdcc.vistafirewall:def:6402 CCE-3436-3xUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Domain Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableUnicastResponsesToMulticastBroadcastCCE-696XDomain-Profile-Firewall-Prohibit-Unicast-Response, Domain-Profile-Allow-Unicast-ResponseNoval:com.secure-elements.oval:def:6546, oval:com.secure-elements.oval:def:6519%domain_profile_allow_unicast_response)oval:gov.nist.fdcc.vistafirewall:def:6519 CCE-3202-91Domain Profile: Define port exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPortsCCE-1146Domain-Profile-Firewall-Define-Inbound-Port-Exceptions&oval:com.secure-elements.oval:def:6542 CCE-3180-76Domain Profile: Allow local port exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\AllowUserPrefMergeCCE-3703Domain-Profile-Firewall-Allow-Local-Port-Exceptions&oval:com.secure-elements.oval:def:6540 CCE-3329-0<Standard Profile: Protect all network connections (SP2 only)~(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewallCCE-2739Standard-Profile-Firewall-Protect-All-Network-Connections&oval:com.secure-elements.oval:def:6559 CCE-3347-24Standard Profile: Do not allow exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptionsCCE-4401Standard-Profile-Firewall-Do-Not-Allow-Exceptions&oval:com.secure-elements.oval:def:6556 CCE-3334-0;Standard Profile: Allow local program exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\AllowUserPrefMergeCCE-352;Standard-Profile-Firewall-Define-Inbound-Program-Exceptions&oval:com.secure-elements.oval:def:6555 CCE-3352-2BStandard Profile: Allow remote administration exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\RemoteDesktopCCE-467GStandard-Profile-Firewall-Allow-Inbound-Remote-Administration-Exception&oval:com.secure-elements.oval:def:6549 CCE-3369-6EStandard Profile: Allow file and printer sharing exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\RemoteDesktop\EnabledCCE-626Standard-Profile-Firewall-Allow-Inbound-File-And-Printer-Sharing-Exception,Standard-Profile-Firewall-Allow-Inbound-File-And-Printer-Sharing-ExceptionsMoval:com.secure-elements.oval:def:6548,oval:com.secure-elements.oval:def:6553 CCE-3387-8;Standard Profile: Allow Remote Desktop exception (SP2 only)CCE-354AStandard-Profile-Firewall-Allow-Inbound-Remote-Desktop-Exceptions&oval:com.secure-elements.oval:def:6550 CCE-3268-0;Standard Profile: Allow UPnP framework exception (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Services\UPnPFramework\EnabledCCE-266AStandard-Profile-Firewall-Allow-Inbound-UPnP-Framework-Exceptions&oval:com.secure-elements.oval:def:6551 CCE-3409-0oThe "Windows Firewall: Prohibit notifications" setting should be configured correctly for the Standard Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotificationsCCE-9010Standard-Profile-Firewall-Prohibit-Notifications&oval:com.secure-elements.oval:def:6557 CCE-3440-5zUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Standard Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableUnicastResponsesToMulticastBroadcastCCE-6323Standard-Profile-Firewall-Prohibit-Unicast-Response&oval:com.secure-elements.oval:def:6558 CCE-3462-93Standard Profile: Define port exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPortsCCE-1968Standard-Profile-Firewall-Define-Inbound-Port-Exceptions&oval:com.secure-elements.oval:def:6554 CCE-3356-38Standard Profile: Allow local port exceptions (SP2 only)(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\AllowUserPrefMergeCCE-775Standard-Profile-Firewall-Allow-Local-Port-Exceptions&oval:com.secure-elements.oval:def:6552 CCE-2999-1$Domain Profile - Inbound Connections(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Inbound Connections Tab\ (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultInboundActionCCE-249"Domain-Profile-Inbound-Connections&oval:com.secure-elements.oval:def:6516"domain_profile_inbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6516 CCE-3439-7%Domain Profile - Outbound Connections(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\DefaultOutboundActionCCE-485#Domain-Profile-Outbound-Connections&oval:com.secure-elements.oval:def:6517#domain_profile_outbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6517 CCE-3457-9+Domain Profile - Apply Local Firewall Rules (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalPolicyMergeCCE-400)Domain-Profile-Apply-Local-Firewall-Rules&oval:com.secure-elements.oval:def:6520)domain_profile_apply_local_firewall_rules)oval:gov.nist.fdcc.vistafirewall:def:6520 CCE-2977-76Domain Profile - Apply Local Connection Security Rules(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AllowLocalIPsecPolicyMergeCCE-5844Domain-Profile-Apply-Local-Connection-Security-Rules&oval:com.secure-elements.oval:def:6521 CCE-3373-8Private Profile- Firewall State(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\EnableFirewallCCE-7Private-Profile-Firewall-State&oval:com.secure-elements.oval:def:6522private_profile_firewall_state)oval:gov.nist.fdcc.vistafirewall:def:6522 CCE-3395-1%Private Profile - Inbound Connections(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultInboundActionCCE-29#Private-Profile-Inbound-Connections&oval:com.secure-elements.oval:def:6523#private_profile_inbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6523 CCE-3166-6&Private Profile - Outbound Connections(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile (< 2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DefaultOutboundActionCCE-32$Private-Profile-Outbound-Connections&oval:com.secure-elements.oval:def:6524$private_profile_outbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6524 CCE-3417-3User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Private Profile.(1) yes/no/not configured (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableNotificationsCCE-38$Private-Profile-Display-Notification&oval:com.secure-elements.oval:def:6525$private_profile_display_notification)oval:gov.nist.fdcc.vistafirewall:def:6525 CCE-2924-9yUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Private Profile.#(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\DisableUnicastResponsesToMulticastBroadcastCCE-70&Private-Profile-Allow-Unicast-Response&oval:com.secure-elements.oval:def:6526&private_profile_allow_unicast_response)oval:gov.nist.fdcc.vistafirewall:def:6526 CCE-3360-5,Private Profile - Apply Local Firewall Rules (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalPolicyMergeCCE-117*Private-Profile-Apply-Local-Firewall-Rules&oval:com.secure-elements.oval:def:6527*private_profile_apply_local_firewall_rules)oval:gov.nist.fdcc.vistafirewall:def:6527 CCE-2854-87Private Profile - Apply Local Connection Security Rules(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AllowLocalIPsecPolicyMergeCCE-1995Private-Profile-Apply-Local-Connection-Security-Rules&oval:com.secure-elements.oval:def:65285private_profile_apply_local_connection_security_rules)oval:gov.nist.fdcc.vistafirewall:def:6528 CCE-3246-6Public Profile- Firewall State(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\EnableFirewallCCE-295Public-Profile-Firewall-State&oval:com.secure-elements.oval:def:6529public_profile_firewall_state)oval:gov.nist.fdcc.vistafirewall:def:6529 CCE-3263-1$Public Profile - Inbound Connections(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultInboundActionCCE-338"Public-Profile-Inbound-Connections&oval:com.secure-elements.oval:def:6530"public_profile_inbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6530 CCE-3351-4%Public Profile - Outbound Connections (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DefaultOutboundActionCCE-342#Public-Profile-Outbound-Connections&oval:com.secure-elements.oval:def:6531#public_profile_outbound_connections)oval:gov.nist.fdcc.vistafirewall:def:6531 CCE-2998-3User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Public Profile. (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableNotificationsCCE-390#Public-Profile-Display-Notification&oval:com.secure-elements.oval:def:6532#public_profile_display_notification)oval:gov.nist.fdcc.vistafirewall:def:6532 CCE-2641-9xUnicast response to multicast or broadcast requests should be enabled or disabled as appropriate for the Public Profile.!(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\DisableUnicastResponsesToMulticastBroadcastCCE-414%Public-Profile-Allow-Unicast-Response&oval:com.secure-elements.oval:def:6533%public_profile_allow_unicast_response)oval:gov.nist.fdcc.vistafirewall:def:6533 CCE-2650-0+Public Profile - Apply Local Firewall Rules (1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMergeCCE-421)Public-Profile-Apply-Local-Firewall-Rules&oval:com.secure-elements.oval:def:6534)public_profile_apply_local_firewall_rules)oval:gov.nist.fdcc.vistafirewall:def:6534 CCE-3426-46Public Profile - Apply Local Connection Security Rules(1)Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Customized Settings (2) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalIPsecPolicyMergeCCE-4374Public-Profile-Apply-Local-Connection-Security-Rules&oval:com.secure-elements.oval:def:65354public_profile_apply_local_connection_security_rules)oval:gov.nist.fdcc.vistafirewall:def:6535 CCE-3320-9*Logon - Do not process the legacy run list(1) Computer Configuration\Administrative Templates\System\Logon (2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRunCCE-503Do-Not-Process-Legacy-Run-List&oval:com.secure-elements.oval:def:6560 CCE-3086-6(Logon - Do not process the run once list(1) Computer Configuration\Administrative Templates\System\Logon (2) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisableLocalMachineRunOnceCCE-583Do-Not-Process-Run-Once-List&oval:com.secure-elements.oval:def:6561do_not_process_run_once_list!oval:gov.nist.fdcc.vista:def:6561 CCE-3452-0)Group Policy - Registry policy processing+(1) Computer Configuration\Administrative Templates\System\Group Policy (2) HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoGPOListChangesRegistry-Policy-Processing&oval:com.secure-elements.oval:def:6562 CCE-3364-7ITurn off Internet download for Web publishing and online ordering wizards(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServicesCCE-691ITurn-off-Internet-download-for-Web-publishing-and-online-ordering-wizards&oval:com.secure-elements.oval:def:6568!oval:gov.nist.fdcc.vista:def:6568 CCE-3259-9FTurn off the Windows Messenger Customer Experience Improvement Program(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Messenger\Client!CEIPCCE-722FTurn-off-the-Windows-Messenger-Customer-Experience-Improvement-Program&oval:com.secure-elements.oval:d< ef:6569!oval:gov.nist.fdcc.vista:def:6569 CCE-2778-9.Turn off Search Companion content file updates(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdatesCCE-818.Turn-off-Search-Companion-content-file-updates&oval:com.secure-elements.oval:def:6570!oval:gov.nist.fdcc.vista:def:6570 CCE-3421-5Turn off printing over HTTP(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrintingCCE-852Turn-off-printing-over-HTTP&oval:com.secure-elements.oval:def:6571!oval:gov.nist.fdcc.vista:def:6571 CCE-2754-0/Turn off downloading of print drivers over HTTP(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownloadCCE-887/Turn-off-downloading-of-print-drivers-over-HTTP&oval:com.secure-elements.oval:def:6572/turn_off_downloading_of_print_drivers_over_http!oval:gov.nist.fdcc.vista:def:6572 CCE-3278-9/Turn off Windows Update device driver searching(1) Computer Configuration\Administrative Templates\System\Internet Communication Settings (2) HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdateCCE-927/Turn-off-Windows-Update-device-driver-searching&oval:com.secure-elements.oval:def:6573!oval:gov.nist.fdcc.vista:def:6573 CCE-2471-1-Enumerate administrator accounts on elevation(1) Computer Configuration\Administrative Templates\System\Credential User Interface (2) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnumerateAdministratorsCCE-935-Enumerate-administrator-accounts-on-elevation&oval:com.secure-elements.oval:def:6575-enumerate_administrator_accounts_on_elevation!oval:gov.nist.fdcc.vista:def:6575 CCE-3310-0)Require trusted path for credential entry(1) Computer Configuration\Administrative Templates\System\Credential User Interface (2) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnableSecureCredentialPromptingCCE-255)Require-trusted-path-for-credential-entry&oval:com.secure-elements.oval:def:6576 CCE-3327-4?Deny all add-ons unless specifically allowed in the Add-on List(1) Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management (2) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext!RestrictToListCCE-466?Deny-all-add-ons-unless-specifically-allowed-in-the-Add-on-List&oval:com.secure-elements.oval:def:6594 CCE-2975-1fThe "Do not allow passwords to be saved" setting should be configured correctly for Terminal Services.(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Remote Desktop Connection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DisablePasswordSavingCCE-976"Do-not-allow-passwords-to-be-saved&oval:com.secure-elements.oval:def:6596!oval:gov.nist.fdcc.vista:def:6596 CCE-2874-6bThe "Do not allow drive redirection" setting should be configured correctly for Terminal Services.(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdmCCE-648Do-not-allow-drive-redirection&oval:com.secure-elements.oval:def:6598 CCE-3415-72Access to registry editing tools is set correctly.(1) User Configuration\Administrative Templates\System (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryToolsCCE-405&oval:com.secure-elements.oval:def:6500 CCE-3169-0FPrompt for password on resume from hibernate/suspend is set correctly.(1) User Configuration\Administrative Templates\System\Power Mangement (2) HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\Power\PromptPasswordOnResumeCCE-5094Prompt-for-password-on-resume-from-hibernate-suspend&oval:com.secure-elements.oval:def:67144prompt_for_password_on_resume_from_hibernate_suspend!oval:gov.nist.fdcc.vista:def:6714 CCE-3437-1EDo not preserve zone information in file attachments is set correcly.(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformationCCE-124Do-not-preserve-zone-information-in-file-attachments&oval:com.secure-elements.oval:def:65024do_not_preserve_zone_information_in_file_attachments!oval:gov.nist.fdcc.vista:def:6502 CCE-2979-3;Hide mechanisms to remove zone information is set correcly.(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\HideZoneInfoOnPropertiesCCE-58*Hide-mechanisms-to-remove-zone-information&oval:com.secure-elements.oval:def:6503*hide_mechanisms_to_remove_zone_information!oval:gov.nist.fdcc.vista:def:6503 CCE-3300-1CNotify antivirus programs when opening attachments is set correcly.(1) User Configuration\Administrative Templates\System\Attachment Manager (2) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirusCCE-3722Notify-antivirus-programs-when-opening-attachments&oval:com.secure-elements.oval:def:65042notify_antivirus_programs_when_opening_attachments!oval:gov.nist.fdcc.vista:def:6504 CCE-3305-06Outlook Express attachment blocking is set correctly. (1) User Configuration\Administrative Templates\Windows Components\Internet Explorer (2) HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\BlockExeAttachmentsCCE-886&oval:com.secure-elements.oval:def:6505 CCE-3450-4@Audit: Force audit policy subcategory settings are set correcly.(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options (2) HKEY_LOCAL_MACHINE\System\Currentcontrolset\Control\Lsa\SCENoApplyLegacyAuditPolicyCCE-111override-audit-policy-settings&oval:com.secure-elements.oval:def:6026!oval:gov.nist.fdcc.vista:def:6026 CCE-3102-1FThe "Log Access For Setup Log" setting should be configured correctly.W(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Setup\ChannelAccessCCE-1044Log-Access-For-Setup-Log&oval:com.secure-elements.oval:def:6701 CCE-3388-6NThe startup type of the Windows Search service should be configured correctly.j(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service\StartCCE-84Windows-Search&oval:com.secure-elements.oval:def:6148 CCE-3270-6^The startup type of Microsoft Peer-to-Peer Networking Services should be configured correctly.C(1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Peernet\DisabledCCE-863Turn-Off-Microsoft-Peer-to-Peer-Networking-Services&oval:com.secure-elements.oval:def:66623turn_off_microsoft_peer_to_peer_networking_services!oval:gov.nist.fdcc.vista:def:6662 CCE-3045-2`The "Prohibit Access of the Windows Connect Now Wizards" setting should be configured correctly.N(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WCN\UI\DisableWcnUiCCE-6292Prohibit-Access-of-the-Windows-Connect-Now-Wizards&oval:com.secure-elements.oval:def:66652prohibit_access_of_the_windows_connect_now_wizards!oval:gov.nist.fdcc.vista:def:6666 CCE-3331-6VThe "Allow remote access to the PnP interface" setting should be configured correctly.`(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\AllowRemoteRPCCCE-593(Allow-remote-access-to-the-PnP-interface&oval:com.secure-elements.oval:def:6667(allow_remote_access_to_the_pnp_interface!oval:gov.nist.fdcc.vista:def:6667 CCE-3464-5qThe "Do not create system restore point when new device driver installed" setting should be configured correctly.f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSystemRestoreCCE-849< CDo-not-create-system-restore-point-when-new-device-driver-installed&oval:com.secure-elements.oval:def:6668Cdo_not_create_system_restore_point_when_new_device_driver_installed!oval:gov.nist.fdcc.vista:def:6668 CCE-3468-6The "Do not send a Windows Error Report when a generic driver is installed on a device" setting should be configured correctly.w(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DeviceInstall\Settings\DisableSendGenericDriverNotFoundToWERCCE-571KDo-not-send-Windows-Error-Report-when-generic-driver-is-installed-on-device&oval:com.secure-elements.oval:def:6669Kdo_not_send_windows_error_report_when_generic_driver_is_installed_on_device!oval:gov.nist.fdcc.vista:def:6669 CCE-3362-1[The "Turn Off Access to All Windows Update Feature" setting should be configured correctly.c(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\DisableWindowsUpdateAccessCCE-91-Turn-Off-Access-to-All-Windows-Update-Feature&oval:com.secure-elements.oval:def:6673 CCE-3454-6YThe "Turn Off Automatic Root Certificates Update" setting should be configured correctly.d(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdateCCE-858+Turn-Off-Automatic-Root-Certificates-Update&oval:com.secure-elements.oval:def:6674+turn_off_automatic_root_certificates_update!oval:gov.nist.fdcc.vista:def:6674 CCE-3348-0UThe "Turn Off Event Views 'Events.asp' Links" setting should be configured correctly.\(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\EventViewer\MicrosoftEventVwrDisableLinksCCE-263%Turn-Off-Event-Views-Events.asp-Links&oval:com.secure-elements.oval:def:6675%turn_off_event_views_events.asp_links!oval:gov.nist.fdcc.vista:def:6675 CCE-2868-8]The "Turn Off Handwriting Reconition Error Reporting" setting should be configured correctly.q(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\HandwritingErrorReports\PreventHandwritingErrorReportsCCE-430/Turn-Off-Handwriting-Reconition-Error-Reporting&oval:com.secure-elements.oval:def:6676/turn_off_handwriting_reconition_error_reporting!oval:gov.nist.fdcc.vista:def:6676 CCE-2877-9fThe "Turn Off Help and Support Center "Did You Know?" Content" setting should be configured correctly.M(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvc\HeadlinesCCE-7565Turn-Off-Help-and-Support-Center-Did-you-Know-Content&oval:com.secure-elements.oval:def:6677 CCE-3406-6nThe "Turn Off Help and Support Center Microsoft Knowledge Base Search" setting should be configured correctly.V(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\PCHealth\HelpSvc\MicrosoftKBSearchsCCE-1029@Turn-Off-Help-and-Support-Center-Microsoft-Knowledge-Base-Search&oval:com.secure-elements.oval:def:6678 CCE-3432-2The "Turn Off Internet Connection Wizard if URL Connection is Referring to Microsoft.com" setting should be configured correctly.a(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Internet Connection Wizard\ExitOnMSICWCCE-1055STurn-Off-Internet-Connection-Wizard-if-URL-Connection-is-Referring-to-Microsoft.com&oval:com.secure-elements.oval:def:6679Sturn_off_internet_connection_wizard_if_url_connection_is_referring_to_microsoft.com!oval:gov.nist.fdcc.vista:def:6679 CCE-2697-1XThe "Turn Off Internet File Association Service" setting should be configured correctly.e(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetOpenWithCCE-1064*Turn-Off-Internet-File-Association-Service&oval:com.secure-elements.oval:def:6680!oval:gov.nist.fdcc.vista:def:6680 CCE-3093-2sThe "Turn Off Registration if URL Connection is Referring to Microsoft.com" setting should be configured correctly.e(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Registration Wizard Control\NoRegistrationCCE-88ETurn-Off-Registration-if-URL-Connection-is-Referring-to-Microsoft.com&oval:com.secure-elements.oval:def:6681!oval:gov.nist.fdcc.vista:def:6681 CCE-3115-3VThe "Turn Off the 'Order Prints' Picture Task" setting should be configured correctly.g(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoOnlinePrintsWizardCCE-375&Turn-Off-the-Order-Prints-Picture-Task&oval:com.secure-elements.oval:def:6682!oval:gov.nist.fdcc.vista:def:6682 CCE-2477-8fThe "Turn off the 'Publish to Web' task for files and folders" setting should be configured correctly.|(1) [HKEY_LOCAL_MACHINE | HKEY_CURRENT_USER] \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPublishingWizardCCE-10096Turn-off-the-Publish-to-Web-task-for-files-and-folders&oval:com.secure-elements.oval:def:6567!oval:gov.nist.fdcc.vista:def:6567 CCE-3403-3eThe "Turn Off Windows Movies Maker Automatic Codec Downloads" setting should be configured correctly.R(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\CodecDownloadCCE-10407Turn-Off-Windows-Movies-Maker-Automatic-Codec-Downloads&oval:com.secure-elements.oval:def:6696!oval:gov.nist.fdcc.vista:def:6696 CCE-3297-9[The "Turn Off Windows Movie Maker Online Web Links" setting should be configured correctly.L(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebHelpCCE-1062-Turn-Off-Windows-Movie-Maker-Online-Web-Links&oval:com.secure-elements.oval:def:6684!oval:gov.nist.fdcc.vista:def:6684 CCE-3385-2rThe "Turn Off Windows Movie Maker Saving to Online Video Hosting Provider" setting should be configured correctly.O(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMovieMaker\WebPublishCCE-93DTurn-Off-Windows-Movie-Maker-Saving-to-Online-Video-Hosting-Provider&oval:com.secure-elements.oval:def:6697!oval:gov.nist.fdcc.vista:def:6697 CCE-2781-3gThe "Don't Display the Getting Started Welcome Screen at Logon" setting should be configured correctly.b(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWelcomeScreenCCE-1020:Do-Not-Display-the-Getting-Started-Welcome-Screen-at-Logon&oval:com.secure-elements.oval:def:6687!oval:gov.nist.fdcc.vista:def:6687 CCE-2922-3LThe "Turn off Windows Startup Sound" setting should be configured correctly.d(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableStartupSoundCCE-681Turn-off-Windows-Startup-Sound&oval:com.secure-elements.oval:def:6688!oval:gov.nist.fdcc.vista:def:6688 CCE-2821-7cThe "Require a Password when a Computer Wakes (On Battery)" setting should be configured correctly.{ (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\DCSettingIndexCCE-3463Require-a-Password-when-a-Computer-Wakes-On-Battery&oval:com.secure-elements.oval:def:6689!oval:gov.nist.fdcc.vista:def:6689 CCE-3469-4`The "Require a Password when a Computer Wakes (Plugged)" setting should be configured correctly.{ (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Power\PowerSettings\0e796bdb-100d-47d6-a2d5-f7d2daa51f51\ACSettingIndexCCE-10110Require-a-Password-when-a-Computer-Wakes-Plugged&oval:com.secure-elements.oval:def:6690!oval:gov.nist.fdcc.vista:def:6690 CCE-2742-5SThe "Allow only Vista or later connections" setting should be configured correctly.k (1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\CreateEncryptedOnlyTicketsCCE-1007%Allow-only-Vista-or-later-connections&oval:com.secure-elements.oval:def:6691 CCE-2887-8LThe "Customization Warning Messages" setting should be configured correctly.b (1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\UseCustomMessagesCCE-923Customization-Warning-Messages&oval:com.secure-elements.oval:def:6692 CCE-3407-4LThe "Turn on bandwidth optimization" setting should be configured correctly.i (1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\UseBandwidthOptimizationCCE-1056Turn-on-bandwidth-optimization&oval:com.secure-elements.oval:def:6693 CCE-3271-4EThe "Turn on session logging" setting should be configured correc< tly._ (1) HKEY_LOCAL_MACHINE\Software\policies\Microsoft\Windows NT\Terminal Services\LoggingEnabledCCE-835Turn-on-session-logging&oval:com.secure-elements.oval:def:6694turn_on_session_logging!oval:gov.nist.fdcc.vista:def:6694 CCE-3288-8FThe "Prevent IIS Installation" setting should be configured correctly.T (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstallCCE-474Prevent-IIS-Installation&oval:com.secure-elements.oval:def:6107!oval:gov.nist.fdcc.vista:def:6107 CCE-3434-8BThe "Turn off Active Help" setting should be configured correctly.V (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0\NoActiveHelpCCE-557Turn-Off-Active-Help&oval:com.secure-elements.oval:def:6108 CCE-3046-0HThe "Turn off Untrusted Content" setting should be configured correctly.\ (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Assistance\Client\1.0\NoUntrustedContentCCE-95Turn-Off-Untrusted-Content&oval:com.secure-elements.oval:def:6109turn_off_untrusted_content!oval:gov.nist.fdcc.vista:def:6109 CCE-3477-7PThe "Turn off downloading of enclosures" setting should be configured correctly.d (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Feeds\DisableEnclosureDownloadCCE-767Turn-off-downloading-enclosures&oval:com.secure-elements.oval:def:6110turn_off_downloading_enclosures!oval:gov.nist.fdcc.vista:def:6110 CCE-3376-1OThe "Allow indexing of encrypted files" setting should be configured correctly.n (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItemsCCE-1049!Allow-indexing-of-encrypted-files&oval:com.secure-elements.oval:def:6704!oval:gov.nist.fdcc.vista:def:6704 CCE-3143-5XThe "Prevent indexing uncached Exchange folders" setting should be configured correctly.q (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search\PreventIndexingUncachedExchangeFoldersCCE-1058*Prevent-indexing-uncached-Exchange-folders&oval:com.secure-elements.oval:def:6705!oval:gov.nist.fdcc.vista:def:6705 CCE-2914-0GThe "Turn off Windows Calendar" setting should be configured correctly.` (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\TurnOffWinCalCCE-441Turn-off-Windows-Calendar&oval:com.secure-elements.oval:def:6111 CCE-3178-1tThe "Allow Corporate redirection of Customer Experience Improvement uploads" setting should be configured correctly.M (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\CorporateSQMURLCCE-97KAllow-Corporate-Redirection-Customer-Experience-Improvement-Program-Uploads&oval:com.secure-elements.oval:def:6112 CCE-3209-4GThe "Turn off Windows Defender" setting should be configured correctly.W (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows Defender\DisableAntiSpywareCCE-728Turn-off-Windows-Defender&oval:com.secure-elements.oval:def:6113 CCE-2962-9UThe "Turn off Heap termination on corruption" setting should be configured correctly.b (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer\NoHeapTerminationOnCorruptionCCE-384$Turn-off-heap-termination-corruption&oval:com.secure-elements.oval:def:6118$turn_off_heap_termination_corruption!oval:gov.nist.fdcc.vista:def:6118 CCE-3125-2TThe "Turn off shell protocol protected mode" setting should be configured correctly.q (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\PreXPSP2ShellProtocolBehaviorCCE-480&Turn-off-shell-protocol-protected-mode&oval:com.secure-elements.oval:def:6119&turn_off_shell_protocol_protected_mode!oval:gov.nist.fdcc.vista:def:6119 CCE-3398-5mThe "Prohibit non-administrators from applying vendor signed updates" setting should be configured correctly.X (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\DisableLUAPatchingCCE-6122Prohibit-Non-Administrators-applying-vendorpatches&oval:com.secure-elements.oval:def:61222prohibit_non_administrators_install_signed_updates!oval:gov.nist.fdcc.vista:def:6122 CCE-3341-5aThe "Report Logon Server Not Available During User logon" setting should be configured correctly.i (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ReportControllerMissingCCE-3923Report-logon-server-not-available-during-user-logon&oval:com.secure-elements.oval:def:61233report_logon_server_not_available_during_user_logon!oval:gov.nist.fdcc.vista:def:6123 CCE-2521-3SThe "Turn off the communitication features" setting should be configured correctly.S (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail\DisableCommunitiesCCE-96Turn-off-communication-features&oval:com.secure-elements.oval:def:6124turn_off_communities_features!oval:gov.nist.fdcc.vista:def:6124 CCE-2525-4OThe "Turn off Windows Mail application" setting should be configured correctly.T (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Mail\ManualLaunchAllowedCCE-331Turn-off-windows-mail-app&oval:com.secure-elements.oval:def:6125turn_off_windows_mail_app!oval:gov.nist.fdcc.vista:def:6125 CCE-3486-8WThe "Prevent Windows Media DRM Internet Access" setting should be configured correctly.G (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WMDRM\DisableOnlineCCE-1089)Prevent-Windows-Media-DRM-Internet-Access&oval:com.secure-elements.oval:def:6126)prevent_windows_media_drm_internet_access!oval:gov.nist.fdcc.vista:def:6126 CCE-2557-7LThe "Turn off Windows Meeting Space" setting should be configured correctly.m (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Collaboration\TurnOffWindowsCollaborationCCE-992Turn-off-windows-meeting-space&oval:com.secure-elements.oval:def:6127turn_off_windows_meeting_space!oval:gov.nist.fdcc.vista:def:6127 CCE-3328-2SThe "Turn on Windows Meeting Space audting" setting should be configured correctly.t (1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Windows Collaboration\TurnOnWindowsCollaborationAuditingCCE-105&Turn-on-windows-meeting-space-auditing&oval:com.secure-elements.oval:def:6128 CCE-3456-1yThe "Disable unpacking and installation of gadgets that are not digitally signed" setting should be configured correctly.q (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffUnsignedGadgetsCCE-297;Disable-unpacking-installation-gadgets-not-digitally-signed&oval:com.secure-elements.oval:def:6129;disable_unpacking_installation_gadgets_not_digitally_signed!oval:gov.nist.fdcc.vista:def:6129 CCE-3214-4LThe "Override the More Gadgets Link" setting should be configured correctly.r (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\OverrideMoreGadgetsLinkCCE-702Override-more-gadgets-Lnk&oval:com.secure-elements.oval:def:6130override_more_gadgets_lnk!oval:gov.nist.fdcc.vista:def:6130 CCE-3500-6]The "Turn Off User Installed Windows Sidebar Gadgets" setting should be configured correctly.v (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Windows\Sidebar\TurnOffUserInstalledGadgetsCCE-644/Turn-off-user-installed-windows-sidebar-gidgets&oval:com.secure-elements.oval:def:6131/turn_off_user_installed_windows_sidebar_gidgets!oval:gov.nist.fdcc.vista:def:6131 CCE-3482-7PThe "Do not allow Digital Locker to run" setting should be configured correctly.U(1) Computer Configuration\Administrative Templates\Windows Components\Digital LockerCCE-1747&do_not_allow_digital_locker_to_run_var!oval:gov.nist.fdcc.vista:def:6698"do_not_allow_digital_locker_to_run CCE-2755-7VThe "Turn Off Downloading of Game Information" setting should be configured correctly.(1) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Components\Game ExplorerCCE-1778(turn_off_downloading_of_game_information!oval:gov.nist.fdcc.vista:def:6703 CCE-2865-4HThe "IPv6 Block of Protocols 41" setting should be configured correctly.< (1) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Outbound RulesCCE-1795ipv6_block_protocols_41)oval:gov.nist.fdcc.vistafirewall:def:6491 CCE-3508-9DThe "IPv6 Block of UDP 3544" setting should be configured correctly.CCE-1293ipv6_block_udp_3544)oval:gov.nist.fdcc.vistafirewall:def:6492 CCE-4662-3GThe "Enforce user logon restrictions" policy should be set correctly. CCE-227(kerberos-enforce-user-logon-restrictions#oval:gov.nist.fdcc.vista:def:987651 CCE-4666-4HThe "Maximum Service Ticket Litfetime" policy should be set correctly. CCE-6(kerberos_maximum_lifetime_service_ticket#oval:gov.nist.fdcc.vista:def:987652 CCE-3936-2DThe "Maximum User Ticket Lifetime" policy should be set correctly. (1) number of hoursCCE-37%kerberos_maximum_lifetime_user_ticket#oval:gov.nist.fdcc.vista:def:987653 CCE-4755-5EThe "Maximum User Renewal Lifetime" policy should be set correctly. CCE-33-kerberos_maximum_lifetime_user_ticket_renewal#oval:gov.nist.fdcc.vista:def:987654 CCE-4702-7\The "Maximum tolerance for computer clock synchronization" policy should be set correctly. CCE-5889kerberos_maximum_tolerance_computer_clock_synchronization#oval:gov.nist.fdcc.vista:def:987655 CCE-3949-56TCP/IP PMTU Discovery should be properly configured. _(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery CCE-998"allow-automatic-detection-mtu-size oval:gov.nist.fdcc.vista:def:407 CCE-4904-9MKerberos and RSVP Traffic Protected by IPSec should be properly configured. P(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt CCE-501&enable-nodefaultexempt-IPSec-Filtering oval:gov.nist.fdcc.vista:def:116 CCE-4781-1WThe "Remotely accessible registry paths and subpaths" policy should be set correctly. (1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Remotely accessible registry paths and subpathsCCE-11850Remotely-accessible-registry-paths-and-sub-paths!oval:gov.nist.fdcc.vista:def:6076 CCE-4922-1HThe "LAN Manager Authentication Level" policy should be set correctly. (1) authentication levelx(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\LMCompatibilityLevel (2) defined by Local or Group Policy CCE-719 Lan-manager-authentication-level!oval:gov.nist.fdcc.vista:def:6094 CCE-4940-3HThe "LDAP client signing requirements" policy should be set correctly. y(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity (2) defined by Local or Group Policy CCE-732 LDAP-client-signing-requirements!oval:gov.nist.fdcc.vista:def:6095 CCE-4583-1[The "Minimum session security for NTLM SSP based clients" policy should be set correctly. {(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSec (2) defined by Local or Group Policy CCE-674/minimum-session-security-ntlm-ssp-based-clients!oval:gov.nist.fdcc.vista:def:6096 CCE-4213-5[The "Minimum session security for NTLM SSP based servers" policy should be set correctly. {(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec (2) defined by Local or Group Policy CCE-766/minimum-session-security-ntlm-ssp-based-servers!oval:gov.nist.fdcc.vista:def:6097 CCE-4107-9^The "Recovery Console: Allow Automatic Administrative Logon" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel (2) defined by Local or Group Policy CCE-410+recovery-console-allow-administrative-logon!oval:gov.nist.fdcc.vista:def:6098 CCE-3953-7tThe "Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SetCommand (2) defined by Local or Group Policy CCE-76<recovery-console-allow-floppy-copy-access-all-drives-folders!oval:gov.nist.fdcc.vista:def:6099 CCE-3954-5]The "Allow System to be Shut Down Without Having to Log On" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon (2) defined by Local or Group Policy CCE-2243shutdown-allow-system-shutdown-without-having-logon!oval:gov.nist.fdcc.vista:def:6100 CCE-3969-3QThe "Clear Virtual Memory Pagefile at shutdown" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management\ClearPageFileAtShutdown (2) defined by Local or Group Policy CCE-422"shutdown-clear-virtual-memory-page!oval:gov.nist.fdcc.vista:def:6101 CCE-4774-6jThe "Use FIPS compliant algorithms for encryption, hashing, and signing" policy should be set correctly. w(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy (2) defined by Local or Group Policy CCE-55/system-cryptography-use-fips-compliant-alorithm!oval:gov.nist.fdcc.vista:def:6102 CCE-4841-3]The "Require Case Insensitivity for Non-Windows Sybsystems" policy should be set correctly. (1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Kernel\ObCaseInsensitive (2) defined by Local or Group Policy CCE-300(system-objects-require-case-insesitivity!oval:gov.nist.fdcc.vista:def:6104 CCE-4011-3_The "Strengthen Default Permissions of Global System Objects" policy should be set correctly. ~(1) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\ProtectionMode (2) defined by Local or Group Policy CCE-508Esystem-objects-strengthen-default-permissions-internal-system-objects!oval:gov.nist.fdcc.vista:def:6105 CCE-4955-1~The "User Account Control: Admin Approval Mode for the Built-in Administrator account" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Admin Approval Mode for the Built-in Administrator accountCCE-1078admin_approval_mode!oval:gov.nist.fdcc.vista:def:8081 CCE-4016-2xThe "Behavior of the elevation prompt for administrators in Admin Approval Mode" setting should be configured correctly.@(1) Prompt for consent/Prompt for credentials/Automatically deny(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for administrators in Admin Approval ModeCCE-1063(behavior_elevation_prompt_administrators!oval:gov.nist.fdcc.vista:def:8082 CCE-4969-2aThe "Behavior of the elevation prompt for standard users" setting should be configured correctly.-(1) Prompt for credentials/Automatically deny(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Behavior of the elevation prompt for standard usersCCE-1067(behavior_elevation_prompt_standard_users!oval:gov.nist.fdcc.vista:def:8083 CCE-4612-8}The "User Account Control: Detect application installations and prompt for elevation" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Detect application installations and prompt for elevationCCE-11281detect_application_installations_prompt_elevation!oval:gov.nist.fdcc.vista:def:8084 CCE-5004-7zThe "User Account Control: Only elevate executables that are signed and validated" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate executables that are signed and validatedCCE-1104)only_elevate_executables_signed_validated!oval:gov.nist.fdcc.vista:def:8085 CCE-4020-4The "User Account Control: Only elevate UIAccess applications that are inst< alled in secure locations" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Only elevate UIAccess applications that are installed in secure locationsCCE-986"only_elevate_uiaccess_applications!oval:gov.nist.fdcc.vista:def:8086 CCE-4907-2qThe "User Account Control: Run all administrators in Admin Approval Mode" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Run all administrators in Admin Approval ModeCCE-1050&run_administrators_admin_approval_mode!oval:gov.nist.fdcc.vista:def:8087 CCE-4925-4}The "User Account Control: Switch to the secure desktop when prompting for elevation" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Switch to the secure desktop when prompting for elevationCCE-230)switch_secure_desktop_prompting_elevation!oval:gov.nist.fdcc.vista:def:8088 CCE-4194-7The "User Account Control: Virtualize file and registry write failures to per-user locations" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Virtualize file and registry write failures to per-user locationsCCE-673,virtualize_write_failures_per_user_locations!oval:gov.nist.fdcc.vista:def:8089 CCE-4334-9dThe "access this computer from the network" user right should be assigned to the correct accounts. (1) set of accountsI(1) defined by the SeNetworkLogonRight setting in Local or Group Policy CCE-532+Access-Computer-From-Network-Administrators!oval:gov.nist.fdcc.vista:def:6607 CCE-4088-1bThe "act as part of the operating system" user right should be assigned to the correct accounts. D(1) defined the SeTcbPrivilege setting in by Local or Group Policy CCE-162$Act-As-Part-Of-Operating-System-None!oval:gov.nist.fdcc.vista:def:6609 CCE-4854-6aThe "adjust memory quotas for a process" user right should be assigned to the correct accounts. N(1) defined the SeIncreaseQuotaPrivilege setting in by Local or Group Policy CCE-807?Adjust-Memory-Quotas-Administrators-LocalService-NetworkService!oval:gov.nist.fdcc.vista:def:6612 CCE-4872-8MThe "log on locally" user right should be assigned to the correct accounts. M(1) defined the SeInteractiveLogonRight setting in by Local or Group Policy CCE-965)Allow-Log-On-Locally-Administrators-Users!oval:gov.nist.fdcc.vista:def:6613 CCE-4264-8dThe "allow logon through Terminal Services" user right should be assigned to the correct accounts. S(1) defined the SeRemoteInteractiveLogonRight setting in by Local or Group Policy CCE-883HAllow-Log-On-Through-Terminal-Services-Administrators-RemoteDesktopUsers!oval:gov.nist.fdcc.vista:def:6616 CCE-4827-2\The "back up files and directories" user right should be assigned to the correct accounts. G(1) defined the SeBackupPrivilege setting in by Local or Group Policy CCE-931,Back-Up-Files-And-Directories-Administrators!oval:gov.nist.fdcc.vista:def:6617 CCE-4973-4WThe "bypass traverse checking" user right should be assigned to the correct accounts. M(1) defined the SeChangeNotifyPrivilege setting in by Local or Group Policy CCE-376IBypass-Traverse-Checking-Administrators_Users_LocalService_NetworkService!oval:gov.nist.fdcc.vista:def:6621 CCE-4863-7UThe "change the system time" user right should be assigned to the correct accounts. K(1) defined the SeSystemTimePrivilege setting in by Local or Group Policy CCE-799.Change-System-Time-LocalService-Administrators!oval:gov.nist.fdcc.vista:def:6623 CCE-5008-8UThe "Change the time zone" user right should be assigned to the appropriate accounts.(1) list of accounts(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Change the time zoneCCE-4702Change-Time-Zone-Administrators_Users_LocalService#oval:gov.nist.fdcc.vista:def:662381 CCE-4757-1PThe "create a pagefile" user right should be assigned to the correct accounts. O(1) defined the SeCreatePagefilePrivilege setting in by Local or Group Policy CCE-895Create-Pagefile-Administrators!oval:gov.nist.fdcc.vista:def:6624 CCE-4902-3TThe "Create a token object" user right should be assigned to the correct accounts. L(1) defined the SeCreateTokenPrivilege setting in by Local or Group Policy CCE-926Create-Token-Object-None!oval:gov.nist.fdcc.vista:def:6625 CCE-4792-8RThe "Create global objects" user right should be assigned to the correct accounts.CCE-383HCreate-Global-Objects-Administrators-SERVICE-LocalService-NetworkService!oval:gov.nist.fdcc.vista:def:6626 CCE-4184-8^The "create permanent shared objects" user right should be assigned to the correct accounts. P(1) defined the SeCreatePermanentPrivilege setting in by Local or Group Policy CCE-335$Create-Permanent-Shared-Objects-None!oval:gov.nist.fdcc.vista:def:6627 CCE-4687-0MThe "debug programs" user right should be assigned to the correct accounts. F(1) defined the SeDebugPrivilege setting in by Local or Group Policy CCE-842Debug-Programs-None!oval:gov.nist.fdcc.vista:def:6628 CCE-4704-3jThe "deny access to this computer from the network" user right should be assigned to the correct accounts.M(1) defined by the SeDenyNetworkLogonRight setting in Local or Group Policy CCE-898Deny-Access-From-Network-Guests!oval:gov.nist.fdcc.vista:def:6630 CCE-4722-5XThe "deny logon as a batch job" user right should be assigned to the correct accounts. K(1) defined the SeDenyBatchLogonRight setting in by Local or Group Policy CCE-165Deny-Logon-As-Batch-Job-Guests!oval:gov.nist.fdcc.vista:def:6631 CCE-4867-8VThe "deny logon as a service" user right should be assigned to the correct accounts. M(1) defined the SeDenyServiceLogonRight setting in by Local or Group Policy CCE-597deny_logon_as_service_none!oval:gov.nist.fdcc.vista:def:6633 CCE-4889-2QThe "deny logon locally" user right should be assigned to the correct accounts. Q(1) defined the SeDenyInteractiveLogonRight setting in by Local or Group Policy CCE-64Deny-Logon-Locally-Guests!oval:gov.nist.fdcc.vista:def:6634 CCE-4656-5cThe "deny logon through Terminal Services" user right should be assigned to the correct accounts. W(1) defined the SeDenyRemoteInteractiveLogonRight setting in by Local or Group Policy CCE-108*Deny-Logon-Through-Terminal-Services-Guest!oval:gov.nist.fdcc.vista:def:6636 CCE-4673-0bThe "force shutdown from a remote system" user right should be assigned to the correct accounts. O(1) defined the SeRemoteShutdownPrivilege setting in by Local or Group Policy CCE-7540Force-Shutdown-From-Remote-System-Administrators!oval:gov.nist.fdcc.vista:def:6638 CCE-4488-3WThe "generate security audits" user right should be assigned to the correct accounts. F(1) defined the SeAuditPrivilege setting in by Local or Group Policy CCE-9394Generate-Security-Audits-LocalService-NetworkService!oval:gov.nist.fdcc.vista:def:6639 CCE-4382-8gThe "Impersonate a client after authentication" user right should be assigned to the correct accounts.CCE-304ZImpersonate-Client-After-Authentication-Administrators-SERVICE-LocalService-NetworkService!oval:gov.nist.fdcc.vista:def:6640 CCE-4651-6LThe "Increase a Process Working Set" setting should be configured correctly.(1) Set of users or groups(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Increase a process working setCCE-10278Increase-Process-Working-Set-Administrators_LocalService#oval:gov.nist.fdcc.vista:def:662391 CCE-4796-9[The "increase scheduling priority" user right should be assigned to the correct accounts. U(1) defined the SeIncreaseBase< PriorityPrivilege setting in by Local or Group Policy CCE-349+Increase-Scheduling-Priority-Administrators!oval:gov.nist.fdcc.vista:def:6641 CCE-4034-5]The "load and unload device drivers" user right should be assigned to the correct accounts. K(1) defined the SeLoadDriverPrivilege setting in by Local or Group Policy CCE-860-Load-And-Unload-Device-Drivers-Administrators!oval:gov.nist.fdcc.vista:def:6642 CCE-4317-4SThe "lock pages in memory" user right should be assigned to the correct accounts. K(1) defined the SeLockMemoryPrivilege setting in by Local or Group Policy CCE-749Lock-Pages-In-Memory-None!oval:gov.nist.fdcc.vista:def:6643 CCE-4083-2TThe "log on as a batch job" user right should be assigned to the correct accounts. G(1) defined the SeBatchLogonRight setting in by Local or Group Policy CCE-177Log-On-As-Batch-Job-None!oval:gov.nist.fdcc.vista:def:6644 CCE-4038-6RThe "log on as a service" user right should be assigned to the correct accounts. I(1) defined the SeServiceLogonRight setting in by Local or Group Policy CCE-216Log-On-As-Service-None!oval:gov.nist.fdcc.vista:def:6647 CCE-4046-9_The "manage auditing and security log" user right should be assigned to the correct accounts. I(1) defined the SeSecurityPrivilege setting in by Local or Group Policy CCE-850/Manage-Auditing-And-Security-Log-Administrators!oval:gov.nist.fdcc.vista:def:6648 CCE-4285-3WThe "Modify an object label" user right should be assigned to the appropriate accounts.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Modify an object labelCCE-1023Modify-Object-Label-None#oval:gov.nist.fdcc.vista:def:662371 CCE-4048-5aThe "modify firmware environment values" user right should be assigned to the correct accounts. R(1) defined the SeSystemEnvironmentPrivilege setting in by Local or Group Policy CCE-171Modify-Firmware-Environment-Values-Administrators!oval:gov.nist.fdcc.vista:def:6649 CCE-4071-7_The "perform volume maintenance tasks" user right should be assigned to the correct accounts. M(1) defined the SeManageVolumePrivilege setting in by Local or Group Policy CCE-314/Perform-Volume-Maintenance-Tasks-Administrators!oval:gov.nist.fdcc.vista:def:6650 CCE-4962-7UThe "profile single process" user right should be assigned to the correct accounts. U(1) defined the SeProfileSingleProcessPrivilege setting in by Local or Group Policy CCE-260%Profile-Single-Process-Administrators!oval:gov.nist.fdcc.vista:def:6651 CCE-4618-5YThe "profile system performance" user right should be assigned to the correct accounts. N(1) defined the SeSystemProfilePrivilege setting in by Local or Group Policy CCE-599)Profile-System-Performance-Administrators!oval:gov.nist.fdcc.vista:def:6652 CCE-4861-1cThe "remove computer from docking station" user right should be assigned to the correct accounts. G(1) defined the SeUndockPrivilege setting in by Local or Group Policy CCE-6569Remove-Computer-From-Docking-Station-Administrators-Users!oval:gov.nist.fdcc.vista:def:6653 CCE-4372-9\The "replace a process-level token" user right should be assigned to the correct accounts. S(1) defined the SeAssignPrimaryTokenPrivilege setting in by Local or Group Policy CCE-6677Replace-Process-Level-Token-NetworkService-LocalService!oval:gov.nist.fdcc.vista:def:6654 CCE-4948-6\The "restore files and directories" user right should be assigned to the correct accounts. H(1) defined the SeRestorePrivilege setting in by Local or Group Policy CCE-553,Restore-Files-And-Directories-Administrators!oval:gov.nist.fdcc.vista:def:6655 CCE-4569-0SThe "shut down the system" user right should be assigned to the correct accounts. I(1) defined the SeShutdownPrivilege setting in by Local or Group Policy CCE-839%Shut-Down-System-Administrators-Users!oval:gov.nist.fdcc.vista:def:6657 CCE-4970-0aThe "synchronize directory service data" user right should be assigned to the correct accounts. K(1) defined the SeSynchAgentPrivilege setting in by Local or Group Policy CCE-381'Synchronize-Directory-Service-Data-None!oval:gov.nist.fdcc.vista:def:6658 CCE-4988-2gThe "take ownership of files or other objects" user right should be assigned to the correct accounts. N(1) defined the SeTakeOwnershipPrivilege setting in by Local or Group Policy CCE-492&Take-Ownership-Of-Files-Administrators!oval:gov.nist.fdcc.vista:def:6659 CCE-4627-6NThe required permissions for the WLAN AutoConfig service should be assigned. >(1) set of accounts (2) list of permissions (3) applicabilityB(1) defined by the object's DACL (2) defined through group policyCCE-957wlan_autoconfig"oval:gov.nist.fdcc.vista:def:61481 CCE-4992-47Internet Explorer Processes (Zone Elevation Protection);(1) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!(Reserved) (2) HKLM\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION!explorer.exe (3) HKLM\Software\Policies\Microsoft\Internet (4) Local Internet Options: (5) GPO Settings:[Computer Configuration | User Configuration]/Network/Internet Explorer/Internet Control Panel/Security Features/Protection From Zone Elevation (6) Registry Keys:[HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\(Reserved) (7) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\explorer.exe (8) [HKLM | HKCU]\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION\iexplore.exeCCE-347turn_on_mapper_io_lltdio_driver!oval:gov.nist.fdcc.vista:def:6660 CCE-4077-4fThe "Turn on Responder (RSPNDR) driver" setting should be configured correctly for the domain profile.(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Link-Layer Topology Discovery\Turn on Responder (RSPNDR) driverCCE-1134turn_on_responder_rspndr_driver!oval:gov.nist.fdcc.vista:def:6661 CCE-4152-5kInstallation and Configuration of Network Bridge on the DNS Domain Network should be properly configured. f(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Network Connections\NC_AllowNetBridge_NLA CCE-896$prohibit_installation_network_bridge$oval:gov.nist.fdcc.vista:def:3366991 CCE-5020-3uThe "Prohibit use of Internet Connection Firewall on your DNS domain network" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Network Connections\Prohibit use of Internet Connection Firewall on your DNS domain networkCCE-241%prohibit_internet_connection_firewall$oval:gov.nist.fdcc.vista:def:3366992 CCE-4078-2PThe startup type of the Internet Connection Sharing service should be correct. (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start (2) defined by the Services Administrative Tool (3) definied by Group Policy CCE-672$prohibit_internet_connection_sharing$oval:gov.nist.fdcc.vista:def:3366993 CCE-5061-7The "Configuration of wireless settings using Windows Connect Now" setting should be configured correctly for Wireless Connect Now over Ethernet (UPnP).(1) GPO Setting: Computer Configuration\Administrative Templates\Network\Windows Connect Now\Configuration of wireless settings using Windows Connect NowCCE-734<configuration_of_wireless_settings_using_windows_connect_now!oval:gov.nist.fdcc.vista:def:6665 CCE-4081-6The "Internet Explorer Maintenance Policy Processing - Allow processing across a slow network connection" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\System\Group Policy\Internet Explorer Maintenance Policy ProcessingCCE-3657internet_explorer_maintenance_policy_processing_enabled!oval:gov.nist.fdcc.vista:def:6671 CCE-4694-6>The "Enable Error Reporting" policy should be set correctly. V(1) HKEY_LOCAL_MACHINE\Software\Policies\Microso< ft\PCHealth\ErrorReporting\DoReport CCE-592 turn_off_windows_error_reporting!oval:gov.nist.fdcc.vista:def:6683 CCE-4813-22Use Classic Logon should be properly configured. (1) logon type\(1) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\system\LogonType CCE-231Always-Use-Classic-Logon!oval:gov.nist.fdcc.vista:def:6686 CCE-4579-9wThe 'Approved Installation Sites for ActiveX Controls' security mechanism should be enabled or disabled as appropriate.(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\ActiveX Installer Service\Approved Installation Sites for ActiveX ControlsCCE-8360approved_installation_sites_for_activex_controls!oval:gov.nist.fdcc.vista:def:6695 CCE-4086-5:The setup log maximum size should be configured correctly.}GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Event Log Service\Setup\Maximum Log Size (KB)CCE-262maximum_setup_log_size"oval:gov.nist.fdcc.vista:def:19898 CCE-4501-3(1) Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection (2) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDisableCdm!oval:gov.nist.fdcc.vista:def:6598 CCE-4866-0bThe "Set Client connection Encryption Level" policy should be set correctly for Terminal Services.(1) encryption leveld(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MinEncryptionLevel CCE-397&Set-client-connection-encryption-level!oval:gov.nist.fdcc.vista:def:6600 CCE-5007-0dThe "Set time limit for disconnected sessions" policy should be set correctly for Terminal Services.(1) Time Limit (minutes)f 1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxDisconnectionTime CCE-920'set_timelimit_for_disconnected_sessions!oval:gov.nist.fdcc.vista:def:6726 CCE-4267-1\The "Set time limit for idle sessions" policy should be set correctly for Terminal Services.(1) Time limit (minutes)](1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Terminal Services\MaxIdleTime CCE-123<set_timelimit_for_active_but_idle_terminal_services_sessions!oval:gov.nist.fdcc.vista:def:6725 CCE-4761-3Computer-wide, rather than per-user, use of Microsoft Spynet Reporting for Windows Defender should be enabled or disabled as appropriate.((1) enabled, disabled, or not configured(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Defender\Configure Microsoft Spynet ReportingCCE-312configure_ms_spynet_reporting!oval:gov.nist.fdcc.vista:def:6727 CCE-4915-5=The "Disable Logging" setting should be configured correctly.{(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable LoggingCCE-959disable_logging!oval:gov.nist.fdcc.vista:def:6114 CCE-5034-4MThe "Disable Windows Error Reporting" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Disable Windows Error ReportingCCE-803disable_windows_error_reporting!oval:gov.nist.fdcc.vista:def:6115 CCE-4919-7HThe "Display Error Notification" setting should be configured correctly.(1) GPO Settings: Computer Configuration\Administrative Templates\System\Error Reporting\Display Error Notification (2) Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Display Error NotificationCCE-259display_error_notification$oval:gov.nist.fdcc.vista:def:3366994 CCE-4089-9IThe "Do not send additional data" setting should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Error Reporting\Do not send additional dataCCE-798do_not_send_additional_data!oval:gov.nist.fdcc.vista:def:6117 CCE-4991-6>The "Set Safe for Scripting" policy should be set correctly. X(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\SafeForScripting\ CCE-2614disable_ie_security_prompt_windows_installer_scripts!oval:gov.nist.fdcc.vista:def:6120 CCE-4629-2IThe "Enable User Control Over Installs" policy should be set correctly. X(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer\EnableUserControl CCE-415!enable_user_control_over_installs!oval:gov.nist.fdcc.vista:def:6121 CCE-4405-7iThe "Do Not Show First Use Dialog Boxes" setting for Windows Media Player should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Do Not Show First Use Dialog BoxesCCE-1140"do_not_show_first_use_dialog_boxes&oval:gov.nist.fdcc.vista:def:612261221 CCE-4898-3RThe "Disable Media Player for automatic updates" policy should be set correctly. Y(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsMediaPlayer\DisableAutoupdate CCE-455prevent_automatic_updates&oval:gov.nist.fdcc.vista:def:612261222 CCE-5052-6hThe "Prevent Desktop Shortcut Creation" setting for Windows Media Player should be configured correctly.(1) GPO Setting: Computer Configuration\Administrative Templates\Windows Components\Windows Media Player\Prevent Desktop Shortcut CreationCCE-313!prevent_desktop_shortcut_creation&oval:gov.nist.fdcc.vista:def:612261223 CCE-4797-7TThe "Do Not Automatically Start Windows Messenger" policy should be set correctly. T(1) HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Messenger\Client\PreventAutoRun CCE-3096do_not_automatically_start_windows_messenger_initially&oval:gov.nist.fdcc.vista:def:612261224 CCE-4290-3dThe "Password protect the screen saver" setting should be configured correctly for the current user.(1) User Configuration\Administrative Templates\Control Panel\Display\Password protect the screen saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecureCCE-949!password_protect_the_screen_saver!oval:gov.nist.fdcc.vista:def:6707 CCE-5070-8cThe "Prevent users from sharing files within their profile" setting should be configured correctly.(1) GPO Setting: User Configuration\Administrative Templates\Windows Components\Network Sharing\Prevent users from sharing files within their profilesCCE-11445prevent_users_from_sharing_files_within_their_profile!oval:gov.nist.fdcc.vista:def:6715 CCE-4938-7~Auditing of "Account Management: Application Group Management" events on success should be enabled or disabled as appropriate.(1) via auditpolCCE-801application-group-management!oval:gov.nist.fdcc.vista:def:8001 CCE-4700-1~Auditing of "Account Management: Application Group Management" events on failure should be enabled or disabled as appropriate.CCE-1016 CCE-4093-1}Auditing of "Account Management: Computer Account Management" events on success should be enabled or disabled as appropriate.CCE-1070computer-account-management!oval:gov.nist.fdcc.vista:def:8002 CCE-4228-3}Auditing of "Account Management: Computer Account Management" events on failure should be enabled or disabled as appropriate.CCE-840 CCE-4115-2Auditing of "Account Management: Distribution Group Management" events on success should be enabled or disabled as appropriate.CCE-515distribution-group-management!oval:gov.nist.fdcc.vista:def:8003 CCE-4140-0Auditing of "Account Management: Distribution Group Management" events on failure should be enabled or disabled as appropriate.CCE-1048 CCE-4916-3Auditing of "Account Management: Other Account Management Events" events on success should be enabled or disabled as appropriate.CCE-206other-account-management-events!oval:gov.nist.fdcc.vista:def:8004 CCE-4783-7Auditing of "Account Management: Other Account Management Events" events on failure should be enabled or disabled as appropriate.CCE-1202 CCE-5048-4{Auditing of "Account Management: Security Group Management" events on success should be enabled or disabled as appropriate< .CCE-1118security-group-management!oval:gov.nist.fdcc.vista:def:8005 CCE-4142-6{Auditing of "Account Management: Security Group Management" events on failure should be enabled or disabled as appropriate.CCE-369 CCE-4833-0yAuditing of "Account Management: User Account Management" events on success should be enabled or disabled as appropriate.CCE-1043user-account-management!oval:gov.nist.fdcc.vista:def:8006 CCE-5097-1yAuditing of "Account Management: User Account Management" events on failure should be enabled or disabled as appropriate.CCE-924 CCE-5000-5oAuditing of "Detailed Tracking: DPAPI Activity" events on success should be enabled or disabled as appropriate.CCE-1413dpapi-activity!oval:gov.nist.fdcc.vista:def:8007 CCE-4493-3oAuditing of "Detailed Tracking: DPAPI Activity" events on failure should be enabled or disabled as appropriate.CCE-699 CCE-4166-5qAuditing of "Detailed Tracking: Process Creation" events on success should be enabled or disabled as appropriate.CCE-913process-creation!oval:gov.nist.fdcc.vista:def:8008 CCE-5094-8qAuditing of "Detailed Tracking: Process Creation" events on failure should be enabled or disabled as appropriate.CCE-1079 CCE-4869-4tAuditing of "Detailed Tracking: Process Termination" events on success should be enabled or disabled as appropriate.CCE-416process-termination!oval:gov.nist.fdcc.vista:def:8009 CCE-4363-8tAuditing of "Detailed Tracking: Process Termination" events on failure should be enabled or disabled as appropriate.CCE-1250 CCE-4891-8kAuditing of "Detailed Tracking: RPC Events" events on success should be enabled or disabled as appropriate.CCE-1219 rpc-events!oval:gov.nist.fdcc.vista:def:8010 CCE-4759-7kAuditing of "Detailed Tracking: RPC Events" events on failure should be enabled or disabled as appropriate.CCE-1365 CCE-5023-7Auditing of "DS Access: Detailed Directory Service Replication" events on success should be enabled or disabled as appropriate.CCE-207&detailed-directory-service-replication!oval:gov.nist.fdcc.vista:def:8011 CCE-4658-1Auditing of "DS Access: Detailed Directory Service Replication" events on failure should be enabled or disabled as appropriate.CCE-1186 CCE-5028-6qAuditing of "DS Access: Directory Service Access" events on success should be enabled or disabled as appropriate.CCE-1199directory-service-access!oval:gov.nist.fdcc.vista:def:8012 CCE-4931-2qAuditing of "DS Access: Directory Service Access" events on failure should be enabled or disabled as appropriate.CCE-459 CCE-5067-4rAuditing of "DS Access: Directory Service Changes" events on success should be enabled or disabled as appropriate.CCE-317directory-service-changes!oval:gov.nist.fdcc.vista:def:8013 CCE-4808-2rAuditing of "DS Access: Directory Service Changes" events on failure should be enabled or disabled as appropriate.CCE-982 CCE-5089-8vAuditing of "DS Access: Directory Service Replication" events on success should be enabled or disabled as appropriate.CCE-881directory-service-replication!oval:gov.nist.fdcc.vista:def:8014 CCE-4176-4vAuditing of "DS Access: Directory Service Replication" events on failure should be enabled or disabled as appropriate.CCE-247 CCE-4342-2kAuditing of "Logon/Logoff: Account Lockout" events on success should be enabled or disabled as appropriate.CCE-1264account-lockout!oval:gov.nist.fdcc.vista:def:8015 CCE-4857-9kAuditing of "Logon/Logoff: Account Lockout" events on failure should be enabled or disabled as appropriate.CCE-1282 CCE-5011-2oAuditing of "Logon/Logoff: IPsec Extended Mode" events on success should be enabled or disabled as appropriate.CCE-1028ipsec-extended-mode!oval:gov.nist.fdcc.vista:def:8016 CCE-4505-4oAuditing of "Logon/Logoff: IPsec Extended Mode" events on failure should be enabled or disabled as appropriate.CCE-362 CCE-5016-1kAuditing of "Logon/Logoff: IPsec Main Mode" events on success should be enabled or disabled as appropriate.CCE-1207ipsec-main-mode!oval:gov.nist.fdcc.vista:def:8017 CCE-4650-8kAuditing of "Logon/Logoff: IPsec Main Mode" events on failure should be enabled or disabled as appropriate.CCE-351 CCE-5038-5lAuditing of "Logon/Logoff: IPsec Quick Mode" events on success should be enabled or disabled as appropriate.CCE-1257ipsec-quick-mode!oval:gov.nist.fdcc.vista:def:8018 CCE-4928-8lAuditing of "Logon/Logoff: IPsec Quick Mode" events on failure should be enabled or disabled as appropriate.CCE-1274 CCE-4703-5bAuditing of "Logon/Logoff: Logoff" events on success should be enabled or disabled as appropriate.CCE-493logoff!oval:gov.nist.fdcc.vista:def:8019 CCE-4183-0bAuditing of "Logon/Logoff: Logoff" events on failure should be enabled or disabled as appropriate.CCE-996 CCE-5018-7aAuditing of "Logon/Logoff: Logon" events on success should be enabled or disabled as appropriate.CCE-1284logon!oval:gov.nist.fdcc.vista:def:8020 CCE-4423-0aAuditing of "Logon/Logoff: Logon" events on failure should be enabled or disabled as appropriate.CCE-1097 CCE-5163-1uAuditing of "Logon/Logoff: Other Logon/Logoff Events" events on success should be enabled or disabled as appropriate.CCE-378other-logon-logoff-events!oval:gov.nist.fdcc.vista:def:8021 CCE-5066-6uAuditing of "Logon/Logoff: Other Logon/Logoff Events" events on failure should be enabled or disabled as appropriate.CCE-1208 CCE-4956-9iAuditing of "Logon/Logoff: Special Logon" events on success should be enabled or disabled as appropriate.CCE-371 special-logon!oval:gov.nist.fdcc.vista:def:8022 CCE-4824-9iAuditing of "Logon/Logoff: Special Logon" events on failure should be enabled or disabled as appropriate.CCE-1038 CCE-5084-9rAuditing of "Object Access: Application Generated" events on success should be enabled or disabled as appropriate.CCE-1322application-generated!oval:gov.nist.fdcc.vista:def:8023 CCE-4829-8rAuditing of "Object Access: Application Generated" events on failure should be enabled or disabled as appropriate.CCE-379 CCE-4714-2sAuditing of "Object Access: Certification Services" events on success should be enabled or disabled as appropriate.CCE-1345certification-services!oval:gov.nist.fdcc.vista:def:8024 CCE-4868-6sAuditing of "Object Access: Certification Services" events on failure should be enabled or disabled as appropriate.CCE-1261 CCE-4200-2gAuditing of "Object Access: File Share" events on success should be enabled or disabled as appropriate.CCE-1372 file-share!oval:gov.nist.fdcc.vista:def:8025 CCE-5145-8gAuditing of "Object Access: File Share" events on failure should be enabled or disabled as appropriate.CCE-1033 CCE-4921-3hAuditing of "Object Access: File System" events on success should be enabled or disabled as appropriate.CCE-1085 file-system!oval:gov.nist.fdcc.vista:def:8026 CCE-5039-3hAuditing of "Object Access: File System" events on failure should be enabled or disabled as appropriate.CCE-1340 CCE-4568-2zAuditing of "Object Access: Filtering Platform Connection" events on success should be enabled or disabled as appropriate.CCE-717filtering-platform-connection!oval:gov.nist.fdcc.vista:def:8027 CCE-5079-9zAuditing of "Object Access: Filtering Platform Connection" events on failure should be enabled or disabled as appropriate.CCE-744 CCE-4947-8{Auditing of "Object Access: Filtering Platform Packet Drop" events on success should be enabled or disabled as appropriate.CCE-385filtering-platform-packet-drop!oval:gov.nist.fdcc.vista:def:8028 CCE-4335-6{Auditing of "Object Access: Filtering Platform Packet Drop" events on failure should be enabled or disabled as appropriate.CCE-589 CCE-4828-0pAuditing of "Object Access: Handle Manipulation" events on success should be enabled or disabled as appropriate.CCE-1363handle-manipulation!oval:gov.nist.fdcc.vista:def:8029 CCE-4965-0pAuditing of "Object Access: Handle Manipulation" events on failure should be enabled or di< sabled as appropriate.CCE-1244 CCE-4996-5jAuditing of "Object Access: Kernel Object" events on success should be enabled or disabled as appropriate.CCE-1288 kernel-object!oval:gov.nist.fdcc.vista:def:8030 CCE-4885-0jAuditing of "Object Access: Kernel Object" events on failure should be enabled or disabled as appropriate.CCE-1305 CCE-5132-6wAuditing of "Object Access: Other Object Access Events" events on success should be enabled or disabled as appropriate.CCE-642other-object-access-events!oval:gov.nist.fdcc.vista:def:8031 CCE-4691-2wAuditing of "Object Access: Other Object Access Events" events on failure should be enabled or disabled as appropriate.CCE-1026 CCE-4594-8eAuditing of "Object Access: Registry" events on success should be enabled or disabled as appropriate.CCE-1138registry!oval:gov.nist.fdcc.vista:def:8032 CCE-5087-2eAuditing of "Object Access: Registry" events on failure should be enabled or disabled as appropriate.CCE-1283 CCE-4616-9`Auditing of "Object Access: SAM" events on success should be enabled or disabled as appropriate.CCE-446sam!oval:gov.nist.fdcc.vista:def:8033 CCE-4982-5`Auditing of "Object Access: SAM" events on failure should be enabled or disabled as appropriate.CCE-451 CCE-4201-0pAuditing of "Policy Change: Audit Policy Change" events on success should be enabled or disabled as appropriate.CCE-1110policy_change_audit!oval:gov.nist.fdcc.vista:def:8034 CCE-5137-5pAuditing of "Policy Change: Audit Policy Change" events on failure should be enabled or disabled as appropriate.CCE-991 CCE-4877-7yAuditing of "Policy Change: Authentication Policy Change" events on success should be enabled or disabled as appropriate.CCE-388authentication-policy-change!oval:gov.nist.fdcc.vista:def:8035 CCE-4516-1yAuditing of "Policy Change: Authentication Policy Change" events on failure should be enabled or disabled as appropriate.CCE-180 CCE-5172-2xAuditing of "Policy Change: Authorization Policy Change" events on success should be enabled or disabled as appropriate.CCE-187authorization-policy-change!oval:gov.nist.fdcc.vista:def:8036 CCE-5058-3xAuditing of "Policy Change: Authorization Policy Change" events on failure should be enabled or disabled as appropriate.CCE-448 CCE-5177-1}Auditing of "Policy Change: Filtering Platform Policy Change" events on success should be enabled or disabled as appropriate.CCE-1042 filtering-platform-policy-change!oval:gov.nist.fdcc.vista:def:8037 CCE-4939-5}Auditing of "Policy Change: Filtering Platform Policy Change" events on failure should be enabled or disabled as appropriate.CCE-1112 CCE-5181-3|Auditing of "Policy Change: MPSSVC Rule-Level Policy Change" events on success should be enabled or disabled as appropriate.CCE-203mpssvc-rule-level-policy-change!oval:gov.nist.fdcc.vista:def:8038 CCE-4204-4|Auditing of "Policy Change: MPSSVC Rule-Level Policy Change" events on failure should be enabled or disabled as appropriate.CCE-879 CCE-4479-2wAuditing of "Policy Change: Other Policy Change Events" events on success should be enabled or disabled as appropriate.CCE-205other-policy-change-events!oval:gov.nist.fdcc.vista:def:8039 CCE-4995-7wAuditing of "Policy Change: Other Policy Change Events" events on failure should be enabled or disabled as appropriate.CCE-787 CCE-5114-4xAuditing of "Privilege Use: Non Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.CCE-391non-sensitive-privilege-use!oval:gov.nist.fdcc.vista:def:8040 CCE-4990-8xAuditing of "Privilege Use: Non Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.CCE-404 CCE-5131-8wAuditing of "Privilege Use: Other Privilege Use Events" events on success should be enabled or disabled as appropriate.CCE-1203other-privilege-use-events!oval:gov.nist.fdcc.vista:def:8041 CCE-4205-1Auditing of "Privilege Use: Privilege Use: Other Privilege Use Events" events on failure should be enabled or disabled as appropriate.CCE-406 CCE-4300-0tAuditing of "Privilege Use: Sensitive Privilege Use" events on success should be enabled or disabled as appropriate.CCE-488sensitive-privilege-use!oval:gov.nist.fdcc.vista:def:8042 CCE-4734-0tAuditing of "Privilege Use: Sensitive Privilege Use" events on failure should be enabled or disabled as appropriate.CCE-1258 CCE-4976-7bAuditing of "System: Ipsec Driver" events on success should be enabled or disabled as appropriate.CCE-1177 ipsec-driver!oval:gov.nist.fdcc.vista:def:8043 CCE-4879-3bAuditing of "System: Ipsec Driver" events on failure should be enabled or disabled as appropriate.CCE-1314 CCE-4998-1iAuditing of "System: Other System Events" events on success should be enabled or disabled as appropriate.CCE-1332other-system-events!oval:gov.nist.fdcc.vista:def:8044 CCE-4883-5iAuditing of "System: Other System Events" events on failure should be enabled or disabled as appropriate.CCE-337 CCE-4535-1kAuditing of "System: Security State Change" events on success should be enabled or disabled as appropriate.CCE-1121security-state-change!oval:gov.nist.fdcc.vista:def:8045 CCE-5157-3kAuditing of "System: Security State Change" events on failure should be enabled or disabled as appropriate.CCE-1139 CCE-5170-6oAuditing of "System: Security System Extension" events on success should be enabled or disabled as appropriate.CCE-1270security-system-extension!oval:gov.nist.fdcc.vista:def:8046 CCE-4910-6oAuditing of "System: Security System Extension" events on failure should be enabled or disabled as appropriate.CCE-1102 CCE-5047-6fAuditing of "System: System Integrity" events on success should be enabled or disabled as appropriate.CCE-856system-integrity!oval:gov.nist.fdcc.vista:def:8047 CCE-4822-3fAuditing of "System: System Integrity" events on failure should be enabled or disabled as appropriate.CCE-336 CCE-4941-1User notifications when a program is blocked from receiving inbound connections by Windows Firewall should be enabled or disabled as appropriate for the Domain Profile.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Domain Profile Tab\Settings\Firewall settings\Display a notificationCCE-1047#domain_profile_display_notification)oval:gov.nist.fdcc.vistafirewall:def:6518 CCE-4597-1qThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Private Profile.0(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log Dropped PacketsCCE-325#private_profile_log_dropped_packets)oval:gov.nist.fdcc.vistafirewall:def:6411 CCE-4963-5xThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Private Profile.(1) enable/disabled$(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log successful connections (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Logged successful connectionsCCE-327-private_profile_logged_successful_connections)oval:gov.nist.fdcc.vistafirewall:def:6412 CCE-4206-9kThe log file path and name for the Windows Firewall should be configured correctly for the Private Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Priv< ateProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Private Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\NameCCE-999private_profile_name)oval:gov.nist.fdcc.vistafirewall:def:6413 CCE-4207-7hThe log file size limit for the Windows Firewall should be configured correctly for the Private Profile.Z(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PrivateProfile\Logging\LogFileSize (2) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile Tab\Logging\Size limit (KB)CCE-1091private_profile_size_limit)oval:gov.nist.fdcc.vistafirewall:def:6414 CCE-4507-0pThe "Log Dropped Packets" option for the Windows Firewall should be configured correctly for the Public Profile./(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogDroppedPackets (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log Dropped PacketsCCE-1165"public_profile_log_dropped_packets)oval:gov.nist.fdcc.vistafirewall:def:6421 CCE-5128-4wThe "Log Successful Connections" option for the Windows Firewall should be configured correctly for the Public Profile.!(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogSuccessfulConnections (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log successful connections (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Logged successful connectionsCCE-534,public_profile_logged_successful_connections)oval:gov.nist.fdcc.vistafirewall:def:6422 CCE-4639-1jThe log file path and name for the Windows Firewall should be configured correctly for the Public Profile.(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogFilePath (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Public Profile\Windows Firewall: Allow Logging - Log file path and name (3) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\NameCCE-1263public_profile_name)oval:gov.nist.fdcc.vistafirewall:def:6423 CCE-4278-8gThe log file size limit for the Windows Firewall should be configured correctly for the Public Profile.W(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\LogFileSize (2) Computer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile Tab\Logging\Size limit (KB)CCE-1313public_profile_size_limit)oval:gov.nist.fdcc.vistafirewall:def:6424 CCE-5146-6TThe ISATAP tunneling protocol for IPv6 should be enabled or disabled as appropriate.\(1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters\DisableComponentsCCE-1227.disable_isatap_teredo_6to4_tunneling_protocols$oval:gov.nist.fdcc.vista:def:6566666 CCE-5036-9RThe 6to4 tunneling protocol for IPv6 should be enabled or disabled as appropriate.CCE-1036 CCE-4811-6TThe Teredo tunneling protocol for IPv6 should be enabled or disabled as appropriate.CCE-1148 CCE-5239-9ZThe "Turn off Help Experience Improvement Program" setting should be configured correctly.(1) GPO Setting: User Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help Experience Improvement ProgramCCE-174,turn_off_help_experience_improvement_program!oval:gov.nist.fdcc.vista:def:8091 CCE-4851-2CThe "Turn off Help Ratings" setting should be configured correctly.(1) GPO Setting: User Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off Help RatingsCCE-1109turn_off_help_ratings!oval:gov.nist.fdcc.vista:def:8090 CCE-4294-5VThe "Create Symbolic Links" user right should be assigned to the appropriate accounts.(1) GPO Setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Create Symbolic LinksCCE-1176TBD CCE-5043-5UThe screen saver should be enabled or disabled as appropriate for the current user. (1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverActive (3) HKEY_CURRENT_USER\Control Panel\Desktop\ScreenSaveActive CCE-5264-7_The "Screen Saver Executable Name" setting should be configured correctly for the current user.*(1) filename of the screensaver executable(1) User Configuration\Administrative Templates\Control Panel\Display\Screen Saver Executable Name (2) HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE (3) HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE CCE-5101-19IP Source Routing should be properly configured for IPv6.(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (DisableIPSourceRouting) IPv6 source routing protection level (protects against packet spoofing) (2) HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting CCE-4271-3The "MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default)" setting should be configured correctly.(1) Numeric value0(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (TCPMaxDataRetransmissions) IPv6, how many times unacknowledged data is retransmitted (3 recommended, 5 is default) (2) HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions CCE-4467-7wThe "User Account Control: Allow UIAccess applications to prompt for elevation" setting should be configured correctly.(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\User Account Control: Allow UIAccess applications to prompt for elevation (2) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableUIADesktopToggle CCE-7716-4The time in seconds before the screen saver grace period expires (ScreenSaverGracePeriod) setting should be configured correctly.c(1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriodscreen-saver-grace-period&oval:com.secure-elements.oval:def:6065 CCE-8458-2jThe "Access credential Manager as a trusted caller" user right should be assigned to the correct accounts.(1) Set of accounts(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access credential Manager as a trusted callerCCE-389 CCE-7615-8YThe "add workstations to domain" user right should be assigned to the correct accounts. ~(1) Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Add workstations to domainCCE-183 CCE-8404-6?The default behavior for AutoRun should be properly configured.i(1) Enabled: Do not execute any autorun commands Enabled: Automatically execute autorun commands Disabled(1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutoRun (2) Computer Configuration\Administr< ative Templates\Windows Components\Autoplay Policies\Default behavior for AutoRun CCE-8387-3MThe "Unsigned Driver Installation Behavior" policy should be set correctly. N(1) Silently succeed | Warn but allow installation | Do not allow installation(1) HKLM\Software\Microsoft\Driver Signing\Policy (2) Computer Configuration\Windows Settings\Local Policies\Security Options\Devices: Unsigned driver installation behaviorCCE-413 CCE-8501-9PThe "Do Not Allow Windows Messenger to be Run" policy should be set correctly. (1) HKLM\Software\Policies\Microsoft\Messenger\Client\PreventRun (2) Computer Configuration\Administrative Templates\Windows Components\Windows Messenger\Do not allow Windows Messenger to be runCCE-802 CCE-8342-8(1) HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\sealsecurechannel (2)Computer Configuration\Windows Settings\Local Policies\Security Options\Secure Channel: Digitally Encrypt Secure Channel Data (When Possible)CCE-601 CCE-8095-2[The Autoplay policy "Don't set the always do this checkbox" should be configured correctly.(1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontSetAutoplayCheckbox (2) Computer Configuration\Adminsitrative Templates\Windows Components\Autoplay Policies\Don't set the always do this checkbox CCE-8034-1}The "enable computer and user accounts to be trusted for delegation" user right should be assigned to the correct accounts. (1) Computer Configuration\Windows Settings\Local Policies\User Rights Assignment\Enable computer and user accounts to be trusted for delegationCCE-15 CCE-8250-3SAutomatic Reboot After System Crash should be enabled or disabled as appropriate. (1) HKLM\SYSTEM\CurrentControlSet\Control\CrashControl\AutoReboot (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoReboot) Allow Windows to automatically restart after a system crash (recommended except for highly secure environments)CCE-137 CCE-8547-2CAdministrative Shares should be enabled or disabled as appropriate.(1) HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareWks (2) Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)CCE-512 CCE-8389-9DDisable saving of dial-up passwords should be properly configured. (1) HKLM\SYSTEM\CurrentControlSet\Services\RasMan\Parameters\DisableSavePassword (2)Computer Configuration\Windows Settings\Local Policies\Security Options\MSS: (DisableSavePassword) Prevent the dial-up passsword from being saved (recommended)CCE-156 CCE-8608-2UCD Burning features in Windows Explorer should be enabled or disabled as appropriate.(1) HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Network\NoCDBurning (2) User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove CD Burning featuresCCE-113 CCE-7952-5AThe "Remove Security tab" setting should be configured correctly.t(1) GPO Setting: User Configuration\Administrative Templates\Windows Components\Windows Explorer\Remove Security tabCCE-1022 CCE-7624-0The "System cryptography: Force strong key protection for user keys stored on the computer" policy should be enabled or disabled as appropriate.(1) HKLM\Software\Policies\Microsoft\Cryptography\ForceKeyProtection (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System cryptography: Force strong key protection for user keys stored on the computerCCE-647 CCE-7621-6The "System settings: Use Certificate Rules on Windows Executables for Software Restriction Policies" setting should be configured properly.(1) HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\AuthenticodeEnabled (2) Computer Configuration\Windows Settings\Local Policies\Security Options\System settings: Use Certificate Rules on Windows Executables for Software Restriction PoliciesCCE-572 CCE-8470-7xThe Windows Firewall "Allow ICMP exceptions" policy should be enabled or disabled as appropriate for the Domain Profile.(1) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Domain Profile\Allow ICMP exceptionsCCE-277 CCE-7629-9The Windows Firewall "Define inbound program exceptions" policy should be enabled or disabled as appropriate for the Domain Profile.(1) HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\Enabled (2) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Define inbound program exceptions CCE-8516-7hThe Windows Firewall inbound program exceptions list should be set appropriately for the Domain Profile.(1) List of programs CCE-8188-5zThe Windows Firewall "Allow ICMP exceptions" policy should be enabled or disabled as appropriate for the Standard Profile.(1) Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall \Standard Profile\Allow ICMP exceptionsCCE-797 CCE-18588-4IThe 'Audit Credential Validation' setting should be configured correctly./No auditing/Success/Failure/Success and Failure(1) Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\Account Logon\Audit Credential ValidationAudit_Credential_Validation#oval:gov.nist.usgcb.vista:def:20037 CCE-18891-2enabled/disabledr(1) Control Panel\Programs and Features\Turn Windows features on or off\Games (2) %Program Files%\Microsoft Gamesgames#oval:gov.nist.usgcb.vista:def:20000 CCE-18279-0(1) Control Panel\Programs and Features\Turn Windows features on or off\Internet Information Services (2) HKLM\SYSTEM\CurrentControlSet\Services\W3Svc\DisplayNameInternet_Information_Services#oval:gov.nist.usgcb.vista:def:20001 CCE-18624-7(1) Control Panel\Programs and Features\Turn Windows features on or off\SimpleTCP Services (2) HKLM\SYSTEM\CurrentControlSet\Services\simptcp\DisplayNameSimple_TCPIP_Services#oval:gov.nist.usgcb.vista:def:20002 CCE-18129-7w(1) Control Panel\Programs and Features\Turn Windows features on or off\Telnet Client (2) %windir%\system32\telnet.exe Telnet_Client#oval:gov.nist.usgcb.vista:def:20003 CCE-18284-0(1) Control Panel\Programs and Features\Turn Windows features on or off\Telnet Server (2) HKLM\SYSTEM\CurrentControlSet\Services\tlntsvr Telnet_Server#oval:gov.nist.usgcb.vista:def:20004 CCE-18700-5s(1) Control Panel\Programs and Features\Turn Windows features on or off\TFTP Client (2) %windir%\system32\tftp.exe TFTP_Client#oval:gov.nist.usgcb.vista:def:20005 CCE-18689-0|(1) Control Panel\Programs and Features\Turn Windows features on or off\Windows Media Center (2) %windir%\ehome\ehshell.exeWindows_Media_Center#oval:gov.nist.usgcb.vista:def:200067(1) disabled/manual/automatic/automatic (delayed start) CCE-18320-2(1) Enabled\Not Enabled (2) Allow the connection\Allow the connection if it is secure(Allow the connection if it is authenticated and integrity-protected\Require the connection to be encrypted\Allow the computers to dynamically negotiate encryption\Allow the connection to use null encapsulation\Override block rules)\Block the connection (3) List of authorized computers (4) List of computer exceptions (5) List of local IP address that limit the scope (6) List of remote IP address that limit the scope (7) Profiles: Domain\Private\Public (8) All interface types\These interface types (Local area network/Remote access\Wireless) (9) Block edge traversal\Allow edge traversal\Defer to user\Defer to application (10) List of authorized users (11) List of user exceptions(1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules\CoreNet-DHCP-In!v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000| (2) Computer Configuration\Windows Settings\Security Settings\W< indows Firewall with Advanced Security\Windows Firewall with Advanced Security\Inbound Rules\Core Networking - Dynamic Host Configuration Protocol (DHCP-In) CCE-18987-8CThe 'Turn off game updates' setting should be configured correctly.(1) HKLM\Software\Policies\Microsoft\Windows\GameUX!GameUpdateOptions (2) Computer Configuration\Administrative Templates\Windows Components\Game Explorer\Turn off game updates CCE-18388-9FThe 'Enable/Disable PerfTrack' setting should be configured correctly.(1) HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled (2) Computer Configuration\Administrative Templates\System\Troubleshooting and Diagnostics\Windows Performance PerfTrack\Enable/Disable PerfTrack CCE-18220-4 CCE-18356-6\The 'Configure Windows NTP Client\CrossSiteSyncFlags' option should be configured correctly.(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!CrossSiteSyncFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\CrossSiteSyncFlags CCE-18589-2WThe 'Configure Windows NTP Client\EventLogFlags' option should be configured correctly.(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!EventLogFlags (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\EventLogFlags CCE-18626-2SThe 'Configure Windows NTP Client\NtpServer' option should be configured correctly.,DNS name or IP address of an NTP time source(1) HKLM\Software\Policies\Microsoft\W32time\Parameters!NtpServer (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\NtpServer CCE-18386-3dThe 'Configure Windows NTP Client\ResolvePeerBackoffMaxTimes' option should be configured correctly.(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!ResolvePeerBackoffMaxTimes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMaxTimes CCE-18324-4cThe 'Configure Windows NTP Client\ResolvePeerBackoffMinutes' option should be configured correctly.(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!ResolvePeerBackoffMinutes (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\ResolvePeerBackoffMinutes CCE-18594-2]The 'Configure Windows NTP Client\SpecialPollInterval' option should be configured correctly.(1) HKLM\Software\Policies\Microsoft\W32time\TimeProviders\NtpClient!SpecialPollInterval (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\SpecialPollInterval CCE-18115-6NThe 'Configure Windows NTP Client\Type' option should be configured correctly.NoSync\NTP\NT5DS\AllSync(1) HKLM\Software\Policies\Microsoft\W32time\Parameters!Type (2) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client\Type CCE-18938-1_The 'Specify the System Hibernate Timeout (On Battery)' setting should be configured correctly. (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364\DCSettingIndex!3600 (2) Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (On Battery) CCE-18358-2_The 'Specify the System Hibernate Timeout (Plugged In)' setting should be configured correctly. (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\9D7815A6-7EE4-497E-8888-515A05F02364\ACSettingIndex!3600 (2) Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Specify the System Hibernate Timeout (Plugged In) CCE-18686-6OThe 'Turn off the Display (On Battery)' setting should be configured correctly. (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\DCSettingIndex!1200 (2) Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn off the Display (On Battery) CCE-18303-8OThe 'Turn off the Display (Plugged In)' setting should be configured correctly. (1) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\3C0BC021-C8A8-4E07-A973-6B14CBCB2B7E\ACSettingIndex!1200 (2) Computer Configuration\Administrative Templates\System\Power Management\Video and Display Settings\Turn off the Display (Plugged In) CCE-18881-3hThe 'Extend Point and Print connection to search Windows Update' setting should be configured correctly.(1) HKLM\Software\Policies\Microsoft\Windows NT\Printers!DoNotInstallCompatibleDriverFromWindowsUpdate (2) Computer Configuration\Administrative Templates\Printers\Extend Point and Print connection to search Windows Update CCE-18715-3eThe 'Allow users to connect remotely using Terminal Services' setting should be configured correctly. (1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!fDenyTSConnections (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Allow users to connect remotely using Terminal Services CCE-18414-3QThe 'Do not delete temp folder upon exit' setting should be configured correctly.(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!DeleteTempDirsOnExit (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Do not delete temp folder upon exit CCE-18913-4VThe 'Do not use temporary folders per session' setting should be configured correctly.(1) HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!PerSessionTempDir (2) Computer Configuration\Administrative Templates\Windows Components\Terminal Services Services\Terminal Servicer\Connections\Do not use temporary folders per session&domain_profile_Core_Networking_DHCP_In+oval:gov.nist.USGCB.vistafirewall:def:20940turn_off_game_updates+oval:gov.nist.usgcb.windowsvista:def:100010enable_disable_perftrack+oval:gov.nist.usgcb.windowsvista:def:100066configure_windows_ntp_client$oval:gov.nist.usgcb.vista:def:100215/Specify_the_System_Hibernate_Timeout_On_Battery#oval:gov.nist.usgcb.vista:def:20020/Specify_the_System_Hibernate_Timeout_Plugged_in#oval:gov.nist.usgcb.vista:def:20021Turn_off_the_Display_On_Battery#oval:gov.nist.usgcb.vista:def:20022Turn_off_the_Display_Plugged_In#oval:gov.nist.usgcb.vista:def:20023aextend_point_and_print_connection_to_search_windows_update_and_use_alternate_connection_if_needed+oval:gov.nist.usgcb.windowsvista:def:100035=allow_users_to_connect_remotely_using_remote_desktop_services$do_not_delete_temp_folders_upon_exit$oval:gov.nist.usgcb.vista:def:100013(do_not_use_temporary_folders_per_session$oval:gov.nist.usgcb.vista:def:100014|The 'Core Networking - Dynamic Host Configuration Protocol (DHCP-In)' Windows Firewall rule should be configured correctly. {(1) Computer Configuration\Administrative Templates\System\Windows Time Service\Time Providers\Configure Windows NTP Client Not configured\Enabled \Disabled8None (0) / Primary Domain Controllers only (1) / All (2)wNo events (0) / Time jump events (1) / Time source change events (2) / Both time jump and time source change events (3)maximum number of DNS resolution attempts by W32time, with the delay period doubling between each attempt, before the resolution process is restarted (0 to 9999)&number of minutes (between 0 and 9999),number of seconds (between 0 and 4294967295)KDEPRECATED. [Was: "The 'Configure Windows NTP Client' setting should be configured correctly." The enabled/disabled/not configured status of this GPO (see CCE Technical Mechanisms) does not itself affect the configuration of aspects of the Windows NTP Client; it only controls whether Group Policy is used to set those options.] ,number of seconds secon<ds (0 to 4294967295)LThe Windows Vista 'Games' feature should be turned on or off as appropriate.dThe Windows Vista 'Internet Information Services' feature should be turned on or off as appropriate.YThe Windows Vista 'SimpleTCP Services' feature should be turned on or off as appropriate.TThe Windows Vista 'Telnet Client' feature should be turned on or off as appropriate.TThe Windows Vista 'Telnet Server' feature should be turned on or off as appropriate.RThe Windows Vista 'TFTP Client' feature should be turned on or off as appropriate.[The Windows Vista 'Windows Media Center' feature should be turned on or off as appropriate.on/offLast modified: 2012-03-13Version: 5.20120314` JEs  9{z&y%\ : ^ 0= "%4),0b 5:?IeDMIMKR WU[_/d'Lhl}lnpYty x ~@d@<  LHʛOK~Vd sV8_ xNS I4{W ? #O$Z)e,/R4D ?:}?)E}KQ7DUt Y]kaeGjSm7rC v z!-ʐ .X IM}A[  g:| N tO.    @= 7","[6 AEccB f2ɀ PWbAtY3)&'5OCoOgU  dMbP?_*+%&ffffff?'ffffff?(?)?M\\MBPS1\1S412-OC9284-5337-46DF  od XX0CourierArial 0X o   COPIES@PJL JOB NAME="!JOBNAME" @PJL SET GUISTARTJOB=1 @PJL EOJ  E222XXXXXXXXXXXXXXXC,EXXxxxxb 222XXXX,TOSHIBA eS282/283Series PSL3Mckinley1M24402XXXE0?ʡE??ʡE? 2222                                                   X1118050,E211111111111111111111111C,1003,E211,2124,E1,111302({111111C E222XXXXXXXXXXXXXXXXXXXXXC,D222,X,E2XXXXX2,D1,E011111111111121111111111C EXXX222222222222222222222C,E22X,X,EX2XXXXX,X0,SP:Drawer1Pap"dXX333333?333333?&<3U} C} C} C} 2C} D}  C} "E}  "F} I} $ B  @                      ;M GG ;N  GG < < < <= < > > ?  ?  ?  ?  @  @ H C C C C E E F  F H C C C C E E F  F H C C C C E! E" F#  F$ H% C& C' C C( E) E* F+  F, H- C. C' C C/ E) E* F+  F, H0 C1 C' C C2 E3 E4 F5  F6 H7 C8 C' C C9 E3 E4 F5 F6 H: C; C' C C< E= E> F? F@ HA CB C' C CC E= E> F? F@ HD CE C' CF CG EH EI FJ FK HL CM C' CF CN EH EI FJ FK HO CP C' C CQ ER ES FT  FU HV CW C' C CX ER ES FT  FU HY CZ C' C C[ E\ E] F^  F_ H` Ca C' C Cb E\ E] F^  F_ Hc Cd C' C Ce Ef Eg Fh  Fi Hj Ck C' C Cl Ef Eg Fh  Fi Hm Cn C' C Co Ep Eq Fr  Fs Ht Cu C' C Cv Ep Eq Fr  Fs Hw Cx C' C Cy Ez E{ F|  F} H~ C C' C C Ez E{ F|  F} H C C' C C E E H C C C C E E F  F H C C J C E E H C C' C C E E H C C C C E E F  F H C C J C E E H C C' C C E E H C C C C E E F  FD2l~~~~~~~~~~~~~~~~~~~~~b~bb~bb ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  H C C J C E E !H !C !C !C !C !E !E !F ! F "H "C "C "C "C "E "E "F " F #H #C #C #C #C #E #E #F # F $H $C $C' $C $C $E $E $F $ F %H %C %C %C %C %E %E %F % F &H &C &C' &C &C &E &E &F & F 'H 'C 'C 'C 'C 'E 'E 'F ' F (H (C (C (C (C (E (E (F ( F )H )C )C )C )C )E )E )F ) F *H *C *C *C *C *E *E *F * F  +H  +C  +C' +C  +C  +E +F + F ,H ,C ,C' ,C ,C ,E ,E ,F , F -H -C -C' -C -C -E -E .H .C .C .C  .C! .E" .E# .F" . F$ /H% /C& /C' /C( /C) /E* /E+ /F* / F, 0H- 0C. 0C' 0C/ 0C0 0E1 0E2 0F1 0 F3 1H4 1C5 1C' 1C6 1C7 1E8 1E9 1F: 1 F; 2H< 2C= 2C> 2C? 2C@ 2EA 2EB 2FA 2 FC 3HD 3CE 3CF 3CG 3CH 3EI 3EJ 3FI 3 FK 4HL 4CM 4C' 4CN 4CO 4EP 4EQ 4FP 4 FR 5HS 5CT 5C' 5CU 5CV 5EW 5EX 5FW 5 FY 6HZ 6C[ 6C\ 6C] 6C^ 6E_ 6E` 6F_ 6 Fa 7Hb 7Cc 7C' 7Cd 7Ce 7Ef 7Eg 7Ff 7 Fh 8Hi 8Cj 8Ck 8Cl 8Cm 8En 8Eo 8Fn 8 Fp 9Hq 9Cr 9C' 9Cs 9Ct 9Eu 9Ev 9Fu 9 Fw :Hx :Cy :C' :Cz :C{ :E| :E} :F| : F~ ;H ;C ;C ;C ;C ;E ;E ;F ; F <H <C <C' <C <C <E <E <F < F =H =C =C =C =C =E =E =F = F >H >C >C >C >C >E >E >F > F ?H ?C ?C ?C ?C ?E ?E ?F ? FDlb~~~~~~~~~~p~b~~~~~~~~~~~~~~~~~@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @H @C @C' @C @C @E @E @F @ F AH AC AC' AC AC AE AE AF A F BH BC BC' BC BC BE BE BF B F CH CC CC' CC CC CE CE CF C F DH DC DC' DC DC DE DE DF D F EH EC EC' EC EC EE EE EF E F FH FC FC' FC FC FE FE FF F F GH GC GC' GC GC GE GE GF G F HH HC HC HC HC HE HE HF H F IH IC IC' IC IC IE IE IF I F JH JC JC' JC JC JE JE JF J F KH KC KC' KC KC KE KE KF K F LH LC LC' LC LC LE LE LF L F MH MC MC' MC MC ME ME MF M F NH NC NC NC NC  NE  NE  NF  N F  OH  OC OC OC OC OE OE OF O F PH PC PC' PC PC PE PE PF P F QH QC QC' QC QC QE  QE! QF  Q F" RH# RC$ RC' RC% RC& RE' RE( RF' R F) SH* SC+ SC, SC- SC. SE/ SE0 SF/ S F1 TH2 TC3 TC' TC4 TC5 TE6 TE7 TF6 T F8 UH9 UC: UC' UC; UC< UE= UE> UF= U F? VH@ VCA VC' VCB VCC VED VEE VFD V FF WHG WCH WC' WCI WCJ WEK WEL WFM W FN XHO XCP XC' XCQ XCR XES XET XFS X FU YHV YCW YC' YCX YCY YEZ YE[ YFZ Y F\ ZH] ZC^ ZC' ZC_ ZC` ZEa ZEb ZFa Z Fc [Hd [Ce [C' [Cf [Cg [Eh [Ei [Fh [ Fj \Hk \Cl \Cm \Cn \Co \Ep \Eq \Fp \ Fr ]Hs ]Ct ]Cu ]Cv ]Cw ]Ex ]Ey ]Fz ] F{ ^H| ^C} ^C~ ^C ^C ^E ^F ^ F _H _C _C _C _C _E _E _F _ FD2l~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~p` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `H `C `C' `C `C `E `E `F ` F aH aC aC' aC aC aE aE aF a F bH bC bC bC bC bF b F cH cC cC' cC cC cE cE cF c F dH dC dC' dC dC dE dE dF d F eH eC eC' eC eC eE eE eF e F fH fC fC fE fE gH gC gC gE gE hH hC hC hE hE iH iC iC iE iE jH jC jC jE jE kH kC kC kE kF k F lH lC lC lE lF l F mH mC mC nH nC nC' nC nC nE nE oH oC oC oE oE oF o F pH pC pC pC pC pE pE pF p F qH qC qC qC qC qE qE qF q F rH rC rC' rC rC rE rE rF r F sH sC sC' sC sC sE sE sF s F tH tC  tC' tC  tC  tE  tE  tF t F uH uC uC' uC uC uE uE u F u F vH vC vC' vC vC vE vE wH wC wC' wC  wC! wE" wE# xH$ xC% xC& xC' xC( xE) xE* yH+ yC, yC' yC- yC. yE/ yE0 zH1 zC2 zC& zC3 zC4 zE5 zE6 {H7 {C8 {C' {C9 {C: {E; {E< |H= |C> |C' |C? |C@ |EA |EB }HC }CD }C' }JE }CF } FG } FH ~HI ~CJ ~CK ~JL ~CM ~ FN ~ FO HP CQ CR JS CT  FU  FVDl~~b~~~FFFFFTT*bb~~~~~~bbbbbbbbb                                 HW CX C' JY CZ F[ F\ H] C^ C' C_ C` Ea Eb Fc Fd He Cf C' Cg Ch Ei Ej Hk Cl C' Cm Cn Eo Ep Hq Cr C' Cs Ct Eu Ev Hw Cx C' Cy Cz E{ E| H} C~ C' C C E E H C C' C C E E H C C' C C E E H C C' C C E E H C C' C C E E H C C' C C E E H C C' C C E E H C C' C C E E H C C' C C E E H C J C E E F F H C C C E E F F H C J C E E F F H C J C E E H C C C E E F F H C C C E E F F H C C C E E F F H C C J C E E F F H C C' J C E E F F H C J C E E F F H C J C E E F F H  C  C  C  E  E F F H C C C E E F F H C J C E E F F  H! C" C J# C$ E% E& F' F( H) C* C' J+ C, E- E. F/ F0 H1 C2 J3 C4 E5 E6 F7 F8Dlb~bbbbbbbbbbbbbpppTppp~~ppppp~~                                 H9 C: J; C< E= E> F? F@ HA CB CC CD EE EF HG CH CI CJ EK EL FM FN HO CP JQ C ER ES HT CU CV CW EX EY FX FZ H[ C\ C] C^ E_ E` F_ Fa Hb Cc Cd Ce Ef Eg Ff Fh Hi Cj Ck Cl Em En Fm Fo Hp Cq Cr Cs Et Eu Fv Fw Hx Cy Cz C{ E| E} F| F~ H C C C E E F F H C C C E E H C C C E E H C C C E E F F H C C C E E H C C C E H C C C E E F F H C C C E E F F H C C C E E F F H C C C E E F F H C C C E H C C C E E F F H C C' C C E E H C C' C C E E H C C' C C E E F F H C C' C C E E F F H C C' C C E E F F H C C' C C E E F F H C C' C C E E F F H C C' C C E  E  H  C  C' C  C E E F F H C C' C C E E F FDlpTpTpppppppTTpTFppppFpbb~~~~~b~                                 H C C' C C E E  F! F" H# C$ C' C% C& E' E( H) C* C' C+ C, E- E. H/ C0 C' C1 C2 E3 E4 F5 F6 H7 C8 C' C9 C: E; E< F; F= H> C? C' C@ CA EB EC FB FD HE CF C' CG CH EI EJ FI FK HL CM C' CN CO EP EQ FP FR HS CT C' CU CV EW EX FW FY HZ C[ C' C\ C] E^ E_ F^ F` Ha Cb C' Cc Cd Ee Ef Fe Fg Hh Ci C' Cj Ck El Em Fl Fn Ho Cp C' Cq Cr Es Et Fs Fu Hv Cw C' Cx Cy Ez E{ Fz F| H} C~ C' C C E E F F H C C' C C E E H C C' C C E E H C C' C C E E H C C' C C E E F F H C C' C C E E F F H C C' C C E E H C C' C C E E F F H C C' C C E E F F H C C' C C E E F F H C C' C C E E F F H C C' C C E E H C C' C C E E H C C' C C E E H C C' C C E E F F H C C' C C E E F F H C C' C C E E F F H C C' C C E E F FDDl~bb~~~~~~~~~~~~bbb~~b~~~~bbb~~~                                 H C C' C C E E F F H C C' C C E E F  F  H  C  C' C  C E E F F H C C' C C E E F F H C C' C C E E  H! C" C' C# C$ E% E& F' F( H) C* C' C+ C, E- E. F/ F0 H1 C2 C' C3 C4 E5 E6 F7 F8 H9 C: C' C; C< E= E> F? F> H@ CA C' CB CC ED EE FD FE HF CG C' CH CI EJ EK FJ FK HL CM C' CH CN EO EP FO FP HQ CR C' CS FT FU HV CW C CX FY FZ H[ C\ C] C^ F_ F` Ha Cb C Cc Fd Fe Hf Cg C Ch Fi Fj Hk Cl C' Cm Cn Fo Fp Hq Cr C' Cs Ct Fu Fv Hw Cx Cu Cy Cz F{ F| H} C~ C C C F F H C C' C C F F H C C' C C F F H C C' C C F F H C C' C C F F H C C' C C F F H C C' C C F F H C C' C C F F H C C' C C F F H C C' C C F F H C C' C C F F H C C' C C F FDl~~~~b~~~~~~~TTTTTbbbbbbbbbbbbbb                                      H C C C C F  F H C C C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C C C F  F H C C C C F  F H C C C C F   F  H  C  C C  C F  F H C C C C F  F H C C C C F  F H C C C C  F!  F" H# C$ C C% C& F'  F( H) C* C+ C, C- F.  F/ H0 C1 C C2 C3 F4  F5 H6 C7 C C8 C9 F:  F; H< C= C C> F?  F@ HA CB C CC CD FE  FF HG CH C CI CJ FK  FL HM CN C CO CP FQ  FR HS CT C CU CV FW  FX HY CZ C C[ C\ F]  F^ H_ C` C Ca Cb Fc  Fd He Cf C Cg Ch Fi  Fj Hk Cl C Cm Cn Fo  Fp Hq Cr C Cs Ct Fu  Fv Hw Cx C Cy Fz  F{ H| C} C~ C C F  F H C C C C F  FDlbbbbbbbbbbbbbbbbbbbTbbbbbbbbbTb  ! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ?  H C C C C F  F !H !C !C !C !C !F ! F "H "C "C "C "C "F " F #H #C #C #C #C #F # F $H $C $C $C $C $F $ F %H %C %C+ %C %C %F % F &H &C &C &C &C &F & F 'H 'C 'C 'C 'C 'F ' F (H (C (C (C (C (F ( F )H )C )C )C )C )F ) F *H *C *C *C *C *F * F +H +C +C +C +C +F + F ,H ,C ,C ,C ,C ,F , F -H -C -C -C -C -F - F .H .C .C .C .C .F . F /H /C /C /C /C /F / F 0H 0C 0C 0C 0C 0F 0 F 1H 1C 1C' 1J 1C 1F 1 F 2H 2C 2C' 2C 2C 2F 2 F 3H 3C 3C' 3C 3C 3F 3 F 4H 4C 4C' 4C 4C 4F 4 F 5H 5C  5C 5C  5C  5F  5 F  6H 6C 6C' 6C 6C 6F 6 F 7H 7C 7C' 7C 7C 7F 7 F 8H 8C 8C' 8C 8C 8F 8 F 9H  9C! 9C" 9C# 9C$ 9F% 9 F& :H' :C( :C' :C) :C* :F+ : F, ;H- ;C. ;CR ;C/ ;C0 ;F1 ; F2 <H3 <C <C4 <C <F < F5 =H6 =C7 =C8 =C9 =C: =F; = F< >H= >C> >C? >C@ >CA >FB > FC ?HD ?CE ?CF ?CG ?CH ?FI ? FJDlbbbbbbbbbbbbbbbbbbbbbbbbbbbbTbb@ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ \ ] ^ _  @HK @CL @CM @CN @CO @FP @ FQ AHR ACS AC' ACT ACU AFV A FW BHX BCY BC' BCZ BC[ BF\ B F] CH^ CC_ CC' CC` CCa CFb C Fc DHd DCe DC' DCf DCg DFh D Fi EHj ECk EC' ECl ECm EFn E Fo FHp FCq FC' FCr FCs FFt F Fu GHv GCw GC' GCx GCy GFz G F{ HH| HC} HC' HC~ HC HF H F IH IC IC' IC IC IF I F JH JC JC' JC JC JF J F KH KC KC' KC KC KF K F LH LC LC' LC LC LF L F MH MC MC' MC MC MF M F NH NC NC' NC NC NF N F OH OC OC' OC OC OF O F PH PC PC' PC PC PF P F QH QC QC' QC QC QF Q F RH RC RC' RC RC RF R F SH SC SC' SC SC SF S F TH TC TC' TC TC TF T F UH UC UC' UC UC UF U F VH VC VC' VC VC VF V F WH WC WC' WC WC WF W F XH XC XC' XC XC XF X F YH YC YC' YC YC YF Y F ZH ZC ZC' ZC ZC ZF Z F [H [C [C' [C [C [F [ F \H \C \C' \C \C \F \ F ]H ]C ]C' ]C ]C ]F ] F ^H ^C ^C' ^C ^C ^F ^ F _H _C _C' _C _C _F _ FDlbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb` a b c d e f g h i j k l m n o p q r s t u v w x y z { | } ~   `H `C `C' `C `C `F ` F aH aC aC' aC aC aF a F bH bC bC' bC bC bF b F cH cC cC' cC cC cF c F dH dC dC' dC dC dF d F eH eC eC' eC eC eF e F fH fC fC' fC fC fF f F gH gC gC' gC gC gF g F hH hC hC' hC hC hF h F iH iC iC' iC iC iF i F jH jC jC' jC jC jF j F kH kC kC' kC kC kF k F lH lC lC' lC lC lF l F mH mC mC' mC mC mF m F nH nC! nC' nC nC" nF n F oH# oC$ oC' oC oC% oF& o F' pH( pC) pC' pC pC* pF& p F' qH+ qC, qC' qC qC- qF. q F/ rH0 rC1 rC' rC rC2 rF. r F/ sH3 sC4 sC' sC sC5 sF6 s F7 tH8 tC9 tC' tC tC: tF6 t F7 uH; uC< uC' uC uC= uF> u F? vH@ vCA vC' vC vCB vF> v F? wHC wCD wC' wC wCE wFF w FG xHH xCI xC' xC xCJ xFF x FG yHK yCL yC' yC yCM yFN y FO zHP zCQ zC' zC zCR zFN z FO {HS {CT {C' {C {CU {FV { FW |HX |CY |C' |C |CZ |FV | FW }H[ }C\ }C' }C }C] }F^ } F_ ~H` ~Ca ~C' ~C ~Cb ~F^ ~ F_ Hc Cd C' C Ce Ff  Fg Dlbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb                                 Hh Ci C' C Cj Ff  Fg Hk Cl C' C Cm Fn  Fo Hp Cq C' C Cr Fn  Fo Hs Ct C' C Cu Fv  Fw Hx Cy C' C Cz Fv  Fw H{ C| C' C C} F~  F H C C' C C F~  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F Dlbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb                                 H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C' C C F  F H C C C C  F  F H C C' J C  F  F H C C! J" C#  F$  F% H& C' CK J( C)  F*  F+ H, C- CR J. C/  F0  F1 H2 C3 C' J4 C5  F6  F7 H8 C9 C! J: C;  F<  F= H> C? CK J@ CA  FB  FC HD CE CR JF CG  FH  FI HJ CK C' CL CM FN  FO HP CQ C' CL CR FN  FO HS CT C' CL CU FN  FO HV CW C' CX CY FZ  F[ H\ C] C' C^ C_ F`  Fa Hb Cc C+ Cd Ce Ff  Ff Hg Ch C' Ci Hj Ck Cl Cm Hn Co CF Jp Hq Cr Cs Jt Hu Cv C' Jw Hx Cy C Cz E{ E| D lbbbbbbbbbbbbbbbbbbbbbbbbbb88888A H} C~ C C C H C C C C H C C C H C C C C H C C' C C H C C' C C H C C' C H C C C C H C C' J C H C C' J C H C C' C C H C C' C C H C C' C C H C C' C C H C C' J C H C C' C C H C C' C H C C C H C C' C C K L M M DCEEFFFF  N  N K LE ML M  O  O K LF ML M  N  N K LG ML M  O  O K LH ML M  N  N K LI ML M  O  O K LJ ML M  N  N K LK ML M  O  O P Q; Q R  S$  S% P Q M R  T&  T' P Q M R  S(  S) P QC Q= R<  T*  T+ P Q Q> R  S*  S+ D lFF8FFF8FFFFFFFFF88FnTTTTTTTTTTT  P Q Q? R  T*  T+ P Q Q R  S*  S+ P Q Q@ R  T*  T+ P Q QA R  S*  S+ P Q QB R  T*  T+ P Q Q R  S*  S+ U Q QD R  T,  T- U Q QD R  S.  S/ U Q QD R  T0  T1 U Q QD R  S2  S3 P Q M R  T4  T5 U V M R  S6  S- U V M R  T7  T8 U! V" M R#  S9  S: TTTTTTTTTTTTT>@EBA ggD Oh+'0@H\x  Sain, JoeMatthew N. WojcikMicrosoft Excel@Cv@c՜.+,0 PXx  The MITRE Corporation vista  Worksheets  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry FE&pWorkbook.VSummaryInformation(DocumentSummaryInformation8