| V-17428 | High | The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a private network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unsolicited inbound connections may be malicious attempts to gain access to a... |
| V-17418 | High | The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a domain. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unsolicited inbound connections may be malicious attempts to gain access to a... |
| V-17438 | High | The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a public network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unsolicited inbound connections may be malicious attempts to gain access to a... |
| V-17429 | Medium | The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a private network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Outbound connections are allowed on a private network, unless a rule explicitly... |
| V-17442 | Medium | The Windows Firewall with Advanced Security local firewall rules must not be merged with Group Policy settings when connected to a public network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Local firewall rules will not be merged with Group Policy settings on a public... |
| V-17443 | Medium | The Windows Firewall with Advanced Security local connection rules must not be merged with Group Policy settings when connected to a public network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Local connection rules will not be merged with Group Policy settings on a... |
| V-17441 | Medium | The Windows Firewall with Advanced Security must block unicast responses to multicast or broadcast messages when connected to a public network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unicast responses to multicast or broadcast messages for a public network will... |
| V-17421 | Medium | The Windows Firewall with Advanced Security must block unicast responses to multicast or broadcast messages when connected to a domain. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unicast responses to multicast or broadcast messages in the domain will be... |
| V-17415 | Medium | The Windows Firewall with Advanced Security must be enabled when connected to a domain. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. This setting enables the firewall when connected to the domain. |
| V-17417 | Medium | The Windows Firewall with Advanced Security must be enabled when connected to a public network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. This setting enables the firewall when connected to a public network. |
| V-17416 | Medium | The Windows Firewall with Advanced Security must be enabled when connected to a private network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. This setting enables the firewall when connected to a private network. |
| V-17419 | Medium | The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a domain. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Outbound connections are allowed in the domain, unless a rule explicitly blocks... |
| V-17439 | Medium | The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a public network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Outbound connections are allowed on a public network, unless a rule explicitly... |
| V-17431 | Medium | The Windows Firewall with Advanced Security must block unicast responses to multicast or broadcast messages when connected to a private network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unicast responses to multicast or broadcast messages for a private connection... |
| V-36440 | Medium | Inbound exceptions to the firewall on domain workstations must only allow authorized remote management hosts. | Allowing inbound access to domain workstations from other systems may allow lateral movement across systems if credentials are compromised. Limiting inbound connections only from authorized... |
| V-17430 | Low | The Windows Firewall with Advanced Security must display notifications when a program is blocked from receiving an inbound connection when connected to a private network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The display of notifications to the user when a program is blocked from... |
| V-17427 | Low | The Windows Firewall with Advanced Security must log successful connections when connected to a domain. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of successful connections for a domain connection will be enabled to... |
| V-17446 | Low | The Windows Firewall with Advanced Security must log dropped packets when connected to a public network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a public network connection will be enabled to... |
| V-17447 | Low | The Windows Firewall with Advanced Security must log successful connections when connected to a public network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of successful connections for a public network connection will be... |
| V-17444 | Low | The Windows Firewall with Advanced Security log file name and location must be configured for public network connections. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The location and file name of the firewall log for a public network connection... |
| V-17445 | Low | The Windows Firewall with Advanced Security log size must be configured for public network connections. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The firewall log file size for a public network connection will be set to... |
| V-17426 | Low | The Windows Firewall with Advanced Security must log dropped packets when connected to a domain. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a domain connection will be enabled to maintain... |
| V-17420 | Low | The Windows Firewall with Advanced Security must display notifications when a program is blocked from receiving an inbound connection when connected to a domain. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The display of notifications to the user when a program is blocked from... |
| V-17424 | Low | The Windows Firewall with Advanced Security log file name and location must be configured for domain connections. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The location and file name of the firewall log for a domain connection will be... |
| V-17425 | Low | The Windows Firewall with Advanced Security log size must be configured for domain connections. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The firewall log file size for a domain connection will be set to ensure enough... |
| V-17437 | Low | The Windows Firewall with Advanced Security must log successful connections when connected to a private network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of successful connections for a private network connection will be... |
| V-17436 | Low | The Windows Firewall with Advanced Security must log dropped packets when connected to a private network. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a private network connection will be enabled ... |
| V-17435 | Low | The Windows Firewall with Advanced Security log size must be configured for private network connections. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The firewall log file size for a private connection will be set to ensure... |
| V-17434 | Low | The Windows Firewall with Advanced Security log file name and location must be configured for private network connections. | A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. The location and file name of the firewall log for a private connection will be... |
