The Secureframe Agent checks for these device configuration settings:
- Hard drive encrypted
- Native antivirus enabled
- Session timeout enabled
- Local firewall enabled
To set these configurations correctly for Windows, follow the instructions below.
Encrypt the hard drive
To enable device encryption, follow the instructions here.
Enable native antivirus
Check settings in the Windows Security Center to enable antivirus.
Enable session timeout (screen lock)
- In the Windows taskbar, select Start > Settings.
- Do a search for “screensaver” to discover the Change screen saver option in the Control Panel. Selecting this option will open the Screen Saver Settings window.
- Set the screen saver timeout to be 15 minutes or less AND check the On resume, display logon screen box.
- On the Asset Inventory page, the screen lock check for the device is updated when the device has checked in with the correct configuration AND the Secureframe Agent integration has synced.
Enable local firewall
Check settings in the Windows Security Center to enable the firewall.
NOTE: The Secureframe Agent does not pull information for password policy at this time. It’s recommended to upload manual password evidence to the Data Room.
Manual evidence can be a screenshot showing a minimum password length of at least 8 characters and any additional complexity settings (e.g., alphanumeric).