The Secureframe Agent checks for the following device configuration settings:
- Hard Drive Encrypted
- Turn on BitLocker for the C Drive (Instructions here).
- Native Antivirus Enabled
- Check Windows security center antivirus.
- Session Timeout Enabled (Screenlock)
- Open the Windows Control Panel and search for the "Change screen saver" option. This should open the "Screen Saver Settings" window.
- Set the screen saver timeout to be 15 minutes or less, and check the box for "On resume, display logon screen".
- The "Screen lock" check for the device on the Asset Inventory page is updated when both a device has checked in with the correct configuration and the Secureframe Agent integration has synced.
- Open the Windows Control Panel and search for the "Change screen saver" option. This should open the "Screen Saver Settings" window.
- Local firewall enabled
- Check Windows security center firewall.
Note:
- The Secureframe Agent does not pull information for password policy at this time.
- We'd recommend uploading manual evidence to Data Room. The manual evidence can be a screenshot showing "Minimum Password Length" of at least 8 characters and any other additional complexity settings (alphanumeric).