Securing Your Windows 10 Stand-alone Systems Just Got Easier

For years, security teams have been using Active Directory to push secure configurations to their domain-joined systems. "Domain-joined" means that a computer can establish a secure remote connection with a domain using enterprise credentials. This type of arrangement benefits IT and security personnel by facilitating central management of users and devices, such as in Active Discovery. It also involves centralizing user authentication to network resources, enforcing minimum password requirements across an organization, and implementing security policies, among other use cases.

Not every system is connected to a domain due to various reasons. If an organization has "non-domain-joined," "stand-alone," or "Workgroup" systems, IT and security personnel can't use Active Directory to manage them, and security policies must be manually applied to the system. This process can be time-consuming and error-prone.

A New CIS Benchmark to Tackle This Problem

We at the Center for Internet Security (CIS) have received several requests for a stand-alone CIS Microsoft Windows 10 Benchmark. Customers using stand-alone (non-domain-joined) systems frequently tell us that they aren't easily able to apply our current Windows 10 Benchmark to those systems. That's because all of our current Windows Operating Systems (OS) Benchmarks are made for domain-joined systems, leaving customers with few options other than making heavy modifications to the relevant Benchmarks.

So we're excited to say we've tackled this important challenge. We worked with subject matter experts to produce a stand-alone CIS Microsoft Windows 10 Benchmark that applies to all build versions of the Windows 10 OS, including older versions. This effort culminated in the public release of CIS Microsoft Windows 10 Stand-alone Benchmark v1.0.0, a version that was tested against Microsoft Windows 10 Enterprise Release 21H2. A CIS Build Kit is also available to CIS SecureSuite Members along with CIS-CAT Pro and CIS-CAT Lite support for the Benchmark.

What Sets This Benchmark Apart?

We made several changes in CIS Microsoft Windows 10 Stand-alone Benchmark v1.0.0 that differentiates its content from the Windows 10 coverage we already provide. This included removing 33 domain-focused recommendations as well as modifying several recommendations and tailoring them for a Workgroup system.

Additionally, we addressed the fact that applying 400+ security settings manually can be cumbersome. To help ease the burden of applying those policies manually, we provided detailed guidance on how to apply the CIS Build Kit utilizing Microsoft’s Local Group Policy Object (LGPO) tool, which is made specifically for non-domain-joined systems.

Begin Securing Your Stand-alone Windows 10 Systems

Windows 10 is one of our most downloaded Benchmarks. That's why we started with this OS in creating a Benchmark for stand-alone systems. In the future, we will look to expand coverage for other stand-alone Windows systems, both workstation and server OSes, based on Member needs.

In the meantime, you can begin applying the recommendations of CIS Microsoft Windows 10 Stand-alone Benchmark v1.0.0 to your systems today.