hardening-windows-endpoint-with-cis-benchmark

# Hardening Windows Endpoint with CIS Benchmark ## When to Use Use this skill when: - Deploying new Windows 10/11 or Server 2019/2022 endpoints that require security hardening - Establishing organization-wide security baselines using CIS Level 1 or Level 2 profiles - Remediating findings from compliance audits (PCI DSS, HIPAA, SOC 2) that reference CIS benchmarks - Validating existing endpoint configurations against current CIS benchmark versions **Do not use** this skill for Linux endpoints (use hardening-linux-endpoint-with-cis-benchmark) or for cloud-native workloads that require CIS cloud benchmarks. ## Prerequisites - Windows 10/11 Enterprise or Windows Server 2019/2022 target endpoints - Active Directory Group Policy Management Console (GPMC) for enterprise deployment - CIS-CAT Pro Assessor or CIS-CAT Lite for automated benchmark assessment - Administrative access to target endpoints or domain controller - Current CIS Benchmark PDF for the target Windows version (download from cisecurity.org) ## Workflow ### Step 1: Select CIS Benchmark Profile Level CIS provides two profile levels for Windows endpoints: **Level 1 (L1) - Corporate/Enterprise Environment**: - Practical hardening settings that can be applied to most organizations - Minimal impact on functionality and user experience - Covers: password policy, audit policy, user rights, security options, Windows Firewall **Level 2 (L2) - High Security/Sensitive Data**: - Includes all L1 settings plus additional r...