Back

Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." to organizational standards


CONTROL ID
07703
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure network protection settings to organizational standards., CC ID: 07601

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (E527BD6D-FA91-474D-9B8F-45B623024BD8, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (6DDFE646-FBFF-4401-B44E-1FF7565457B9, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (32F25E17-6A62-4336-8F03-20C71CF67F0D, Win8 Computer Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (6A9C3A4B-2926-4E4C-864D-05E9371C07C2, Win8 Computer Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (C02444E2-3681-4622-89C4-E359CF0EF2B6, WinVistaSP2 Computer Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (131744E0-E9A7-4A74-9A1C-C8135F1C197D, WinVistaSP2 Computer Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (8D85A29C-F9FB-485D-B4FB-125BBF9294A6, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (B51FAA76-9B8B-4DC7-A384-32230695A7A0, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Only ISAKMP is exempt (recommended for Windows Server 2003)". (EAF29B0B-1C7B-4B7E-981F-1701521ACDA6, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Only ISAKMP is exempt (recommended for Windows Server 2003)". (BFBD9886-C347-4A00-9094-394F65EC37D4, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Only ISAKMP is exempt (recommended for Windows Server 2003)". (EE6D4E60-425F-4B10-B98C-C6528E532D71, WS2003SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Only ISAKMP is exempt (recommended for Windows Server 2003)". (240E0463-2C58-46EB-9BFD-E3D276A2286F, WS2003SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (91361200-F989-4A02-AAC3-3738E635F765, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (28BC309F-F4D3-4F32-AC00-B7F13DE6AF26, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (CB8C6527-B784-4F6C-80E5-F88147258486, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (540CF7E5-BDA2-47B4-8249-77BEC85BFEEA, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Only ISAKMP is exempt (recommended for Windows Server 2003)". (15BD9BC4-4FB6-4BF4-A178-F872878AC89C, WS2008SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Only ISAKMP is exempt (recommended for Windows Server 2003)". (CE3881E2-9054-4AD3-ABFE-541E0BF2692B, WS2008SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Only ISAKMP is exempt (recommended for Windows Server 2003)". (C8CF3BDC-A291-4DE3-9F62-67C0AC54FF72, WS2008SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Only ISAKMP is exempt (recommended for Windows Server 2003)". (A7304C72-CAF7-4573-A60C-2FC50A1BDC85, WS2008SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (C1F8B754-0658-442E-8B03-0F29F53F9CF8, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (B238FF9D-17D9-46C0-99DF-F7495CAC1E7B, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (3FD2B6CA-AA7B-4768-ACC2-BD3D5A327776, WS2012 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic." setting to "Not Defined". (61728207-68A6-4F8D-9F9A-478CBA6BC035, WS2012 Member Server Security Compliance, 1.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.41_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.41.2_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.41_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.41.1_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.41_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.41.2_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.41_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.41.1_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.9_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.9.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.9_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.9.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.9_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.9.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.9_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.9.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.37_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.37.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.37_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.37.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.6_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.6.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.6_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.6.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.6_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.6.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • Title: Configure 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' Description: The registry value entry NoDefaultExempt was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\IPSEC\ registry key. The entry appears as… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.6_Configure_MSS_NoDefaultExempt_Configure_IPSec_exemptions_for_various_types_of_network_traffic. Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.6.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • The 'MSS: (NoDefaultExempt) Configure IPSec exemptions for various types of network traffic.' setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (NoDefaultExempt) Configure IPSec exemp… (CCE-10018-0, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)
  • Kerberos and RSVP Traffic Protected by IPSec should be properly configured. Technical Mechanisms: (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSEC\NoDefaultExempt Parameters: (1) enabled/disabled References: CCE-501 Enable IPSec to protect Kerberos RSVP Traffic: HKLM\System\CurrentC… (CCE-3942-0, Common Configuration Enumeration List, Combined XML: Windows 2000, 5.20130214)