Compliance Enforcement for Windows - cem_windows 1.5.2 has been released

[Puppet Product Updates]

Released 19 March 2024

CEM for Windows v1.5.2 introduces updates to enhance protection of Windows Server systems. Default values were changed for three Center for Internet Security (CIS) controls, thus helping to ensure that the controls will be correctly enforced to protect the winreg registry key and internal system objects.

Resolved issues

• For Windows Server 2016, 2019, and 2022, the implementation of CIS Controls 2.3.10.8 and 2.3.10.9 was corrected. For both controls, the default value of the value parameter was changed to Machine. By enforcing these controls, you can help to prevent attackers from accessing sensitive configuration data in the winreg registry key.
• For Windows Server 2016, 2019, and 2022, the implementation of CIS Control 2.3.15.2 was updated to specify the correct path for the path parameter. By enforcing this control, you can help to prevent unauthorized users from modifying internal system objects.
• A default value was changed to help ensure that CIS Control 18.6.4.1 can be enforced without disrupting operations on Windows Server 2022 systems. CIS Control 18.6.4.1 enforces Domain Name System resolution over HTTPS (DoH) to help protect systems against spoofing and man-in-the-middle attacks. Previously, the default setting of Enabled: Require DoH could prevent agent nodes from reporting to the Puppet primary server. To resolve the issue, the setting was changed to Enabled: Allow DoH to ensure that DoH is allowed but not required.

For full details, visit our release notes here.

Thank you for being a Puppet by Perforce Customer!

This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.