3.1.8 - "Limit unsuccessful logon attempts."
- ThreatLocker Configuration Manager policies can be created to alert, isolate, lockout, or isolate and shut down endpoints if there are excessive failed logon events.
3.1.9 – “Provide privacy and security notices consistent with applicable CUI rules.”
- Configuration Manager can be used to set a Logon Message to show users privacy and security notices on logon.
3.1.19 - "Encrypt CUI on mobile devices and mobile computing platforms."
- Configuration Manager can be set to alert if full disk encryption is not enabled.
3.1.20 - "Verify and control/limit connections to and use of external systems."
- Configuration Manager can block access to social media, cloud storage and common webmail platforms.
3.1.21 - "Limit use of portable storage devices on external systems."
- Configuration Manager can be used to block the use of optical drives.
3.4.7 - "Restrict, disable, and prevent the use of nonessential programs, functions, ports, protocols, and services."
- Configuration Manager provides the ability to disable autorun, disable terminal server services, disable UPnP and disable the built-in Windows 10/11 keylogger.
- Configuration Manager can be used to disable SMB1, IGMP, LM NTLM v1, and NetBIOS.
3.5.7 – “Enforce a minimum password complexity and change of characters when new passwords are created.”
- ThreatLocker Configuration Manager policies can be set to enforce local password complexity requirements, including length and age.
3.14.2 - "Provide protection from malicious code at designated locations within organizational systems."
- Configuration Manager provides the ability to disable downloaded Office macros and OLE in Microsoft Office documents.
- Configuration Manager can restrict access to local administrative tools.