Details

This policy setting allows you to control the network connectivity state in standby on modern standby-capable systems.

The recommended state for this setting is: Disabled.

Rationale:

Disabling this setting ensures that the computer will not be accessible to attackers over a WLAN network while left unattended, plugged in and in a sleep state.

Impact:

Network connectivity in standby (while plugged in) is not guaranteed. This connectivity restriction currently only applies to WLAN networks only, but is subject to change (according to Microsoft).

Solution

To establish the recommended configuration via GP, set the following UI path to Disabled:

Computer ConfigurationPoliciesAdministrative TemplatesSystemPower ManagementSleep SettingsAllow network connectivity during connected-standby (plugged in)

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Power.admx/adml that is included with the Microsoft Windows 10 Release 1607 & Server 2016 Administrative Templates (or newer).

Default Value:

Enabled. (Network connectivity will be maintained in standby while plugged in.)

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3458

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management, Identification and Authentication.This control applies to the following type of system Windows.

References

• 800-53|CM-1
• 800-53|CM-2
• 800-53|CM-6
• 800-53|CM-7
• 800-53|IA-5
• CSCv6|9
• CSCv7|9.2
• CSCv7|9.3

Source

• Tenable.com/audits