DISA Windows Server 2008 MS STIG v6r46

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Windows Server 2008 MS STIG v6r46

Updated: 1/6/2021

Authority: DISA STIG

Plugin: Windows

Revision: 1.0

Estimated Item Count: 290

Audit Items

DescriptionCategories
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.
1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties and normal operational tasks.
1.006-01 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.

CONFIGURATION MANAGEMENT

1.008 - Shared user accounts must not be permitted on the system.

ACCESS CONTROL

1.013 - System information backups are not created, updated, and protected according to DISA requirements.
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
1.024 - System files are not checked for unauthorized changes.
1.025 - A Server does not have a host-based Intrusion Detection System.
1.029 - There is no local policy for reviewing audit logs.
1.032 - Audit data must be retained for at least one year.
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx

AUDIT AND ACCOUNTABILITY

2.001 - Permissions for event logs must conform to minimum requirements - security.evtx

AUDIT AND ACCOUNTABILITY

2.001 - Permissions for event logs must conform to minimum requirements - system.evtx

AUDIT AND ACCOUNTABILITY

2.005 - Systems must be maintained at a supported version of an operating system - SP or releases levels.

SYSTEM AND INFORMATION INTEGRITY

2.006 - ACLs for system files and directories do not conform to minimum requirements - 'C:'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.006 - ACLs for system files and directories do not conform to minimum requirements - 'C:\Program Files'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.006 - ACLs for system files and directories do not conform to minimum requirements - 'C:\Windows'

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.008 - Local volumes are not formatted using NTFS.

ACCESS CONTROL

2.015 - File share permissions must be configured to remove the Everyone group.

CONFIGURATION MANAGEMENT

2.019 - Security-related Software Patches are not applied.
2.021 - Software certificate installation files must be removed from Windows 2008.

SYSTEM AND COMMUNICATIONS PROTECTION

2.022 - Disallow AutoPlay/Autorun from Autorun.inf

SYSTEM AND COMMUNICATIONS PROTECTION

2.023 - Standard user accounts must only have Read permissions to the Winlogon registry key.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.007 - The system allows shutdown from the logon dialog box.

ACCESS CONTROL

3.011 - The required legal notice must be configured to display before console logon.

ACCESS CONTROL

3.013 - Caching of logon credentials must be limited.

IDENTIFICATION AND AUTHENTICATION

3.014 - The Windows dialog box title for the legal banner must be configured.

ACCESS CONTROL

3.018 - Anonymous shares are not restricted.

ACCESS CONTROL

3.027 - Printer share permissions are not configured as recommended.
3.028 - The built-in Windows password complexity policy must be enabled.

IDENTIFICATION AND AUTHENTICATION

3.029 - Print driver installation privilege is not restricted to administrators.

ACCESS CONTROL

3.030 - Anonymous access to the registry must be restricted - reg check

ACCESS CONTROL

3.030 - Anonymous access to the registry must be restricted.

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.031 - The Send download LanMan compatible password option is not set to Send NTLMv2 response only\refuse LM.

IDENTIFICATION AND AUTHENTICATION

3.032 - Ctrl+Alt+Del security attention sequence is Disabled.

CONFIGURATION MANAGEMENT

3.034 - Unencrypted passwords must not be sent to third-party SMB Servers.

SYSTEM AND INFORMATION INTEGRITY

3.040 - Automatic logons must be disabled.

ACCESS CONTROL

3.042 - Outgoing secure channel traffic is not signed when possible.

IDENTIFICATION AND AUTHENTICATION

3.043 - Outgoing secure channel traffic is not encrypted when possible.

IDENTIFICATION AND AUTHENTICATION

3.044 - The computer account password is prevented from being reset.

IDENTIFICATION AND AUTHENTICATION

3.045 - The Windows SMB client is not enabled to perform SMB packet signing when possible.

IDENTIFICATION AND AUTHENTICATION

3.046 - The Windows SMB server is not enabled to perform SMB packet signing when possible.

IDENTIFICATION AND AUTHENTICATION

3.047 - The Smart Card removal option is set to take no action.

ACCESS CONTROL

3.051 - The Recycle Bin on a server must be configured to immediately delete files.

CONFIGURATION MANAGEMENT

3.052 - Ejection of removable NTFS media is not restricted to Administrators.

MEDIA PROTECTION

3.054 - Users are not warned in advance that their passwords will expire.

IDENTIFICATION AND AUTHENTICATION

3.055 - The default permissions of Global system objects are not increased.

CONFIGURATION MANAGEMENT

3.057 - Reversible password encryption is not disabled.

IDENTIFICATION AND AUTHENTICATION

3.059 - The system is configured to autoplay removable media.

SYSTEM AND COMMUNICATIONS PROTECTION