DISA Windows Server 2008 MS STIG v6r46

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Windows Server 2008 MS STIG v6r46

Updated: 1/6/2021

Authority: DISA STIG

Plugin: Windows

Revision: 1.0

Estimated Item Count: 290

Audit Items

Description	Categories
1.001 - Physical security of the Automated Information System (AIS) does not meet DISA requirements.
1.006 - Users with Administrative privilege are not documented or do not have separate accounts for administrative duties and normal operational tasks.
1.006-01 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.
1.007 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.	CONFIGURATION MANAGEMENT
1.008 - Shared user accounts must not be permitted on the system.	ACCESS CONTROL
1.013 - System information backups are not created, updated, and protected according to DISA requirements.
1.016 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
1.024 - System files are not checked for unauthorized changes.
1.025 - A Server does not have a host-based Intrusion Detection System.
1.029 - There is no local policy for reviewing audit logs.
1.032 - Audit data must be retained for at least one year.
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx	AUDIT AND ACCOUNTABILITY
2.001 - Permissions for event logs must conform to minimum requirements - security.evtx	AUDIT AND ACCOUNTABILITY
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx	AUDIT AND ACCOUNTABILITY
2.005 - Systems must be maintained at a supported version of an operating system - SP or releases levels.	SYSTEM AND INFORMATION INTEGRITY
2.006 - ACLs for system files and directories do not conform to minimum requirements - 'C:'	ACCESS CONTROL, CONFIGURATION MANAGEMENT
2.006 - ACLs for system files and directories do not conform to minimum requirements - 'C:\Program Files'	ACCESS CONTROL, CONFIGURATION MANAGEMENT
2.006 - ACLs for system files and directories do not conform to minimum requirements - 'C:\Windows'	ACCESS CONTROL, CONFIGURATION MANAGEMENT
2.008 - Local volumes are not formatted using NTFS.	ACCESS CONTROL
2.015 - File share permissions must be configured to remove the Everyone group.	CONFIGURATION MANAGEMENT
2.019 - Security-related Software Patches are not applied.
2.021 - Software certificate installation files must be removed from Windows 2008.	SYSTEM AND COMMUNICATIONS PROTECTION
2.022 - Disallow AutoPlay/Autorun from Autorun.inf	SYSTEM AND COMMUNICATIONS PROTECTION
2.023 - Standard user accounts must only have Read permissions to the Winlogon registry key.	ACCESS CONTROL, CONFIGURATION MANAGEMENT
3.007 - The system allows shutdown from the logon dialog box.	ACCESS CONTROL
3.011 - The required legal notice must be configured to display before console logon.	ACCESS CONTROL
3.013 - Caching of logon credentials must be limited.	IDENTIFICATION AND AUTHENTICATION
3.014 - The Windows dialog box title for the legal banner must be configured.	ACCESS CONTROL
3.018 - Anonymous shares are not restricted.	ACCESS CONTROL
3.027 - Printer share permissions are not configured as recommended.
3.028 - The built-in Windows password complexity policy must be enabled.	IDENTIFICATION AND AUTHENTICATION
3.029 - Print driver installation privilege is not restricted to administrators.	ACCESS CONTROL
3.030 - Anonymous access to the registry must be restricted - reg check	ACCESS CONTROL
3.030 - Anonymous access to the registry must be restricted.	ACCESS CONTROL, CONFIGURATION MANAGEMENT
3.031 - The Send download LanMan compatible password option is not set to Send NTLMv2 response only\refuse LM.	IDENTIFICATION AND AUTHENTICATION
3.032 - Ctrl+Alt+Del security attention sequence is Disabled.	CONFIGURATION MANAGEMENT
3.034 - Unencrypted passwords must not be sent to third-party SMB Servers.	SYSTEM AND INFORMATION INTEGRITY
3.040 - Automatic logons must be disabled.	ACCESS CONTROL
3.042 - Outgoing secure channel traffic is not signed when possible.	IDENTIFICATION AND AUTHENTICATION
3.043 - Outgoing secure channel traffic is not encrypted when possible.	IDENTIFICATION AND AUTHENTICATION
3.044 - The computer account password is prevented from being reset.	IDENTIFICATION AND AUTHENTICATION
3.045 - The Windows SMB client is not enabled to perform SMB packet signing when possible.	IDENTIFICATION AND AUTHENTICATION
3.046 - The Windows SMB server is not enabled to perform SMB packet signing when possible.	IDENTIFICATION AND AUTHENTICATION
3.047 - The Smart Card removal option is set to take no action.	ACCESS CONTROL
3.051 - The Recycle Bin on a server must be configured to immediately delete files.	CONFIGURATION MANAGEMENT
3.052 - Ejection of removable NTFS media is not restricted to Administrators.	MEDIA PROTECTION
3.054 - Users are not warned in advance that their passwords will expire.	IDENTIFICATION AND AUTHENTICATION
3.055 - The default permissions of Global system objects are not increased.	CONFIGURATION MANAGEMENT
3.057 - Reversible password encryption is not disabled.	IDENTIFICATION AND AUTHENTICATION
3.059 - The system is configured to autoplay removable media.	SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

DISA Windows Server 2008 MS STIG v6r46

Warning! Audit Deprecated

Audit Details

Audit Items