DISA Windows Server 2008 R2 DC STIG v1r34

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Windows Server 2008 R2 DC STIG v1r34

Updated: 1/6/2021

Authority: DISA STIG

Plugin: Windows

Revision: 1.0

Estimated Item Count: 360

Audit Items

Description	Categories
1.001 - The Automated Information System (AIS) will be physically secured in an access controlled area.
1.006 - Users with Administrative privilege will be documented and have separate accounts for administrative duties and normal operational tasks.
1.006-01 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.
1.007 - Members of the Backup Operators group will have separate accounts for backup duties and normal operational tasks.	CONFIGURATION MANAGEMENT
1.008 - Shared user accounts must not be permitted on the system.	ACCESS CONTROL
1.013 - System information backups will be created, updated, and protected.
1.016 - Security configuration tools or equivalent processes will be used to configure platforms for security compliance.
1.024 - System files will be monitored for unauthorized changes.
1.025 - Servers will have a host-based Intrusion Detection System.
1.029 - Audit logs will be reviewed on a daily basis.
1.032 - Audit data must be retained for at least one year.
2.001 - Permissions for event logs must conform to minimum requirements - application.evtx	AUDIT AND ACCOUNTABILITY
2.001 - Permissions for event logs must conform to minimum requirements - security.evtx	AUDIT AND ACCOUNTABILITY
2.001 - Permissions for event logs must conform to minimum requirements - system.evtx	AUDIT AND ACCOUNTABILITY
2.005 - Systems must be maintained at a supported version of an operating system - SP or release levels.	SYSTEM AND INFORMATION INTEGRITY
2.006 - ACLs for system files and directories will conform to minimum requirements - 'C:'	ACCESS CONTROL, CONFIGURATION MANAGEMENT
2.006 - ACLs for system files and directories will conform to minimum requirements - 'C:\Program Files'	ACCESS CONTROL, CONFIGURATION MANAGEMENT
2.008 - Local volumes will be formatted using NTFS.	ACCESS CONTROL
2.015 - File share ACLs will be reconfigured to remove the Everyone group.	CONFIGURATION MANAGEMENT
2.019 - Security-related Software Patches will be applied.
2.021 - Software certificate installation files must be removed from Windows 2008 R2.	SYSTEM AND COMMUNICATIONS PROTECTION
2.023 - Standard user accounts must only have Read permissions to the Winlogon registry key.	ACCESS CONTROL, CONFIGURATION MANAGEMENT
3.007 - The shutdown option will not be available from the logon dialog box.	ACCESS CONTROL
3.011 - The required legal notice must be configured to display before console logon.	ACCESS CONTROL
3.013 - Caching of logon credentials must be limited.	IDENTIFICATION AND AUTHENTICATION
3.014 - The Windows dialog box title for the legal banner will be configured.	ACCESS CONTROL
3.018 - Anonymous enumeration of shares will be restricted.	ACCESS CONTROL
3.019 - Anonymous enumeration of SAM accounts will not be allowed.	ACCESS CONTROL
3.027 - Non-administrative user accounts or groups will only have print permissions of Printer Shares.
3.028 - The built-in Windows password complexity policy must be enabled.	IDENTIFICATION AND AUTHENTICATION
3.029 - The print driver installation privilege will be restricted to administrators.	ACCESS CONTROL
3.030 - Anonymous access to the registry must be restricted - reg check	ACCESS CONTROL
3.030 - Anonymous access to the registry must be restricted.	ACCESS CONTROL, CONFIGURATION MANAGEMENT
3.031 - The LanMan authentication level will be set to Send NTLMv2 response only\refuse LM & NTLM.	IDENTIFICATION AND AUTHENTICATION
3.032 - The Ctrl+Alt+Del security attention sequence for logons will be enabled.	CONFIGURATION MANAGEMENT
3.034 - Unencrypted passwords must not be sent to third-party SMB Servers.	SYSTEM AND INFORMATION INTEGRITY
3.040 - Automatic logons must be disabled.	ACCESS CONTROL
3.042 - Outgoing secure channel traffic will be signed when possible.	IDENTIFICATION AND AUTHENTICATION
3.043 - Outgoing secure channel traffic will be encrypted when possible.	IDENTIFICATION AND AUTHENTICATION
3.044 - The computer account password will not be prevented from being reset.	IDENTIFICATION AND AUTHENTICATION
3.045 - The Windows SMB client will be enabled to perform SMB packet signing when possible.	IDENTIFICATION AND AUTHENTICATION
3.046 - The Windows SMB server will perform SMB packet signing when possible.	IDENTIFICATION AND AUTHENTICATION
3.047 - The Smart Card removal option will be configured to Force Logoff or Lock Workstation.	ACCESS CONTROL
3.052 - Ejection of removable NTFS media is not restricted to Administrators.	MEDIA PROTECTION
3.054 - Users will be warned in advance that their passwords will expire.	IDENTIFICATION AND AUTHENTICATION
3.055 - The default permissions of Global system objects will be increased.	CONFIGURATION MANAGEMENT
3.057 - Reversible password encryption will be disabled.	IDENTIFICATION AND AUTHENTICATION
3.059 - Autoplay will be disabled for all drives.	SYSTEM AND COMMUNICATIONS PROTECTION
3.061 - Unencrypted remote access will not be permitted to system services.	ACCESS CONTROL
3.062 - Anonymous SID/Name translation must not be allowed.	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

Detections

Analytics

DISA Windows Server 2008 R2 DC STIG v1r34

Warning! Audit Deprecated

Audit Details

Audit Items