DISA_STIG_Server_2012_and_2012_R2_DC_v3r2.audit from DISA Microsoft Windows Server 2012/2012 R2 Domain Controller v3r2 STIG

WN12-00-000001 - Server systems must be located in a controlled access area, accessible only to authorized personnel.

800-53|CM-6b.

CAT|II

CCI|CCI-000366

Rule-ID|SV-226029r569184_rule

STIG-ID|WN12-00-000001

STIG-Legacy|SV-52838

STIG-Legacy|V-1070

Vuln-ID|V-226029

WN12-00-000004 - Users with administrative privilege must be documented.

Rule-ID|SV-226030r569184_rule

STIG-ID|WN12-00-000004

STIG-Legacy|SV-51575

STIG-Legacy|V-36658

Vuln-ID|V-226030

WN12-00-000005 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

CAT|I

Rule-ID|SV-226031r569184_rule

STIG-ID|WN12-00-000005

STIG-Legacy|SV-51576

STIG-Legacy|V-36659

Vuln-ID|V-226031

WN12-00-000006 - Policy must require that system administrators (SAs) be trained for the operating systems used by systems under their control.

Rule-ID|SV-226032r569184_rule

STIG-ID|WN12-00-000006

STIG-Legacy|SV-51577

STIG-Legacy|V-36666

Vuln-ID|V-226032

WN12-00-000007 - Windows 2012/2012 R2 password for the built-in Administrator account must be changed at least annually or when a member of the administrative team leaves the organization.

Rule-ID|SV-226033r569184_rule

STIG-ID|WN12-00-000007

STIG-Legacy|SV-52942

STIG-Legacy|V-14225

Vuln-ID|V-226033

WN12-00-000008 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.

Rule-ID|SV-226034r569184_rule

STIG-ID|WN12-00-000008

STIG-Legacy|SV-51578

STIG-Legacy|V-36451

Vuln-ID|V-226034

WN12-00-000009-01 - Members of the Backup Operators group must be documented.

Rule-ID|SV-226035r569184_rule

STIG-ID|WN12-00-000009-01

STIG-Legacy|SV-52156

STIG-Legacy|V-1168

Vuln-ID|V-226035

WN12-00-000009-02 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.

Rule-ID|SV-226036r569184_rule

STIG-ID|WN12-00-000009-02

STIG-Legacy|SV-52157

STIG-Legacy|V-40198

Vuln-ID|V-226036

WN12-00-000010 - Policy must require application account passwords be at least 15 characters in length.

800-53|IA-5(1)(a)

CCI|CCI-000205

Rule-ID|SV-226037r569184_rule

STIG-ID|WN12-00-000010

STIG-Legacy|SV-51579

STIG-Legacy|V-36661

Vuln-ID|V-226037

WN12-00-000011 - Windows 2012/2012 R2 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.

Rule-ID|SV-226038r569184_rule

STIG-ID|WN12-00-000011

STIG-Legacy|SV-51580

STIG-Legacy|V-36662

Vuln-ID|V-226038

WN12-00-000012 - Shared user accounts must not be permitted on the system.

800-53|IA-2

CCI|CCI-000764

Rule-ID|SV-226039r569184_rule

STIG-ID|WN12-00-000012

STIG-Legacy|SV-52839

STIG-Legacy|V-1072

Vuln-ID|V-226039

WN12-00-000013 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.

CAT|III

Rule-ID|SV-226040r569184_rule

STIG-ID|WN12-00-000013

STIG-Legacy|SV-52859

STIG-Legacy|V-1128

Vuln-ID|V-226040

WN12-00-000014 - System-level information must be backed up in accordance with local recovery time and recovery point objectives.

Rule-ID|SV-226041r569184_rule

STIG-ID|WN12-00-000014

STIG-Legacy|SV-52841

STIG-Legacy|V-1076

Vuln-ID|V-226041

WN12-00-000015 - User-level information must be backed up in accordance with local recovery time and recovery point objectives.

Rule-ID|SV-226042r569184_rule

STIG-ID|WN12-00-000015

STIG-Legacy|SV-51581

STIG-Legacy|V-36733

Vuln-ID|V-226042

WN12-00-000016 - Backups of system-level information must be protected.

Rule-ID|SV-226043r569184_rule

STIG-ID|WN12-00-000016

STIG-Legacy|SV-52130

STIG-Legacy|V-40172

Vuln-ID|V-226043

WN12-00-000017 - System-related documentation must be backed up in accordance with local recovery time and recovery point objectives.

Rule-ID|SV-226044r569184_rule

STIG-ID|WN12-00-000017

STIG-Legacy|SV-52131

STIG-Legacy|V-40173

Vuln-ID|V-226044

WN12-00-000018 - The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

800-53|CM-7(5)(b)

CCI|CCI-001774

Rule-ID|SV-226045r569184_rule

STIG-ID|WN12-00-000018

STIG-Legacy|SV-72047

STIG-Legacy|V-57637

Vuln-ID|V-226045

WN12-00-000019 - Protection methods such as TLS, encrypted VPNs, or IPSEC must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.

800-53|SC-8(2)

CCI|CCI-002420

CCI|CCI-002422

Rule-ID|SV-226046r569184_rule

STIG-ID|WN12-00-000019

STIG-Legacy|SV-72051

STIG-Legacy|V-57641

Vuln-ID|V-226046

WN12-00-000020 - Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

800-53|SC-28

800-53|SC-28(1)

CCI|CCI-001199

CCI|CCI-002475

CCI|CCI-002476

Rule-ID|SV-226047r569184_rule

STIG-ID|WN12-00-000020

STIG-Legacy|SV-72055

STIG-Legacy|V-57645

Vuln-ID|V-226047

WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program.

Rule-ID|SV-226048r569184_rule

STIG-ID|WN12-00-000100

STIG-Legacy|SV-52103

STIG-Legacy|V-1074

Vuln-ID|V-226048

WN12-00-000160 - The Server Message Block (SMB) v1 protocol must be disabled on Windows 2012 R2.

800-53|CM-7a.

CCI|CCI-000381

Rule-ID|SV-226049r569184_rule

STIG-ID|WN12-00-000160

STIG-Legacy|SV-88471

STIG-Legacy|V-73805

Vuln-ID|V-226049

WN12-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.

Rule-ID|SV-226050r569184_rule

STIG-ID|WN12-00-000170

STIG-Legacy|SV-88193

STIG-Legacy|V-73519

Vuln-ID|V-226050

WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - LanManWorkstation

Rule-ID|SV-226051r569184_rule

STIG-ID|WN12-00-000180

STIG-Legacy|SV-88205

STIG-Legacy|V-73523

Vuln-ID|V-226051

WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - mrxsmb10

WN12-00-000190 - Orphaned security identifiers (SIDs) must be removed from user rights on Windows 2012 / 2012 R2.

Rule-ID|SV-226052r569184_rule

STIG-ID|WN12-00-000190

STIG-Legacy|SV-90603

STIG-Legacy|V-75915

Vuln-ID|V-226052

WN12-00-000200 - Windows PowerShell must be updated to a version that supports script block logging on Windows 2012/2012 R2.

Rule-ID|SV-226053r569184_rule

STIG-ID|WN12-00-000200

STIG-Legacy|SV-95179

STIG-Legacy|V-80473

Vuln-ID|V-226053

WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Enabled

800-53|AU-3(1)

CCI|CCI-000135

CSCv6|16.4

Rule-ID|SV-226054r569184_rule

STIG-ID|WN12-00-000210

STIG-Legacy|SV-95183

STIG-Legacy|V-80475

Vuln-ID|V-226054

WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Patch

WN12-00-000220 - Windows PowerShell 2.0 must not be installed on Windows 2012/2012 R2.

Rule-ID|SV-226055r569184_rule

STIG-ID|WN12-00-000220

STIG-Legacy|SV-95185

STIG-Legacy|V-80477

Vuln-ID|V-226055

WN12-AC-000001 - Windows 2012 account lockout duration must be configured to 15 minutes or greater.

800-53|AC-7b.

CCI|CCI-002238

CSCv6|16.7

Rule-ID|SV-226056r569184_rule

STIG-ID|WN12-AC-000001

STIG-Legacy|SV-52850

STIG-Legacy|V-1099

Vuln-ID|V-226056

WN12-AC-000002 - The number of allowed bad logon attempts must meet minimum requirements.

800-53|AC-7a.

CCI|CCI-000044

Detections

Analytics

DISA Windows Server 2012 and 2012 R2 DC STIG v3r2

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.5

Functional Update

Miscellaneous

Revision 1.4

Functional Update

Miscellaneous

Revision 1.3

Functional Update

Revision 1.2

Functional Update

Revision 1.1

Functional Update