DISA Windows 8/8.1 STIG v1r23

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Windows 8/8.1 STIG v1r23

Updated: 1/20/2021

Authority: DISA STIG

Plugin: Windows

Revision: 1.0

Estimated Item Count: 456

Audit Items

Description	Categories
DISA_STIG_Windows_8_8.1_v1r23.audit from DISA Windows 8/8.1 v1r23 STIG
WN08-00-000001 - Systems must be physically secured.
WN08-00-000002 - Shared user accounts must not be permitted on the system.	ACCESS CONTROL
WN08-00-000003 - System information backups must be created, updated, and protected.
WN08-00-000004 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.
WN08-00-000005-01 - Users with Administrative privilege must be documented.
WN08-00-000005-02 - Users with Administrative privilege must have separate accounts for administrative duties and normal operational tasks.	ACCESS CONTROL
WN08-00-000005-03 - Policy must require that administrative user accounts not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email.
WN08-00-000006 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.	CONFIGURATION MANAGEMENT
WN08-00-000007 - Unencrypted remote access to system services must not be permitted.	ACCESS CONTROL
WN08-00-000008 - The site must have a contingency for emergency administration of the system.
WN08-00-000009 - Administrator passwords must be changed as required.
WN08-00-000010-01 - Application account passwords must be at least 15 characters in length.
WN08-00-000010-02 - Application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.	IDENTIFICATION AND AUTHENTICATION
WN08-00-000013 - Mobile systems must encrypt all data per the DoD Data at Rest policy.	SYSTEM AND COMMUNICATIONS PROTECTION
WN08-00-000014 - Policy must require that system administrators (SAs) be trained for the operating systems used by systems under their control - SAs be trained for the operating systems.
WN08-00-000018 - The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.	CONFIGURATION MANAGEMENT
WN08-00-000100 - The Windows 8.1 system must use an anti-virus program.	SYSTEM AND INFORMATION INTEGRITY
WN08-00-000145 - Data Execution Prevention (DEP) must be configured to at least OptOut.	CONFIGURATION MANAGEMENT
WN08-00-000150 - Structured Exception Handling Overwrite Protection (SEHOP) must be turned on.	CONFIGURATION MANAGEMENT
WN08-00-000160 - The Server Message Block (SMB) v1 protocol must be disabled on the system.	CONFIGURATION MANAGEMENT
WN08-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the Windows 8.1 SMB server.	CONFIGURATION MANAGEMENT
WN08-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the Windows 8.1 SMB client.	CONFIGURATION MANAGEMENT
WN08-00-000190 - Orphaned security identifiers (SIDs) must be removed from user rights on Windows 8.
WN08-AC-000001 - Windows 8 account lockout duration must be configured to 15 minutes or greater.	ACCESS CONTROL
WN08-AC-000002 - The number of allowed bad logon attempts must meet minimum requirements.	ACCESS CONTROL
WN08-AC-000003 - The reset period for the account lockout counter must be configured to 15 minutes or greater on Windows 8.	ACCESS CONTROL
WN08-AC-000004 - The password history must be configured to 24 passwords remembered.	IDENTIFICATION AND AUTHENTICATION
WN08-AC-000005 - The maximum password age must meet requirements.	IDENTIFICATION AND AUTHENTICATION
WN08-AC-000006 - The minimum password age must meet requirements.	IDENTIFICATION AND AUTHENTICATION
WN08-AC-000007 - Passwords must, at a minimum, be 14 characters.	IDENTIFICATION AND AUTHENTICATION
WN08-AC-000008 - The built-in Windows password complexity policy must be enabled.	IDENTIFICATION AND AUTHENTICATION
WN08-AC-000009 - Reversible password encryption must be disabled.	IDENTIFICATION AND AUTHENTICATION
WN08-AU-000001 - The system must be configured to audit Account Logon - Credential Validation failures.	AUDIT AND ACCOUNTABILITY
WN08-AU-000002 - The system must be configured to audit Account Logon - Credential Validation successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000004 - The system must be configured to audit Account Management - Other Account Management Events successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000006 - The system must be configured to audit Account Management - Security Group Management successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000007 - The system must be configured to audit Account Management - User Account Management failures.	AUDIT AND ACCOUNTABILITY
WN08-AU-000008 - The system must be configured to audit Account Management - User Account Management successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000009 - The system must be configured to audit Detailed Tracking - Process Creation successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000010 - The system must be configured to audit Logon/Logoff - Logoff successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000011 - The system must be configured to audit Logon/Logoff - Logon failures.	AUDIT AND ACCOUNTABILITY
WN08-AU-000012 - The system must be configured to audit Logon/Logoff - Logon successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000013 - The system must be configured to audit Logon/Logoff - Special Logon successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000016 - The system must be configured to audit Object Access - Removable Storage failures.	AUDIT AND ACCOUNTABILITY
WN08-AU-000017 - The system must be configured to audit Object Access - Removable Storage successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000018 - The system must be configured to audit Policy Change - Audit Policy Change failures.	AUDIT AND ACCOUNTABILITY
WN08-AU-000019 - The system must be configured to audit Policy Change - Audit Policy Change successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000020 - The system must be configured to audit Policy Change - Authentication Policy Change successes.	AUDIT AND ACCOUNTABILITY
WN08-AU-000021 - The system must be configured to audit Privilege Use - Sensitive Privilege Use failures.	AUDIT AND ACCOUNTABILITY

Detections

Analytics

DISA Windows 8/8.1 STIG v1r23

Warning! Audit Deprecated

Audit Details

Audit Items