Detections
Analytics

DISA Microsoft Windows Firewall v2r2

Audit Details

Name: DISA Microsoft Windows Firewall v2r2

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 22

File Details

Filename: DISA_STIG_Windows_Defender_Firewall_v2r2.audit

Size: 111 kB

MD5: 1ebeeb121b9954d979d75b85d46013c6
SHA256: 892836d356db611bc240c08ec273c1e748562dc4830e0c733f207d2a096e6dea

Audit Items

DescriptionCategories
DISA_STIG_Windows_Firewall_v2r2.audit from DISA Microsoft Windows Defender Firewall with Advanced Security v2r2 STIG
WNFWA-000001 - Windows Defender Firewall with Advanced Security must be enabled when connected to a domain.

ACCESS CONTROL

WNFWA-000002 - Windows Defender Firewall with Advanced Security must be enabled when connected to a private network.

ACCESS CONTROL

WNFWA-000003 - Windows Defender Firewall with Advanced Security must be enabled when connected to a public network.

ACCESS CONTROL

WNFWA-000004 - Windows Defender Firewall with Advanced Security must block unsolicited inbound connections when connected to a domain.

CONFIGURATION MANAGEMENT

WNFWA-000005 - Windows Defender Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a domain.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000009 - Windows Defender Firewall with Advanced Security log size must be configured for domain connections.

AUDIT AND ACCOUNTABILITY

WNFWA-000010 - Windows Defender Firewall with Advanced Security must log dropped packets when connected to a domain.

AUDIT AND ACCOUNTABILITY

WNFWA-000011 - Windows Defender Firewall with Advanced Security must log successful connections when connected to a domain.

AUDIT AND ACCOUNTABILITY

WNFWA-000012 - Windows Defender Firewall with Advanced Security must block unsolicited inbound connections when connected to a private network.

CONFIGURATION MANAGEMENT

WNFWA-000013 - Windows Defender Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a private network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000017 - Windows Defender Firewall with Advanced Security log size must be configured for private network connections.

AUDIT AND ACCOUNTABILITY

WNFWA-000018 - Windows Defender Firewall with Advanced Security must log dropped packets when connected to a private network.

AUDIT AND ACCOUNTABILITY

WNFWA-000019 - Windows Defender Firewall with Advanced Security must log successful connections when connected to a private network.

AUDIT AND ACCOUNTABILITY

WNFWA-000020 - Windows Defender Firewall with Advanced Security must block unsolicited inbound connections when connected to a public network.

CONFIGURATION MANAGEMENT

WNFWA-000021 - Windows Defender Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a public network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000024 - Windows Defender Firewall with Advanced Security local firewall rules must not be merged with Group Policy settings when connected to a public network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000025 - Windows Defender Firewall with Advanced Security local connection rules must not be merged with Group Policy settings when connected to a public network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000027 - Windows Defender Firewall with Advanced Security log size must be configured for public network connections.

AUDIT AND ACCOUNTABILITY

WNFWA-000028 - Windows Defender Firewall with Advanced Security must log dropped packets when connected to a public network.

AUDIT AND ACCOUNTABILITY

WNFWA-000029 - Windows Defender Firewall with Advanced Security must log successful connections when connected to a public network.

AUDIT AND ACCOUNTABILITY

WNFWA-000100 - Inbound exceptions to the firewall on domain workstations must only allow authorized remote management hosts.

ACCESS CONTROL