DISA_STIG_Windows_Server_2019_v2r2.audit from DISA Microsoft Windows Server 2019 v2r2 STIG

WN19-00-000010 - Windows Server 2019 users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

CAT|I

CCI|CCI-000366

Rule-ID|SV-205844r569188_rule

STIG-ID|WN19-00-000010

STIG-Legacy|SV-103457

STIG-Legacy|V-93369

Vuln-ID|V-205844

WN19-00-000020 - Windows Server 2019 passwords for the built-in Administrator account must be changed at least every 60 days.

800-53|IA-5(1)

CAT|II

CCI|CCI-000199

Rule-ID|SV-205657r569188_rule

STIG-ID|WN19-00-000020

STIG-Legacy|SV-103559

STIG-Legacy|V-93473

Vuln-ID|V-205657

WN19-00-000030 - Windows Server 2019 administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.

Rule-ID|SV-205845r569188_rule

STIG-ID|WN19-00-000030

STIG-Legacy|SV-103293

STIG-Legacy|V-93205

Vuln-ID|V-205845

WN19-00-000040 - Windows Server 2019 members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.

800-53|AC-5

Rule-ID|SV-205846r569188_rule

STIG-ID|WN19-00-000040

STIG-Legacy|SV-103295

STIG-Legacy|V-93207

Vuln-ID|V-205846

WN19-00-000050 - Windows Server 2019 manually managed application account passwords must be at least 15 characters in length.

CCI|CCI-000205

Rule-ID|SV-205661r569188_rule

STIG-ID|WN19-00-000050

STIG-Legacy|SV-103547

STIG-Legacy|V-93461

Vuln-ID|V-205661

WN19-00-000060 - Windows Server 2019 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.

800-53|IA-5

Rule-ID|SV-205847r569188_rule

STIG-ID|WN19-00-000060

STIG-Legacy|SV-103297

STIG-Legacy|V-93209

Vuln-ID|V-205847

WN19-00-000070 - Windows Server 2019 shared user accounts must not be permitted.

800-53|AC-2(9)

CCI|CCI-000764

Rule-ID|SV-205699r569188_rule

STIG-ID|WN19-00-000070

STIG-Legacy|SV-103523

STIG-Legacy|V-93437

Vuln-ID|V-205699

WN19-00-000080 - Windows Server 2019 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

800-53|CM-7(5)

CCI|CCI-001774

Rule-ID|SV-205807r569188_rule

STIG-ID|WN19-00-000080

STIG-Legacy|SV-103465

STIG-Legacy|V-93379

Vuln-ID|V-205807

WN19-00-000090 - Windows Server 2019 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use.

Rule-ID|SV-205848r569188_rule

STIG-ID|WN19-00-000090

STIG-Legacy|SV-103301

STIG-Legacy|V-93213

Vuln-ID|V-205848

WN19-00-000100 - Windows Server 2019 must be maintained at a supported servicing level.

800-53|CM-8(1)

Rule-ID|SV-205849r569188_rule

STIG-ID|WN19-00-000100

STIG-Legacy|SV-103303

STIG-Legacy|V-93215

Vuln-ID|V-205849

WN19-00-000110 - Windows Server 2019 must use an anti-virus program.

800-53|SI-3

Rule-ID|SV-205850r569245_rule

STIG-ID|WN19-00-000110

STIG-Legacy|SV-103305

STIG-Legacy|V-93217

Vuln-ID|V-205850

WN19-00-000120 - Windows Server 2019 must have a host-based intrusion detection or prevention system.

Rule-ID|SV-205851r569188_rule

STIG-ID|WN19-00-000120

STIG-Legacy|SV-103307

STIG-Legacy|V-93219

Vuln-ID|V-205851

WN19-00-000130 - Windows Server 2019 local volumes must use a format that supports NTFS attributes.

800-53|CM-6

CCI|CCI-000213

Rule-ID|SV-205663r569188_rule

STIG-ID|WN19-00-000130

STIG-Legacy|SV-103079

STIG-Legacy|V-92991

Vuln-ID|V-205663

WN19-00-000140 - Windows Server 2019 permissions for the system drive root directory (usually C:\) must conform to minimum requirements.

800-53|AC-6(7)

CCI|CCI-002165

CSCv6|3.1

Rule-ID|SV-205734r569188_rule

STIG-ID|WN19-00-000140

STIG-Legacy|SV-103107

STIG-Legacy|V-93019

Vuln-ID|V-205734

WN19-00-000150 - Windows Server 2019 permissions for program file directories must conform to minimum requirements - Program Files

Rule-ID|SV-205735r569188_rule

STIG-ID|WN19-00-000150

STIG-Legacy|SV-103109

STIG-Legacy|V-93021

Vuln-ID|V-205735

WN19-00-000150 - Windows Server 2019 permissions for program file directories must conform to minimum requirements - Program Files (x86)

WN19-00-000160 - Windows Server 2019 permissions for the Windows installation directory must conform to minimum requirements.

Rule-ID|SV-205736r569188_rule

STIG-ID|WN19-00-000160

STIG-Legacy|SV-103111

STIG-Legacy|V-93023

Vuln-ID|V-205736

WN19-00-000170 - Windows Server 2019 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SECURITY

CCI|CCI-002235

Rule-ID|SV-205737r569188_rule

STIG-ID|WN19-00-000170

STIG-Legacy|SV-103113

STIG-Legacy|V-93025

Vuln-ID|V-205737

WN19-00-000170 - Windows Server 2019 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SOFTWARE

WN19-00-000170 - Windows Server 2019 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SYSTEM

WN19-00-000180 - Windows Server 2019 non-administrative accounts or groups must only have print permissions on printer shares.

CAT|III

Rule-ID|SV-205664r569188_rule

STIG-ID|WN19-00-000180

STIG-Legacy|SV-103081

STIG-Legacy|V-92993

Vuln-ID|V-205664

WN19-00-000190 - Windows Server 2019 outdated or unused accounts must be removed or disabled.

800-53|AC-2(3)

CCI|CCI-000795

CSCv6|16.1

CSCv6|16.6

Rule-ID|SV-205707r569188_rule

STIG-ID|WN19-00-000190

STIG-Legacy|SV-103543

STIG-Legacy|V-93457

Vuln-ID|V-205707

WN19-00-000200 - Windows Server 2019 accounts must require passwords.

Rule-ID|SV-205700r569188_rule

STIG-ID|WN19-00-000200

STIG-Legacy|SV-103525

STIG-Legacy|V-93439

Vuln-ID|V-205700

WN19-00-000210 - Windows Server 2019 passwords must be configured to expire.

Rule-ID|SV-205658r569188_rule

STIG-ID|WN19-00-000210

STIG-Legacy|SV-103561

STIG-Legacy|V-93475

Vuln-ID|V-205658

WN19-00-000220 - Windows Server 2019 system files must be monitored for unauthorized changes.

CCI|CCI-001744

Rule-ID|SV-205803r569241_rule

STIG-ID|WN19-00-000220

STIG-Legacy|SV-103291

STIG-Legacy|V-93203

Vuln-ID|V-205803

WN19-00-000230 - Windows Server 2019 non-system-created file shares must limit access to groups that require it.

CCI|CCI-001090

Rule-ID|SV-205721r569188_rule

STIG-ID|WN19-00-000230

STIG-Legacy|SV-103617

STIG-Legacy|V-93531

Vuln-ID|V-205721

WN19-00-000240 - Windows Server 2019 must have software certificate installation files removed.

800-53|SC-12

Rule-ID|SV-205852r569188_rule

STIG-ID|WN19-00-000240

STIG-Legacy|SV-103309

STIG-Legacy|V-93221

Vuln-ID|V-205852

WN19-00-000250 - Windows Server 2019 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

CCI|CCI-001199

CCI|CCI-002475

CCI|CCI-002476

Rule-ID|SV-205727r569188_rule

STIG-ID|WN19-00-000250

STIG-Legacy|SV-103601

STIG-Legacy|V-93515

Vuln-ID|V-205727

WN19-00-000260 - Windows Server 2019 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.

CCI|CCI-002420

CCI|CCI-002422

Rule-ID|SV-205829r569188_rule

STIG-ID|WN19-00-000260

STIG-Legacy|SV-103629

STIG-Legacy|V-93543

Vuln-ID|V-205829

WN19-00-000270 - Windows Server 2019 must have the roles and features required by the system documented.

800-53|CM-8

CCI|CCI-000381

Rule-ID|SV-205677r569188_rule

STIG-ID|WN19-00-000270

STIG-Legacy|SV-103467

STIG-Legacy|V-93381

Vuln-ID|V-205677

Detections

Analytics

Revision 1.8

Dec 17, 2021

Functional Update