Item Search

NameAudit NamePluginCategory
WN12-00-000012 - Shared user accounts must not be permitted on the system.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-00-000016 - Backups of system-level information must be protected.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000019 - Protection methods such as TLS, encrypted VPNs, or IPSEC must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000200 - Windows PowerShell must be updated to a version that supports script block logging on Windows 2012/2012 R2.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - EnabledDISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AC-000007 - Passwords must, at a minimum, be 14 characters.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-AC-000008 - The built-in Windows password complexity policy must be enabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-AU-000017 - The system must be configured to audit Account Management - Security Group Management successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000045 - The system must be configured to audit Logon/Logoff - Logoff successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000059 - The system must be configured to audit Object Access - Central Access Policy Staging successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000086 - The system must be configured to audit Policy Change - Audit Policy Change failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000102 - The system must be configured to audit Privilege Use - Sensitive Privilege Use failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000103 - The system must be configured to audit System - IPsec Driver successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000107 - The system must be configured to audit System - Security State Change successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000109 - The system must be configured to audit System - Security System Extension successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000111 - The system must be configured to audit System - System Integrity successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000203-02 - The operating system must, at a minimum, off-load audit records of interconnected systems in real time and off-load standalone systems weekly.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000204 - Permissions for the Application event log must prevent access by nonprivileged accounts.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000213 - Event Viewer must be protected from unauthorized modification and deletion.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000001 - The Mapper I/O network protocol (LLTDIO) driver must be disabledDISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000006 - All Direct Access traffic must be routed through the internal network.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000011 - IP stateless autoconfiguration limits state must be enabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000021 - A system restore point must be created when a new device driver is installed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000027 - Early Launch Antimalware, Boot-Start Driver Initialization Policy must be enabled and configured to only Good and Unknown.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000029 - Group Policies must be refreshed in the background if the user is logged on.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000032 - Downloading print driver packages over HTTP must be prevented.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000048 - Copying of user input methods to the system account for sign-in must be prevented.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000065 - The detection of compatibility issues for applications and drivers must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000072 - Autoplay must be turned off for non-volume devices.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000074 - Autoplay must be disabled for all drives.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000103 - Remote Desktop Services must delete temporary folders when a session is terminated.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000118 - Nonadministrators must be prevented from applying vendor-signed updates.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000128 - The Windows Remote Management (WinRM) service must not store RunAs credentials.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-CC-000134 - The system must be configured to ensure smart card devices can be redirected to the Remote Desktop session. (Remote Desktop Services Role).DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-GE-000006 - Permissions for system drive root directory (usually C:\) must conform to minimum requirements.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-GE-000008 - Permissions for Windows installation directory must conform to minimum requirements.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

WN12-GE-000018 - Non system-created file shares on a system must limit access to groups that require it.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-GE-000021 - Necessary services must be documented to maintain a baseline to determine if additional, unnecessary services have been added to a system.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-GE-000022 - Servers must have a host-based Intrusion Detection System.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-GE-000023 - Windows Server 2012 / 2012 R2 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) - CNDSP.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND INFORMATION INTEGRITY

WN12-RG-000002 - Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-SO-000006 - The built-in guest account must be renamed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000009 - Audit policy using subcategories must be enabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-SO-000014 - Outgoing secure channel traffic must be signed when possible.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000029 - The Windows SMB client must be enabled to perform SMB packet signing when possible.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000030 - Unencrypted passwords must not be sent to third-party SMB Servers.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-SO-000031 - The amount of idle time required before suspending a session must be properly set.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000034 - Users must be forcibly disconnected when their logon hours expire.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000038 - The system must be configured to prevent IP source routing.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT