Item Search

NameAudit NamePluginCategory
WN12-00-000009-02 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000011 - Windows 2012/2012 R2 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000013 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000018 - The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-AC-000001 - Windows 2012 account lockout duration must be configured to 15 minutes or greater.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-AC-000002 - The number of allowed bad logon attempts must meet minimum requirements.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-AU-000081 - The system must be configured to audit Object Access - Removable Storage successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000112 - The system must be configured to audit System - System Integrity failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000205 - Permissions for the Security event log must prevent access by nonprivileged accounts.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000002 - The Responder network protocol driver must be disabledDISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000023 - Windows must be prevented from sending an error report when a device driver requests additional software during installation.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000024 - Device driver searches using Windows Update must be prevented.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000038 - The Internet File Association service must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000039 - Printing over HTTP must be prevented.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000066 - Microsoft Support Diagnostic Tool (MSDT) interactive communication with Microsoft must be prevented.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000069 - The time service must synchronize with an appropriate DoD time source.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000073 - The default Autorun behavior must be configured to prevent Autorun commands.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000077 - Administrator accounts must not be enumerated during elevation.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-CC-000085 - The Security event log size must be configured to 196608 KB or greater.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000091 - File Explorer shell protocol must run in protected mode.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000095 - The location feature must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000109 - Automatic download of updates from the Windows Store must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000110 - The Windows Store application must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000115 - Users must be prevented from changing installation options.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000133 - Users must be prevented from mapping local LPT ports and redirecting data from the Remote Desktop Session Host to local LPT ports. (Remote Desktop Services Role).DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-CC-000135 - Users must be prevented from redirecting Plug and Play devices to the Remote Desktop Session Host. (Remote Desktop Services Role).DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-CC-000139 - Windows 2012 R2 must include command line data in process creation events.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000141 - The setting to allow Microsoft accounts to be optional for modern style apps must be enabled (Windows 2012 R2).DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000145 - Automatically signing in the last interactive user after a system-initiated restart must be disabled (Windows 2012 R2).DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-GE-000005 - Local volumes must use a format that supports NTFS attributes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-SO-000043 - The system must be configured to ignore NetBIOS name release requests except from WINS servers.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000045 - The system must be configured to use Safe DLL Search Mode.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000051 - Anonymous enumeration of SAM accounts must not be allowed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000052 - Anonymous enumeration of shares must be restricted.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000055-MS - Named pipes that can be accessed anonymously must be configured to contain no values on member servers.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000059 - Network shares that can be accessed anonymously must not be allowed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000061 - Services using Local System that use Negotiate when reverting to NTLM authentication must use the computer identity vs. authenticating anonymously.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-SO-000062 - NTLM must be prevented from falling back to a Null session.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000069 - The system must be configured to meet the minimum session security requirement for NTLM SSP-based clients.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000076 - The default permissions of global system objects must be increased.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-SO-000077 - User Account Control approval mode for the built-in Administrator must be enabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-SO-000082 - User Account Control must only elevate UIAccess applications that are installed in secure locations.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000085 - User Account Control must virtualize file and registry write failures to per-user locations.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-SO-000086 - UIAccess applications must not be allowed to prompt for elevation without using the secure desktop.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-UC-000007 - The Windows Help Experience Improvement Program must be disabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-UC-000010 - Mechanisms for removing zone information from file attachments must be hidden.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-UR-000012 - The Create a token object user right must not be assigned to any groups or accounts.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-UR-000017-MS - The Deny access to this computer from the network user right on member servers must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems, and from unauthenticated access on all systems.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-UR-000021-MS - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems, and from unauthenticated access on all systems.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL

WN12-UR-000042 - The Take ownership of files or other objects user right must only be assigned to the Administrators group.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL