| WN12-00-000012 - Shared user accounts must not be permitted on the system. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-00-000016 - Backups of system-level information must be protected. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000019 - Protection methods such as TLS, encrypted VPNs, or IPSEC must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000200 - Windows PowerShell must be updated to a version that supports script block logging on Windows 2012/2012 R2. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Enabled | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AC-000007 - Passwords must, at a minimum, be 14 characters. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-AC-000008 - The built-in Windows password complexity policy must be enabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-AU-000017 - The system must be configured to audit Account Management - Security Group Management successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000045 - The system must be configured to audit Logon/Logoff - Logoff successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000059 - The system must be configured to audit Object Access - Central Access Policy Staging successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000086 - The system must be configured to audit Policy Change - Audit Policy Change failures. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000102 - The system must be configured to audit Privilege Use - Sensitive Privilege Use failures. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000103 - The system must be configured to audit System - IPsec Driver successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000107 - The system must be configured to audit System - Security State Change successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000109 - The system must be configured to audit System - Security System Extension successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000111 - The system must be configured to audit System - System Integrity successes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000203-02 - The operating system must, at a minimum, off-load audit records of interconnected systems in real time and off-load standalone systems weekly. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000204 - Permissions for the Application event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000213 - Event Viewer must be protected from unauthorized modification and deletion. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000001 - The Mapper I/O network protocol (LLTDIO) driver must be disabled | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000006 - All Direct Access traffic must be routed through the internal network. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000011 - IP stateless autoconfiguration limits state must be enabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000021 - A system restore point must be created when a new device driver is installed. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000027 - Early Launch Antimalware, Boot-Start Driver Initialization Policy must be enabled and configured to only Good and Unknown. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000029 - Group Policies must be refreshed in the background if the user is logged on. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000032 - Downloading print driver packages over HTTP must be prevented. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000048 - Copying of user input methods to the system account for sign-in must be prevented. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000065 - The detection of compatibility issues for applications and drivers must be turned off. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000072 - Autoplay must be turned off for non-volume devices. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000074 - Autoplay must be disabled for all drives. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000103 - Remote Desktop Services must delete temporary folders when a session is terminated. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000118 - Nonadministrators must be prevented from applying vendor-signed updates. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000128 - The Windows Remote Management (WinRM) service must not store RunAs credentials. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-CC-000134 - The system must be configured to ensure smart card devices can be redirected to the Remote Desktop session. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000006 - Permissions for system drive root directory (usually C:\) must conform to minimum requirements. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000008 - Permissions for Windows installation directory must conform to minimum requirements. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| WN12-GE-000018 - Non system-created file shares on a system must limit access to groups that require it. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-GE-000021 - Necessary services must be documented to maintain a baseline to determine if additional, unnecessary services have been added to a system. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000022 - Servers must have a host-based Intrusion Detection System. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000023 - Windows Server 2012 / 2012 R2 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where ESS is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP) - CNDSP. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN12-RG-000002 - Standard user accounts must only have Read permissions to the Active Setup\Installed Components registry key. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-SO-000006 - The built-in guest account must be renamed. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000009 - Audit policy using subcategories must be enabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-SO-000014 - Outgoing secure channel traffic must be signed when possible. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000029 - The Windows SMB client must be enabled to perform SMB packet signing when possible. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000030 - Unencrypted passwords must not be sent to third-party SMB Servers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000031 - The amount of idle time required before suspending a session must be properly set. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000034 - Users must be forcibly disconnected when their logon hours expire. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000038 - The system must be configured to prevent IP source routing. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
