DISA Windows Server 2022 STIG v1r1

Audit Details

Name: DISA Windows Server 2022 STIG v1r1

Updated: 11/18/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.0

Estimated Item Count: 287

File Details

Filename: DISA_STIG_Microsoft_Windows_Server_2022_v1r1.audit

Size: 712 kB

MD5: 05753c8e4bd2f182d463c04e87eb2ee3
SHA256: 73abcadf9a4152350c399cc5ffc7f138a632dbb75a56f62256a9b927eaaf9e50

Audit Items

DescriptionCategories
DISA_Microsoft_Windows_Server_2022_v1r1_STIG.audit from DISA Microsoft Windows Server 2022 v1r1 STIG
WN22-00-000010 - Windows Server 2022 users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

CONFIGURATION MANAGEMENT

WN22-00-000020 - Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days.

IDENTIFICATION AND AUTHENTICATION

WN22-00-000030 - Windows Server 2022 administrative accounts must not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email.

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

WN22-00-000040 - Windows Server 2022 members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.

CONFIGURATION MANAGEMENT

WN22-00-000050 - Windows Server 2022 manually managed application account passwords must be at least 15 characters in length.

IDENTIFICATION AND AUTHENTICATION

WN22-00-000060 - Windows Server 2022 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.

CONFIGURATION MANAGEMENT

WN22-00-000070 - Windows Server 2022 shared user accounts must not be permitted.

IDENTIFICATION AND AUTHENTICATION

WN22-00-000080 - Windows Server 2022 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

CONFIGURATION MANAGEMENT

WN22-00-000090 - Windows Server 2022 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use - TpmPresent

CONFIGURATION MANAGEMENT

WN22-00-000090 - Windows Server 2022 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use - TpmReady

CONFIGURATION MANAGEMENT

WN22-00-000100 - Windows Server 2022 must be maintained at a supported servicing level.

CONFIGURATION MANAGEMENT

WN22-00-000110 - Windows Server 2022 must use an antivirus program.

CONFIGURATION MANAGEMENT

WN22-00-000120 - Windows Server 2022 must have a host-based intrusion detection or prevention system.

CONFIGURATION MANAGEMENT

WN22-00-000130 - Windows Server 2022 local volumes must use a format that supports NTFS attributes.

ACCESS CONTROL

WN22-00-000140 - Windows Server 2022 permissions for the system drive root directory (usually C:\) must conform to minimum requirements.

ACCESS CONTROL

WN22-00-000150 - Windows Server 2022 permissions for program file directories must conform to minimum requirements - Program Files

ACCESS CONTROL

WN22-00-000150 - Windows Server 2022 permissions for program file directories must conform to minimum requirements - Program Files (x86)

ACCESS CONTROL

WN22-00-000160 - Windows Server 2022 permissions for the Windows installation directory must conform to minimum requirements.

ACCESS CONTROL

WN22-00-000170 - Windows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SECURITY

ACCESS CONTROL

WN22-00-000170 - Windows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SOFTWARE

ACCESS CONTROL

WN22-00-000170 - Windows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SYSTEM

ACCESS CONTROL

WN22-00-000180 - Windows Server 2022 nonadministrative accounts or groups must only have print permissions on printer shares.

ACCESS CONTROL

WN22-00-000190 - Windows Server 2022 outdated or unused accounts must be removed or disabled.

IDENTIFICATION AND AUTHENTICATION

WN22-00-000200 - Windows Server 2022 accounts must require passwords.

IDENTIFICATION AND AUTHENTICATION

WN22-00-000210 - Windows Server 2022 passwords must be configured to expire.

IDENTIFICATION AND AUTHENTICATION

WN22-00-000220 - Windows Server 2022 system files must be monitored for unauthorized changes.

CONFIGURATION MANAGEMENT

WN22-00-000230 - Windows Server 2022 nonsystem-created file shares must limit access to groups that require it.

SYSTEM AND COMMUNICATIONS PROTECTION

WN22-00-000240 - Windows Server 2022 must have software certificate installation files removed.

CONFIGURATION MANAGEMENT

WN22-00-000250 - Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

SYSTEM AND COMMUNICATIONS PROTECTION

WN22-00-000260 - Windows Server 2022 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.

SYSTEM AND COMMUNICATIONS PROTECTION

WN22-00-000270 - Windows Server 2022 must have the roles and features required by the system documented.

CONFIGURATION MANAGEMENT

WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled.

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT

WN22-00-000290 - Windows Server 2022 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

SYSTEM AND INFORMATION INTEGRITY

WN22-00-000300 - Windows Server 2022 must automatically remove or disable temporary user accounts after 72 hours.

ACCESS CONTROL

WN22-00-000310 - Windows Server 2022 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.

ACCESS CONTROL

WN22-00-000320 - Windows Server 2022 must not have the Fax Server role installed.

CONFIGURATION MANAGEMENT

WN22-00-000330 - Windows Server 2022 must not have the Microsoft FTP service installed unless required by the organization.

CONFIGURATION MANAGEMENT

WN22-00-000340 - Windows Server 2022 must not have the Peer Name Resolution Protocol installed.

CONFIGURATION MANAGEMENT

WN22-00-000350 - Windows Server 2022 must not have Simple TCP/IP Services installed.

CONFIGURATION MANAGEMENT

WN22-00-000360 - Windows Server 2022 must not have the Telnet Client installed.

CONFIGURATION MANAGEMENT

WN22-00-000370 - Windows Server 2022 must not have the TFTP Client installed.

CONFIGURATION MANAGEMENT

WN22-00-000380 - Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed.

CONFIGURATION MANAGEMENT

WN22-00-000390 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.

CONFIGURATION MANAGEMENT

WN22-00-000400 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.

CONFIGURATION MANAGEMENT

WN22-00-000410 - Windows Server 2022 must not have Windows PowerShell 2.0 installed.

CONFIGURATION MANAGEMENT

WN22-00-000420 - Windows Server 2022 FTP servers must be configured to prevent anonymous logons.

CONFIGURATION MANAGEMENT

WN22-00-000430 - Windows Server 2022 FTP servers must be configured to prevent access to the system drive.

CONFIGURATION MANAGEMENT

WN22-00-000440 - The Windows Server 2022 time service must synchronize with an appropriate DoD time source.

AUDIT AND ACCOUNTABILITY

WN22-00-000450 - Windows Server 2022 must have orphaned security identifiers (SIDs) removed from user rights.

CONFIGURATION MANAGEMENT