DISA_Microsoft_Windows_Server_2022_STIG_v2r4.audit from DISA Microsoft Windows Server 2022 STIG v2r4

WN22-00-000010 - Windows Server 2022 users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

CAT|II

CCI|CCI-000366

Rule-ID|SV-254238r991589_rule

STIG-ID|WN22-00-000010

Vuln-ID|V-254238

WN22-00-000020 - Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days.

CCI|CCI-000199

CCI|CCI-004066

Rule-ID|SV-254239r1081067_rule

STIG-ID|WN22-00-000020

Vuln-ID|V-254239

WN22-00-000030 - Windows Server 2022 administrative accounts must not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email.

CAT|I

CCI|CCI-001312

Rule-ID|SV-254240r991589_rule

STIG-ID|WN22-00-000030

Vuln-ID|V-254240

WN22-00-000040 - Windows Server 2022 members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.

Rule-ID|SV-254241r991589_rule

STIG-ID|WN22-00-000040

Vuln-ID|V-254241

WN22-00-000050 - Windows Server 2022 manually managed application account passwords must be at least 14 characters in length.

CCI|CCI-000205

Rule-ID|SV-254242r1051087_rule

STIG-ID|WN22-00-000050

Vuln-ID|V-254242

WN22-00-000060 - Windows Server 2022 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.

Rule-ID|SV-254243r991589_rule

STIG-ID|WN22-00-000060

Vuln-ID|V-254243

WN22-00-000070 - Windows Server 2022 shared user accounts must not be permitted.

CCI|CCI-000764

Rule-ID|SV-254244r958482_rule

STIG-ID|WN22-00-000070

Vuln-ID|V-254244

WN22-00-000080 - Windows Server 2022 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

CCI|CCI-001774

Rule-ID|SV-254245r958808_rule

STIG-ID|WN22-00-000080

Vuln-ID|V-254245

WN22-00-000090 - Windows Server 2022 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use.

Rule-ID|SV-254246r991589_rule

STIG-ID|WN22-00-000090

Vuln-ID|V-254246

WN22-00-000100 - Windows Server 2022 must be maintained at a supported servicing level.

Rule-ID|SV-254247r991589_rule

STIG-ID|WN22-00-000100

Vuln-ID|V-254247

WN22-00-000110 - Windows Server 2022 must use an antivirus program.

Rule-ID|SV-254248r991589_rule

STIG-ID|WN22-00-000110

Vuln-ID|V-254248

WN22-00-000120 - Windows Server 2022 must have a host-based intrusion detection or prevention system.

Rule-ID|SV-254249r991589_rule

STIG-ID|WN22-00-000120

Vuln-ID|V-254249

WN22-00-000130 - Windows Server 2022 local volumes must use a format that supports NTFS attributes.

CCI|CCI-000213

Rule-ID|SV-254250r1081070_rule

STIG-ID|WN22-00-000130

Vuln-ID|V-254250

WN22-00-000140 - Windows Server 2022 permissions for the system drive root directory (usually C:\) must conform to minimum requirements.

CCI|CCI-002165

Rule-ID|SV-254251r958702_rule

STIG-ID|WN22-00-000140

Vuln-ID|V-254251

WN22-00-000150 - Windows Server 2022 permissions for program file directories must conform to minimum requirements.

Rule-ID|SV-254252r958702_rule

STIG-ID|WN22-00-000150

Vuln-ID|V-254252

WN22-00-000160 - Windows Server 2022 permissions for the Windows installation directory must conform to minimum requirements.

Rule-ID|SV-254253r958702_rule

STIG-ID|WN22-00-000160

Vuln-ID|V-254253

WN22-00-000170 - Windows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.

CCI|CCI-002235

Rule-ID|SV-254254r958726_rule

STIG-ID|WN22-00-000170

Vuln-ID|V-254254

WN22-00-000180 - Windows Server 2022 nonadministrative accounts or groups must only have print permissions on printer shares.

CAT|III

Rule-ID|SV-254255r958472_rule

STIG-ID|WN22-00-000180

Vuln-ID|V-254255

WN22-00-000190 - Windows Server 2022 outdated or unused accounts must be removed or disabled.

CCI|CCI-000795

CCI|CCI-003627

Rule-ID|SV-254256r1051088_rule

STIG-ID|WN22-00-000190

Vuln-ID|V-254256

WN22-00-000200 - Windows Server 2022 accounts must require passwords.

Rule-ID|SV-254257r958482_rule

STIG-ID|WN22-00-000200

Vuln-ID|V-254257

WN22-00-000210 - Windows Server 2022 passwords must be configured to expire.

Rule-ID|SV-254258r1051089_rule

STIG-ID|WN22-00-000210

Vuln-ID|V-254258

WN22-00-000220 - Windows Server 2022 system files must be monitored for unauthorized changes.

CCI|CCI-001744

Rule-ID|SV-254259r958794_rule

STIG-ID|WN22-00-000220

Vuln-ID|V-254259

WN22-00-000230 - Windows Server 2022 nonsystem-created file shares must limit access to groups that require it.

CCI|CCI-001090

Rule-ID|SV-254260r958524_rule

STIG-ID|WN22-00-000230

Vuln-ID|V-254260

WN22-00-000240 - Windows Server 2022 must have software certificate installation files removed.

Rule-ID|SV-254261r991589_rule

STIG-ID|WN22-00-000240

Vuln-ID|V-254261

WN22-00-000250 - Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

CCI|CCI-001199

CCI|CCI-002475

CCI|CCI-002476

Rule-ID|SV-254262r958552_rule

STIG-ID|WN22-00-000250

Vuln-ID|V-254262

WN22-00-000260 - Windows Server 2022 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.

CCI|CCI-002420

CCI|CCI-002422

Rule-ID|SV-254263r958912_rule

STIG-ID|WN22-00-000260

Vuln-ID|V-254263

WN22-00-000270 - Windows Server 2022 must have the roles and features required by the system documented.

CCI|CCI-000381

Rule-ID|SV-254264r958478_rule

STIG-ID|WN22-00-000270

Vuln-ID|V-254264

WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled.

CCI|CCI-002080

Rule-ID|SV-254265r991589_rule

STIG-ID|WN22-00-000280

Vuln-ID|V-254265

WN22-00-000290 - Windows Server 2022 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

Rule-ID|SV-254266r1000154_rule

STIG-ID|WN22-00-000290

Vuln-ID|V-254266

WN22-00-000300 - Windows Server 2022 must automatically remove or disable temporary user accounts after 72 hours.

CCI|CCI-000016

Rule-ID|SV-254267r958364_rule

STIG-ID|WN22-00-000300

Vuln-ID|V-254267

WN22-00-000310 - Windows Server 2022 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.

CCI|CCI-001682

Rule-ID|SV-254268r958508_rule

STIG-ID|WN22-00-000310

Vuln-ID|V-254268

WN22-00-000320 - Windows Server 2022 must not have the Fax Server role installed.

Rule-ID|SV-254269r958478_rule

STIG-ID|WN22-00-000320

Vuln-ID|V-254269

WN22-00-000330 - Windows Server 2022 must not have the Microsoft FTP service installed unless required by the organization.

CCI|CCI-000382

Rule-ID|SV-254270r958480_rule

STIG-ID|WN22-00-000330

Vuln-ID|V-254270

WN22-00-000340 - Windows Server 2022 must not have the Peer Name Resolution Protocol installed.

Rule-ID|SV-254271r958478_rule

STIG-ID|WN22-00-000340

Vuln-ID|V-254271

WN22-00-000350 - Windows Server 2022 must not have Simple TCP/IP Services installed.

Rule-ID|SV-254272r958478_rule

STIG-ID|WN22-00-000350

Vuln-ID|V-254272

WN22-00-000360 - Windows Server 2022 must not have the Telnet Client installed.

Rule-ID|SV-254273r958480_rule

STIG-ID|WN22-00-000360

Vuln-ID|V-254273

WN22-00-000370 - Windows Server 2022 must not have the TFTP Client installed.

Rule-ID|SV-254274r958478_rule

STIG-ID|WN22-00-000370

Vuln-ID|V-254274

WN22-00-000380 - Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed.

Rule-ID|SV-254275r958478_rule

STIG-ID|WN22-00-000380

Vuln-ID|V-254275

WN22-00-000390 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.

Rule-ID|SV-254276r958478_rule

STIG-ID|WN22-00-000390

Vuln-ID|V-254276

WN22-00-000400 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.

Rule-ID|SV-254277r958478_rule

STIG-ID|WN22-00-000400

Vuln-ID|V-254277

WN22-00-000410 - Windows Server 2022 must not have Windows PowerShell 2.0 installed.

Rule-ID|SV-254278r958478_rule

STIG-ID|WN22-00-000410

Vuln-ID|V-254278

WN22-00-000420 - Windows Server 2022 FTP servers must be configured to prevent anonymous logons.

Rule-ID|SV-254279r991589_rule

STIG-ID|WN22-00-000420

Vuln-ID|V-254279

WN22-00-000430 - Windows Server 2022 FTP servers must be configured to prevent access to the system drive.

Rule-ID|SV-254280r991589_rule

STIG-ID|WN22-00-000430

Vuln-ID|V-254280

WN22-00-000440 - The Windows Server 2022 time service must synchronize with an appropriate DOD time source.

Detections

Analytics

DISA Microsoft Windows Server 2022 STIG v2r4

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.4

Miscellaneous

Revision 1.3

Functional Update

Miscellaneous

Revision 1.2

Functional Update

Revision 1.1

Functional Update