DISA_Microsoft_Windows_Server_2022_STIG_v2r4.audit from DISA Microsoft Windows Server 2022 STIG v2r4

WN22-00-000010 - Windows Server 2022 users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

800-53|CM-6b.

CAT|II

CCI|CCI-000366

Rule-ID|SV-254238r991589_rule

STIG-ID|WN22-00-000010

Vuln-ID|V-254238

WN22-00-000020 - Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days.

800-53|IA-5(1)(d)

CCI|CCI-000199

CCI|CCI-004066

Rule-ID|SV-254239r1081067_rule

STIG-ID|WN22-00-000020

Vuln-ID|V-254239

WN22-00-000030 - Windows Server 2022 administrative accounts must not be used with applications that access the internet, such as web browsers, or with potential internet sources, such as email.

800-53|SI-11a.

CAT|I

CCI|CCI-001312

Rule-ID|SV-254240r991589_rule

STIG-ID|WN22-00-000030

Vuln-ID|V-254240

WN22-00-000040 - Windows Server 2022 members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.

Rule-ID|SV-254241r991589_rule

STIG-ID|WN22-00-000040

Vuln-ID|V-254241

WN22-00-000050 - Windows Server 2022 manually managed application account passwords must be at least 14 characters in length.

800-53|IA-5(1)(a)

CCI|CCI-000205

Rule-ID|SV-254242r1051087_rule

STIG-ID|WN22-00-000050

Vuln-ID|V-254242

WN22-00-000060 - Windows Server 2022 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.

Rule-ID|SV-254243r991589_rule

STIG-ID|WN22-00-000060

Vuln-ID|V-254243

WN22-00-000070 - Windows Server 2022 shared user accounts must not be permitted.

800-53|IA-2

CCI|CCI-000764

Rule-ID|SV-254244r958482_rule

STIG-ID|WN22-00-000070

Vuln-ID|V-254244

WN22-00-000080 - Windows Server 2022 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

800-53|CM-7(5)(b)

CCI|CCI-001774

Rule-ID|SV-254245r958808_rule

STIG-ID|WN22-00-000080

Vuln-ID|V-254245

WN22-00-000090 - Windows Server 2022 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use.

Rule-ID|SV-254246r991589_rule

STIG-ID|WN22-00-000090

Vuln-ID|V-254246

WN22-00-000100 - Windows Server 2022 must be maintained at a supported servicing level.

Rule-ID|SV-254247r991589_rule

STIG-ID|WN22-00-000100

Vuln-ID|V-254247

WN22-00-000110 - Windows Server 2022 must use an antivirus program.

Rule-ID|SV-254248r991589_rule

STIG-ID|WN22-00-000110

Vuln-ID|V-254248

WN22-00-000120 - Windows Server 2022 must have a host-based intrusion detection or prevention system.

Rule-ID|SV-254249r991589_rule

STIG-ID|WN22-00-000120

Vuln-ID|V-254249

WN22-00-000130 - Windows Server 2022 local volumes must use a format that supports NTFS attributes.

800-53|AC-3

CCI|CCI-000213

Rule-ID|SV-254250r1081070_rule

STIG-ID|WN22-00-000130

Vuln-ID|V-254250

WN22-00-000140 - Windows Server 2022 permissions for the system drive root directory (usually C:\) must conform to minimum requirements.

800-53|AC-3(4)

CCI|CCI-002165

Rule-ID|SV-254251r958702_rule

STIG-ID|WN22-00-000140

Vuln-ID|V-254251

WN22-00-000150 - Windows Server 2022 permissions for program file directories must conform to minimum requirements.

Rule-ID|SV-254252r958702_rule

STIG-ID|WN22-00-000150

Vuln-ID|V-254252

WN22-00-000160 - Windows Server 2022 permissions for the Windows installation directory must conform to minimum requirements.

Rule-ID|SV-254253r958702_rule

STIG-ID|WN22-00-000160

Vuln-ID|V-254253

WN22-00-000170 - Windows Server 2022 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.

800-53|AC-6(10)

CCI|CCI-002235

Rule-ID|SV-254254r958726_rule

STIG-ID|WN22-00-000170

Vuln-ID|V-254254

WN22-00-000180 - Windows Server 2022 nonadministrative accounts or groups must only have print permissions on printer shares.

CAT|III

Rule-ID|SV-254255r958472_rule

STIG-ID|WN22-00-000180

Vuln-ID|V-254255

WN22-00-000190 - Windows Server 2022 outdated or unused accounts must be removed or disabled.

800-53|IA-4e.

CCI|CCI-000795

CCI|CCI-003627

Rule-ID|SV-254256r1051088_rule

STIG-ID|WN22-00-000190

Vuln-ID|V-254256

WN22-00-000200 - Windows Server 2022 accounts must require passwords.

Rule-ID|SV-254257r958482_rule

STIG-ID|WN22-00-000200

Vuln-ID|V-254257

WN22-00-000210 - Windows Server 2022 passwords must be configured to expire.

Rule-ID|SV-254258r1051089_rule

STIG-ID|WN22-00-000210

Vuln-ID|V-254258

WN22-00-000220 - Windows Server 2022 system files must be monitored for unauthorized changes.

800-53|CM-3(5)

CCI|CCI-001744

Rule-ID|SV-254259r958794_rule

STIG-ID|WN22-00-000220

Vuln-ID|V-254259

WN22-00-000230 - Windows Server 2022 nonsystem-created file shares must limit access to groups that require it.

800-53|SC-4

CCI|CCI-001090

Rule-ID|SV-254260r958524_rule

STIG-ID|WN22-00-000230

Vuln-ID|V-254260

WN22-00-000240 - Windows Server 2022 must have software certificate installation files removed.

Rule-ID|SV-254261r991589_rule

STIG-ID|WN22-00-000240

Vuln-ID|V-254261

WN22-00-000250 - Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

800-53|SC-28

800-53|SC-28(1)

CCI|CCI-001199

CCI|CCI-002475

CCI|CCI-002476

Rule-ID|SV-254262r958552_rule

STIG-ID|WN22-00-000250

Vuln-ID|V-254262

WN22-00-000260 - Windows Server 2022 must implement protection methods such as TLS, encrypted VPNs, or IPsec if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.

800-53|SC-8(2)

CCI|CCI-002420

CCI|CCI-002422

Rule-ID|SV-254263r958912_rule

STIG-ID|WN22-00-000260

Vuln-ID|V-254263

WN22-00-000270 - Windows Server 2022 must have the roles and features required by the system documented.

800-53|CM-7a.

CCI|CCI-000381

Rule-ID|SV-254264r958478_rule

STIG-ID|WN22-00-000270

Vuln-ID|V-254264

WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled.

800-53|CA-3(5)

CCI|CCI-002080

Rule-ID|SV-254265r991589_rule

STIG-ID|WN22-00-000280

Vuln-ID|V-254265

WN22-00-000290 - Windows Server 2022 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).

Rule-ID|SV-254266r1000154_rule

STIG-ID|WN22-00-000290

Vuln-ID|V-254266

WN22-00-000300 - Windows Server 2022 must automatically remove or disable temporary user accounts after 72 hours.

800-53|AC-2(2)

CCI|CCI-000016

Rule-ID|SV-254267r958364_rule

STIG-ID|WN22-00-000300

Vuln-ID|V-254267

WN22-00-000310 - Windows Server 2022 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.

CCI|CCI-001682

Rule-ID|SV-254268r958508_rule

STIG-ID|WN22-00-000310

Vuln-ID|V-254268

WN22-00-000320 - Windows Server 2022 must not have the Fax Server role installed.

Rule-ID|SV-254269r958478_rule

STIG-ID|WN22-00-000320

Vuln-ID|V-254269

WN22-00-000330 - Windows Server 2022 must not have the Microsoft FTP service installed unless required by the organization.

800-53|CM-7b.

CCI|CCI-000382

Rule-ID|SV-254270r958480_rule

STIG-ID|WN22-00-000330

Vuln-ID|V-254270

WN22-00-000340 - Windows Server 2022 must not have the Peer Name Resolution Protocol installed.

Rule-ID|SV-254271r958478_rule

STIG-ID|WN22-00-000340

Vuln-ID|V-254271

WN22-00-000350 - Windows Server 2022 must not have Simple TCP/IP Services installed.

Rule-ID|SV-254272r958478_rule

STIG-ID|WN22-00-000350

Vuln-ID|V-254272

WN22-00-000360 - Windows Server 2022 must not have the Telnet Client installed.

Rule-ID|SV-254273r958480_rule

STIG-ID|WN22-00-000360

Vuln-ID|V-254273

WN22-00-000370 - Windows Server 2022 must not have the TFTP Client installed.

Rule-ID|SV-254274r958478_rule

STIG-ID|WN22-00-000370

Vuln-ID|V-254274

WN22-00-000380 - Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed.

Rule-ID|SV-254275r958478_rule

STIG-ID|WN22-00-000380

Vuln-ID|V-254275

WN22-00-000390 - Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server.

Rule-ID|SV-254276r958478_rule

Detections

Analytics

DISA Microsoft Windows Server 2022 STIG v2r4

Audit Details

File Details

Audit Changelog

Revision 1.1

Functional Update