DISA Windows Server 2012 and 2012 R2 MS STIG v3r4

Audit Details

Name: DISA Windows Server 2012 and 2012 R2 MS STIG v3r4

Updated: 8/11/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 350

File Details

Filename: DISA_STIG_Server_2012_and_2012_R2_MS_v3r4.audit

Size: 632 kB

MD5: 648f16ca47aee6213e61cbec27dfb12e
SHA256: 4ff6c4f300598db6c7442b336283365a675699ec21354b3ddf81961bb9909094

Audit Items

DescriptionCategories
DISA_STIG_Server_2012_and_2012_R2_MS_v3r4.audit from DISA Microsoft Windows Server 2012/2012 R2 Member Server v3r4 STIG
WN12-00-000001 - Server systems must be located in a controlled access area, accessible only to authorized personnel.

CONFIGURATION MANAGEMENT

WN12-00-000004 - Users with administrative privilege must be documented.

CONFIGURATION MANAGEMENT

WN12-00-000005 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

CONFIGURATION MANAGEMENT

WN12-00-000006 - Policy must require that system administrators (SAs) be trained for the operating systems used by systems under their control.

CONFIGURATION MANAGEMENT

WN12-00-000007 - Windows 2012/2012 R2 password for the built-in Administrator account must be changed at least annually or when a member of the administrative team leaves the organization.

CONFIGURATION MANAGEMENT

WN12-00-000008 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.

CONFIGURATION MANAGEMENT

WN12-00-000009-01 - Members of the Backup Operators group must be documented.

CONFIGURATION MANAGEMENT

WN12-00-000009-02 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.

CONFIGURATION MANAGEMENT

WN12-00-000010 - Policy must require application account passwords be at least 15 characters in length.

IDENTIFICATION AND AUTHENTICATION

WN12-00-000011 - Windows 2012/2012 R2 manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.

CONFIGURATION MANAGEMENT

WN12-00-000012 - Shared user accounts must not be permitted on the system.

IDENTIFICATION AND AUTHENTICATION

WN12-00-000013 - Security configuration tools or equivalent processes must be used to configure and maintain platforms for security compliance.

CONFIGURATION MANAGEMENT

WN12-00-000014 - System-level information must be backed up in accordance with local recovery time and recovery point objectives.

CONFIGURATION MANAGEMENT

WN12-00-000015 - User-level information must be backed up in accordance with local recovery time and recovery point objectives.

CONFIGURATION MANAGEMENT

WN12-00-000016 - Backups of system-level information must be protected.

CONFIGURATION MANAGEMENT

WN12-00-000017 - System-related documentation must be backed up in accordance with local recovery time and recovery point objectives.

CONFIGURATION MANAGEMENT

WN12-00-000018 - The operating system must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

CONFIGURATION MANAGEMENT

WN12-00-000019 - Protection methods such as TLS, encrypted VPNs, or IPSEC must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-00-000020 - Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-00-000100 - The Windows 2012 / 2012 R2 system must use an anti-virus program.

CONFIGURATION MANAGEMENT

WN12-00-000160 - The Server Message Block (SMB) v1 protocol must be disabled on Windows 2012 R2.

CONFIGURATION MANAGEMENT

WN12-00-000170 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.

CONFIGURATION MANAGEMENT

WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - LanManWorkstation

CONFIGURATION MANAGEMENT

WN12-00-000180 - The Server Message Block (SMB) v1 protocol must be disabled on the SMB client - mrxsmb10

CONFIGURATION MANAGEMENT

WN12-00-000190 - Orphaned security identifiers (SIDs) must be removed from user rights on Windows 2012 / 2012 R2.

CONFIGURATION MANAGEMENT

WN12-00-000200 - Windows PowerShell must be updated to a version that supports script block logging on Windows 2012/2012 R2.

CONFIGURATION MANAGEMENT

WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Enabled

AUDIT AND ACCOUNTABILITY

WN12-00-000210 - PowerShell script block logging must be enabled on Windows 2012/2012 R2 - Patch

AUDIT AND ACCOUNTABILITY

WN12-00-000220 - Windows PowerShell 2.0 must not be installed on Windows 2012/2012 R2.

CONFIGURATION MANAGEMENT

WN12-AC-000001 - Windows 2012 account lockout duration must be configured to 15 minutes or greater.

ACCESS CONTROL

WN12-AC-000002 - The number of allowed bad logon attempts must meet minimum requirements.

ACCESS CONTROL

WN12-AC-000003 - The reset period for the account lockout counter must be configured to 15 minutes or greater on Windows 2012.

ACCESS CONTROL

WN12-AC-000004 - The password history must be configured to 24 passwords remembered.

IDENTIFICATION AND AUTHENTICATION

WN12-AC-000005 - The maximum password age must meet requirements.

IDENTIFICATION AND AUTHENTICATION

WN12-AC-000006 - The minimum password age must meet requirements.

IDENTIFICATION AND AUTHENTICATION

WN12-AC-000007 - Passwords must, at a minimum, be 14 characters.

IDENTIFICATION AND AUTHENTICATION

WN12-AC-000008 - The built-in Windows password complexity policy must be enabled.

IDENTIFICATION AND AUTHENTICATION

WN12-AC-000009 - Reversible password encryption must be disabled.

IDENTIFICATION AND AUTHENTICATION

WN12-AU-000001 - The system must be configured to audit Account Logon - Credential Validation successes.

AUDIT AND ACCOUNTABILITY

WN12-AU-000002 - The system must be configured to audit Account Logon - Credential Validation failures.

AUDIT AND ACCOUNTABILITY

WN12-AU-000015 - The system must be configured to audit Account Management - Other Account Management Events successes.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000017 - The system must be configured to audit Account Management - Security Group Management successes.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000019 - The system must be configured to audit Account Management - User Account Management successes.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000020 - The system must be configured to audit Account Management - User Account Management failures.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000023 - The system must be configured to audit Detailed Tracking - Process Creation successes.

AUDIT AND ACCOUNTABILITY

WN12-AU-000030 - Windows Server 2012/2012 R2 must be configured to audit Logon/Logoff - Account Lockout successes.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000031 - Windows Server 2012/2012 R2 must be configured to audit Logon/Logoff - Account Lockout failures.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000045 - The system must be configured to audit Logon/Logoff - Logoff successes.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000047 - The system must be configured to audit Logon/Logoff - Logon successes.

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY