Detections
Analytics

DISA Microsoft Windows Firewall v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Microsoft Windows Firewall v2r1

Updated: 12/12/2023

Authority: DISA STIG

Plugin: Windows

Revision: 1.5

Estimated Item Count: 22

File Details

Filename: DISA_STIG_Windows_Firewall_v2r1.audit

Size: 107 kB

MD5: 4408d3af08d7d69bc5ffda7090ba0924
SHA256: 506c4a24ed420c89bf83fb8c3652bfa0d7d5cb9726e246a4ede6761e70ea5959

Audit Items

DescriptionCategories
DISA_STIG_Windows_Firewall_v2r1.audit from DISA Microsoft Windows Firewall v2r1
WNFWA-000001 - The Windows Firewall with Advanced Security must be enabled when connected to a domain.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000002 - The Windows Firewall with Advanced Security must be enabled when connected to a private network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000003 - The Windows Firewall with Advanced Security must be enabled when connected to a public network.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000004 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a domain.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000005 - The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a domain.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000009 - The Windows Firewall with Advanced Security log size must be configured for domain connections.

AUDIT AND ACCOUNTABILITY

WNFWA-000010 - The Windows Firewall with Advanced Security must log dropped packets when connected to a domain.

AUDIT AND ACCOUNTABILITY

WNFWA-000011 - The Windows Firewall with Advanced Security must log successful connections when connected to a domain.

AUDIT AND ACCOUNTABILITY

WNFWA-000012 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a private network.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000013 - The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a private network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000017 - The Windows Firewall with Advanced Security log size must be configured for private network connections.

AUDIT AND ACCOUNTABILITY

WNFWA-000018 - The Windows Firewall with Advanced Security must log dropped packets when connected to a private network.

AUDIT AND ACCOUNTABILITY

WNFWA-000019 - The Windows Firewall with Advanced Security must log successful connections when connected to a private network.

AUDIT AND ACCOUNTABILITY

WNFWA-000020 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a public network.

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000021 - The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a public network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000024 - The Windows Firewall with Advanced Security local firewall rules must not be merged with Group Policy settings when connected to a public network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000025 - The Windows Firewall with Advanced Security local connection rules must not be merged with Group Policy settings when connected to a public network.

SYSTEM AND COMMUNICATIONS PROTECTION

WNFWA-000027 - The Windows Firewall with Advanced Security log size must be configured for public network connections.

AUDIT AND ACCOUNTABILITY

WNFWA-000028 - The Windows Firewall with Advanced Security must log dropped packets when connected to a public network.

AUDIT AND ACCOUNTABILITY

WNFWA-000029 - The Windows Firewall with Advanced Security must log successful connections when connected to a public network.

AUDIT AND ACCOUNTABILITY

WNFWA-000100 - Inbound exceptions to the firewall on domain workstations must only allow authorized remote management hosts.

ACCESS CONTROL