DISA_STIG_Windows_Server_2016_v2r2.audit from DISA Microsoft Windows Server 2016 v2r2 STIG

WN16-00-000010 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.

CAT|I

CCI|CCI-000366

Rule-ID|SV-224819r569186_rule

STIG-ID|WN16-00-000010

STIG-Legacy|SV-87869

STIG-Legacy|V-73217

Vuln-ID|V-224819

WN16-00-000030 - Passwords for the built-in Administrator account must be changed at least every 60 days.

800-53|IA-5(1)

CAT|II

CCI|CCI-000199

Rule-ID|SV-224820r569186_rule

STIG-ID|WN16-00-000030

STIG-Legacy|SV-87875

STIG-Legacy|V-73223

Vuln-ID|V-224820

WN16-00-000040 - Administrative accounts must not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email.

Rule-ID|SV-224821r569186_rule

STIG-ID|WN16-00-000040

STIG-Legacy|SV-87877

STIG-Legacy|V-73225

Vuln-ID|V-224821

WN16-00-000050 - Members of the Backup Operators group must have separate accounts for backup duties and normal operational tasks.

800-53|AC-5

Rule-ID|SV-224822r569186_rule

STIG-ID|WN16-00-000050

STIG-Legacy|SV-87879

STIG-Legacy|V-73227

Vuln-ID|V-224822

WN16-00-000060 - Manually managed application account passwords must be at least 15 characters in length.

CCI|CCI-000205

Rule-ID|SV-224823r569186_rule

STIG-ID|WN16-00-000060

STIG-Legacy|SV-87881

STIG-Legacy|V-73229

Vuln-ID|V-224823

WN16-00-000070 - Manually managed application account passwords must be changed at least annually or when a system administrator with knowledge of the password leaves the organization.

800-53|IA-5

Rule-ID|SV-224824r569186_rule

STIG-ID|WN16-00-000070

STIG-Legacy|SV-87883

STIG-Legacy|V-73231

Vuln-ID|V-224824

WN16-00-000080 - Shared user accounts must not be permitted on the system.

800-53|AC-2(9)

CCI|CCI-000764

Rule-ID|SV-224825r569186_rule

STIG-ID|WN16-00-000080

STIG-Legacy|SV-87885

STIG-Legacy|V-73233

Vuln-ID|V-224825

WN16-00-000090 - Windows Server 2016 must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.

800-53|CM-7(5)

CCI|CCI-001774

Rule-ID|SV-224826r569186_rule

STIG-ID|WN16-00-000090

STIG-Legacy|SV-87887

STIG-Legacy|V-73235

Vuln-ID|V-224826

WN16-00-000100 - Windows Server 2016 domain-joined systems must have a Trusted Platform Module (TPM) enabled and ready for use - TPM enabled and ready for use.

Rule-ID|SV-224827r569186_rule

STIG-ID|WN16-00-000100

STIG-Legacy|SV-87889

STIG-Legacy|V-73237

Vuln-ID|V-224827

WN16-00-000110 - Systems must be maintained at a supported servicing level.

800-53|CM-8(1)

Rule-ID|SV-224828r569186_rule

STIG-ID|WN16-00-000110

STIG-Legacy|SV-87891

STIG-Legacy|V-73239

Vuln-ID|V-224828

WN16-00-000120 - The Windows Server 2016 system must use an anti-virus program.

800-53|SI-3

Rule-ID|SV-224829r569237_rule

STIG-ID|WN16-00-000120

STIG-Legacy|SV-87893

STIG-Legacy|V-73241

Vuln-ID|V-224829

WN16-00-000140 - Servers must have a host-based intrusion detection or prevention system.

Rule-ID|SV-224830r569186_rule

STIG-ID|WN16-00-000140

STIG-Legacy|SV-87897

STIG-Legacy|V-73245

Vuln-ID|V-224830

WN16-00-000150 - Local volumes must use a format that supports NTFS attributes.

800-53|CM-6

CCI|CCI-000213

Rule-ID|SV-224831r569186_rule

STIG-ID|WN16-00-000150

STIG-Legacy|SV-87899

STIG-Legacy|V-73247

Vuln-ID|V-224831

WN16-00-000160 - Permissions for the system drive root directory (usually C:\) must conform to minimum requirements.

800-53|AC-6(7)

CCI|CCI-002165

CSCv6|3.1

Rule-ID|SV-224832r569186_rule

STIG-ID|WN16-00-000160

STIG-Legacy|SV-87901

STIG-Legacy|V-73249

Vuln-ID|V-224832

WN16-00-000170 - Permissions for program file directories must conform to minimum requirements - Program Files

Rule-ID|SV-224833r569186_rule

STIG-ID|WN16-00-000170

STIG-Legacy|SV-87903

STIG-Legacy|V-73251

Vuln-ID|V-224833

WN16-00-000170 - Permissions for program file directories must conform to minimum requirements - Program Files (x86)

WN16-00-000180 - Permissions for the Windows installation directory must conform to minimum requirements.

Rule-ID|SV-224834r569186_rule

STIG-ID|WN16-00-000180

STIG-Legacy|SV-87905

STIG-Legacy|V-73253

Vuln-ID|V-224834

WN16-00-000190 - Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SECURITY

CCI|CCI-002235

Rule-ID|SV-224835r569186_rule

STIG-ID|WN16-00-000190

STIG-Legacy|SV-87907

STIG-Legacy|V-73255

Vuln-ID|V-224835

WN16-00-000190 - Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SOFTWARE

WN16-00-000190 - Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained - HKEY_LOCAL_MACHINE\SYSTEM

WN16-00-000200 - Non-administrative accounts or groups must only have print permissions on printer shares.

CAT|III

Rule-ID|SV-224836r569186_rule

STIG-ID|WN16-00-000200

STIG-Legacy|SV-87909

STIG-Legacy|V-73257

Vuln-ID|V-224836

WN16-00-000210 - Outdated or unused accounts must be removed from the system or disabled.

800-53|AC-2(3)

CCI|CCI-000795

CSCv6|16.1

CSCv6|16.6

Rule-ID|SV-224837r569186_rule

STIG-ID|WN16-00-000210

STIG-Legacy|SV-87911

STIG-Legacy|V-73259

Vuln-ID|V-224837

WN16-00-000220 - Windows Server 2016 accounts must require passwords.

Rule-ID|SV-224838r569186_rule

STIG-ID|WN16-00-000220

STIG-Legacy|SV-87913

STIG-Legacy|V-73261

Vuln-ID|V-224838

WN16-00-000230 - Passwords must be configured to expire.

Rule-ID|SV-224839r569186_rule

STIG-ID|WN16-00-000230

STIG-Legacy|SV-87915

STIG-Legacy|V-73263

Vuln-ID|V-224839

WN16-00-000240 - System files must be monitored for unauthorized changes.

CCI|CCI-001744

Rule-ID|SV-224840r569239_rule

STIG-ID|WN16-00-000240

STIG-Legacy|SV-87917

STIG-Legacy|V-73265

Vuln-ID|V-224840

WN16-00-000250 - Non-system-created file shares on a system must limit access to groups that require it.

CCI|CCI-001090

Rule-ID|SV-224841r569186_rule

STIG-ID|WN16-00-000250

STIG-Legacy|SV-87919

STIG-Legacy|V-73267

Vuln-ID|V-224841

WN16-00-000270 - Software certificate installation files must be removed from Windows Server 2016.

800-53|SC-12

Rule-ID|SV-224842r569186_rule

STIG-ID|WN16-00-000270

STIG-Legacy|SV-87923

STIG-Legacy|V-73271

Vuln-ID|V-224842

WN16-00-000280 - Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.

CCI|CCI-001199

CCI|CCI-002475

CCI|CCI-002476

Rule-ID|SV-224843r569186_rule

STIG-ID|WN16-00-000280

STIG-Legacy|SV-87925

STIG-Legacy|V-73273

Vuln-ID|V-224843

WN16-00-000290 - Protection methods such as TLS, encrypted VPNs, or IPsec must be implemented if the data owner has a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process.

CCI|CCI-002420

CCI|CCI-002422

Rule-ID|SV-224844r569186_rule

STIG-ID|WN16-00-000290

STIG-Legacy|SV-87927

STIG-Legacy|V-73275

Vuln-ID|V-224844

WN16-00-000300 - The roles and features required by the system must be documented.

800-53|CM-8

CCI|CCI-000381

Rule-ID|SV-224845r569186_rule

STIG-ID|WN16-00-000300

STIG-Legacy|SV-87929

STIG-Legacy|V-73277

Vuln-ID|V-224845

Detections

Analytics

Revision 1.6Dec 17, 2021

Functional Update