| WN12-AC-000012-DC - The Kerberos user ticket lifetime must be limited to 10 hours or less. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AC-000014-DC - The computer clock synchronization tolerance must be limited to 5 minutes or less. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-AD-000003-DC - Active Directory Group Policy objects must have proper access control permissions. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AD-000004-DC - The Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-AD-000008-DC - The time synchronization tool must be configured to enable logging of time source switching. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - Services | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-AD-000014-DC - The directory service must be configured to terminate LDAP-based network connections to the directory server after five (5) minutes of inactivity. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-AU-000020 - The system must be configured to audit Account Management - User Account Management failures. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000102 - The system must be configured to audit Privilege Use - Sensitive Privilege Use failures. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-AU-000104 - The system must be configured to audit System - IPsec Driver failures. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000203-01 - Audit records must be backed up onto a different system or media than the system being audited. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000204 - Permissions for the Application event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000205 - Permissions for the Security event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000206 - Permissions for the System event log must prevent access by nonprivileged accounts. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000208-DC - The Active Directory Domain object must be configured with proper audit settings. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN12-CC-000011 - IP stateless autoconfiguration limits state must be enabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000013 - The Windows Connect Now wizards must be disabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000023 - Windows must be prevented from sending an error report when a device driver requests additional software during installation. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000039 - Printing over HTTP must be prevented. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000062 - Remote Assistance log files must be generated. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000073 - The default Autorun behavior must be configured to prevent Autorun commands. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000085 - The Security event log size must be configured to 196608 KB or greater. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000091 - File Explorer shell protocol must run in protected mode. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000100 - Remote Desktop Services must be configured with the client connection encryption set to the required level. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, MAINTENANCE |
| WN12-CC-000105 - Attachments must be prevented from being downloaded from RSS feeds. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000117 - Users must be notified if a web-based program attempts to install software. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000132 - Users must be prevented from mapping local COM ports and redirecting data from the Remote Desktop Session Host to local COM ports. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-CC-000134 - The system must be configured to ensure smart card devices can be redirected to the Remote Desktop session. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000001 - Systems must be maintained at a supported OS or service pack level. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000006 - Permissions for system drive root directory (usually C:\) must conform to minimum requirements. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000017 - System files must be monitored for unauthorized changes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000021 - Necessary services must be documented to maintain a baseline to determine if additional, unnecessary services have been added to a system. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000024 - The system must support automated patch management tools to facilitate flaw remediation. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-PK-000005-DC - Domain controllers must have a PKI server certificate. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-RG-000004 - Anonymous access to the registry must be restricted | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-SO-000003 - The built-in guest account must be disabled. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000011 - Ejection of removable NTFS media must be restricted to Administrators. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000016 - The maximum age for machine account passwords must be set to requirements. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000023 - The Windows dialog box title for the legal banner must be configured. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-SO-000027 - The Smart Card removal option must be configured to Force Logoff or Lock Workstation. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000028 - The Windows SMB client must be configured to always perform SMB packet signing. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000029 - The Windows SMB client must be enabled to perform SMB packet signing when possible. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000030 - Unencrypted passwords must not be sent to third-party SMB Servers. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000033 - The Windows SMB server must perform SMB packet signing when possible. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000038 - The system must be configured to prevent IP source routing. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000039 - The system must be configured to prevent Internet Control Message Protocol (ICMP) redirects from overriding Open Shortest Path First (OSPF) generated routes. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000079 - User Account Control must automatically deny standard user requests for elevation. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-SV-000100 - The Fax service must be disabled if installed. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SV-000103 - The Peer Networking Identity Manager service must be disabled if installed. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SV-000106 - The Smart Card Removal Policy service must be configured to automatic. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
