Microsoft Windows Server 2022 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Windows Server 2022 users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.
Using a privileged account to perform routine functions makes the computer vulnerable to malicious software inadvertently introduced during a session that has been granted full privileges.Rule Medium Severity -
Windows Server 2022 passwords for the built-in Administrator account must be changed at least every 60 days.
The longer a password is in use, the greater the opportunity for someone to gain unauthorized knowledge of the password. The built-in Administrator account is not generally used and its password ma...Rule Medium Severity -
Windows Server 2022 shared user accounts must not be permitted.
Shared accounts (accounts where two or more people log on with the same user identification) do not provide adequate identification and authentication. There is no way to provide for nonrepudiation...Rule Medium Severity -
Windows Server 2022 local volumes must use a format that supports NTFS attributes.
The ability to set access permissions and auditing is critical to maintaining the security and proper access controls of a system. To support this, volumes must be formatted using a file system tha...Rule High Severity -
Windows Server 2022 permissions for the Windows installation directory must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
Windows Server 2022 system files must be monitored for unauthorized changes.
Monitoring system files for changes against a baseline on a regular basis may help detect the possible introduction of malicious code on a system.Rule Medium Severity -
Windows Server 2022 systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.
This requirement addresses protection of user-generated data as well as operating system-specific configuration data. Organizations may choose to employ different mechanisms to achieve confidential...Rule High Severity -
Windows Server 2022 must have the roles and features required by the system documented.
Unnecessary roles and features increase the attack surface of a system. Limiting roles and features of a system to only those necessary reduces this potential. The standard installation option (pre...Rule Medium Severity -
Windows Server 2022 must employ automated mechanisms to determine the state of system components with regard to flaw remediation using the following frequency: continuously, where Endpoint Security Solution (ESS) is used; 30 days, for any additional internal network scans not covered by ESS; and annually, for external scans by Computer Network Defense Service Provider (CNDSP).
Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits prese...Rule Medium Severity -
Windows Server 2022 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.
Emergency administrator accounts are privileged accounts established in response to crisis situations where the need for rapid account activation is required. Therefore, emergency account activatio...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.