Microsoft Windows Server 2016 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Windows Server 2016 must automatically remove or disable temporary user accounts after 72 hours.
<VulnDiscussion>If temporary user accounts remain active when no longer needed or for an excessive period, these accounts may be used to gain...Rule Medium Severity -
SRG-OS-000123-GPOS-00064
<GroupDescription></GroupDescription>Group -
Windows Server 2016 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.
<VulnDiscussion>Emergency administrator accounts are privileged accounts established in response to crisis situations where the need for rapi...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The Fax Server role must not be installed.
<VulnDiscussion>Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...Rule Medium Severity -
SRG-OS-000096-GPOS-00050
<GroupDescription></GroupDescription>Group -
The Microsoft FTP service must not be installed unless required.
<VulnDiscussion>Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
The Peer Name Resolution Protocol must not be installed.
<VulnDiscussion>Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Simple TCP/IP Services must not be installed.
<VulnDiscussion>Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...Rule Medium Severity -
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.
<VulnDiscussion>SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks s...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows PowerShell 2.0 must not be installed.
<VulnDiscussion>Windows PowerShell 5.0 added advanced logging features that can provide additional detail when malware has been run on a syst...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
FTP servers must be configured to prevent anonymous logons.
<VulnDiscussion>The FTP service allows remote users to access shared files and directories. Allowing anonymous FTP connections makes user aud...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
FTP servers must be configured to prevent access to the system drive.
<VulnDiscussion>The FTP service allows remote users to access shared files and directories that could provide access to system resources and ...Rule Medium Severity -
SRG-OS-000355-GPOS-00143
<GroupDescription></GroupDescription>Group -
The time service must synchronize with an appropriate DoD time source.
<VulnDiscussion>The Windows Time Service controls time synchronization settings. Time synchronization is essential for authentication and aud...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.