Skip to content

II - Mission Support Classified

Rules and Groups employed by this XCCDF Profile

  • Domain-joined systems (excluding domain controllers) must not be configured for unconstrained delegation.

    <VulnDiscussion>Unconstrained delegation enabled on a computer can allow the computer account to be impersonated without limitation. If deleg...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • The Directory Service Restore Mode (DSRM) password must be changed at least annually.

    &lt;VulnDiscussion&gt;The Directory Service Restore Mode (DSRM) password, used to log on to a domain controller (DC) when rebooting into the server...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • The domain functional level must be at a Windows Server version still supported by Microsoft.

    &lt;VulnDiscussion&gt;Domains operating at functional levels below Windows Server versions no longer supported by Microsoft reduce the level of sec...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules