Skip to content

III - Administrative Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000076

    <GroupDescription></GroupDescription>
    Group
  • All accounts, privileged and unprivileged, that require smart cards must have the underlying NT hash rotated at least every 60 days.

    &lt;VulnDiscussion&gt;When a smart card is required for a domain account, a long password, unknown to the user, is generated. This password and ass...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group
  • User accounts with domain level administrative privileges must be members of the Protected Users group in domains with a domain functional level of Windows 2012 R2 or higher.

    &lt;VulnDiscussion&gt;User accounts with domain level administrative privileges are highly prized in Pass-the-Hash/credential theft attacks. The P...
    Rule Medium Severity
  • SRG-OS-000480

    <GroupDescription></GroupDescription>
    Group

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules