I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client.
<VulnDiscussion>SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks s...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must not have Windows PowerShell 2.0 installed.
<VulnDiscussion>Windows PowerShell 5.x added advanced logging features that can provide additional detail when malware has been run on a syst...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must prevent the display of slide shows on the lock screen.
<VulnDiscussion>Slide shows that are displayed on the lock screen could display sensitive information to unauthorized personnel. Turning off ...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must have WDigest Authentication disabled.
<VulnDiscussion>When the WDigest Authentication protocol is enabled, plain-text passwords are stored in the Local Security Authority Subsyste...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 downloading print driver packages over HTTP must be turned off.
<VulnDiscussion>Some features may communicate with the vendor, sending system information or downloading data or components for the feature. ...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 printing over HTTP must be turned off.
<VulnDiscussion>Some features may communicate with the vendor, sending system information or downloading data or components for the feature. ...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 network selection user interface (UI) must not be displayed on the logon screen.
<VulnDiscussion>Enabling interaction with the network selection UI allows users to change connections to available networks without signing i...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.
<VulnDiscussion>Some features may communicate with the vendor, sending system information or downloading data or components for the feature. ...Rule Low Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 Windows Defender SmartScreen must be enabled.
<VulnDiscussion>Windows Defender SmartScreen helps protect systems from programs downloaded from the internet that may be malicious. Enabling...Rule Medium Severity -
SRG-OS-000095-GPOS-00049
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP.
<VulnDiscussion>Basic authentication uses plain-text passwords that could be used to compromise a system. Disabling Basic authentication will...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.