I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
The password for the krbtgt account on a domain must be reset at least every 180 days.
<VulnDiscussion>The krbtgt account acts as a service account for the Kerberos Key Distribution Center (KDC) service. The account and passwor...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must limit the caching of logon credentials to four or less on domain-joined member servers.
<VulnDiscussion>The default Windows configuration caches the last logon credentials for users who log on interactively to a system. This feat...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must be running Credential Guard on domain-joined member servers.
<VulnDiscussion>Credential Guard uses virtualization-based security to protect data that could be used in credential theft attacks if comprom...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must prevent local accounts with blank passwords from being used from the network.
<VulnDiscussion>An account without a password can allow unauthorized access to a system as only the username would be required. Password poli...Rule High Severity -
SRG-OS-000480-GPOS-00227
<GroupDescription></GroupDescription>Group -
Windows Server 2019 built-in administrator account must be renamed.
<VulnDiscussion>The built-in administrator account is a well-known account subject to attack. Renaming this account to an unidentified name i...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.