Skip to content

I - Mission Critical Classified

Rules and Groups employed by this XCCDF Profile

  • SRG-OS-000123-GPOS-00064

    <GroupDescription></GroupDescription>
    Group
  • Windows Server 2016 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours.

    &lt;VulnDiscussion&gt;Emergency administrator accounts are privileged accounts established in response to crisis situations where the need for rapi...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • The Fax Server role must not be installed.

    &lt;VulnDiscussion&gt;Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...
    Rule Medium Severity
  • SRG-OS-000096-GPOS-00050

    <GroupDescription></GroupDescription>
    Group
  • The Microsoft FTP service must not be installed unless required.

    &lt;VulnDiscussion&gt;Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • The Peer Name Resolution Protocol must not be installed.

    &lt;VulnDiscussion&gt;Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • Simple TCP/IP Services must not be installed.

    &lt;VulnDiscussion&gt;Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...
    Rule Medium Severity
  • SRG-OS-000096-GPOS-00050

    <GroupDescription></GroupDescription>
    Group
  • The Telnet Client must not be installed.

    &lt;VulnDiscussion&gt;Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • The TFTP Client must not be installed.

    &lt;VulnDiscussion&gt;Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authe...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • The Server Message Block (SMB) v1 protocol must be uninstalled.

    &lt;VulnDiscussion&gt;SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks s...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • The Server Message Block (SMB) v1 protocol must be disabled on the SMB server.

    &lt;VulnDiscussion&gt;SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks s...
    Rule Medium Severity
  • SRG-OS-000095-GPOS-00049

    <GroupDescription></GroupDescription>
    Group
  • The Server Message Block (SMB) v1 protocol must be disabled on the SMB client.

    &lt;VulnDiscussion&gt;SMBv1 is a legacy protocol that uses the MD5 algorithm as part of SMB. MD5 is known to be vulnerable to a number of attacks s...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules