III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000480-GPOS-00227
Group -
The Windows Server 2016 system must use an anti-virus program.
Malicious software can establish a base on individual desktops and servers. Employing an automated mechanism to detect this type of software will aid in elimination of the software from the operati...Rule High Severity -
SRG-OS-000480-GPOS-00227
Group -
Servers must have a host-based intrusion detection or prevention system.
A properly configured Host-based Intrusion Detection System (HIDS) or Host-based Intrusion Prevention System (HIPS) provides another level of defense against unauthorized access to critical servers...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Local volumes must use a format that supports NTFS attributes.
The ability to set access permissions and auditing is critical to maintaining the security and proper access controls of a system. To support this, volumes must be formatted using a file system tha...Rule High Severity -
SRG-OS-000312-GPOS-00122
Group -
Permissions for the system drive root directory (usually C:\) must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
SRG-OS-000312-GPOS-00122
Group -
Permissions for program file directories must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
SRG-OS-000312-GPOS-00122
Group -
Permissions for the Windows installation directory must conform to minimum requirements.
Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the operating system and installed applications. The default permissions a...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
Group -
Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.
The registry is integral to the function, security, and stability of the Windows system. Changing the system's registry permissions allows the possibility of unauthorized and anonymous modification...Rule Medium Severity -
SRG-OS-000080-GPOS-00048
Group -
Non-administrative accounts or groups must only have print permissions on printer shares.
Windows shares are a means by which files, folders, printers, and other resources can be published for network users to access. Improper configuration can permit access to devices and data beyond a...Rule Low Severity -
SRG-OS-000104-GPOS-00051
Group -
Outdated or unused accounts must be removed from the system or disabled.
Outdated or unused accounts provide penetration points that may go undetected. Inactive accounts must be deleted if no longer necessary or, if still required, disabled until needed. Satisfies: SRG...Rule Medium Severity -
SRG-OS-000104-GPOS-00051
Group -
Windows Server 2016 accounts must require passwords.
The lack of password protection enables anyone to gain access to the information system, which opens a backdoor opportunity for intruders to compromise the system as well as other resources. Accoun...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.