I - Mission Critical Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000312-GPOS-00122
<GroupDescription></GroupDescription>Group -
Windows Server 2019 permissions for the Windows installation directory must conform to minimum requirements.
<VulnDiscussion>Changing the system's file and directory permissions allows the possibility of unauthorized and anonymous modification to the...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained.
<VulnDiscussion>The registry is integral to the function, security, and stability of the Windows system. Changing the system's registry permi...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 must only allow administrators responsible for the domain controller to have Administrator rights on the system.
<VulnDiscussion>An account that does not have Administrator duties must not have Administrator rights. Such rights would allow the account to...Rule High Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 permissions on the Active Directory data files must only allow System and Administrators access.
<VulnDiscussion>Improper access permissions for directory data-related files could allow unauthorized users to read, modify, or delete direct...Rule High Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 Active Directory SYSVOL directory must have the proper access control permissions.
<VulnDiscussion>Improper access permissions for directory data files could allow unauthorized users to read, modify, or delete directory data...Rule High Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 Active Directory Group Policy objects must have proper access control permissions.
<VulnDiscussion>When directory service database objects do not have appropriate access control permissions, it may be possible for malicious ...Rule High Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 Active Directory Domain Controllers Organizational Unit (OU) object must have the proper access control permissions.
<VulnDiscussion>When Active Directory objects do not have appropriate access control permissions, it may be possible for malicious users to c...Rule High Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 organization created Active Directory Organizational Unit (OU) objects must have proper access control permissions.
<VulnDiscussion>When directory service database objects do not have appropriate access control permissions, it may be possible for malicious ...Rule High Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 Add workstations to domain user right must only be assigned to the Administrators group on domain controllers.
<VulnDiscussion>Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. Accounts with t...Rule Medium Severity -
SRG-OS-000324-GPOS-00125
<GroupDescription></GroupDescription>Group -
Windows Server 2019 Enable computer and user accounts to be trusted for delegation user right must only be assigned to the Administrators group on domain controllers.
<VulnDiscussion>Inappropriate granting of user rights can provide system, administrative, and other high-level capabilities. The "Enable com...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.