I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-OS-000423-GPOS-00187
Group -
Windows Server 2022 setting Microsoft network client: Digitally sign communications (always) must be configured to Enabled.
The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in preventing man-in-the-middle attacks. If this policy is enabled, the SMB ...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
Group -
Windows Server 2022 setting Microsoft network client: Digitally sign communications (if server agrees) must be configured to Enabled.
The server message block (SMB) protocol provides the basis for many network operations. If this policy is enabled, the SMB client will request packet signing when communicating with an SMB server t...Rule Medium Severity -
SRG-OS-000074-GPOS-00042
Group -
Windows Server 2022 unencrypted passwords must not be sent to third-party Server Message Block (SMB) servers.
Some non-Microsoft SMB servers only support unencrypted (plain-text) password authentication. Sending plain-text passwords across the network when authenticating to an SMB server reduces the overal...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
Group -
Windows Server 2022 setting Microsoft network server: Digitally sign communications (always) must be configured to Enabled.
The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in preventing man-in-the-middle attacks. If this policy is enabled, the SMB ...Rule Medium Severity -
SRG-OS-000423-GPOS-00187
Group -
Windows Server 2022 setting Microsoft network server: Digitally sign communications (if client agrees) must be configured to Enabled.
The server message block (SMB) protocol provides the basis for many network operations. Digitally signed SMB packets aid in preventing man-in-the-middle attacks. If this policy is enabled, the SMB ...Rule Medium Severity -
SRG-OS-000480-GPOS-00227
Group -
Windows Server 2022 must not allow anonymous SID/Name translation.
Allowing anonymous SID/Name translation can provide sensitive information for accessing a system. Only authorized users must be able to perform such translations.Rule High Severity -
SRG-OS-000480-GPOS-00227
Group -
Windows Server 2022 must not allow anonymous enumeration of Security Account Manager (SAM) accounts.
Anonymous enumeration of SAM accounts allows anonymous logon users (null session connections) to list all accounts names, thus providing a list of potential points to attack the system.Rule High Severity -
SRG-OS-000138-GPOS-00069
Group -
Windows Server 2022 must not allow anonymous enumeration of shares.
Allowing anonymous logon users (null session connections) to list all account names and enumerate all shared resources can provide a map of potential points to attack the system.Rule High Severity -
SRG-OS-000480-GPOS-00227
Group -
Windows Server 2022 must be configured to prevent anonymous users from having the same permissions as the Everyone group.
Access by anonymous users must be restricted. If this setting is enabled, anonymous users have the same rights and permissions as the built-in Everyone group. Anonymous users must not have these pe...Rule Medium Severity -
SRG-OS-000138-GPOS-00069
Group -
Windows Server 2022 must restrict anonymous access to Named Pipes and Shares.
Allowing anonymous access to named pipes or shares provides the potential for unauthorized system access. This setting restricts access to those defined in "Network access: Named Pipes that can be ...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.